PAN-ic mode: The race to secure PAN-OS. - CyberWire Daily

Summary7 min read

Podcast Summary: CyberWire Daily – "PAN-ic Mode: The Race to Secure PAN-OS"

Release Date: February 18, 2025
Host/Author: N2K Networks

1. Introduction

In this episode of CyberWire Daily, host Dave Buettner delivers a comprehensive overview of the latest cybersecurity threats and developments. The episode, titled "PAN-ic Mode: The Race to Secure PAN-OS," delves into critical vulnerabilities, emerging malware campaigns, and significant industry moves. Additionally, the episode features an insightful interview with Tim Starks from Cyberscoop, who discusses his recent conversations with former National Cyber Director Harry Coker and the implications of President Trump's choice for the new National Cyber Director.

2. Critical Vulnerabilities and Threats

a. Palo Alto Networks Firewall Vulnerability Exploitation

Palo Alto Networks confirmed that a recently patched vulnerability in their PAN-OS firewall is being actively exploited. Disclosed on February 12th, this flaw allows unauthenticated attackers to bypass authentication and execute PHP scripts via the PAN-OS management interface.

Details:
- Exposure: Approximately 3,500 PAN-OS management interfaces remain exposed.
- Exploitation: Exploit attempts began on February 13th, originating from nearly 30 unique IP addresses.
- Risk: The vulnerability can be chained with another flaw for remote code execution, posing severe risks to unpatched systems.
- Response: A proof-of-concept exploit is publicly available, prompting urgent patching recommendations from Palo Alto Networks.
Notable Quote:
- “Securing external-facing management interfaces is critical,” emphasized Dave Buettner ([02:45]).

b. CISA Warns of Active Exploitation in iOS and iPadOS

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning about a zero-day vulnerability in Apple’s iOS and iPadOS, actively exploited in targeted attacks.

Vulnerability: An authorization bypass in Apple's USB restricted mode allows attackers with physical access to disable security protections on locked devices.
Impact: Affects a wide range of Apple devices, including iPhone XS and later models.
Attribution: Similar attack methods resemble those used by state-sponsored groups like NSO Group.
Recommendation: CISA urges immediate updates before March 5th and the enforcement of physical security measures.
Notable Quote:
- “Users should update immediately and enforce physical security measures,” stated Dave Buettner ([05:30]).

c. Juniper Networks' Critical Security Advisory

Juniper Networks released a critical advisory for an API authentication bypass vulnerability affecting multiple products, including Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Router.

Severity: CVSS score of 9.8.
Exploit Ability: Allows unauthenticated attackers to gain full administrative control by injecting spoofed JWTs.
Potential Damage: Modify routing policies, intercept encrypted traffic, and move laterally across networks.
Mitigation: Patches are available as of February 18th. Organizations are urged to apply updates immediately and audit configurations.
Notable Quote:
- “Unpatched systems pose serious threats to SD, WAN, and 5G infrastructure,” warned Dave Buettner ([07:15]).

3. Emerging Malware Campaigns

a. Eager B Malware Framework Targeting Middle Eastern Entities

The Eager B malware framework is actively targeting government agencies and ISPs across the Middle East, including Saudi Arabia, the UAE, and Qatar.

Attribution: Linked to the Chinese-aligned group APT27.
Techniques: Utilizes advanced backdoor capabilities through DLL hijacking and process hollowing.
Recommendations:
- Patch exchange servers promptly.
- Monitor for modified DLLs.
- Review and secure service configurations.
- Perform immediate memory analysis due to minimal disk traces left by Eager B.

b. Proofpoint Documents New macOS Info Stealer

Proofpoint researchers identified Frigid Stealer, a new macOS information stealer linked to threat group TA569 (also known as Mustard, Tempest, and Purple Vallhund).

Campaign Details:
- Trick Mac users into downloading malware via fake update pages.
- Collaboration between TA569, TA2726, and TA2727 enhances the sophistication and distribution of malware like Lumasteeler, Deer Stealer, and Marcher.
Notable Quote:
- “Evolving collaboration among threat actors makes these campaigns increasingly sophisticated and harder to track,” noted Dave Buettner ([11:00]).

c. XCSSet Malware Variant Targeting macOS Users

Microsoft reported a new variant of XCSSet malware targeting macOS users. Originally discovered in 2020, this malware spreads through Apple Xcode and now employs new obfuscation techniques and enhanced persistence methods.

Capabilities:
- Steals data from chat apps.
- Injects JavaScript.
- Takes screenshots.
- Encrypts files.
Advancements:
- Randomizes payload generation.
- Manipulates Launchpad’s doc path for malware execution.
- Utilizes target rule and forced strategy methods in Xcode projects.

4. Phishing and Financial Scams

a. Tycoon 2FA Phishing Kit Exploitation

A new phishing campaign leverages the Tycoon 2FA phishing kit, disguised as timesheet notification emails to steal credentials and two-factor authentication codes.

Modus Operandi:
- Abuse of Pinterest's redirect service to bypass security filters.
- Directed victims to a malicious site hosted in Russia.
- Features obfuscated JavaScript, geofencing, and adaptive phishing forms mimicking trusted platforms like Microsoft 365, Salesforce, and banking portals.
Impact: Suggests collaboration with ransomware groups, making traditional perimeter defenses less effective.
Recommendations: Implement behavior-based detection systems and strict access controls.

b. JPMorgan Chase Blocks Zelle Payments to Combat Online Scams

JPMorgan Chase announced it will begin blocking Zelle payments to social media contacts starting March 23 to address the rise in online scams.

Background:
- Nearly 50% of reported fraud cases involving Zelle or wire transfers originated from social media between June and December of the previous year.
- Zelle’s lack of purchase protection makes it a prime target for scammers.
Policy Update:
- Zelle should only be used to pay trusted individuals.
- Chase may delay, decline, or block high-risk payments and request additional transaction details.
Legal Context:
- Follows a Consumer Financial Protection Bureau lawsuit against Zelle’s operator, Early Warning Services, and three major banks for insufficient consumer protections.

5. Interview with Tim Starks from Cyberscoop

a. Discussing Former National Cyber Director Harry Coker

In an engaging segment, host Dave Buettner interviews Tim Starks, senior CyberSecurity reporter at Cyberscoop, about his recent interview with former National Cyber Director (NCD) Harry Coker.

Key Insights:
- Role and Authority: Coker emphasized the need for the NCD to take a more active leadership role in harmonizing cybersecurity regulations across agencies and sectors.
- Funding Concerns: Coker highlighted insufficient funding for state, local, tribal, and territorial governments, affecting their cybersecurity capabilities.
- Achievements:
  - Development and implementation of the National Cyber Security Strategy.
  - Efforts to improve secure internet routing and promote secure-by-design coding practices.
- Personal Reflections: Coker expressed satisfaction with the progress made but acknowledged that significant challenges remain.
Notable Quotes:
- “We can take a stronger role on certain things,” stated Tim Starks ([15:52]).
- “The writing of the National Cyber Security Strategy and then implementing it... was remarkable,” Tim added ([18:10]).

b. Analysis of President Trump's Choice for New National Cyber Director

The discussion shifts to President Trump's nomination for the new National Cyber Director, highlighting the nominee's limited cybersecurity experience.

Candidate Profile: Sean Ken Cross, with minimal background in cybersecurity, primarily involved in the Republican National Committee (RNC).
Concerns Raised:
- Lack of direct cybersecurity expertise raises questions about the administration's priorities.
- Potential implications for the Office of the National Cyber Director’s influence and effectiveness.
Notable Quotes:
- “It's fascinating that someone has so little experience on this,” commented Tim Starks ([22:45]).
- “Time will tell,” concluded the discussion, reflecting uncertainty about the nominee’s impact ([25:27]).

6. Digital Legacy and Estate Planning

In the closing segment, Dave Buettner addresses the importance of digital legacy planning. He emphasizes the need for individuals to create a digital directive to manage online accounts, social media, emails, and cloud-stored data after death.

Recommendations:
- Digital Directive: Outline who gains access to online accounts and specify the handling of digital assets.
- Credential Management: Store login information securely, preferably in a password manager.
- Legacy Contacts: Assign legacy contacts for platforms like Apple, Google, and Facebook to prevent accounts from being misused or becoming inaccessible.
Final Advice:
- “Plan ahead and save your loved ones the headache,” urges Dave Buettner ([27:30]).

Conclusion

This episode of CyberWire Daily offers a deep dive into pressing cybersecurity issues, from active exploitation of critical vulnerabilities to emerging malware threats and evolving phishing tactics. The insightful interview with Tim Starks provides a nuanced perspective on the strategic direction and leadership within the national cybersecurity landscape. As cyber threats continue to evolve, the episode underscores the importance of proactive measures, strategic planning, and informed leadership in safeguarding digital infrastructure.

Feedback and Further Engagement:
Listeners are encouraged to share their thoughts and ratings on their favorite podcast platforms and provide feedback via the show’s survey or email at cyberwire2k.com.

Credits:

Senior Producer: Alice Carruth
CyberWire Producer: Liz Stokes
Mixing: Trey Hester
Original Music and Sound Design: Elliot Peltzman
Executive Producer: Jennifer Ivan
Publisher: Peter Kilpe
Host: Dave Buettner

Loading summary

Transcript29 lines

[00:02]
Dave Buettner
You're listening to the Cyberwire Network powered by N2K. Your business needs AI solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, Prepare and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more@AI.domo.com that's AI.domo.com Palo Alto Networks confirms a recently patched firewall vulnerability is being actively exploited CISA warns of an actively exploited iOS vulnerability Juniper networks has issued a critical security advisory for an API authentication bypass vulnerability. The acting Commissioner of the Social Security Administration resigns after Elon Musk's team sought access to sensitive personal data of millions of Americans. The eager B malware framework is actively targeting government agencies and ISPs across the Middle East. Proofpoint researchers document a new macOS Info Stealer. A new phishing kit uses timesheet notification emails to steal credentials and two factor authentication codes. JPMorgan Chase will begin blocking Zelle payments to social media contacts to combat online scams. Our guest is Tim Starks from cyberscoop discussing his interview with former National Cyber Director Harry Coker and transferring your digital Legacy. It's Tuesday, February 18th, 2025. I'm Dave Buettner and this is your CyberWire Intel Brief. Thanks for joining us here today. It is great to have you with us. Palo Alto Networks has confirmed that a recently patched firewall vulnerability is being actively exploited. The flaw, disclosed on February 12, allows unauthenticated attackers to bypass authentication and execute PHP scripts via the Pan OS management interface. Threat intelligence firm Graynoise detected exploit attempts starting February 13th with attacks originating from nearly 30 unique IPs. The vulnerability can be chained with another vulnerability for remote code execution, posing a serious risk to unpatched systems. A proof of concept exploit is publicly available and researchers warn that roughly 3,500 Pan OS management interfaces remain exposed. Palo Alto urges immediate patching, emphasizing that securing external facing management interfaces is critical. Asset Note, which discovered the flaw Coordinated disclosure with Palo Alto arguing transparency helps defenders track attacks rather than leaving organizations vulnerable and in the dark. CISA has issued an urgent warning about a zero day vulnerability in Apple iOS and iPadOS actively exploited in targeted attacks. The flaw an authorization bypass in Apple's USB restricted mode, allows attackers with physical access to disable security protections on locked devices, potentially exposing sensitive data. Apple confirmed the exploit has been used in highly sophisticated attacks against high value individuals, possibly by state sponsored groups. The vulnerability affects a wide range of Apple devices, including iPhone XS and later models. Emergency patches were released on February 10th and CISA urges users to update before March 5th. While no specific surveillance vendors are named, the attack methods resemble those used by firms like NSO Group. Users should update immediately and enforce physical security measures. Juniper Networks has issued a critical security advisory for an API authentication bypass vulnerability affecting Session Smart Router, Session Smart Conductor and WAN Assurance Managed Router products. The flaw, with a CVSS score of 9.8, allows unauthenticated attackers to gain full administrative control by injecting spoofed JWTs, bypassing authentication checks. Attackers can exploit this flaw to modify routing policies, intercept encrypted traffic, and move laterally across networks. The vulnerability affects multiple software versions and requires network adjacency but no user interaction. Juniper discovered the issue through internal testing with no known exploitation. As of February 18, patches are available and cloud managed WAN assurance routers received automatic fixes. Organizations should apply updates immediately, audit configurations, monitor API requests, and implement network segmentation to mitigate risks. Unpatched systems pose serious threats to SD, WAN and 5G infrastructure. Turning to Washington, Michelle King, the acting commissioner of the Social Security Administration, resigned after Elon Musk's team sought access to sensitive personal data of millions of Americans. Musk's Department of Government Efficiency has been embedding in federal agencies, claiming to root out fraud and waste. The Social Security Administration, which manages $1.5 trillion in benefits, reported $71.8 billion in improper payments from 2015 through 2022, less than 1% of total disbursements. Musk's team sought access to an internal database containing financial, employment and medical records, raising serious privacy concerns. Former Social Security Administration Commissioner Martin O'Malley refuted Musk's claims of mass fraudulent payments, calling them baseless. Amid controversy, Trump's nominee for Social Security Administration leadership, Frank Bisignano, awaits Senate confirmation. The White House backs Musk's broader data access initiatives. The eager B malware framework is actively targeting government agencies and ISPs across the Middle east, including Saudi Arabia, the UAE and Qatar. Linked to the Chinese aligned APT27, the malware employs advanced backdoor capabilities through DLL hijacking and process hollowing. The UAE Cybersecurity Council urges organizations to patch exchange servers, monitor modified DLLs, and review service configurations. Immediate memory analysis is recommended as Eager B leaves minimal disk traces a new macOS malware campaign has emerged. On February 18, Proofpoint reported the discovery of Frigid Stealer, a new macOS info stealer linked to the TA569 threat group, also known as Mustard, Tempest, and purple Vallhund. TA569, previously known for fake updates and sock golish attacks, now collaborates with two new TA2726 and TA2727. TA2727 recently deployed frigid Stealer alongside Windows and Android malware, while TA2726 functions as a traffic distribution service. In early 2025, Proofpoint observed TA2726 redirecting traffic North American users to TA569 and others to TA2727, which distributed malware like Lumasteeler, Deer Stealer, and Marcher. The Frigid Stealer campaign detected in January of this year, tricked Mac users into downloading malware through fake update pages. Security experts warn that evolving collaboration among threat actors makes these campaigns increasingly sophisticated and harder to track. Meanwhile, a new XCSSet malware variant is targeting macOS users, Microsoft reports. Originally discovered in 2020, XCSSet spreads through Apple Xcode infecting systems when compromised projects are executed. It steals data from chat apps, injects JavaScript, takes screenshots, and encrypts files. The latest variant employs new obfuscation techniques, enhanced persistence, and novel infection methods. It randomizes payload generation, drops payloads into shell launch files, and manipulates Launchpad's doc path to execute malware. Microsoft also observed new payload injection techniques using target rule and forced strategy methods in XCODE projects. The malware continues to target digital wallets, notes, app data, and system files. With these upgrades, XCSSET remains a stealthy and evolving macOS threat. Cybersecurity researchers have uncovered a phishing campaign using the Tycoon 2 FA phishing kit disguised as timesheet notification emails to steal credentials and two factor authentication codes. Attackers abuse Pinterest's redirect service to bypass security filters before leading victims to a malicious Russian hosted site. Tycoon 2fa is evolving now, featuring obfuscated JavaScript, geofencing and adaptive phishing forms. Mimicking Microsoft 365, Salesforce and banking portals. This multi platform credential theft suggests collaboration with ransomware groups. Threat actors increasingly exploit trusted platforms like Pinterest to evade detection, rendering traditional perimeter defenses ineffective. Experts recommend organizations implement behavior based detection systems and strict access controls to counter these evolving threats. JPMorgan Chase will begin blocking Zelle payments to social media contacts starting March 23 to combat a rise in online scams. Nearly 50% of reported fraud cases involving Zelle or wire transfers between June and December of last year originated on social media. Zelle, a widely used digital payment service, offers fast bank to bank transfers but lacks purchase protection, making it a prime target for scammers. Chase's updated policy warns that Zelle should only be used to pay trusted individuals, not social media sellers. This change follows a Consumer Financial Protection Bureau lawsuit against Zelle's operator, Early Warning Services and three major banks, including Chase, accusing them of rushing Zelle to market without proper consumer protections. The lawsuit claims hundreds of thousands of users lost over $870 million. Chase may delay, decline or block payments deemed high risk and request additional transaction details to mitigate fraud risks. Coming up after the break, two Tim Starks from cyberscoop discusses his interview with former National Cyber Director Harry Coker and transferring your digital legacy Stay with us. Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant.
[13:51]
Tim Starks
Foreign.
[13:59]
Dave Buettner
Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try delete me. I have to say, delete me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com N2K and use promotion promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. It is always my pleasure to welcome Back to the show, Tim Starks. He is senior CyberSecurity reporter at Cyberscoop. Tim, welcome back.
[15:22]
Tim Starks
Hey, how are you doing, Dave?
[15:24]
Dave Buettner
I am doing well, thanks. I wanted to take this opportunity to kind of key off of two recent articles that you wrote for cyberscoop, one of the more recent than others. But I wanted to start with an interview that you did not too long ago with Harry Coker, who is the outgoing National Cyber Director. And I thought there were some really interesting insights that came from that interview. I was hoping you could kind of fill us in on some of the things you learned.
[15:53]
Tim Starks
Yeah, thanks. I talked to him just as he was about to leave office, and we really covered a huge waterfront. He did. I think one of the things that if you talk to enough government officials and ask them, does your office have enough authorities? They will always say, yes, we have enough. But I think the fact that he was on the way out maybe made him say, actually, maybe we probably do need to have a little bit more of an active role. You know, it's an organization that is a White House organization, essentially, but there's also the National Security Council, and they have their own prerogatives and their own powers. And he was making the case that, hey, we're ready to. We're ready to take more of a lead, is what he was saying. He wasn't badmouthing the nsc. It was just. That was just one point he made. He's like, we can take a stronger role on certain things. And one example that he gave of something he wishes he could have had a stronger role in was the legislation that would have said, listen, Office of National Cyber Director, you will have a leading role in deconflicting cybersecurity regulations and making them harmonize a little bit more closely from agency to agency, sector to sector. So that was an example of a concrete way in which I could change. We talked about everything under the sun. It felt like everything that his office does and what he still thinks are the biggest outgoing threats, what hasn't been solved and still has to be solved more. We could go almost anywhere with this. Dave.
[17:23]
Dave Buettner
Well, I mean, it's a remarkable interview, which is why I wanted to highlight it. It's an interesting moment in time that you captured, as you say, it's an opportunity for him to both look back and look forward. We touched a little bit about on the looking back, but I'd love to dig into that a little more. I mean, what are some of the things that he expressed as being achievements and were there More areas that he felt like they just sort of ran out of time or maybe they could have done better.
[17:52]
Tim Starks
Yeah, I think he was. There was a speech he gave that kind of coincided with this. And I think on the side of things that he thinks that going forward still needs to happen. And this is not necessarily just an ONCD thing, just using the acronym for his office. There's just not enough money going out on funds to help state, local, tribal, territorial governments. That was an area that just. He just doesn't think there's quite enough money. And so it's not just money, but it's also, you know, capability and personnel. All those things, of course, go relate to money. He liked the idea of ONCD teaming up with the Office of Management and Budget to give not just budget guidance, but guidance, direction, something a little bit more concrete to say, hey, this is something. If you look at what we do now, that's great, but we need to be having a more muscular role in that. As far as stuff that he thought that they did good or that they were doing well and could cite his accomplishment, he was of the mind that. Well, the writing of the National Cyber Security Strategy and then implementing it. You and I have talked about that strategy numerous times and how remarkable it was compared to other strategies. There's a lot of work that they've done on trying to get agencies to improve secure Internet routing, trying to get memory safe, coding language out there, trying to make everything secure by design, which is something that the CISA office has done a lot of work on as well. So there's a number of areas where he thought they had made some concrete difference and essentially said, yes, this office is worth having.
[19:35]
Dave Buettner
Beyond that, I mean, you know, sitting across from him, what was your impression of his state of mind? You know, how he was feeling about the legacy that he leaves behind with the agency.
[19:47]
Tim Starks
Yeah, he's an interesting guy that I don't know how much you had talked to him before he ever or anybody much really had talked to him before he took this role. So it was a little bit of a mystery box about what we were going to get out of him. I think he had a very interesting approach to things, and his idea was, we want to tackle the hard problems. And when you tackle the hard problems, you're not always going to win. You're not always going to get everything you want. And he had said that repeatedly. I want to tackle the hard problems. I want to tackle the hard problems. The quote at the end of the story where he talks about what was fun in the job. He said it was getting beaten up with friends and colleagues, trying to do the right thing. So it's just a fascinating approach to thinking, oh, I'm going to go through the wringer. It's going to be a bad thing that's going to happen to me. But it's going to be fun because we're going to be working on it. It's going to matter. And I think he, you know, I think he had a certain amount of peace of mind, even under those circumstances. He says, yes, I didn't win everything. But he knew he wasn't going to win everything. And I think that made it so he was a little bit at peace with whatever he got done.
[20:51]
Dave Buettner
Well, pivoting to an article you published recently, this is about President Trump making his choice for national cyber director. Who's in line here?
[21:01]
Tim Starks
Tim, this is another interesting pick. You might recall that at the time when they picked Harry Coker, he was a little bit out of the blue. I mean, I'd been hearing his name for a few weeks and eventually broke the story that he was going to be the pick. But what was interesting is that when he got picked, a lot of people said this guy doesn't have very much labor experience. And if you look at Sean Ken Cross, the pick for Trump, he has almost none. Coker had some for sure, and he worked at the nsa. He's a lifelong national security guy. Sean had a little bit of time in the White House where he intersected with national security. And other than that, there's just not a lot of cyber in his background. And even national security is not necessarily cyber security. So we don't really know the degree to which he has cyber experience. He worked in a, you know, he did sort of a foundation, he kind of fellowship job where he talked about emerging tech. And he has been an advisor to companies that are in the tech space. He was the chief operating officer, I think, twice at the RNC where, you know, I, I'm not making this up, Dave, but when I typed his name in to the Internet, just doing basic Google fuzz, I then also typed his name in Ann Cyber. And I got one link, one link.
[22:28]
Dave Buettner
When does that ever happen?
[22:29]
Tim Starks
No, I know it was him saying in 2016 that a Republican congressman saying that the RNC had been hacked was incorrect. That's it. So he's an interesting pick for that reason. And if you want to be more generous minded about what that could mean, I made this comparison to my editor recently. My editor right now, Greg Otto, is Someone who, who has a, has covered cyber security for a long time and gets it. Yeah, but I've had editors who don't know much about cyber security and don't, don't think much about it. And they bring a different perspective. They bring a different way of approaching the problem and approaching the way you write stories about it. So the fact that he is an attorney by training, you know, you can look that as a positive for how people conquer go after problems. The fact that he seems to be someone who's trusted by the Trump administration based on the fact that when he, when they made changes at the rnc, this was one of the guys they brought in to make those changes. And the fact that he's going to be maybe looking at it a little bit more fresh eyes than people who have been looking at it for a long time and are seasoned vets like me and you. You know, there's, there's, there's a potential that that could be an interesting thing, but it is, it is noteworthy that how little cyber experience there is in this and the person who's going to have, you know, what Congress intended. I almost hate saying this phrase, but they use it a lot. One throat to choke on cyber. The one person to go to when something was going on in cyber. So it's fascinating that someone has so little experience on this.
[23:53]
Dave Buettner
Yeah, like you said, I mean, I suppose charitably you could say that he has a good amount of leadership experience that he brings to the job. So that, and as you say, loyalty, I think, are priorities for, for this administration.
[24:08]
Tim Starks
Definitely. Definitely. You know, if you, if you were looking to pick somebody with cyber experience who had loyalty, you could have, you could find that. But they pick, they picked this man. And I'm not denigrating or judging or saying anything nice about the pick, for that matter. It's just, it is a fascinating dynamic that if you look at the number of people who served in this administration last time, who would like to serve in this administration this time, that you have cyber experience who could have taken this job on that exists, but instead they chose someone who, and by the way, who also are Trump adherents. People who like Trump and want to work for Trump.
[24:45]
Dave Buettner
Right.
[24:45]
Tim Starks
They, they nonetheless pick someone here who has less experience. And you could wonder whether this means that they're going to de. Emphasize the office. That's another potential way to interpret this. There's a lot of ways to interpret it. It's one of those kind of like, you know, Trump kind of classic Trump curveballs of like, okay, where did this come from? What's this gonna lead to? And we're far ways off from finding out what the actual goal of this was and what the outcome will be, to say the least. Yeah, well, he's got the nomination, but he's gotta be Senate confirmed. That's probably months away or a month or two at minimum. So it's gonna be a long ways away for us to find out what was really going on here, I think.
[25:24]
Dave Buettner
Yeah, well, as we so often like to say, time will tell.
[25:28]
Tim Starks
Yes, always.
[25:31]
Dave Buettner
Tim Starks is senior at cyberscoop. Tim, thanks so much for joining us.
[25:35]
Tim Starks
Thank you, Dave.
[25:51]
Zscaler Representative
And now a message from our sponsor. Zscaler, the leader in cloud security Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever. With AI tools, it's time to rethink your security. Zscaler Zero Trust+AI stops attackers by hiding your attack surface, making apps and IPs invisible eliminating lateral movement Connecting users only to specific apps, not the entire network. Continuously verifying every request based on identity and context Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@zscaler.com Security.
[27:07]
Samsung Representative
I can say to my new Samsung Galaxy S25 Ultra hey, find a keto friendly restaurant nearby and text it to Beth and Steve. And it does without me lifting a finger so I can get in more squats anywhere I can.
[27:18]
Dave Buettner
1, 1, 2, 3 will that be cash or credit?
[27:23]
Tim Starks
Credit.
[27:24]
New York Times Contributor
4 Galaxy S25 Ultra the AI companion that does the heavy lifting. So you can do you get yours@samsung.com compatible with select apps. Requires Google Gemini account results may vary based on input. Check responses for accuracy.
[27:42]
Dave Buettner
And finally, let's be honest, most of us spend more time online than in real life. But what happens to all that digital baggage when we log off for good? Estate planning usually focuses on money, property and who gets grandma's antique clock. But what about your social media, emails and cloud stored cat photos? If you don't leave instructions, your loved ones might be stuck navigating a bureaucratic nightmare of forgotten passwords and locked accounts. A handy guide from The New York Times suggests you start by creating a digital directive, a simple document outlining who gets access to your online accounts and what should happen to them. Keep your credentials in a secure password manager or an old school notebook. Just don't tape it to your monitor. And don't forget to assign a legacy contact for Apple, Google and Facebook, because if you don't, your profile could end up as a haunting reminder or worse, a playground for hackers. So plan ahead and save your loved ones the headache. And that's the Cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
[30:06]
Tim Starks
Sa.