Trump’s opening moves.

Dave Buettner

You're listening to the Cyberwire network, powered by N2K. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Deleteme. I have to say, Deleteme is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your delete me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.com n2k and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K President Trump rolls back AI regulations and throws TikTok a lifeline Attackers pose as Ukraine's cert UA tech support a critical vulnerability is found in the Brave browser. Sophos observes hacking groups abusing Microsoft 365 services and exploiting default Microsoft Teams. SETT researchers uncover critical flaws in tunneling protocols. A breach exposes personal information of thousands of students and educators. Oracle patches 320 security vulnerabilities. Kaspersky reveals over a dozen vulnerabilities in a Mercedes Benz infotainment system. Tim Starks from CyberScoop discusses executive orders on cybersecurity and the future of CISA on today's Threat Vector. David Moulton speaks with Dr. May Wang, CTO of IoT Security at Palo Alto Networks, about AI and how it's transforming IoT security. And honesty is not always the best policy. It's Tuesday, January 21st, 2025. I'm Dave Buettner and this is your Cyberwire Intel Brief. Foreign hello and thank you for joining us here today. It is great to have you with us. Donald Trump was sworn in as the 47th president of the United States yesterday amongst a flurry of executive orders signed during the first few hours of his second term. President Trump revoked a 2023 executive order by former President Biden aimed at reducing AI related risks to consumers, workers and national security. Biden's order required AI developers to conduct safety tests, share results with the government and establish testing standards under the Defense Production Act. Critics, including Republicans, claimed it stifled innovation. Meanwhile, Biden issued a separate order to support AI data centers energy needs, which Trump left intact, at least for now. TikTok resumed service in the US after President Trump announced an extension of the 90 day deadline for the company to secure a US buyer. The app had been shut down following a Supreme Court decision allowing a potential ban. Trump plans to issue an executive order to formalize the extension, but TikTok must still find a buyer to avoid another band. While accessible to existing users, the app remains unavailable for download on Google and Apple stores. Trump also suggested partial U.S. ownership of TikTok. Ukrainian researchers uncovered a cyber campaign where attackers posed as Ukraine's CERT UA tech support to gain access to devices via AnyDesk, a legitimate remote desktop tool. The hackers falsely claim to conduct security audits, exploiting trust and authority, Certua clarified. It only uses such tools with prior agreement and secure channels. The attackers, likely affiliated with Russia, often impersonate state agencies and apps. Ukraine faces a surge in cyber attacks, with Cert ua detecting over 4,300 incidents in the past year, a 70% increase. These attacks primarily involve malware, phishing and compromised accounts. Recent campaigns include phishing targeting military enterprises and fraudulent websites mimicking official platforms. Russian linked actors like Sandworm continue to exploit vulnerabilities, escalating cybersecurity challenges for Ukraine. A critical vulnerability in the Brave browser allows malicious sites to impersonate trusted domains in File select dialogs. The flaw misrepresents a site's origin during file uploads or downloads, enabling attackers to exploit user trust. When combined with an open redirect vulnerability on trusted sites, this issue can facilitate phishing and malware distribution, it was disclosed by bug hunter Sarif Mohammad Sajad. Sophos has observed two hacking groups, Stack5143 and Stack5777, abusing Microsoft 365 services and exploiting default Microsoft Teams settings to target organizations. These attackers, likely aiming for ransomware deployment and data theft, initiated chats and calls with internal users posing as tech support. Using legitimate Microsoft tools like Quick Assist and Teams, they gained remote access to victim devices, deployed malware, and performed reconnaissance. Stack 5143, first seen in November of last year, used spam messages followed by teams calls from accounts like Help Desk Manager. Attackers ran PowerShell commands, dropped malicious payloads, and installed backdoors. Techniques resemble those of FIN7, but with distinct methods. Stack 5777 employed similar tactics but focused more on manual actions, lateral movement and credential theft, even attempting to deploy Black Basta ransomware. Sophos emphasizes raising employee awareness of such advanced social engineering tactics. Critical flaws in tunneling protocols have left millions of devices, including home routers, VPN servers and CDNs vulnerable to exploitation. Discovered by top 10 VPN and researcher Matthew Vanhoff, these vulnerabilities allow attackers to hijack hosts for anonymous attacks, network access and powerful denial of service techniques like ping pong amplification. A scan revealed 4.2 million affected devices, including infrastructure from major players like Facebook and Tencent. Vulnerable systems accepted unauthenticated tunneling traffic, enabling attackers to act as proxies or access private networks. Countries most affected are China, the U.S. france, Japan and Brazil. Vulnerabilities impact consumer VPNs, routers and business networks. Enhanced security measures, regular updates and increased awareness are essential to protect against these threats. Education tech company PowerSchool suffered a data breach in December of last year exposing personal information of students and educators from its student information system. The breach, accessed through the Power Source Support Portal, compromised data such as names, contact details, Social Security numbers and medical records. Though no financial data was affected. Impacted individuals will receive two years of free credit monitoring. PowerSchool, serving over 18,000 schools in 90 countries, disclosed the incident in early January. Affected districts include Virginia's Charlottesville, Richmond and others, as well as California's Menlo park, where 14,000 individuals were impacted. Canadian schools, including Toronto District School Board were also affected. Authorities suggest the breach may involve ransomware as credentials were used to export data, which power school claims was later deleted. Oracle plans to release patches for 320 security vulnerabilities across over 90 products in 27 categories today, including communications, construction, E business suite and middleware. Some flaws are critical, with CVSS scores up to 9.9, notably affecting Oracle Agile Engineering, Data Management and Agile PLM framework. Five other vulnerabilities have CVSS scores of 9.8. The finalized January 2025 critical patch update urges immediate application to mitigate risks from potential attacks. Kaspersky revealed over a dozen vulnerabilities in Mercedes Benz's first generation MBUX infotainment system. These flaws could enable denial of service attacks, data extraction, command injection, privilege escalation and disabling anti theft protections. Exploitation requires physical access to the vehicle's interior and removal of the head unit using USB or custom UPC connections. Mercedes Benz confirmed it was aware of the issues since 2022 and has since patched the vulnerabilities. Newer MBUX versions are unaffected. The company emphasized its commitment to security, encouraging researchers to report issues via its Vulnerability disclosure program. Coming up after the break, Tim Starks from CyberScoop discusses executive orders on cybersecurity and the future of CISA. On our Threat Vector segment, David Moulton speaks with Dr. May Wang about how AI is transforming IoT security. And honesty isn't always the best policy. Stay with us. If you need three new reasons to love Jack Wraps at Jack in the Box even more, here they are. Chicken fajita, Chicken Caesar and delicious starting at $3. Coincidentally, those are the same three reasons you should come to Jack in the Box Right now at Jack, Everybyte's a big deal. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. And now a message from Blackcloak. Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home? Blackcloak's award winning digital executive protection platform secures their personal devices, home networks and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one third of new members discover they've already been breached. Protect your executives and their families 247365 with BlackCloak. Learn more at BlackCloak IO on today's preview of this week's Threat Vector podcast, David Moulton speaks with Dr. May Wang, CTO of IoT Security at Palo Alto Networks. They're discussing how AI is transforming IoT security.

Dr. May Wang

I see bright future for both IoT and AI at the same time. They're bringing us new challenges. We need to work together across the board to make sure that IoT and AI are bringing us more benefits than harm.

David Moulton

Here's a quick preview of this week's Threat Vector. Tune in to the full show on Thursday. And don't forget to subscribe so you never miss a single episode. Let's get into it. Mei, welcome to Threat Vector. We're really excited to have you with us today.

Dr. May Wang

Thank you.

David Moulton

To start us off, can you tell me a little bit about your journey and what led you to focus on IoT security and artificial intelligence?

Dr. May Wang

Sure. I have always been a nerd. I'm very passionate about data ever since day one of my career. And 10 years ago, I co founded a company called Zingbox, and we focus on leveraging AI for IoT security, doing traffic analysis, analyzing huge amount of data to provide visibility and detection for IoT devices. And five years ago, our startup, Zingbox, was acquired by Palo Alto Networks. And I have been at Palo Alto Networks for the past five years, leveraging AI for better detection and protection.

David Moulton

That's really fascinating. And as somebody who's a fellow nerd, I'm with you. It's always interesting to see what gets other people excited. And I don't know about you, but I've decided that the definition of nerd that I like the most is somebody who's deeply into something, but also willing to share that passion and those ideas with others. And that's certainly what we're going to do on today's episode, talking about IoT cybersecurity and how AI is transforming the way we secure these connected devices. Mei, can you help frame the current scope of the IoT landscape for us? How many devices are we talking about globally and maybe what are some of the main industries leveraging IoT right now?

Dr. May Wang

Yeah, sure, David. We're definitely seeing increasing amount of IoT devices being deployed around the globe. If you look at the numbers, the statistics can be different, but we're all talking about tens of billions of IoT devices being deployed. Some data shows about 20 billion nowadays. It has improved tremendously from 2019, about 10 billion. So some predictions show in next five years we're going to double that. And some says next year we're going to have 75 billion. Regardless, all these large numbers that might sound so far away from us, but if you look at each individual, you can see just around us. Not only we're having more IoT devices in enterprises, in manufacturing, in hospital, in schools, but we actually can also see that on each person we're seeing increasing amount of IoT devices, all these wearable devices that measure our heart rate and measure our glucose level, et cetera. Actually, just this over weekend. Over this weekend, I was at an event and a speaker on the stage I counted he had five big rings on his fingers and all of those were IoT devices measuring all kinds of things to help us better understand ourselves. So we definitely see huge increase in terms of deployment of IoT devices. And the industries we're seeing most are definitely manufacturing, we call them operational technology, ot healthcare enterprises and in many critical infrastructures such as energy plants and water plant, et cetera.

David Moulton

So one of the things I keep hearing about is 5G plus IoT and this new marriage or this new combination certainly changes the IoT landscape, but I got to think that it changes the IoT security landscape. Do you see new threats or do you anticipate different challenges from this combination of technologies?

Dr. May Wang

Actually, almost all customers we talk to are very interested in 5G technologies and because it's going to enable us to have even a lot more devices all over the place. So the scale is going to be even larger when all these devices are deployed. And again, the key thing is visibility. It's going to actually bring more challenges in visibility. And also usually when we talk about 5G, 5G security, mainly people are talking about the management plane, the signaling plane, but also we see lots of challenges on data plane. So from Palo Alto Networks we are actually trying to address cybersecurity issues on both management plane, signaling plane and data plane. And another challenge is as we mentioned, the device certification visibility are always the key and foundation and there are different parameters to identify these devices. In the IT world or the traditional IoT world we mainly look into Mac address +IP address to identify these devices in addition to Gazillion's other parameters. While for the 5G world there are other ways to identify these devices, for example IMEI International Mobile Equipment Identity. So we need to figure out way to identify these devices using their specific cellular based identifiers. And at Palo Alto Networks we have already integrated into our firewall already so we can provide the same kind of cybersecurity protection to 5G IoT devices.

David Moulton

Mei, thanks so much for such a great conversation today. I really appreciate you sharing your insights on IoT on AI and a little bit on your background.

Dr. May Wang

Thank you so much David for having me and this is definitely very exciting topic about IoT and AI. I'm so glad you are hosting a session on this. I really enjoyed our conversation.

David Moulton

Thanks for listening to this segment of the Threat Vector podcast. If you want to hear the whole conversation you can find the show in your podcast player. Just search for Threat Vector by Palo Alto Networks each week I interview leaders from across our industry and from Palo Alto Networks to get their insights on cybersecurity, the threat landscape and the constant changes we face. See you there.

Dave Buettner

Be sure to check out the Threat Vector podcast wherever you get your favorite podcasts. Just a quick program note. The following segment with me and Tim Starks from cyberscoop was recorded last Friday before the presidential inauguration. Tim Starks is a Senior Reporter with CyberScoop and it is always my pleasure to welcome him back to the show. Tim, how are you, sir?

Tim Starks

I am good. It is also always my pleasure to be here.

Dave Buettner

Well, the feeling is mutual then. I suppose you have been doing a lot of reporting here lately and of course, not the least of which has been about the executive order that President Biden seemingly dropped on his way out the door, right?

Tim Starks

Yes.

Dave Buettner

There's no minute like the last minute and there's a lot in here. So unpack what's going on here for us, Tim.

Tim Starks

Golly, there is a lot in here. And unpacking the whole thing, I can't do it. Not on CyberWire in the time required. But it's a 40, 50 page document that covers cybercrime, it covers artificial intelligence, it covers quantum computing, it covers contractor security, it covers federal government communication security. I mean, it's a big, big final stab by this administration to do something on cyber before they leave. And it's comprehensive to say the least.

Dave Buettner

Why the last minute, do you suppose?

Tim Starks

Yeah, so I think there's a long process for getting these things through. If your listeners and everyone else go back to September, I wrote a story about this and what was going to be in it. And I said something that was like 95%, according to one of my sources, 95% done. That was in September. And it had been worked on for a good long time before that. It was a couple months of me hearing about it being discussed publicly before it even was, you know, it had been being worked on by the time I heard about it. And you know, from September to January, There's a, that's 5%. You know, it's a, it's like the, it's like when you're looking at your computer and you're thinking, oh, I've downloaded it. And then it just keeps like the last second it just slows down. You're like, what's going on here? That's the situation. I'm getting things across the finish line is very difficult. And there's an interagency process for doing these things. I can't speak to them waiting until the Thursday before they leave. I Mean, it's two days from the two work weekdays from the start of the second Trump administration. I can't speak to why they waited until that period of time, but they had targeted December for this originally when I was in my September story. So it was always going to be felt like a little bit of a push from, okay, in our first year, we did an executive order on cyber. It did this, it did that, it did this. What's changed? What do we need to address that we didn't address then? And what kinds of things do we need to update from that 2021 order that we did? So it makes sense if you think of it as a bookend of the administration beginning and ending. But the timing does probably make it more difficult for this to become more of a reality.

Dave Buettner

Is there anything in here that was particularly surprising or struck you as being bold in its inclusion?

Tim Starks

It's going to sound like I'm dissing it, but no, I mean, it's. I think. I think what's most interesting about it is its breadth. I mean, that feels like I'm dodging the answer. But the fact of the matter is there's so much in here. There was some stuff on there about CISA having a little bit more leeway to do threat hunting in federal agency systems in terms of what kind of data they provided access to that was controversial with some federal officials, but that was in the process of it being drafted, and I didn't hear anybody complain about it after. So it seems like the majority of this is stuff that isn't controversial. It's stuff that is far more technical in nature. It's not about partisan things that people that they thought about, like misinformation, disinformation efforts versus free speech. It's not like that. It's highly technical stuff that a lot of people think would have bipartisan support. I think the one area that even kind of gave a little bit of a nod to the incoming Trump administration, although admittedly the Biden administration has been talking about harmonization of regulations, is a provision saying, hey, nist, look at all these minimum cybersecurity standards that are out there. There are a lot of them that are in conflict and make some recommendations about what the minimum across sector should be. So the areas of controversy or surprising or boldness are even limited then. It's really just more that there's so much.

Dave Buettner

Well, and you've done some asking around with some legislators on their takes. Are they coming down as expected on the two sides of the aisle?

Tim Starks

Yeah, so far, I mean, not a lot of them have weighed in. It's mainly been a handful of lawmakers who are really focused on this issue. You know, the Trump administration, you know, I tried to reach out to them, and the Trump transition team did not respond to my messages. That's not unusual. So that's not me complaining or dissing anybody. That's just me saying, we don't know exactly what the Trump administration thinks, but we do know that there's one very prominent and influential Homeland Security lawmaker, the actual Homeland Security chairman on the House side, Mark Green, who said, this is bad. This is them getting in the way of what the Trump administration wants to do. When Trump comes in, he needs to overturn all the stuff that we don't like, that the Biden administration did regulatory stuff, and it was much more limited than a consensus yet. I think it'll be really interesting to see what Trump does. One of the things people speculated in my story was they're probably going to take a close look at this and say, hey, do we like some of this? The risk might be, of course, that they just decide, nope, we're gonna get rid of the whole thing and just start over. That's something that could happen.

Dave Buettner

Yeah. Well, speaking of folks moving on and transitions happening, another one of your stories recently involved someone who was moving on from cisa, who had quite a few years there. Tell us about that one.

Tim Starks

Yeah, this is, you know, Jack Cable is his name, which is, by the way, the best cybersecurity name to have for someone who works in cybersecurity. Jack is a bit of a prodigy on cyber. He is still just 24, but when he was going to college, he was working on cybersecurity issues in the federal government. So he's an interesting figure to talk to. He's a big thinker about things like this. And he. He, like a lot of other people, are looking at the change of administration and departing. Not that he said, that's why I'm departing, but that's just the kind of thing that happens when there's a change in administration. And we talked a lot about a couple different issues he worked on, but I really focused in my story on what I think is one of the more interesting ideas to come out of this administration, which is their Secure by Design initiative. And it's. It's voluntary. It's mainly a pressure campaign to a certain extent. The pressure might even be too harsh a word, but it's an attempt to get people in the private sector to enlist and say, hey, when we are designing our software. When we're making it, we're going to incorporate security in it at the outset as opposed to just adding a bunch of security updates later, maybe making it so you have to purchase additional services. And Jack was one of the couple few people who was really leading that effort. Within cisa, has it generally been considered.

Dave Buettner

To be a success?

Tim Starks

Yes, I think so. First, it can be hard to measure something like this when it's voluntary. And to Jack's credit, he pointed out that CISA has been publishing. Okay, these are the companies making pledges. Here is a progress report on what they've actually done. And that's an interesting way to approach something that's voluntary and see if you can actually net something out of it instead of it just being, oh, we signed onto the pledge, we're one of the good guys, and then never do anything about it. I mean, there's still a chance that that could happen. But even the private sector kind of thinks that this is basically a good idea and it's basically been helpful.

Dave Buettner

And of course, Director Easterly is moving on as well. Any thoughts for the organization is, at the very least it'll be changing leadership, right?

Tim Starks

It will. And you know, there's some scuttlebutt about who that might be. I don't want to say anything yet. There's been some of that's been published. I think it's mostly accurate. But today being Friday, the senators on the Homeland Security Committee heard from Christine Oem, who is going to be leading DHS as a whole. And she talked a lot about CISA needing to be smaller, more nimble. She talked about it's staying away from anything disinformation or misinformation related. It has largely abandoned all of that already, but it starts to give you a sense of even without having a new SISA leader, there's going to be some commandments from the top of what they want to do. And I think CIS is in for leaner times. It's a question of how lean.

Dave Buettner

How do you feel the wind is blowing right now? I mean, for many years we, I think, were in agreement that cybersecurity was an area that for the most part was above the fray when it came to, you know, partisanship. I think a lot of that changed after with the disinformation and misinformation fights, you know, after the, the election, when, when President Biden beat then President Trump. Where are we right now? How do you measure the, the degree to which cyber is still considered to be essential from Both sides.

Tim Starks

I think there's a difference between considered and is. I think, you know, I, I have for years been, been kind of pushing back on the notion in talks like this with you and talks on other, in other places that that cyber is, it has maintained its nonpartisan status. And I think, I think some of that goes back to what you said. You know, some of it goes, I think some of it goes all the way back to Obama, to be honest. I mean, not all of it, but some of it. You know, there's been a lot of talk from criticism from Republicans about whether the way the Obama administration handled cyber. If you go back that far, if you go to the Trump administration, you know, criticizing cyber related initiatives from within. You mentioned the election security issue. I think the Biden administration's push for more regulations has created more division than there was. That's not me blaming anybody. That's just me saying this is an introduction of an element and one side likes it and the other side doesn't. And that wasn't the case before. It used to be for the longest time, both sides said, we don't need any regulation. It would only harm cybersecurity. This administration said, no, that's not worked. Look at the pace of cyber attacks. It hasn't changed. The market's not doing it. So they tried to make some changes to that. Republicans, being small government on economic issues primarily didn't like some of this, maybe all of it. I think there's some potential bleeding of accepting minimum standards. I've talked about this before with the Republican national platform saying we need minimum standards and critical infrastructure. How those are enforced is different. Maybe they want to roll back all of the regulations, maybe they want to roll back some of them, but some of the principles are still bipartisan for sure. I just think that, I just think that we can't blink at, say it's nonpartisan or bipartisan the way we used to be able to.

Dave Buettner

Yeah, yeah, I think you're right. Those days are gone. All right, well, Tim Starks is senior reporter at cyberscoop. Tim, thanks so much for joining us.

Tim Starks

Always great to end on an optimistic. There you go.

Dave Buettner

Cyber threats are evolving every second, and staying ahead is more than just a challenge. It's a necessity. That's why we're thrilled to partner with Threat Locker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant. This episode is brought to you by Indeed.

David Moulton

We're driven by the search for Better. But when it comes to hiring, the.

Dave Buettner

Best way to search for a candidate.

David Moulton

Isn'T to search at all.

Dave Buettner

Don't search.

David Moulton

Match with Indeed. Use Indeed for scheduling, screening and messaging.

Dave Buettner

So you can connect with candidates faster. Listeners of this show will get a $75 sponsored job credit to get your jobs more visibility@ Indeed.com SBO terms and conditions apply. And finally, it seems one Marco Raquan honesty, a Washington man with perhaps the least fitting surname ever, has admitted to a fraud spree causing over $600,000 in losses. And it's no laughing matter except for the irony of his name. From 2021 through 2022, honesty ran the Scam Olympics Covid relief fraud, smishing bank account takeovers, forged money orders, and even selling stolen data on Telegram Using SMS phishing, Honesty duped victims into handing over bank credentials, then drained their accounts via Zelle and other transfers. He even scored fake PPP loans for friends, family and, in a wild twist, his grandmother. Authorities found his fraud factory in 2023, complete with 24 phones, card embossers and blank IDs. The damage? $622,000 in actual losses. Though his ambitions stretched beyond $850,000, Honesty now faces 22 years in prison. Plenty of time to ponder his ironic branding. Sentencing is set for May 23, and that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show. Every week. You can find Grumpy Old Geeks where all the fine podcasts are listed. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review view in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester, with original music and sound design by Elliot Heltzman. Our executive producer is Jennifer Ibin. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Your business needs AI solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI and Data Products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact, secure AI agents connect, prepare and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more@AI.domo.com that's AI.domo.com.