Risky Bulletin: Trump fires CyberCom and NSA head - Risky Bulletin

Summary7 min read

Risky Bulletin: Trump Fires CyberCom and NSA Head Hosted by Risky.biz | Release Date: April 7, 2025

1. Leadership Shakeup in U.S. Cybersecurity Agencies

In a significant move impacting national cybersecurity infrastructure, U.S. President Donald Trump has terminated the leadership of two key agencies. According to Claire Aird, "US President Donald Trump has fired both the director and deputy of the NSA. [00:24]"

NSA and Cyber Command Leadership Fired
- Timothy Haug, Director of the NSA and Head of Cyber Command, and Wendy Noble, Deputy Director, were dismissed unexpectedly after serving one year into their traditionally three-year terms.
- The White House has not provided an official reason for their termination.
- Claire Aird notes, "The Trump administration named Army Lieutenant General William Hartman as acting head of Cyber Command and the NSA, according to the Washington Post. [00:44]"
Influence of Far-Right Activism
- Far-right activist Laura Loomer publicly urged Trump to remove leaders she deemed disloyal. Aird comments, "Far right activist Laura Loomer urged Trump to fire Hawg and others she considered disloyal to the president. [00:44]"

2. Cuts in the Cybersecurity and Infrastructure Security Agency (CISA)

The U.S. government is contemplating significant reductions in the Cybersecurity and Infrastructure Security Agency (CISA).

Planned Layoffs
- Reports from Politico indicate potential layoffs of up to 1,300 CISA employees.
- Previous cuts include 130 employees in February and an additional 300 in March.
- Claire Aird highlights, "If the next round of firings goes ahead, the agency will have lost close to half of its 3,400 strong workforce. [01:21]"
Impact on Threat Hunting
- The forthcoming layoffs are expected to severely impact CISA's threat hunting capabilities, diminishing the agency's ability to proactively address cybersecurity threats.

3. Cyberattacks on Australian Pension Funds

Australian pension funds are under siege as credential stuffing attacks have led to significant financial losses.

Scope of the Attacks
- Five major superannuation providers, including the Australian Retirement Trust and Hostplus, confirmed breaches using leaked passwords from other breaches.
- The largest theft involved an individual losing $300,000, with Reuters reporting that up to 20,000 accounts may have been affected. Aird states, "Up to 20,000 accounts may have been breached, although it's unclear how many were emptied before the attacks were spotted. [01:23]"
Government Response
- The Australian government is actively investigating the incidents.
- The Association of Superannuation Funds of Australia has advised its members to strengthen their cyber defenses.

4. Europcar Data Leak

European rental car giant Europcar has faced a severe data breach compromising sensitive information.

Details of the Breach
- A hacker leaked GitLab repositories containing source code for Europcar's Android and iOS applications.
- Additionally, database backups with personal data of nearly 200,000 customers were exposed.
- Claire Aird reports, "The repos included the source code for the company's Android and iOS applications, as well as database backups containing the personal data of almost 200,000 customers. [02:18]"
Motivation Behind the Attack
- The data was released following an unsuccessful extortion attempt against Europcar.

5. SMS Gateway Breach by Sondio Global

A breach at SMS gateway provider Sondio Global has raised alarms over intercepted communications and potential misuse.

Nature of the Breach
- Hackers accessed Sondio Global’s servers, intercepting over 30,000 SMS messages in late March.
- Aird explains, "Researchers have correlated the attack with Telegram account takeovers that use the intercepted SMS codes. [02:20]"
Implications
- The intercepted SMS messages were likely used to facilitate unauthorized access to Telegram accounts, posing significant privacy and security risks for users.

6. Arrest of the Alleged Operator Behind Crazy Hunter Ransomware

Taiwanese authorities have identified and apprehended the suspected mastermind behind the Crazy Hunter ransomware attacks.

Suspect Profile
- The 20-year-old Chinese national, employed by a cybersecurity company in China's Jiangxi Province, is believed to have orchestrated attacks against 11 Taiwanese organizations.
- Aird notes, "Officials say he orchestrated ransomware attacks against 11 Taiwanese organisations in February and March this year. [02:20]"
Impact of the Attacks
- The ransomware attacks severely disrupted operations in three hospitals, including Taiwan's largest medical center.

7. FBI Investigates Former Pharmacist for Spyware Installation

A disturbing case involving privacy invasion has come to light, with the FBI investigating a former pharmacist at the University of Maryland Medical Center.

Allegations Against Dr. Matthew Bethulah
- Dr. Bethulah is accused of installing spyware on over 400 computers, activating webcams to record female staff in compromising situations.
- He allegedly accessed home security systems to monitor coworkers and hacked into online accounts using stolen passwords.
- Claire Aird details, "Six of the women have filed a class action lawsuit against the hospital after learning of the hacks from the FBI. [02:20]"
Legal Proceedings
- A class action lawsuit has been initiated by six affected women, seeking justice for the invasive actions perpetrated by Dr. Bethulah.

8. Cryptocurrency Theft and Legal Consequences

The realm of cryptocurrency continues to face challenges with theft and subsequent legal actions.

Case of Noah Michael Urban
- Urban, associated with the Scattered Spider group and known online as King Bob and Sosa, has pleaded guilty to cryptocurrency theft charges.
- He is mandated to return over $13 million to 59 victims.
- Aird comments, "Noah Michael Urban was a member of the Scattered Spider group. [02:20]"
Additional Activities
- Urban gained notoriety for leaking rap music prior to official releases, further complicating his digital footprint.

9. Russian IT CEO Charged with Drug Trafficking

In an intersection of cybersecurity and illegal trade, the CEO of a Russian IT company has been charged with drug trafficking.

Details of the Charge
- Yuri Bozoan, CEO of ISA Group, was detained along with Arsenyi Pienzev, co-founder, in St. Petersburg.
- Their company, linked to bulletproof hosting services and Russian disinformation operations, hosted an online drugstore named Blacksproot US.
- Claire Aird states, "Russian authorities have charged the CEO of an IT company linked to bulletproof hosting with drug trafficking. [02:20]"
Broader Implications
- The arrest underscores the Russian government's efforts to clamp down on illicit online activities facilitated through IT infrastructures.

10. NIST Revises CVE Metadata Practices

The National Institute of Standards and Technology (NIST) has announced changes affecting the management of Common Vulnerabilities and Exposures (CVEs).

Policy Change
- NIST will no longer add metadata to CVEs issued before 2018, labeling them as deferred if not already enriched.
- Aird highlights, "NIST has abandoned adding metadata to all CVEs issued prior to 2018. [02:20]"
Impact on Security Databases
- This designation affects up to 100,000 entries, approximately one-third of the CVE database.
- Sources like Socket Security and Vulncheck have noted the significant repercussions of this move.

11. Google's Sec Gemini: A New AI Chatbot for Cybersecurity

Advancements in artificial intelligence are making their way into cybersecurity with Google's latest innovation.

Features of Sec Gemini
- Described as an experimental AI chatbot tailored for cybersecurity professionals, Sec Gemini leverages Google's extensive cybersecurity portfolio and real-time threat intelligence.
- Claire Aird notes, "Google says the model outperforms any other product due to the company's extensive cybersecurity portfolio and access to real time threat intelligence. [02:20]"
Availability
- Currently accessible through early restricted access, Sec Gemini represents a promising tool for enhancing cybersecurity defenses.

12. Python Software Foundation Enhances Package Management

The Python Software Foundation is implementing changes to improve package management and security.

Software Bill of Materials (SBOM) Directory
- A dedicated directory will be added within Python packages, allowing maintainers to include detailed information about their software components.
Universal Lock File Format
- Adoption of a universal lock file format across all package managers to streamline dependency management.
- Claire Aird explains, "This will allow developers to more concisely communicate dependencies and their versions. [02:20]"

13. Rise Semiconductor Launches Lingyu Server Processor

In response to geopolitical pressures, Chinese tech company Rise Semiconductor has unveiled a new server processor.

Specifications of Lingyu Server Processor
- Based on the open-source RISC V architecture, the Lingyu processor signifies China's push towards technological self-sufficiency.
- Aird states, "The CPU is based on the RISC V open source architecture. [02:20]"
Geopolitical Context
- The Chinese government has advocated for the adoption of RISC V following the imposition of U.S. export controls on American-developed processors earlier in the decade, aiming to reduce dependence on foreign technology.

Conclusion

This episode of Risky Bulletin delves deep into the latest developments in cybersecurity, highlighting significant leadership changes within the U.S. cybersecurity framework, widespread cyberattacks affecting financial and personal data, and advancements in cybersecurity technology. From high-profile arrests to policy shifts by NIST, the episode underscores the dynamic and often tumultuous landscape of cybersecurity in 2025.

Notable Quotes:

"If the next round of firings goes ahead, the agency will have lost close to half of its 3,400 strong workforce." – Claire Aird [01:21]
"Google says the model outperforms any other product due to the company's extensive cybersecurity portfolio and access to real time threat intelligence." – Claire Aird [02:20]

This summary provides a comprehensive overview of the latest cybersecurity news as discussed in the April 7, 2025 episode of Risky Bulletin. Stay informed and stay secure.

Loading summary

Transcript12 lines

[00:04]
Claire Aird
Trump fires NSA and cybercom leadership, CISA looks likely to be halved in size, hackers hit Australian pension funds and NIST gives up on old CVEs in its backlog. This is the Risky bulletin prepared by Catalyn Kim Panu and read by me, Claire aird.
[00:22]
Unknown Speaker
Today is the 7th of April.
[00:24]
Claire Aird
US President Donald Trump has fired both the director and deputy of the nsa. NSA Director and Head of Cyber Command Force General Timothy Haug and Deputy Director Wendy Noble were both fired on Thursday. The dismissals come one year into what are traditionally three year rolls, and the.
[00:42]
Unknown Speaker
White House has not said why Hawg.
[00:44]
Claire Aird
And Noble were terminated. The Trump administration named Army Lieutenant General William Hartman as acting head of Cyber Command and the nsa, according to the Washington Post. Far right activist Laura Loomer urged Trump to fire Hawg and others she considered disloyal to the president. The US government is also reportedly looking.
[01:05]
Unknown Speaker
To fire up to 1,300 CISA employees.
[01:09]
Claire Aird
According to Politico. The new layoffs will impact the agency's threat hunting teams.
[01:14]
Unknown Speaker
CISA laid off 130 employees in February and a further 300 in March. If the next round of firings goes.
[01:22]
Claire Aird
Ahead, the agency will have lost close.
[01:24]
Unknown Speaker
To half of its 3,400 strong workforce. A wave of credential stuffing attacks has targeted Australian pension funds, resulting in the theft of some retirement saving. Five major superannuation providers confirmed last week's attacks. The Australian Retirement Trust, Australian super hostplus, Insignia Financial and Rest all said they saw attacks on their online portals using passwords that were leaked in other breaches. The biggest single theft impacted one Australian super customer who lost $300,000. According to Reuters. Up to 20,000 accounts may have been breached, although it's unclear how many were emptied before the attacks were spotted. The Australian government is invest and the association of Superannuation Funds of Australia has told its members to shore up cyber defences. A hacker has leaked the GitLab repositories of European rental car giant Europcar.
[02:18]
Claire Aird
The repos included the source code for.
[02:21]
Unknown Speaker
The company's Android and iOS applications, as well as database backups containing the personal data of almost 200,000 customers. The threat actor released the data after a failed attempt to extort the company. Hackers breached SMS gateway provider Sondio Global to intercept SMS messages. The company said the attackers intercepted more than 30,000 SMS messages in late March while they had access to its servers. Researchers have correlated the attack with Telegram account takeovers that use the intercepted SMS codes. Taiwanese authorities have identified a 20 year old Chinese man as the alleged operator of the Crazy Hunter ransomware. The suspect works for a cyber security company in China's Gojiang Province. Officials say he orchestrated ransomware attacks against 11 Taiwanese organisations in February and March this year. He's suspected to be behind recent attacks that crippled three hospitals, including the island's biggest medical centre. The FBI is investigating a former pharmacist for allegedly installing spyware on more than 400 computers belonging to the University of Maryland Medical Center. Dr. Matthew Bethulah allegedly activated webcams to record female staff undressing and pumping breast milk at work. He also used the compromised staff computers to gain access to home security systems to watch his co workers having sex. He also allegedly hacked into online accounts with passwords collected by the spyware. Six of the women have filed a class action lawsuit against the hospital after learning of the hacks from the FBI. A Florida hacker has pleaded guilty to cryptocurrency theft charges and will return more than $13 million to 59 victims. Noah Michael Urban was a member of the Scattered Spider group. He used the monikers King Bob and Sosa. He was arrested in January 2024 and was charged in November. He also gained a reputation online for leaking rap music ahead of its official release. Russian authorities have charged the CEO of an IT company linked to bulletproof hosting with drug trafficking. Yuri Bozoan, the CEO of ISA Group, was detained on Friday in St. Petersburg. Arsenyi Pienzev, who co founded the company, was also arrested. ISA Group has been linked to bulletproof hosting services and Russian disinformation operations, according to the MASH Telegram channel. The two were detained because their company hosted an online drugstore named Blacksproot US. NIST has abandoned adding metadata to all CVEs issued prior to 2018. The agency will label all older CVEs that have not already been enriched as deferred. According to Socket Security and Vulncheck. The designation will impact up to 100,000 entries, almost a third of the database Google has released Sec Gemini, a new experimental AI chatbot for cybersecurity professionals. Google says the model outperforms any other product due to the company's extensive cybersecurity portfolio and access to real time threat intelligence. Secgemini is currently available as early restricted access. The Python Software foundation will add a dedicated directory inside packages where maintainers can add information about their software bill of materials. The Python team is also adopting a universal lock file format across all its package managers. This will allow developers to more concisely communicate dependencies and their versions and Finally, Chinese tech company Rise Semiconductor has launched the Lingyu Server processor. The CPU is based on the RISC V open source architecture. The Chinese government has pushed chip makers to adopt RISC V after the US started putting export controls on US developed processors earlier this decade. And that is all for this podcast edition. Thanks to your company.