When spyware backfires. - CyberWire Daily

Summary9 min read

CyberWire Daily Summary: "When Spyware Backfires" Release Date: May 7, 2025 | Host/Author: N2K Networks

1. NSO Group Ordered to Pay $167 Million to Meta

Overview: In a landmark decision, a U.S. Federal jury has mandated Israeli spyware manufacturer NSO Group to compensate Meta, WhatsApp's parent company, with over $167 million in damages. This verdict marks the culmination of a six-year legal battle wherein Meta accused NSO of deploying its Pegasus spyware to illicitly access WhatsApp and target more than 1,000 individuals.

Key Points:

Damages Awarded: $167 million in punitive damages and $440,000 in compensatory damages.
NSO’s Defense: Claimed that their spyware was exclusively sold to governments for lawful purposes.
Ruling Significance: The court rejected NSO's immunity claims, highlighting the broader threats spyware poses to privacy and democratic institutions.
Future Implications: NSO Group has indicated potential appeals, while Meta plans to allocate the awarded damages to digital rights organizations.

Notable Quote:

“The ruling exposes the broader threat spyware poses to privacy and democracy.”
— Dave Bittner [00:40]

2. CISA Issues Advisory on US Industrial Control Systems

Overview: The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the FBI, EPA, and Department of Energy, has issued a joint advisory about increasing threats to Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems within the U.S. oil and gas sector. These threats are primarily attributed to hacktivist groups exploiting basic cyber vulnerabilities.

Key Points:

Attack Techniques: Use of default credentials, brute force attacks, and misconfigured remote access.
Potential Consequences: System shutdowns and physical damage to critical infrastructure.
Recommended Actions:
- Remove Operational Technology (OT) systems from the public internet.
- Implement strong, unique passwords and phishing-resistant multi-factor authentication (MFA).
- Secure remote access and segment networks.
- Conduct thorough reviews of third-party access and system configurations.

Notable Quote:

“These attackers exploit poor cyber hygiene using basic tools, but the consequences can be severe.”
— Dave Bittner [05:10]

3. Mika Lee Uncovers Privacy Flaws in TM Signal App

Overview: Security researcher Mika Lee has exposed significant privacy vulnerabilities in the TM Signal app, a modified version of the Signal messenger used by high-level Trump officials. Contrary to Signal’s standard end-to-end encryption, TM Signal transmits plaintext copies of messages to Telemessage’s AWS-hosted servers, undermining user privacy.

Key Points:

Findings:
- Plaintext messages, including those from WhatsApp, Telegram, and potentially WeChat, are accessible to Telemessage and possibly foreign intelligence entities.
- A recent hack of Telemessage confirmed these plaintext messages were present in server memory.
Senator Involvement: Senator Ron Wyden has called for DOJ investigations, citing national security risks.
Telemessage’s Response: The company has taken its archive server offline following the revelations.

Notable Quote:

“Powerful U.S. officials using this insecure app may have exposed sensitive communications, possibly for years.”
— Dave Bittner [07:20]

4. NSA Announced Workforce Reductions Amid Budget Cuts

Overview: The National Security Agency (NSA) has announced plans to eliminate up to 2,000 civilian positions, equating to approximately 8% of its workforce. This downsizing aligns with the Trump administration’s directive to reduce the Defense Department’s budget by 8% annually over the next five years.

Key Points:

Affected Roles: Positions across cybersecurity and administrative sectors.
Impact on NIST: Key personnel at the National Institute of Standards and Technology (NIST), including Computer Security Division Chief Matthew Scholl, have departed, raising concerns about NIST’s capacity in areas like AI and post-quantum cryptography.
Broader Implications:
- Loss of over 20% of NIST’s federal staff.
- Potential delays in standards development and increased cybersecurity burdens on businesses.
- Anticipated significant budget cuts for NIST under the Trump administration’s fiscal proposals.

Notable Quote:

“The loss of institutional knowledge will hamper standards development and shift more cybersecurity burdens to businesses.”
— Dave Bittner [08:45]

5. Global Shift Towards European Cloud Ecosystems

Overview: In response to the instability within the U.S. cybersecurity landscape, nations worldwide, particularly in Europe, are striving for digital sovereignty by developing independent cloud infrastructures. The objective is to reduce reliance on dominant U.S. cloud providers like Amazon, Google, and Microsoft.

Key Points:

Europe’s Strategy: Building a viable cloud ecosystem that is technically credible and politically, economically independent.
Initiatives Include:
- Investing in open-source software tailored for cloud infrastructure.
- Supporting local European service providers.
- Governments funding development, shaping procurement policies, and enforcing privacy laws such as GDPR.
Global Resonance: Similar moves are being considered in Canada, Australia, and New Zealand to establish trusted local control over critical infrastructure.

Notable Quote:

“This initiative represents a broader global desire to break free from US tech hegemony and establish trusted local control over critical infrastructure.”
— Dave Bittner [10:15]

6. Cyber Attack Disrupts Medical Device Manufacturer Masimo

Overview: Masimo, a leading medical device company, has reported a cyber attack that has impeded its ability to process and ship customer orders. The breach, detected on April 27, has led to reduced operational capacity in some manufacturing facilities.

Key Points:

Company Response:
- Isolated affected systems.
- Engaged cybersecurity experts.
- Notified law enforcement authorities.
Current Status: Investigation ongoing; Masimo has not confirmed the involvement of ransomware.
CEO’s Statement: Katie Seisman assured stakeholders that the incident is not expected to impact financial projections.
Industry Context: The attack on Masimo adds to a growing list of cyber incidents affecting manufacturers like Clorox, Johnson Controls, and Sensata Technologies.

Notable Quote:

“The incident is not expected to affect financial guidance.”
— Katie Seisman, CEO of Masimo [11:30]

7. Emergence of PandaShop Smishing Kit

Overview: A new smishing (SMS phishing) tool named PandaShop, originating from China, is enabling cybercriminals to harvest financial data by impersonating trusted brands such as the U.S. Postal Service, DHL, and major banks.

Key Points:

Capabilities:
- Creates mobile-optimized phishing pages that closely mimic legitimate websites.
- Facilitates the theft of Google Pay, Apple Pay, and credit card information.
- Capable of sending up to 2 million messages daily, targeting approximately 60 million victims monthly.
Advanced Evasion Techniques:
- Utilizes Google RCS and Apple iMessage to bypass traditional SMS-based scam detections.
- Successfully defeats multi-factor authentication (MFA) measures.
Attribution: Linked to the Smishing Triad group, with shared tactics and coding indicative of operations based in China.

Notable Quote:

“The attackers boldly claim to be beyond the FBI's reach, further emphasizing the challenge of combating transnational cybercrime.”
— Dave Bittner [12:45]

8. Accenture’s CFO Foils Deepfake Fraud Attempt

Overview: Accenture narrowly avoided a significant financial fraud when its CFO was targeted by a deepfake scam. An individual impersonating Accenture's CEO, Julie Sweet, initiated a fraudulent video call requesting an urgent funds transfer.

Key Points:

Incident Details:
- Occurred last May, with the attacker using a convincing deepfake of Julie Sweet.
- The CFO adhered to company protocols, preventing any financial loss.
Implications: Highlights the evolving threat landscape where deepfakes blur the lines between cyber fraud and disinformation.
Accenture’s Response:
- March Flick, Accenture’s EMEA Cyber Strategy Lead, emphasized the need for organizations to adapt their security strategies.
- Recommended measures include strengthening identity security, establishing secure communication channels, and training teams to verify authentic requests rigorously.

Notable Quote:

“Deepfakes now blur the lines between cyber fraud and disinformation, demanding a total rethink of security strategies.”
— March Flick, Accenture’s EMEA Cyber Strategy Lead [14:00]

9. RSAC Conference Highlights by Intern Kevin McGee

Overview: Kevin McGee, a temporary intern from Microsoft, provided on-the-ground reporting from the RSAC (RSA Conference) show floor. He engaged with various cybersecurity leaders, uncovering insights into current trends and challenges within the industry.

Key Interviews & Insights:

Owen Wickens, Director of Threat Intelligence at Hidden Layer:
- Report Highlights: Emphasized the growing criticality of Machine Learning (ML) models in businesses, with 89% of IT leaders recognizing their importance.
- Future Predictions: Identified significant vulnerabilities in AI systems, such as shadow logic and indirect prompt injection.
- Notable Quote:
  
  “Incidentally, AgentIQ is the future tool equipped with LLMs, enabling wonders we haven't seen before.”
  — Owen Wickens [14:52]
Gil, Co-Founder and CEO of BlinkOps:
- Company Focus: Automation platform targeting security operations centers (SOCs), governance, risk, and compliance (GRC), identity and access management (IAM), and cloud security.
- Customer Challenges: Bridging the gap between board-level automation goals and team capabilities.
- Notable Quote:
  
  “AI agents are the future, but they're also probably the biggest security risk for organizations.”
  — Gil, BlinkOps [16:17]
Jordan Shaw Young, Chief of Staff of Detection Response at BlueVoyant:
- Company Focus: Managed Detection and Response (MDR) services with a partnership with Microsoft.
- Industry Trends: Highlighted the rise of detection automation to manage high volumes of security detections.
- Notable Quote:
  
  “AI agents are transforming SOC operations, making them more efficient and effective.”
  — Jordan Shaw Young [20:13]
Paul St. Phil, VP of Field Engineering at Zeniti:
- Company Focus: Securing AI agents across various platforms.
- Customer Recommendations: Emphasized identifying and securing AI agents within organizational environments.
- Notable Quote:
  
  “Understanding who is consuming agentic AI and securing their tools and privileges is paramount.”
  — Paul St. Phil, Zeniti [22:42]

Additional Conference Insights:

Emerging Themes:
- The integration and security of agentic AI in business operations.
- The necessity for automated threat detection and response mechanisms.
Notable Atmosphere: Presence of engaging elements like animal mascots (goats and puppies) enhancing conference experience.

10. Deutsche Bank Faces Lawsuit Over Security Breach Handling

Overview: A former IT manager, James Papa, has filed a lawsuit against Deutsche Bank and its contractor, Computer Center, alleging negligence in managing a security breach. Papa claims that his whistleblowing efforts led to retaliatory termination without adequate action against the implicated parties.

Key Points:

Allegations:
- Unauthorized access to Deutsche Bank’s secure systems by Papa’s girlfriend, an unauthorized Chinese national with technical expertise.
- Use of a contractor laptop to access sensitive tech areas, facilitated by Papa's absence during these incidents.
Legal Claims:
- Whistleblower retaliation.
- Failure to address and contain the security breach adequately.
Damages Sought: $20 million.
Company Response: Deutsche Bank and Computer Center have remained silent on the allegations.

Notable Quote:

“Nothing says robust cybersecurity like bring your girlfriend to work day in the server room.”
— Dave Bittner [23:00]

Conclusion

The episode titled "When Spyware Backfires" delves into significant cybersecurity incidents and trends shaping the industry landscape. From the legal repercussions faced by spyware manufacturers to the evolving threats against critical infrastructure and the rise of sophisticated phishing tools, the discussions underscore the escalating complexity and stakes in cybersecurity. Additionally, insights from the RSAC conference highlight the pivotal role of automation and AI in modern security operations, while legal challenges like the Deutsche Bank lawsuit emphasize the ongoing vulnerabilities within organizational defenses.

Stay Informed: For more detailed insights and daily updates, subscribe to the CyberWire Daily podcast and visit The CyberWire.

Notable Sponsors Mentioned (Excluded from Summary):

SpyCloud Identity: Offering identity threat protection solutions.
Outpost 24: Providing continuous penetration testing services.
Black Kite: Specializing in third-party cyber risk management.
Vanta: Trust management platform automating security compliance.

Note: Advertisements, sponsor messages, and non-content segments have been excluded from this summary per instructions.

Loading summary

Transcript55 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. And now a word from our sponsor. Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate Darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire A jury orders NSO Group to pay $167 million to Meta over spyware allegations CISA warns of hacktivists targeting US ICS and SCADA systems Researcher Mika Lee documents serious privacy risks in the TM Signal app used by high level Trump officials. The NSA plans significant workforce cuts. Nations look for alternatives to US Cloud providers. A medical device provider discloses a cyber attack disrupting its ability to ship customer orders. The Panda Shop smishing kit impersonates trusted brands. Accenture's CFO thwarts a deepfake attempt. Our Temporary intern Kevin McGee from Microsoft wraps up his reporting from the RSAC show floor and server room shenanigans with romance, retaliation and root access. It's Wednesday, May 7, 2025. I'm Dave Bittner and this is your Cyberwire Intel Brief. Thanks for joining us here today. It is great to have you with us as always. A US Federal jury has ordered Israeli spyware maker NSO Group to pay over $167 million in damages for hacking into WhatsApp and targeting more than 1,000 people. The ruling caps a six year legal battle led by WhatsApp's parent company Meta, which accused NSO of using its Pegasus Spyware to breach US anti hacking laws. The damages include $167 million in punitive and $440,000 in compensatory penalties, marking a record hit to the spyware industry. Although NSO claims it only sells to governments for lawful use, investigations show Pegasus has targeted journalists, activists and officials worldwide. The ruling also rejected NSO's claim of immunity and exposes the broader threat spyware poses to privacy and democracy. NSO says it may appeal. Meta says they plan to donate damages to digital rights groups. Cisa, alongside the FBI, EPA and Department of Energy, has issued a joint advisory warning that unsophisticated cyber actors are actively targeting industrial control systems and and SCADA Systems in the U.S. oil and gas sector. These attackers, likely hacktivists, exploit poor cyber hygiene using basic tools like default credentials, brute force attacks and misconfigured remote access. Despite their simplicity, such intrusions can lead to serious consequences, including system shutdowns or physical damage. CISA urges asset owners to immediately remove OT systems from the public Internet, enforce strong passwords and phishing resistant MFA secure remote access segment networks, and prepare for manual operations. The alert also stresses reviewing third party access and system configurations. This follows recent warnings about critical vulnerabilities in ICS devices from major manufacturers. Security researcher Mika Lee has documented serious privacy risks in the TM Signal appeal, a modified version of Signal used by Trump officials Despite marketing claims, Li's analysis of TM Signal's Android source code confirms the app sends plain text copies of messages to Telemessage's AWS hosted archive server, bypassing Signal's end to end encryption. These chat logs, which include Signal, WhatsApp, Telegram, and possibly WeChat messages, are vulnerable to access by the Israeli firm's staff and potentially foreign intelligence. The discovery was validated by a recent hack of Telemessage that revealed plaintext messages in server memory. Senator Ron Wyden has urged the DOJ to investigate, citing national security concerns. TM Signal appears visually identical to Signal and interoperates with it, making it difficult for users to detect the switch. Lee warns that powerful U.S. officials using this insecure app may have exposed sensitive communications, possibly for years. Telemessage has since taken its archive server offline. The NSA is planning to cut up to 2,000 civilian positions, around 8% of its workforce, as part of a broader Trump administration effort to shrink the federal government. The downsizing affects roles across the agency, including cybersecurity and administrative staff. Cuts are tied to a Defense Department directive to reduce its budget by 8% annually for five years, affecting all combat support agencies. The NSA is focusing on early retirements and buyouts to avoid mass layoffs. Meanwhile, key cybersecurity leaders at nist, including computer security division chief Matthew Scholl, are departing amid federal downsizing in the Trump administration, raising serious concerns about NIST's capacity to lead in AI and post quantum cryptography. Over 20% of CSD's federal staff have exited, jeopardizing critical research and weakening collaboration with industry. Experts warn the loss of institutional knowledge will hamper standards development and shift more cybersecurity burdens to businesses. NIST's budget may also face steep cuts under Trump's fiscal year 26 proposal all of this instability and uncertainty in the US has triggered global demand for alternatives to US cloud dominance. Europe is seeking digital sovereignty through a strategy that moves beyond simply replicating Amazon, Google or Microsoft. The goal is to build a viable European cloud ecosystem that's not only technically credible but but politically and economically independent. This means reducing dependency on proprietary US Services, investing in open source software tailored for cloud infrastructure, and supporting European service providers. Governments play a critical role by funding development, shaping procurement policies and enforcing privacy laws like GDPR to prioritize local solutions. While Europe already has strong hosting and networking players, transitioning them into full service cloud providers requires new business models and technical capabilities. The plan resembles building digital railroads, laying the foundation for others to innovate upon. This initiative, echoed by concerns in Canada, Australia and New Zealand, represents a broader global desire to break free from US tech hegemony and and establish trusted local control over critical infrastructure. Medical device giant Masimo has disclosed a cyber attack that disrupted its ability to process and ship customer orders. The breach, detected on April 27, has forced some manufacturing facilities to operate below normal levels. In a filing with the sec, the California based company said it isolated affected systems, engaged cybersecurity experts and notified law enforcement. The nature and scope of the attack remain under investigation and Massimo has not confirmed if ransomware was involved. Despite the disruption, CEO Katie Seisman stated during an earnings call that the incident is not expected to affect financial guidance. Massimo, known for its pulse oximetry and patient monitoring tools, joins a growing list of manufacturers hit by cyberattacks that have caused major operational and financial setbacks, including Clorox, Johnson Controls and Sensata Technologies. A new China based smishing kit called PandaShop is enabling cybercriminals to steal financial data by impersonating trusted brands like the US Postal Service, DHL and major banks. Discovered by RE Security, the kit creates mobile optimized phishing pages that convincingly mimic legitimate websites. It supports the theft of Google Pay, Apple Pay and credit card details and can send up to 2 million messages daily, potentially targeting 60 million victims per month. Unlike older SMS based scams, PandaShop uses advanced tactics including Google RCS and Apple iMessage evasion methods to bypass detection and OTP interception. To defeat multi factor authentication. Researchers linked it to the Smishing Triad group due to shared tactics and coding. Similarities, configuration files and domain data point to operations based in China. The attackers boldly claim to be beyond the FBI's reach, further emphasizing the challenge of combating transnational cybercrime. Last May, someone impersonating an attorney set up a video call with Accenture's CFO and a very convincing deepfake of CEO Julie Sweet. The fake Julie asked for an urgent funds transfer. Luckily, the CFO followed company protocols and no money left. The company flick March, Accenture's EMEA Cyber Strategy lead, recounted the close call at the cybersecurity festival, warning that deepfakes are changing the game. With inexpensive tools now readily available, even trained professionals are fooled. Half failed a recent deepfake test. March calls this a paradigm shift in the attack vector. Deepfakes now blur the lines between cyber fraud and disinformation, demanding a total rethink of security strategies. Companies must embrace identity security, establish security communication channels, and train teams to question even seemingly authentic requests. If something feels off, says March, you should feel empowered to say call me back on Monday. Coming up after the break, our Temporary intern Kevin McGee from Microsoft wraps up his reporting from the RSAC show floor and server room shenanigans with romance, retaliation and root access. Stay with us. Traditional pen testing is resource intensive, slow and expensive, providing only a point in time snapshot of your application's security, leaving it vulnerable between development cycles. Automated scanners alone are unreliable in detecting faults within application logic and critical vulnerabilities. Outpost 24's continuous pen testing as a Service solution offers year round protection with recurring manual penetration testing conducted by Crest certified pen testers, allowing you to stay ahead of threats with and ensure your web applications are always secure. And now a word from our sponsor, Black Kite. If third party risk is keeping you up at night, you're not alone. It's a constant battle. Black Kite's third party cyber risk platform is built on real world threat intelligence straight from their research team's ongoing breach analysis, dark web monitoring and attacker tactics. That means you get a hacker's eye view of your supply chain to proactively spot risks. And speaking of research, they just dropped their 2025 third party breach report, breaking down last year's biggest trends and what's coming next. Grab the report now at www.blackkite.com. at last week's RSAC 2025 conference, Kevin McGee, global director of Cybersecurity Startups at Microsoft, took a break from his day job and helped us. Here's intern Kevin's final report from the RSAC show floor.
[14:41]
Kevin McGee
All right, tell me who you are and what you do.
[14:43]
Owen Wickens
Hi, I'm Owen Wickens, Director of Threat Intelligence at Hidden Layer.
[14:46]
Kevin McGee
Now, you've got an interesting report that's just come out. I've had A chance to give it a read and some interesting findings. Can you give me the high level?
[14:52]
Owen Wickens
Sure, absolutely. We have four parts in our report. Threats to AI systems, threats faced by AI systems, key advancements in AI security, and predictions for the future. We had an interesting survey with 250 respondents. 89% of IT leaders said that ML models are becoming business critical in their organization. 74% reported that they knew they had an AI breach over the last year. And 95% have budget allocated for AI security over the coming year.
[15:20]
Kevin McGee
Okay, so if I'm a CISO reading this report, what's the one thing I should look at that's most important?
[15:26]
Owen Wickens
Gentek AI is the future. But we've discovered all sorts of classes of vulnerabilities across the supply chain, such as attack techniques like shadow logic, detrimental threats like indirect prompt injection to AI systems.
[15:37]
Kevin McGee
So you're here at RSA now, you're presenting, but what else are you looking to learn while you're here? From other vendors or from presentations or some of the sessions?
[15:46]
Owen Wickens
I want to find out how people are utilizing agentic systems in the real world today. I think AgentIQ is the future tool equipped LLMs with persistent data models are enabling wonders that we haven't seen before. It's almost like an industrial revolution. Instead of the printing press, it's now intelligence that's being commoditized.
[16:03]
Kevin McGee
Awesome. What's the one fun thing you've seen? So, after party, interesting booth, anything of note that you'd like to pass on to those that couldn't attend?
[16:12]
Owen Wickens
Myself, my colleague Kazimir checked out the Goats this morning.
[16:15]
Kevin McGee
The Goats, Excellent. Thank you very much.
[16:17]
Owen Wickens
Thanks, Kevin.
[16:19]
Kevin McGee
All right, from the floor of rsa, tell me, who are you and what do you do?
[16:22]
Gil
Hey, so I'm Gil. I'm the co founder and CEO of BlinkOps.
[16:26]
Kevin McGee
What does BlinkOps do?
[16:28]
Gil
We are an automation platform. We focus on automating all of security across soc, grc, iam, cloud security and vulnerability management and so on.
[16:38]
Kevin McGee
Awesome. It sounds like you've got a great presence here. You got a ton of folks here. How's the show been for you?
[16:44]
Gil
It's been amazing. There's way too many people, but it's been going pretty well. We have a lot of traction, a lot of activity, customers, partners, especially with Microsoft.
[16:54]
Kevin McGee
Awesome. What's the number one challenge that customers are bringing to you that you're helping solve right now?
[16:59]
Gil
I would say that automation has always been an issue for customers. But I think for the first time in the past, forever is the board of organizations are talking about optimizing their organization using automation and AI. And there's been a void between what the board wants and what the team can actually do. And so I think we're in a great position to fill that void.
[17:22]
Kevin McGee
So my investment thesis is automate, remediate, and govern. So very aligned to you what you do as well, too. So what is the number one thing that you would like to tell those business leaders and boards about what they should be thinking about in terms of securing their organizations for the new age of AI?
[17:40]
Gil
I think that obviously AI agents are the future, but the problem with AI agents is that they're also probably the biggest security risk for organizations, as they're essentially autonomous. And if you give them admin access to your platform, your systems, they might actually suspend all your accounts, delete all your devices, and so on. So there is a bridge to. There's a gap to bridge between that and something you can trust. What we've done at Blynk is we've built a workflow engine that's deterministic, so you can predefine a workflow, however you want to, see it, define it. And at the same time, you can also build autonomous agents, bridging those together. In my opinion, personal opinion is the holy grail, as opposed to going to a vendor and trusting that whatever agent they built will work out of the box.
[18:26]
Kevin McGee
Yeah. So you're here at rsa. What's the coolest thing you've seen? Or what's the big theme that you think is coming out of the show?
[18:33]
Gil
Coolest thing I've seen? Well, there's a lot of animals in this conference. We've seen puppies and goats all over the place. But otherwise, it's really nice to see that so many people are attending the conference. I think it's. It's actually bigger than last year, or at least it feels like it. And it brings everybody together, customers, vendors, partners. I think it's a fantastic conference.
[18:57]
Kevin McGee
Awesome. Thanks for your time and have a great rsa. All right, so start off by telling me, who are you and what do you do?
[19:04]
Jordan Shaw Young
Hey, Kevin. It's Jordan Shaw Young. I'm the Chief of staff of detection response at BlueVoyant.
[19:08]
Kevin McGee
BlueVoyant. MSSP in a lot of different areas, helping enable customers to not only deploy security, but also manage their security resources. So tell me a little more about what the company does.
[19:20]
Jordan Shaw Young
We're an MDR provider, so we do detection response. A lot of the work we do is with our partner, Microsoft, who we're here with in the booth. Bluevoin is also a detection response provider for supply chain risk and third party risk. So we kind of apply what we do in detection response both internally as well as into our customers, extended supply chains and third parties.
[19:38]
Kevin McGee
Now, you and I have known each other for a long time. I know you always have your eye on what's cool, what's new, what's upcoming. So around the show, what have you got your eye on? What themes are you looking for? Give me some hints.
[19:50]
Jordan Shaw Young
Yeah, the detection automation. So some of the companies that are looking at ways of helping SOCs manage volumes of detections and finding really high fidelity detections are really interesting vendors for us. There's a lot of new interesting technology coming up in that area. That's where we do a lot of our work. So yeah, that's really been my highlight.
[20:07]
Kevin McGee
Now I'm required to make you say energetic AI. So if you could tell me a little bit about that. That seems to be the number one theme here.
[20:13]
Jordan Shaw Young
Yeah, Bluepoint's been doing R&D in AI and in agentic AI specifically been doing a lot of work with Microsoft. We've released an AI agent with the secure exchange. So BlueVoint is going to be doing a whole ton of work with Microsoft, Microsoft Copilot, and it's really going to be transformational for SOC operations at some point in the future.
[20:33]
Kevin McGee
So one of the biggest challenges we hear about is just there's not enough people in our industry. So what are you doing to help solve for some of those problems, both in managed services, but also in developing IP and technology to bridge some of those gaps?
[20:45]
Jordan Shaw Young
Yeah, I've heard that. I don't know if that, how accurate that is, that we have this giant skills gap, but in terms of numbers of people. But what we definitely do have is a lack of specialized skills in certain areas. And so it's very difficult to find people who are. Detection engineering is a good example of something where we put a lot of effort into finding really strong detection engineers who are able to synthesize threat intelligence and build these into detectors to find evil in customer networks. So where we're able to find technology to augment some of that, that's really difficult talent to find. So anything we can find to bring into our tech stack to help them out, that's really what we're after.
[21:22]
Kevin McGee
All right, so what's the big fun moment? What's the best after party? Give me something really interesting that you've seen or, or done exciting at RSA this year.
[21:31]
Jordan Shaw Young
Yeah, that's a good question. I think whatever vendor it was who brought the goats and the goat pen that beats the dogs and the monster truck? I don't actually know who the vendor was, but, you know, that's a bold move to bring a whole goat pen.
[21:45]
Kevin McGee
That's awesome. I keep looking for the goats. I haven't found the goats yet, but it's on my list to check out. Well, thanks, Jordan. Great to see you again and have a great rsa. All right, so tell me, who. Who are you and what do you do?
[21:56]
Paul St. Phil
Hi, my name is Paul St. Phil. I'm the VP of Field engineering here at Zeniti.
[22:00]
Kevin McGee
What does Zeniti do?
[22:02]
Paul St. Phil
Zeniti secures AI agents everywhere.
[22:05]
Kevin McGee
Everywhere. Tell me about that.
[22:07]
Paul St. Phil
Yeah, so whether you have them inside of Microsoft CoPilot or it's ChatGPT, Salesforce agents, whatever platform you're consuming your agentic AI, we're there to secure you.
[22:18]
Dave Bittner
Awesome.
[22:18]
Kevin McGee
So what are you hearing on the floor here? What are customers asking? What are some of their challenges?
[22:22]
Paul St. Phil
Yeah, what they're seeing is a big rise in agentic on everybody's banner. In particular, they're seeing the difference between generative AI and agentic AI and how the challenges definitely are not on the same level.
[22:34]
Kevin McGee
So if you were to talk to one of your customers or a potential customer, what's the first thing they should be thinking about that you can help them solve?
[22:42]
Paul St. Phil
The first thing they should be thinking about is who's consuming agentic AI inside of their environment. So what co pilots do they have enabled? And then secondarily, what are the tools and actions and privileges that they think people would be chasing first for their primary use cases?
[22:57]
Kevin McGee
You're a younger guy than me, so you've probably been hitting the nightlife of rsa. Any fun activities or anything exciting that's happened that you're willing to share?
[23:07]
Paul St. Phil
Yeah, yeah. I've seen a couple people getting some great swag on the floor with these neon bags. I'm hoping that my marketing leader hears me and signs us up for them next year.
[23:17]
Kevin McGee
That's fantastic. So I've heard. Puppies, Goats. Anything else exciting?
[23:23]
Paul St. Phil
That's about it for me.
[23:25]
Kevin McGee
Well, thanks for your time and have a great rsa.
[23:28]
Paul St. Phil
Oh, awesome. Thank you.
[23:30]
Dave Bittner
And our heartfelt thanks to Kevin McGee, Global Director of Cybersecurity Startups at Microsoft, for lending his talents to our RSAC coverage. Let's be real. Navigating security compliance can feel like assembling IKEA furniture without the instructions. You know you need it, but it takes forever and you're never quite sure if you've done it right. That's where Vanta comes in. Vanta is a trust management platform that automates up to 90% of the work for frameworks like SoC2, ISO 27001 and HIPAA, getting you audit ready in weeks, not months. Whether you're a founder, an engineer, or managing IT and security for the first time, Vanta helps you prove your security posture without taking over your Life. More than 10,000 companies, including names like Atlassian and Quora, trust Vanta to monitor compliance, streamline risk, and speed up security reviews by up to five times and the roi. A recent IDC report found Vanta saves businesses over half a million dollars a year and pays for itself in just three months. For a limited time, you can get a thousand dollars off vanta@vanta.com cyber that's v a n t a dot com and finally, a former IT manager is suing Deutsche bank and its contractor Computer center, alleging they let a security breach slide right under their noses and into their server rooms. According to James Papa, a fellow IT worker brought his girlfriend, an unauthorized Chinese national with tech skills, into Deutsche Bank's most sensitive tech areas multiple times. Jenny, as she's called, allegedly accessed secure systems with a contractor laptop, all while Papa was off site when he reported it. Rather than earning a promotion, Papa got the boot. No action was taken against the lovebirds who later vacationed in China. Now Papa is suing for $20 million, claiming whistleblower retaliation and a good old fashioned cover up. As for Deutsche bank and Computer center, mum's the word. Nothing says robust cybersecurity like bring your girlfriend to work day in the server room. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. What's the common denominator in security incidents, escalations, and lateral movement. When a privileged account is compromised, attackers can seize control of critical assets with bad directory hygiene and years of technical debt. Identity attack paths are easy targets for threat actors to exploit, but hard for defenders to detect. This poses risk in active directory, entra, ID, and hybrid configurations. Identity leaders are reducing such risks with attack path management. You can learn how attack path management is connecting identity and security teams while reducing risk with Bloodhound Enterprise powered by Spectrops. Head to Spectrops IO today to learn more. Spectrops see your attack paths the way adversaries do.