CyberWire Daily: "Pennies for Access" – February 19, 2025

Host: Dave Buettner, Powered by N2K Networks

Introduction

In the February 19, 2025 episode of CyberWire Daily, host Dave Buettner delivers a comprehensive overview of the latest cybersecurity threats, vulnerabilities, and regulatory developments. The episode, titled "Pennies for Access," delves into critical issues affecting corporate and military networks, significant cyberattacks, emerging ransomware threats, and sweeping cybercrime reforms in Russia. Additionally, the episode features an insightful Certbytes segment focused on the ISC2 SSCP certification exam.

Key Stories and Analyses

1. Credential Theft Threatens National Security

Timestamp: [00:02] - [12:30]

Dave Buettner opens the briefing by highlighting a severe national security concern: widespread credential theft facilitated by infostealer malware. According to research from Hudson Rock, cybercrime marketplaces are selling credentials from major defense contractors like Lockheed Martin and Boeing, as well as from U.S. military and government agencies, for as little as $10 per log. These stolen credentials often include active session cookies, enabling attackers to bypass multi-factor authentication.

Notable Quote:

"Stolen credentials may expose classified systems, procurement details and mission critical intelligence experts warn this poses a major national security threat."
– Dave Buettner [02:15]

The episode underscores how even organizations not directly infected can be compromised through their partners or vendors, urging immediate password resets and forensic investigations to mitigate potential breaches.

2. Federal Judge Denies Block to Elon Musk’s Access to Sensitive Data

Timestamp: [12:30] - [16:00]

A federal judge has refused to block Elon Musk and his entity, Department of Government Efficiency (DOGE), from accessing sensitive federal data, despite privacy and oversight concerns raised by 14 state attorneys general. The lawsuit failed to demonstrate imminent irreparable harm, leading the White House to maintain that Musk serves merely as a senior adviser to President Trump, not the head of DOGE.

Notable Quote:

"The White House shifted its legal stance, arguing that Musk is merely a senior adviser to President Trump and not Doge's leader."
– Dave Buettner [14:45]

Controversy surrounds DOGE's access to key agencies like Commerce, Energy, and Health and Human Services, with reports of financial data being fed into AI software via Microsoft Azure. A General Services Administration (GSA) worker recently resigned in protest over concerns about unvetted employees gaining unchecked access to sensitive systems.

3. Insight Partners Confirms January Cyber Attack

Timestamp: [16:00] - [18:00]

New York-based Insight Partners confirmed a sophisticated social engineering attack in January 2025. Detected on January 16, the breach was swiftly contained without impacting operations or posing risks to portfolio companies, including notable cybersecurity firms like Sentinel One, Wiz, and Recorded Future. Insight Partners, managing $90 billion in assets and overseeing over 800 companies, is actively investigating the incident with cybersecurity experts.

4. Blacklock Ransomware Group on the Rise

Timestamp: [18:00] - [21:30]

Security researchers have identified Blacklock as a rapidly growing ransomware-as-a-service (RaaS) group, experiencing a 1,400% increase in data leak posts in late 2025. This group distinguishes itself through custom-built malware and data leak site defenses that complicate victim access to stolen data, thereby increasing ransom pressure.

Notable Quote:

"Blacklock operates heavily on the Ramp forum, collaborating with affiliates, developers and initial access brokers to accelerate attacks."
– Dave Buettner [18:45]

Organizations are advised to strengthen synchronization rules, enforce multi-factor authentication (MFA), restrict Remote Desktop Protocol (RDP) access, and secure ESXi hosts to mitigate Blacklock’s sophisticated attack vectors.

5. OpenSSH Vulnerabilities Patched

Timestamp: [21:30] - [24:00]

Qualys reported two critical vulnerabilities in OpenSSH, both now patched in the latest version. The first vulnerability allows denial of service (DoS) attacks via small ping messages that can overload system resources, while the second enables man-in-the-middle (MITM) attacks on clients with Verify Host key DNS enabled—a setting previously default in FreeBSD from 2013 through 2023.

Notable Quote:

"Admins should update immediately, disable Verify Host key DNS and monitor SSH traffic for anomalies."
– Dave Buettner [22:30]

Organizations are urged to apply the latest updates released on January 31st to protect against these exploits.

6. Russian Threat Actors Exploit Signal’s Link Devices Feature

Timestamp: [24:00] - [26:00]

The Google Threat Intelligence Group has reported that Russian state-aligned hackers, including the Sandworm group, are exploiting Signal’s Link Devices feature in phishing campaigns. Victims are deceived into scanning malicious QR codes that link their Signal accounts to attacker-controlled devices, allowing for unauthorized access to secure conversations.

Notable Quote:

"This device linking attack is hard to detect and can persist unnoticed."
– Dave Buettner [25:15]

Users are advised to update Signal, use strong passwords, be cautious with QR codes, and enable two-factor authentication to enhance security.

7. Critical Vulnerability in GFI Karyo Control Firewalls

Timestamp: [26:00] - [28:00]

Over 12,000 GFI Karyo Control Firewalls remain exposed to a critical remote code execution (RCE) vulnerability discovered in December 2024. Despite a December security update, more than 23,800 instances were still vulnerable weeks later, predominantly in Iran, the U.S., Italy, and Germany. The vulnerability allows for one-click RCE attacks through improper input sanitization, leading to HTTP response splitting and cross-site scripting (XSS) exploits.

Notable Quote:

"With a public proof of concept available, even low skilled hackers can exploit the flaw."
– Dave Buettner [27:30]

Organizations are instructed to update to the latest version released on January 31st immediately.

8. CISA Issues ICS Security Advisories

Timestamp: [28:00] - [30:00]

The Cybersecurity and Infrastructure Security Agency (CISA) has released two Industrial Control Systems (ICS) security advisories addressing critical vulnerabilities in Delta Electronics, CNCsoft G2, and Rockwell Automation Guardlogix controllers. These systems are widely used in manufacturing, energy, and critical infrastructure sectors.

• Delta Electronics: Memory corruption flaw allowing remote code execution via malicious DPAX files.
• Rockwell Automation Guardlogix: Denial of service vulnerability in CIP message processing.

Notable Quote:

"CISA urges patching segmentation, VPN use and intrusion detection to secure OT environments."
– Dave Buettner [29:45]

Federal contractors like HealthNet Federal Services and Centene Corporation have faced significant penalties for cybersecurity non-compliance, emphasizing the DOJ’s commitment to enforcing cybersecurity standards among entities handling sensitive government data.

Certbytes Segment: ISC2 SSCP Exam Insights

Timestamp: [13:55] - [25:36]

The Certbytes segment features Chris Hare and Stephen Burnley discussing the ISC2 SSCP (System Security Certified Practitioner) exam. They address study strategies, including the use of flashcards to master terminology and acronyms essential for the exam's practical and scenario-based questions.

Notable Quote:

"Flashcards are great for times where you need to take exams that have heavy terminology."
– Chris Hare [18:27]

Chris presents a sample question targeting network access control (NAC) as a solution for managing systems that frequently disconnect from the company network, highlighting the importance of practical knowledge in operational security.

Russia Unveils Sweeping Cybercrime Reforms

Timestamp: [27:40] - [29:54]

Concluding the episode, Dave Buettner reports on Russia's new cybercrime reforms aimed at combating hackers through harsher penalties, asset seizures, and public trials. Under the new laws, cybercriminals could face up to 15 years in prison, loss of crypto assets, and a decade-ban from IT jobs. Banks are empowered to instantly freeze accounts tied to cybercriminals, and government agencies receive expanded surveillance capabilities.

Notable Quote:

"Whether these measures actually reduce cybercrime or just increase state control remains to be seen."
– Dave Buettner [28:30]

Critics express concerns that public trials might expose security weaknesses and that expedited extradition demands could strain diplomatic relations with countries reluctant to repatriate hackers.

Conclusion

The "Pennies for Access" episode of CyberWire Daily provides an in-depth analysis of current cybersecurity challenges, emphasizing the critical nature of credential security, the rise of sophisticated ransomware groups, and the ongoing evolution of cybercrime legislation. With expert insights and actionable recommendations, the episode serves as a crucial resource for cybersecurity professionals aiming to stay ahead in a rapidly changing threat landscape.

Additional Resources

• JoinDeleteMe: Protect your data privacy by removing personal information from data brokers. JoinDeleteMe.com/N2K (Promotional Offer: 20% off with code N2K)

• ThreatLocker: Comprehensive cybersecurity solutions to control unauthorized applications and secure sensitive data. ThreatLocker.com

• N2K Practice Tests: Enhance your certification readiness with N2K’s practice exams. Visit N2K.com/certify

Credits:

• Senior Producer: Alice Carruth
• Producer: Liz Stokes
• Mixing: Trey Hester
• Music & Sound Design: Elliot Peltzman
• Executive Producer: Jennifer Ibin
• Publisher: Peter Kilpe

Thank you for tuning into CyberWire Daily. Stay secure and informed.