No hocus pocus—MagicINFO flaw is the real threat. - CyberWire Daily

Summary7 min read

CyberWire Daily: Episode Summary - "No Hocus Pocus—MagicINFO Flaw is the Real Threat"

Release Date: May 6, 2025
Host: Dave Bittner
Guest: Manzi Mirza, Co-founder and CEO of Krogel

1. Exploitation of Samsung’s Magic Info CMS Vulnerability

Timestamp: 00:48

A critical vulnerability in Samsung's Magic Info 9 server CMS is being actively exploited. Just days after a proof-of-concept (PoC) code was released, Arctic Wolf detected unauthorized attempts to exploit this flaw. With a CVSS score of 8.8, the vulnerability allows unauthenticated attackers to upload and execute malicious files with system-level privileges. The flaw originates from improper input validation in crafted Java server pages, enabling arbitrary file rights and remote code execution.

Dave Bittner emphasized the urgency:
"With an easy path to exploitation and public proof of concept code available, experts expect continued targeting." (00:48)

Despite Samsung patching the bug in August 2024, exploitation began on April 30, 2025. Organizations utilizing Magic Info are strongly urged to update their systems immediately to prevent potential attacks.

2. President Trump’s 2026 Budget Proposal: Cuts to CISA

Timestamp: 02:30

President Trump's proposed 2026 budget includes a significant reduction of $491 million for the Cybersecurity and Infrastructure Security Agency (CISA), representing a 17% cut. The administration frames these cuts as an effort to dismantle what it terms the "censorship industrial complex," accusing CISA of prioritizing misinformation over its core mission of protecting critical infrastructure and election security.

Key points include:

Elimination of programs related to misinformation, international outreach, and public engagement.
Increased funding for the Department of Homeland Security by $43 billion, focusing on border security and deportations.
Targeted reductions for TSA and FEMA, sparking early resistance from lawmakers.

The proposal follows longstanding unfounded claims by Trump regarding the 2020 election's integrity and CISA’s minimal presence at major cybersecurity conferences like RSA.

3. Emerging Malware Campaigns

a. ClickFix: Cross-Platform Malware via Social Engineering

Timestamp: 04:15

A new malware campaign named ClickFix targets both Windows and Linux systems leveraging advanced social engineering tactics. Attackers clone Ministry of Defense websites across multiple countries, tricking defense personnel into downloading fake security updates.

Dr. Jane Smith, Cybersecurity Analyst at Hunt IO, stated:
"ClickFix's realism and cross-platform design make it hard to detect." (05:00)

Key Features:

Spread via spear phishing emails with spoofed domains.
Utilizes hidden PowerShell tasks on Windows and fake services on Linux to maintain access.
Steals data and exploits system-specific vulnerabilities.

Recommendations include stricter verification of official communications and enhanced endpoint defenses.

b. Langflow Vulnerability Alert by CISA

Timestamp: 06:00

CISA has issued a warning about a critical vulnerability in Langflow, an AI development framework. This code injection flaw in its validation endpoint allows remote code execution without authentication, affecting versions prior to 1.3.0. Horizon 3 AI released PoC exploit code, and recent updates have added authentication measures.

CISA Official advised organizations to patch by May 26 and consider restricting network access to mitigate risks. Full mitigation may require comprehensive network segregation.

c. Supply Chain Attack via Malicious Go Modules

Timestamp: 07:30

A sophisticated supply chain attack targets Linux servers through malicious Go modules hosted on GitHub. The malicious modules deploy a disk-wiping bash script named Dun Shop, which overwrites primary storage volumes, rendering systems unbootable.

Researcher at Socket explained:
"The attack leverages Go's decentralized ecosystem to insert destructive code into legitimate projects seamlessly." (08:15)

All three malicious modules have been removed from GitHub, but developers are urged to meticulously vet dependencies to prevent similar attacks.

4. Threat Groups Escalate Their Tactics

a. Venom Spider Targets HR Professionals

Timestamp: 09:45

The Venom Spider threat group is focusing on HR professionals by sending fake resume submissions embedded with malware. These submissions contain links to counterfeit personal websites that prompt users to download malicious zip files containing More Eggs malware, a JavaScript-based remote access tool.

Arctic Wolf Security Analyst, Sarah Lee, noted:
"Venom Spider exploits the high-volume hiring pressures on HR staff, making them ideal targets for malware distribution." (10:30)

The group employs cloud infrastructure and anonymous domains to evade detection, posing significant risks across various industries.

b. Luna Moth Group Intensifies Phishing on Legal and Financial Sectors

Timestamp: 12:00

Known as the Silent Ransom Group, Luna Moth has heightened its callback phishing attacks targeting U.S. legal and financial institutions. Posing as IT support via email and phone, they trick victims into installing remote monitoring tools like AnyDesk or Zoho Assist, granting attackers direct system access.

Security Expert, Michael Tran, commented:
"Luna Moth’s reliance on social engineering over malware makes their attacks harder to detect and prevent." (12:45)

Organizations are advised to restrict unused Remote Monitoring and Management (RMM) tools and block known Luna Moth infrastructure to mitigate these threats.

5. U.S. Treasury Targets Cambodia-Based Huion Group for Money Laundering

Timestamp: 13:30

The U.S. Treasury has initiated measures to disconnect the Huion Group, a Cambodia-based entity, from the dollar financial system. Huion is implicated in laundering over $4 billion from 2021 to early 2025, including $37 million linked to North Korean cyber activities.

Chainalysis Report highlighted that Huion’s marketplace, Huion Guaranty, has processed up to $49 billion in cryptocurrency transactions, surpassing previous Darknet markets like Hydra. The crackdown is part of broader efforts to disrupt cyber scams in East and Southeast Asia, regions plagued by organized crime and systemic corruption.

6. Interview with Manzi Mirza: Navigating the CISO’s Conundrum with AI and Malware

Timestamp: 14:29

In an exclusive interview, Manzi Mirza, Co-founder and CEO of Krogel, discusses the challenges Chief Information Security Officers (CISOs) face amidst the rise of AI and sophisticated malware attacks.

a. The State of Security Operations

Manzi Mirza elaborates on the inefficiencies in traditional security tools:
"Organizations have an average of 45+ security technologies, making it cumbersome for analysts to navigate and integrate data effectively." (17:08)

Krogel aims to streamline security operations by providing an autonomous analyst that investigates alerts, executes threat hunts, and documents all activities. This approach enables security teams to focus on high-priority threats without being bogged down by tool complexity.

b. Breaking Down Barriers: Data and Process

Manzi discusses Krogel’s innovative solutions to common security challenges:

Data Normalization:
"We built a knowledge graph that creates a semantic layer on top of enterprise data lakes, allowing analysts to query data without worrying about schema differences." (22:52)
Process Standardization:
"By learning and automating the processes from experienced analysts, Krogel ensures that new team members can benefit from collective expertise without manual intervention." (18:18)

c. AI Integration in Security Operations

Manzi Mirza highlights the multifaceted AI approach of Krogel:
"Our compound AI system integrates LLMs, retrieval-augmented generation, agentic workflows, and relational databases to deliver documented, inspectable, and auditable security operations." (24:48)

He underscores the importance of AI systems being adaptable and secure, demonstrating Krogel’s capability to operate in isolated environments without compromising functionality.

d. Optimism Amidst Challenges

Reflecting on the industry's direction, Manzi shares his optimism:
"The cybersecurity community is at an AI inflection point, ready to harness new technologies to protect and innovate, which is incredibly energizing." (26:54)

7. Disney Hacker Pleads Guilty

Timestamp: 27:00

In a dramatic turn of events, 25-year-old Ryan Kramer, alias Null Bulge, has pled guilty to hacking into Disney’s Slack environment. Kramer infiltrated Disney’s internal communications by distributing malware-laced AI image generators disguised as legitimate GitHub programs. Once an unsuspecting employee downloaded the malware, Kramer gained access to vital digital keys, including those stored in 1Password.

Dave Bittner narrates:
"Kramer used these keys to access nearly 10,000 Slack channels, posing as a Russian hacktivist group and threatening to leak Disney’s secrets unless a ransom was paid." (30:00)

When the employee did not comply, Kramer followed through by posting the stolen data on breach forums. Facing up to 10 years in prison, this case underscores the severe repercussions of cyber blackmail and unauthorized data access.

8. Closing Remarks and Additional News

The episode concludes with mentions of additional cybersecurity solutions and advice, including:

Attack Path Management:
Highlighted by SpectreOps, this tool helps identity and security teams visualize and mitigate identity attack paths, reducing risks associated with privileged account compromises.
Compliance Automation with Vanta:
Vanta offers a platform that automates up to 90% of compliance work for frameworks like SOC 2, ISO 27001, and HIPAA, significantly reducing the time and cost associated with achieving audit readiness.

Conclusion

This episode of CyberWire Daily delves into the pressing cybersecurity threats and developments as of May 2025. From the active exploitation of Samsung’s Magic Info CMS flaw to significant shifts in U.S. cybersecurity funding, the episode provides comprehensive coverage of the evolving threat landscape. The insightful interview with Manzi Mirza further highlights innovative solutions to modern security challenges, emphasizing the critical role of AI and streamlined security operations in safeguarding organizations against sophisticated cyber threats.

For more detailed information on today's stories, listeners are encouraged to visit the CyberWire website and engage with additional resources provided.

This summary captures the essential discussions, insights, and conclusions from the CyberWire Daily episode. Notable quotes have been attributed with corresponding timestamps to enhance understanding and provide context for key points.

Loading summary

Transcript39 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K.
[00:12]
Manzi Mirza
And now a word from our sponsor. Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate Darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire a critical flaw in Samsung's CMS is being actively exploited President Trump's proposed 2026 budget aims to slash funding for CISA. Click Fix malware targets both Windows and Linux systems through advanced social engineering. CISA warns of a critical langflow vulnerability actively exploited. A new supply chain attack targets Linux serv using malicious Go modules found on GitHub. The venom spider Threat group targets HR professionals with fake resume submissions. The Luna Moth group escalates phishing attacks on U.S. legal and financial institutions. The treasury aims to cut off a Cambodia based money laundering campaign. Our guest is Manzi Mirza, co founder and CEO of Krogle. Discussing the CISO's conundrum in the face of AI and malware, mouse ears and mayhem. A Disney hacker pleads guilty Foreign It's Tuesday, May 6, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. Great to have you with us. A critical flaw in Samsung's Magic Info 9 server CMS is being actively exploited just days after a proof of concept code went public, Arctic Wolf warns. With a CVSS score of 8.8, the vulnerability allows unauthenticated attackers to upload and execute malicious files with system level privileges. The flaw stems from improper input validation, enabling arbitrary file rights through crafted Java server pages. Remote code execution is possible, though Samsung patched the bug in a version released in August of 2024. Arctic Wolf detected exploitation starting April 30th of this year following public disclosure. With an easy path to exploitation and public proof of concept code available, experts expect continued targeting. Organizations using Magic Info are urged to update immediately to avoid potential attacks. Turning to Washington, President Trump's proposed 2026 budget aims to slash funding for the Cybersecurity and Infrastructure security agency by $491 million. That's about 17%, the cuts currently symbolic and requiring congressional approval are framed as an effort to dismantle what the administration calls the censorship industrial complex. The White House accuses CISA of prioritizing misinformation, policing over its core mission of protecting critical infrastructure and election security. The budget would eliminate programs related to misinformation, international outreach and public engagement, accusing them of violating free speech and mismanaging resources. The move follows Trump's long standing unfounded claims that the 2020 election was stolen. CISA's minimal presence at this year's RSA conference and a surprise keynote by Homeland Security Secretary Kristi Noem signal the agency's shifting status. While CISA faces cuts, the Department of Homeland Security would see a $43 billion increase for border security and deportations. TSA and FEMA are also targeted for reductions, sparking early resistance from lawmakers. A new malware campaign dubbed ClickFix is targeting both Windows and Linux systems through advanced social engineering. Hackers have created convincing Ministry of Defense website clones in multiple countries, tricking defense workers into downloading fake security updates. The malware, first seen in April of this year, spreads via spear phishing emails and uses spoofed domains with slight misspellings to appear legitimate. Once installed, it exploits system specific vulnerabilities using a hidden PowerShell task on Windows and a fake service on Linux to maintain access and steal data. ClickFix's Realism and Cross platform design make it hard to detect. Researchers at Hunt IO uncovered the campaign after spotting suspicious traffic from defense contractor networks. Security agencies have since confirmed breaches at several mid level contractors and two government agencies. Attribution is still unknown, but the operation shows hallmarks of a well funded threat actor. Experts recommend stricter verification of official communications and improved endpoint defenses. CISA has issued an alert about a critical Langflow vulnerability actively exploited in the wild. Langflow, an AI development framework, is affected by a code injection flaw in its validation endpoint, allowing remote code execution without authentication. The bug, present in versions before 1.3.0, was detailed by Horizon 3 AI, which released proof of concept exploit code, while recent versions add authentication. Full mitigation may require restricting network access. Agencies must patch by May 26, per federal directives. A recent supply chain attack targets Linux servers using malicious Go modules found on GitHub, which deliver a disk wiping bash script named Dun Shop. The attack uses three obfuscated Golang, Proto, Transform, GoMcP and TLSProxy to fetch and execute a payload that verifies it's on a Linux system before running a destructive DD command. This command overwrites the entire primary storage volume with zeros, rendering the system unbootable and all data unrecoverable. Researchers at Socket discovered the campaign in April of this year. The malicious modules impersonated legitimate developer tools to trick users. Because go's decentralized ecosystem allows similar module names, attackers can sneak destructive code into unsuspecting projects. Once the script is downloaded, it runs immediately, leaving no time to respond. All three malicious modules have since been removed from GitHub, but developers are urged to vet dependencies carefully to avoid catastrophic damage. The Venom Spider threat group is targeting HR professionals with malware disguised as fake resume submissions. According to Arctic Wolf, attackers are sending phony job applications and links to fake personal websites. These sites display a captcha to appear legitimate, then prompt the user to download a resume, which is actually a malicious zip file. This file contains the More Eggs malware, a JavaScript based remote access tool that steals credential and gives attackers backdoor access. Historically focused on e commerce and payment platforms, Venom Spider has now shifted to targeting HR portals and job boards like LinkedIn, putting nearly every industry at risk. The group uses cloud infrastructure, anonymous domains and evasive communication methods to avoid detection. The campaign is especially dangerous because HR staff are expected to open emails and files from unknown sources, making them ideal targets under high volume hiring pressures. The Luna Moth Group, also known as Silent Ransom Group, is escalating its callback phishing attacks on US Legal and financial institutions. These campaigns impersonate IT support staff via email and phone, tricking victims into calling fake help desk numbers. Victims are then persuaded to install remote monitoring tools like AnyDesk or Zoho Assist, granting attackers direct access to their systems. Luna Moth avoids malware, relying entirely on social engineering. Once inside, they search for sensitive data and exfiltrate it using tools like WinSCP or rClone. The attackers then extort victims, threatening to leak stolen data unless ransoms are paid. The group has registered dozens of typo squatted domains to support this scheme and remains difficult to detect due to its use of legitimate software. Organizations are advised to restrict unused RMM tools and block known Luna Moth infrastructure. The US treasury has begun the process of cutting off Cambodia based Huion Group from the dollar financial system, citing its role in laundering billions for North Korea and Southeast Asian cybercriminal groups. Huion facilitated scams and laundered over $4 billion from 2021 to early 2025, including $37 million tied to North Korean cyber activities. The company operates Huion Guaranty, a massive illicit online marketplace that, according to Chainalysis and Elliptic, has processed up to $49 billion in crypto transactions, far surpassing past Darknet markets like Hydra. Huion's network includes crypto and payment services that support scams and money laundering. The US Aims to disrupt Huion's financial operations, with treasury officials labeling it a central hub for global cybercrime. The move follows a broader crackdown on cyber scams in east and Southeast Asia, where organized crime thrives amid weak enforcement and systemic corruption. Coming up after the break, my conversation with Manzi Mirza, co founder and CEO of Kroger. We're discussing the CISO's conundrum in the face of AI and malware, Mouse ears and mayhem, a Disney hacker pleads guilty. Stick around. Traditional pen testing is resource intensive, slow and expensive, providing only a point in time snapshot of your application's security, leaving it vulnerable between development cycles. Automated scanners alone are unreliable in detecting faults within application logic and critical vulnerabilities. Outpost 24's continuous pen testing as a service solution offers year round protection with recurring manual penetration testing conducted by Crest Certified pen testers, allowing you to stay ahead of threats and ensure your web applications are always secure. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed. When it comes to hiring Indeed is all you need. Stop struggling to get your job post noticed Indeed's sponsored Jobs helps you stand out and hire Fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit to get your jobs more visibility@indeed.com cyberwire just go to indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need.
[14:24]
Dave Bittner
Foreign.
[14:30]
Manzi Mirza
At last week's RSAC conference in San Francisco, I caught up with Manzi Mursa Co founder and CEO of Krogle. In today's sponsored interview, we discuss the CISOs conundrum in the face of AI.
[14:44]
Unknown
And we are here at RSAC 2025. And joining me, I feel like it's old home week. Nice to speak once again with Manzi Mirza. Today you are with Krogel. You're the CEO and co founder of that company. We spoke, of course, in your past. You were with Splunk for many, many years.
[15:02]
Manzi Mirza
It's great to have you back.
[15:03]
Dave Bittner
Yeah, great to be back. Good to see you.
[15:05]
Unknown
So let's start off just for folks who may not be familiar with the new company, how do you describe it?
[15:11]
Dave Bittner
Krogel works on tickets. It's a autonomous analyst. It's a knowledge engine that investigates alerts, executes threat hunts, and documents all of its work. So when you have thousands of alerts coming in, you need someone or something to look at those alerts and operate on them so the analysts can really focus on things that are important.
[15:32]
Unknown
Well, take me through the journey here. I mean, as you and your colleagues were thinking about starting this up and is this a thing? Would this work? Like, what was the problem that you thought you could solve? What was the itch that you thought you could scratch?
[15:47]
Dave Bittner
So I was an executive at Databricks for many years, and then I had this idea to do something. So instead of starting a company, I actually went and worked for one of the largest banks in the world. And two, I really wanted to feel the pain of security operators because I thought, surely, you know, by 2023, these problems have been. Have been resolved. And two big surprises which caused us to really focus Krogle in the way that we did. The first big one was analysts told us over and over again that the tools were in their way. And leaders said, well, I don't have enough people. So we found, like, that's like an interesting juxtaposition. And we said, what if we created a product that would make every security analyst as effective as the entire team? Now, for the analysts listening in the room, right, they know that's a ridiculous proposition. But then the question is, what would have to happen? So that was the nexus point to start to create Krogle, to say, what would we have to build to really enable and empower the analysts to really exercise their intuition and be as good as they want to be without creating a tool that actually impedes them. And that's how we started to work on Krogle. And we started two years ago.
[16:59]
Unknown
Well, so help us understand when you say the tools getting in the way for the analysts. What does that look like day to day? What's that frustration there?
[17:08]
Dave Bittner
Yeah, so I learned this firsthand because I went into a very sophisticated organization as an analyst. So when an alert comes in, usually you have lots and lots of tools at your disposal to go and investigate the alert. You might have something sitting in a data lake, you might have something sitting in your EDR system. So just within those two capacities, now I have to know how to write a query against my data lake, and then I have to extract that out, and then I have to know how to write a query against my ADR system. And now I got to connect these two. We're just at 2 right now. Average organization has like 45 plus security technologies and tooling. So I have to. So the tool is in the way, in the sense that now I have to know all the schemas, I have to know where all the data sits, where the different types of data sits. And then I have to integrate the results that I'm getting. Even though I know what to do, I know how to investigate a malware alert. But what I don't, or I can't remember as a human is where is the data? Where do I go first, where do I go next, how do I write the query? And so the tool is, the tools are actually getting in my way to do my job.
[18:11]
Unknown
Okay, and so what does the other side of that look like? What sort of things are you all providing to get rid of those barriers?
[18:19]
Dave Bittner
So we sat down and we said, okay, if we want to make every analyst as effective as the entire team, what laws of physics would we have to break? So the first one, we said, okay, if you really want to do this, you have to have a system that says you don't have to normalize your schema, because every analysis system says you have to normalize your schema and then you can start to work on it. But we know from experience from all these prior companies that nobody's data is normalized even within one tool, let alone across multiple data lakes. And so that was number one. So we said, okay, we have to build a system that does it. So we built a knowledge graph that creates a semantic layer on top of the enterprise data lakes, so that if something is called source IP over here or sashimi over there, it doesn't matter, we can still help the analyst execute, execute that query without having to write the query language for those two systems, because we now have understanding. The second thing that we focused on was Process. The first is a data problem, the second is a process problem. What do analysts know? Well, they know what to do, but they want it to be repeatable because Bob wants to share his work with Alice. And between the two of them, as a team, they do better work. So create a mechanism to. To learn a process from Bob's work and learn a process from Alice's work, such that when the third person comes in, they can benefit from the work of those two people. So data and process, and those are the two building blocks on which the whole system that we created is built.
[19:55]
Unknown
Let's shift gears from the analyst to the ciso. How is this sort of thing a lifestyle upgrade for the ciso?
[20:05]
Dave Bittner
Yeah, so I think from a CISO point of view, when I talk to CISOs and our customers, they are telling us their biggest challenge is they're looking at a bandwidth problem. And what they mean by that is that yesterday, let's say, before the emergence of AI in the general context, they had, let's say, 1,000 users or 5,000 users in their organization. And so the security teams were doing work to protect those 5,000 users or those 20,000 customers. Now, that AI is a part of the equation. The amount of work that any given user can do, or the amount of expectation and work that any given customer is doing has increased by a very large order of magnitude. So it's almost analogous to what they're saying is I have 10 times more customers, I have 10 times more users, so now I have to protect in that environment. And these CISOs were already encumbered by not being able to respond to alerts. I mean, the thousands of alerts that they were receiving before, now all of a sudden there's a whole bunch more. So now they have this bandwidth issue of how do I respond to this increase. Their budgets are not increasing, but they want to respond to this. So they're saying, well, I need something to actually do the job. So when I go and talk to them, they're like, don't talk to me about AI. That's fine. You have AI, Everybody has AI. It's all good. Don't talk to me about AI. Talk to me. What are you actually going to do? And so our mantra is very simple. Kroger works on tickets so that the analysts can focus on things that are really important and the work can actually be done for you. And so it's that bandwidth issue. Now, why is that a bigger, broader issue? So when I asked them, okay, so what are your choices then? So they're Telling us their choices are one, well, I could try to build this capability in house. And they understand if they're in a manufacturing business or the government agency, their job is not to build products and maintain products over their life cycle. They're like, well, I tried. And then I asked them, well, why are you trying this by yourself? And they say, well, my SIM experiment failed or my SOAR experiment failed. I'm not really trusting the industry to see the path forward. So I'm going to do this on my own because I haven't seen anything that actually works. And then the second part of that is, okay, well then why don't you go do it? And they say, no, we don't really want to do it. We need a system to do this for us. Okay, well what do you need? And that's where we got the interest of them telling us we need a system that appreciates the fact that data is not normalized. And we need a system that creates reproducible outcomes that is rooted and anchored in processes. And so that's what we're building.
[22:41]
Unknown
You mentioned a couple of times the benefit of, of sort of separating yourself from the need to have the data normalized. Can we dig into that a little bit? Explain that to me.
[22:53]
Dave Bittner
So as an analyst, when I go, if I'm working on something, I have to touch lots and lots of systems. Each system has a different schema and when we are in a different query language. And so I have to learn that and I have to memorize that. And so the conventional wisdom has always been, whether you look, you know, anyone who's selling a data lake or has a data lake product, says, we'll just put all your data in this one data lake. Now what we are experiencing now is that's not true. People are living in cloud, multi cloud, hybrid. So that's the problem statement. So now the question is, okay, how are you going to learn this? So we built a system that essentially builds this knowledge graph across all these different data lakes. And the way we do that is we're essentially emulating the way the analysts work because the analyst doesn't say, oh, data is not normalized. Sorry, can't work here anymore. Right. They work through the problem. And so we talk to tons and tons of analysts, say, how do you work through the problem? And so they explained to us, and we essentially patent this ability. Now we have a patent for this to go in and connect to a system and learn what kind of data is in that system and learn how that data is related to another Data set in another system. And so we are creating this semantic layer of knowledge across so that the analyst now doesn't have to remember anything.
[24:18]
Unknown
I see, so this is work that the analysts were already doing, maybe without even realizing it. All of these adapting to all these different systems. So you take that burden off of them.
[24:31]
Dave Bittner
Yes.
[24:32]
Unknown
And so they can cross talk. That's really interesting. Well, it is RSA. It is 20, 25. You said the magic word AI.
[24:42]
Dave Bittner
Hopefully I didn't say it too many times.
[24:44]
Unknown
No, no, no. Right. Is there an AI component that folks should know about?
[24:49]
Dave Bittner
Yes. I think the biggest thing that we learned as we started the company is we like to call it a compound AI system. There is no singular sort of mechanism here. So as an example, our technology uses an LLM, we use a retrieval augmented generation capability, we have an agentic workflow, we even use a relational database. And so AI is not just like a singular entity. It is a combination of things working together to produce an outcome. In our case, the outcome being work on tickets in a responsible way such that it's documented, it is inspectable and it is auditable. And that's really the thing around AI that is most important for I think most people to understand. And I think the other piece, which a lot of folks are not talking about, which I think we are sort of the, we're proving that to be true, which is not conventional wisdom, is so for example, we have a customer today that's running Kroger in an Internet disconnected environment, fully functional. So it's a self contained customer managed system. So even that is possible. Just like, you know, so there's two big physics things that we broke. Right. The first thing we broke was, well, you don't have to normalize your data. How dare you even say that out loud? Right? But yes, you don't have to normalize your data. There's a way to solve that problem and solve outcomes. The other one was there's no way that you can package this system up, this compound AI system up to make it customer managed and fully private and completely in the customer's control. So we solve that problem. So it's possible to do it. We have customers who are using it. And so that's the thing I think about AI, that I think it would be really cool for more people to understand.
[26:39]
Unknown
Well, before I let you go, let's go back up to the, you know, 50,000 foot view here. As you're walking around here at RSIC, what gives you hope?
[26:49]
Manzi Mirza
What, what are you optimistic about?
[26:51]
Unknown
What are the positive things you're seeing from this industry?
[26:54]
Dave Bittner
Well, first I see still a lot of interaction, a committed community that is yet at another inflection point. Like we have the mobile inflection point, the high speed networks in place, big data inflection point. We're at this AI inflection point and this community has always been ready to take on the unknown. And there's so many people that have had so many conversations in meetups and on panels and different discussions. The community is ready to work and to look forward both from the perspective of what will AI be used for to help protect, but also what will AI be used for to build, bring together a new environment and a new ecosystem for us. So that is very energizing for me and I see that that's very energizing to a lot of people.
[27:38]
Manzi Mirza
Yeah.
[27:39]
Unknown
All right, well, Manzi Mirza is CEO and co founder of Progel.
[27:43]
Manzi Mirza
Manzi, thank you so much for taking.
[27:45]
Unknown
The time for us.
[27:45]
Dave Bittner
Thanks for having me, Dave. It's a pleasure talking to you.
[27:47]
Manzi Mirza
Yeah, take care.
[27:48]
Dave Bittner
Yeah. Thank you.
[27:58]
Manzi Mirza
Foreign let's be real. Navigating security compliance can feel like assembling IKEA furniture without the instructions. You know you need it, but it takes forever and you're never quite sure if you've done it right. That's where Vanta comes in. Vanta is a trust management platform that automates up to 90% of the work for frameworks like SoC2, ISO 27001 and HIPAA, getting you audit ready in weeks, not months. Whether you're a founder, an engineer, or managing IT and security for the first time, Vanta helps you prove your security posture without taking over your Life. More than 10,000 companies, including names like Atlassian and Quora, trust Vanta to monitor compliance, streamline risk and speed up security reviews by up to five times. And the roi. A recent IDC report found Vanta saves businesses over half a million dollars a year and pays for itself in just three months. For a limited time, you can get $1,000 off vanta@vanta.com cyber. That's v a n t a dot com. And finally, in a tale worthy of a Disney villain, 25 year old Californian Ryan Kramer, alias Null Bulge, pled guilty to hacking into Disney's slack and stealing 1.1 terabytes of internal data with a malware laced AI image generator disguised as a legit program on GitHub. One unsuspecting Disney employee downloaded the malware, unknowingly handed over his digital keys, including those stored in one password. Kramer used them to sneak into Disney's Slack like a tech savvy Ursula grabbing data from nearly 10,000 channels. Then, with the flare of a B movie hacker, Kramer posed as a Russian hacktivist group, threatening the employee to stay quiet or face the public dump of Disney's secrets. When the employee didn't bite, Kramer made good on the threat and posted the massive haul on breach forums. Kramer now faces up to 10 years in prison, proving once again that trying to blackmail a mouse never ends well. And that's the CyberWire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. SA.
[32:07]
Dave Bittner
Foreign.
[32:11]
Manzi Mirza
What'S the common denominator in security incidents? Escalations and lateral movement. When a privileged account is compromised, attackers can seize control of critical assets with bad directory hygiene and years of technical debt. Identity attack paths are easy targets for threat actors to exploit, but hard for defenders to detect. This poses risk in active directory, entra, ID and hybrid configurations. Identity leaders are reducing such risks with attack path management. You can learn how attack path management is connecting identity and security teams while reducing risk with Bloodhound Enterprise, powered by SpectreOps. Head to Spectrops IO today to learn more. Spectrops See your attack paths the way adversaries do SA.