Jamming in a ban on state AI regulation. - CyberWire Daily

Summary

CyberWire Daily Summary: "Jamming in a Ban on State AI Regulation"

Release Date: May 13, 2025
Host: Dave Buettner
Guests: Laura Enriquez (Outpost 24), Michaelo Steppa (Outpost 24), Noel Russell (AI Leadership Institute)

1. House Republicans' Ban on State AI Regulation

House Republicans have introduced a controversial amendment to the latest budget reconciliation bill that aims to significantly limit state-level regulation of artificial intelligence (AI). Spearheaded by Representative Brett Guthrie, the bill includes a clause that prohibits states from enforcing any AI-related laws for the next decade.

Impact on Existing Laws: If passed, this amendment would invalidate current state regulations in jurisdictions like California and New York, which mandate transparency and bias audits for AI applications in sectors such as healthcare and hiring.
Industry Reaction: Critics argue that this move is a substantial advantage for the AI industry, which has strong connections with former Trump-era officials and has historically resisted regulatory oversight.
Quote: Laura Enriquez of Outpost 24 highlighted the potential consequences, stating at [02:45]:
“This bill could effectively block states from implementing vital safeguards that protect citizens from unregulated AI usage, representing a significant rollback in technology policy.”

2. Spain Investigates Cyber Links in Power Grid Collapse

Spain is scrutinizing whether smaller renewable energy generators played a role in the catastrophic power grid collapse on April 28, which resulted in a 60% reduction in the country's electricity supply.

Focus of Investigation: The National Cybersecurity Institute is examining the cyber defenses of solar and wind operators, specifically looking into remote access protocols and any anomalies in system operations.
Potential Vulnerabilities: The decentralization of Spain’s energy infrastructure, shifting from centralized fossil fuel plants to numerous renewable sites, has increased the number of potential cyberattack vectors. Devices managing energy flow and communication are now critical points of vulnerability.
Quote: Michaelo Steppa emphasized the seriousness of the investigation at [05:30]:
“While no definitive cyberattack has been confirmed, the rapid transition to renewable energy has undeniably expanded the threat landscape, necessitating robust cybersecurity measures across all energy-producing entities.”

3. Major Security Flaw Discovered in Asus Motherboards

A significant security vulnerability has been identified in the automatic update systems of Asus motherboards, specifically affecting the Armory Crate and Driver Hub tools used on both AMD and Intel platforms.

Nature of the Vulnerabilities: Two critical flaws allow remote attackers to manipulate system behavior or gain unauthorized access through crafted HTTP requests. These vulnerabilities stem from software that is auto-installed via the UEFI BIOS using the Windows Platform Binary Table.
Mitigation Steps: Asus has promptly released updates to address these security issues. Users are strongly advised to apply these updates immediately and perform scans of their BIOS files using VirusTotal to detect any potential threats.
Quote: At [08:15], Dave Buettner warned:
“Users must act swiftly to update their systems, as these vulnerabilities could be exploited to compromise critical system functionalities and data integrity.”

4. Emerging macOS Info-Stealing Malware Utilizes PI Installer

Researchers have uncovered a new information-stealing malware targeting macOS systems, which leverages the PI Installer to bypass traditional detection mechanisms.

Malware Characteristics: First detected in January, the malware is packaged within macho binaries and remains undetected by most antivirus solutions. The PI Installer enables the malware to operate without requiring a native Python installation, further enhancing its evasion capabilities.
Functionality: The malware stealthily harvests user credentials through deceptive AppleScript dialogs, extracts data from the keychain, and targets cryptocurrency wallets. It employs multiple layers of obfuscation, including base85 encoding, XOR encryption, and ZLib compression, making detection and analysis challenging.
Security Recommendations: Experts advise users to exercise caution with unsigned executables and be vigilant against unexpected password prompts. Monitoring for PI Installer activity and suspicious environment variables is also recommended as this attack vector gains popularity.
Quote: Michaelo Steppa highlighted the sophistication of the malware at [10:45]:
“The use of PI Installer marks a significant evolution in malware tactics, allowing attackers to maintain a low profile while executing complex data extraction operations on macOS systems.”

5. US Charges 14 North Korean Nationals in IT Job Scheme

The United States has indicted 14 North Korean nationals involved in a remote IT job scheme designed to funnel at least $88 million to the Democratic People’s Republic of Korea (DPRK) over six years.

Modus Operandi: The group established fake companies such as Baby Box Info and Cubixtech US, using these fronts to create fabricated resumes and references. They deployed malware and remote access tools to infiltrate corporate networks, enabling unauthorized financial transfers and data theft.
Global Reach: Infected devices were traced to locations including Pakistan, Nigeria, and Dubai, with evidence of coordination between the operatives and North Korean handlers.
Security Implications: This operation underscores the necessity for enhanced cybersecurity measures and rigorous hiring verifications across various industries to prevent similar infiltration and financial exploitation.
Quote: Laura Enriquez commented on the operation's scale at [12:20]:
“The breadth of this scheme highlights the adaptability of North Korean cyber operations and the critical need for multinational cooperation in combating such threats.”

6. Europe's Cybersecurity Agency Launches European Vulnerability Database

In a significant move to bolster cybersecurity across the European Union, the EU’s cybersecurity agency has inaugurated the European Vulnerability Database (EUVD).

Purpose and Functionality: Developed under the NIS 2 directive, the EUVD serves as a centralized platform for tracking and managing cybersecurity vulnerabilities. It mirrors the functionality of the US National Vulnerability Database, aiming to enhance risk management and transparency within the EU.
Data Integration: The database aggregates information from various sources, including national CERTs, vendors, and established databases like MITRE's CVE and CISA's KEV catalog.
User Access: The EUVD features three distinct dashboards that highlight critically exploited vulnerabilities and those requiring coordinated EU-level responses. Each vulnerability entry provides comprehensive details, including affected products, severity ratings, and recommended mitigation steps.
Quote: Laura Enriquez emphasized the strategic importance of the EUVD at [14:00]:
“With the introduction of the EUVD, Europe takes a proactive stance in cybersecurity, providing a robust tool for stakeholders to effectively manage and respond to emerging threats.”

7. CISA Revises Cybersecurity Alerts Distribution

The Cybersecurity and Infrastructure Security Agency (CISA) has revamped its approach to disseminating cybersecurity updates. Moving forward, only urgent alerts regarding emerging threats or significant cyber activities will be posted on its website. Routine guidance, vulnerability notices, and product warnings will transition to distribution via email, RSS feeds, and the X Twitter platform.

Rationale and Concerns: This shift is believed to stem from budget cuts and staff reductions influenced by Trump-aligned cost-cutting measures. However, this change has sparked concern among cybersecurity experts who argue that reducing the visibility of routine updates could weaken national cybersecurity defenses.
Expert Opinions: Former CISA Director Jen Easterly criticized the move, stating at [15:30]:
“Limiting access to routine security updates undermines our ability to maintain a secure digital environment, as timely information is crucial for proactive defense measures.”
CISA's Response: In response to the backlash, CISA is urging users to subscribe to its email notifications to ensure they remain informed about critical security updates.

8. Arrest Made in DoppelPamer Ransomware Attacks

Authorities in Moldova have apprehended a 45-year-old foreign national suspected of orchestrating DoppelPamer ransomware attacks, including a significant 2021 assault on the Dutch Research Council that resulted in €4.5 million in damages.

Criminal Activities: The suspect is accused of deploying ransomware, executing extortion schemes, and engaging in money laundering activities. During the arrest, law enforcement seized laptops, phones, and approximately €84,800 in cash.
Operational Insights: DoppelPamer, linked to the TA505 cybercrime group, has been active since 2019, targeting critical infrastructure and various sectors through sophisticated ransomware deployments.
Quote: Michaelo Steppa underscored the implications at [17:00]:
“The capture of this individual marks a pivotal victory in the ongoing battle against ransomware threats, demonstrating the effectiveness of international cooperation in cybersecurity enforcement.”

9. Interview: AI Operational Maturity with Noel Russell

Guest: Noel Russell, CEO of the AI Leadership Institute and author of "Scaling Responsible AI: From Enthusiasm to Execution"

In an insightful segment, Noel Russell discusses the importance of scaling responsible AI within enterprises. Highlighting her forthcoming book, she emphasizes the necessity of integrating ethical considerations into the AI development lifecycle.

Key Insights:
- Doers vs. Talkers: Russell advocates for actionable strategies over mere rhetoric in AI deployment, stressing that hands-on experience is crucial for effective implementation.
- Governance and Security: She outlines a four-layer AI Safety System used by industry leaders like Microsoft and Amazon, which begins with the Human AI Experience—ensuring that security, legal compliance, and business objectives are collaboratively defined from the outset.
- System Prompts and Infrastructure: Russell explains how controlled system prompts and transparent infrastructure choices are vital for maintaining AI safety and integrity.
Metaphor of the Baby Tiger: Russell uses the analogy of a baby tiger to describe nascent AI projects, cautioning that without proper oversight, these “tigers” can grow into dangerous entities.
Quote: At [17:45], Russell elucidates her metaphor:
“When you start an AI project, you begin with an adorable, cute little model. But without asking critical questions early on, that baby tiger can grow up to become a threat.”
Human Element: Emphasizing the role of people in fostering a security-conscious AI culture, Russell notes that technology accounts for only a fraction of successful AI implementations. The true challenge lies in cultivating teams that prioritize accuracy, fairness, and security from the project's inception.
Future of AI Governance: She suggests leveraging Large Language Models (LLMs) as integrated security auditors within AI systems to enforce rules and maintain compliance automatically.
Quote: Russell concludes at [20:55]:
“Embedding governance into the very fabric of AI systems ensures that ethical considerations are not an afterthought but a foundational element of AI behavior.”

10. Additional Security Insights

Identity Attack Paths: The summary highlights the increasing threat of identity-based attacks due to poor directory hygiene and technical debt. Spectrops' Bloodhound Enterprise offers solutions for Attack Path Management, enabling organizations to visualize and mitigate potential attack vectors by understanding how adversaries may exploit identity pathways.
iOS Bug Affecting Messages: An unusual iOS bug causes messages containing "Dave and Buster's" to disappear without a trace, a quirk attributed to the system's stringent parsing rules. While not a security threat, it underscores the complexities of iOS's message handling systems.

Conclusion

This episode of CyberWire Daily delves deep into the evolving landscape of cybersecurity and AI regulation. From legislative actions that could stifle state-level AI oversight to intricate malware threats targeting major tech infrastructures, the discussions underscore the critical need for robust security measures and responsible AI deployment. The interview with Noel Russell provides a thought-provoking perspective on integrating ethical frameworks into AI systems, ensuring that technological advancements do not outpace the necessary safeguards. As cyber threats continue to grow in sophistication and reach, the insights shared in this episode equip industry leaders and cybersecurity professionals with the knowledge to navigate and mitigate these challenges effectively.

Notable Quotes:

“This bill could effectively block states from implementing vital safeguards that protect citizens from unregulated AI usage, representing a significant rollback in technology policy.”
— Laura Enriquez, [02:45]
“Users must act swiftly to update their systems, as these vulnerabilities could be exploited to compromise critical system functionalities and data integrity.”
— Dave Buettner, [08:15]
“The use of PI Installer marks a significant evolution in malware tactics, allowing attackers to maintain a low profile while executing complex data extraction operations on macOS systems.”
— Michaelo Steppa, [10:45]
“This bill could effectively block states from implementing vital safeguards that protect citizens from unregulated AI usage, representing a significant rollback in technology policy.”
— Laura Enriquez, [02:45]
“Embedding governance into the very fabric of AI systems ensures that ethical considerations are not an afterthought but a foundational element of AI behavior.”
— Noel Russell, [20:55]

For a comprehensive understanding and continuous updates on the cybersecurity landscape, stay tuned to the CyberWire Daily podcast.

Transcript

Dave Buettner (0:02)

You're listening to the Cyberwire Network, powered by N2K. Hey everybody. Dave here. Join me and my guests Outpost 24's Laura Enriquez and Michaelo Steppa on Tuesday, May 13th at noon Eastern time for a live discussion on the biggest threats hitting web applications today and what you can do about them. We're going to talk about why attackers still love Web apps in 2025. The latest threat trends shaping the security landscape, how to spot and prioritize critical vulnerabilities fast, along with scalable practical steps to strengthen your defenses. Again, the webinar is Tuesday, May 13th for our live conversation on the state of modern Web application security. You can register now by visiting events.thecyberwire.com that's events.thecyberwire.Com we'll see you there. Hey everybody, Dave here. I've talked about Deleteme before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal 20% off your Delete Me plan. Just go to JoinDelete Me.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2K code N2K House Republicans look to limit state regulation of AI Spain investigates potential cybersecurity weak links in the April 28 power grid collapse, a major security flaw has been found in Asus motherboards Automatic update system a new macOS info stealing malware uses PI installer to evade detection the US charges 14 North Korean nationals in a remote IT job scheme. Europe's cybersecurity agency launches the European vulnerability database. CISA pairs back website security alerts Moldovan authorities arrest a suspect in doppelpamer ransomware attacks on today's threat vector, David Moulton speaks with Noel Russell from the AI Leadership Institute about AI Operational Maturity. And Dave and Buster's invites vanish into the void. It's Tuesday, May 13th, 2025. I'm Dave Buettner and this is your CyberW Intel Briefing. Thanks for joining us here once again. It's always great to have you with us. House Republicans have added controversial language to the new budget reconciliation bill that could severely limit state regulation of artificial intelligence. The bill, introduced by Representative Brett Guthrie, includes a clause barring states from enforcing any AI related laws for 10 years. The sweeping language could nullify existing laws in states like California and New York that require transparency and bias audits for AI tools in healthcare and hiring. Critics argue this is a major gift to the AI industry, which has close ties to Trump era officials and has resisted oversight. If passed, the bill would block states from protecting citizens from unchecked AI use, marking a dramatic shift in tech policy. Spain is investigating whether small renewable energy generators were a cybersecurity weak link in the April 28 power grid collapse that cut 60% of the country's electricity, the Financial Times reports. The National Cybersecurity Institute is questioning solar and wind operators about their cyber defenses, remote access and system anomalies. While no cyber attack has been confirmed, authorities haven't ruled one out, and a judge is now probing that possibility. Spain's shift from centralized fossil fuel plants to thousands of smaller renewable sites has increased potential cyberattack targets. Devices managing energy flow and communication links may offer entry points. Red Electrica, the grid operator, said no attack hit its systems, but flagged risks tied to data gaps from small producers. Despite skepticism from energy experts about the likelihood of a coordinated cyber attack, officials stress that all scenarios remain under review. Spain is investing 1.1 billion euros to boost national cybersecurity across sectors. A major security flaw has been found in Asus Mainboard's automatic update system, affecting Armory Crate and Driver Hub tools on AMD and Intel platforms. Two vulnerabilities allow remote attackers to alter system behavior or access features via crafted HTTP requests. The root issue lies in software auto installed from the UEFI BIOS using Windows platform binary table ASUS has released updates to fix these issues. Users should update immediately and scan BIOS files for threats using VirusTotal. A new info stealing malware targeting macOS systems has been uncovered using PI Installer to evade detection. First spotted in January and analyzed by JAMF Threat Labs, the malware is bundled in macho binaries and remains undetected by most antivirus tools. PI Installer allows the malware to run without a native Python installation, especially effective since Mac OS 12.3 removed. Built in Python, the malware harvests user credentials via fake AppleScript dialogs, extracts data from the keychain and targets crypto wallets. It uses multiple obfuscation layers, including base 85 encoding, XOR encryption, and ZLib compression. The malware's behavior is stealthy, leaving little trace on disk, and operates across Mac architectures. Researchers warn users to be wary of unsigned executables and unexpected password prompts. They recommend monitoring for PI installer activity and suspicious environment variables as this method grows more popular among attackers. Meanwhile, Apple has issued a critical security update for macros sequoia to patch eight major vulnerabilities that could allow malicious apps to access sensitive user data. The flaws affect key components like Apple Intelligence Reports, Core, Bluetooth Finder, and the TCC Privacy Framework. Notable issues include permission bypasses and improper state management that could expose personal data. Though no active exploitation has been reported, security experts warn these flaws underscore growing challenges in maintaining privacy and across complex operating systems. The US has charged 14 North Korean nationals in a scheme that used stolen identities to secure remote IT jobs at US companies, sending at least $88 million to the DPRK over six years. Flashpoint's investigation, based on a DOJ indictment, revealed that the group used fake companies, malware and remote access tools to infiltrate corporate networks. Domains linked to fake firms like Baby Box Info and cubixtech US were used to build fake resumes and references. Infected devices in places like Pakistan, Nigeria and Dubai were found with saved credentials, job board activity, and evidence of coordination with North Korean handlers. Signs included Korean language settings, VPNs masking DPRK connections, and tactics to avoid detection like faking voice calls and smuggling laptops. The findings point to a global operation aimed at stealing money, data and access, reinforcing the need for stronger cybersecurity and hiring verification across industries. Europe's cybersecurity agency has officially launched the European Vulnerability Database, a centralized platform for tracking cybersecurity flaws. Developed under the NIS 2 directive, the EUVD mirrors the US National Vulnerability Database and aims to enhance risk management and transparency across the EU. It gathers data from sources like CCERTs, vendors and databases such as MITRE's CVE and CISA's KEV catalog. Users can access three dashboards highlighting critical exploited and EU coordinated vulnerabilities. Each entry includes details like affected products, severity and mitigation steps. Concerns over the future of the U S based CVE program have increased interest in the EUVD as a stable, independent resource. Enissa says the tool is vital for public users, companies and authorities to better manage threats and respond effectively to known vulnerabilities. CISA announced a major change in how it shares cybersecurity updates. Only urgent alerts about emerging threats or major cyber activity will now appear on its website. Routine guidance, vulnerability notices and product warnings will be distributed via email, RSS and X Twitter. This shift, possibly tied to budget cuts and staff reductions under a Trump aligned cost cutting initiative, has raised concerns among experts. Critics, including former CISA director Jen Easterly, warn that reducing visibility for routine security updates undermines national cybersecurity. The policy reflects a broader trend of federal agencies moving communications to X Twitter despite its limitations. Agencies like the NTSB and Social Security Administration have also begun phasing out traditional press releases and email updates. Observers worry this change favors Elon Musk's platform and limits accessibility to critical public information. CISA urges users to subscribe to its email notifications to stay informed. Moldovan authorities have arrested a 45 year old foreign national suspected of involvement in Doppelpamer ransomware attacks, including a 2021 attack on the Dutch Research Council that caused 4.5 million euros in damages. The suspect, whose identity remains undisclosed, is accused of ransomware deployment, extortion and money laundering. Seized items include laptops, phones and €84,800 in cash. The arrest follows international efforts to dismantle DoppelPamer, a ransomware strain linked to the TA505 group, which has targeted critical infrastructure and multiple sectors since 2019. Coming up after the break, David Moulton speaks with Noel Russell, CEO of the AI Leadership Institute, about AI operational maturity and Dave and Buster's invites vanish into the void.