Podcasts
CyberWire Daily
Ep 2241
The CyberWire Daily Podcast 2.7.25
Ep 2241 | 2.7.25

DOGE-eat-DOGE world.

Show Notes
Transcript

Security concerns grow over DOGE’s use of AI. The British government demands access to encrypted iCloud accounts. Researchers identify critical vulnerabilities in the DeepSeek iOS app. Microsoft Edge uses AI to block scareware. A phishing campaign targets Facebook users with fake copyright infringement notices. Researchers discover malicious machine learning models on Hugging Face. A major data broker faces yet-another data breach lawsuit. CISA warns of a critical Microsoft Outlook vulnerability under active exploitation. Guest John Anthony Smith, Founder and Chief Security Officer at Fenix24, shares insights into why backups are the most important security control. The UK’s cyber weather report says expect light phishing with a chance of ransomware.

Today is Friday February 7th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Security concerns grow over DOGE’s use of AI. 

Elon Musk’s Department of Government Efficiency (DOGE) has been using AI software to analyze financial data at the U.S. Education Department, including personally identifiable information related to grants and internal financial records. The team, which includes former Musk employees, is leveraging Microsoft’s Azure cloud services to scrutinize every dollar spent by the department, with the goal of significantly cutting costs and potentially eliminating the department altogether.

DOGE’s actions align with the Trump administration’s broader agenda to shrink federal agencies. The group plans to extend its AI-driven auditing across multiple government departments, including the Department of Health and Human Services (HHS), the Treasury, and the Centers for Disease Control and Prevention (CDC), seeking to optimize government spending. Their access to Medicare and Medicaid payment systems has raised concerns about potential privacy violations and data breaches.

Critics warn that DOGE’s approach lacks oversight and could lead to security risks, particularly as AI systems are prone to errors and may expose sensitive data. The rapid implementation of DOGE’s strategies has already led to significant workforce reductions, including placing 100 Education Department employees on administrative leave based on their participation in diversity training.

In response to growing concerns, a federal judge temporarily restricted DOGE’s access to Treasury payment systems after advocacy groups filed a lawsuit. While Musk’s team claims they are rooting out inefficiencies and fraud, privacy experts worry about the unchecked power DOGE has gained, the potential for misuse of personal data, and the broader implications of AI-driven government restructuring.

The British government demands access to encrypted iCloud accounts. 

The British government has reportedly issued a secret legal demand to Apple, requiring access to encrypted iCloud accounts under the Investigatory Powers Act’s Technical Capability Notice (TCN), according to The Washington Post. While reporting on the existence of a TCN is legal, disclosing its details is prohibited.

The demand could create a “back door” for authorities to access global iCloud data, though officials claim it only ensures compliance with legal warrants. Apple introduced optional end-to-end encryption (E2EE) for iCloud in 2022, despite law enforcement concerns about crime prevention.

Similar encryption debates continue, with UK officials criticizing Meta’s E2EE messaging. Tech companies argue alternative security measures suffice, while law enforcement insists metadata alone is insufficient for serious investigations. Neither Apple nor the UK government has commented on the report.

Researchers identify critical vulnerabilities in the DeepSeek iOS app. 

Research from security firm NowSecure has identified critical vulnerabilities in the DeepSeek iOS app, urging enterprises and governments to ban its use due to severe privacy and security risks. Since its rise to the top of the App Store on January 25, 2025, DeepSeek has been downloaded on millions of devices, including those used by government employees, prompting swift bans from multiple agencies and the U.S. military.

Key risks include unencrypted data transmission, weak encryption, insecure data storage, extensive data collection, and data transmission to China under PRC laws. These issues pose significant threats, including surveillance, data breaches, and compliance violations.

NowSecure recommends organizations immediately remove DeepSeek, seek secure AI alternatives, and continuously monitor mobile applications for emerging risks.

Microsoft Edge uses AI to block scareware. 

Microsoft Edge 133 is rolling out globally with key improvements, including an AI-powered scareware blocker and a revamped Downloads UI. The scareware blocker, now available in Edge’s settings, detects tech support scams in real-time using computer vision without sending data to the cloud. Unlike Defender SmartScreen, it analyzes webpage content to block scams more effectively. 

A phishing campaign targets Facebook users with fake copyright infringement notices. 

A phishing campaign is targeting Facebook users with fake copyright infringement notices, aiming to steal login credentials. The scam, sent to over 12,279 email addresses, primarily affects enterprises in the EU, US, and Australia. Attackers use Salesforce’s email service to make phishing emails appear legitimate. The emails, claiming violations under the DMCA, reference major companies like Universal Music Group and create urgency by threatening account restrictions.

Victims clicking the “appeal” link are directed to a fake Facebook support page designed to capture their credentials. Attackers can then hijack accounts, alter content, and manipulate messaging, posing risks for businesses relying on Facebook.

Researchers discover malicious machine learning models on Hugging Face. 

Researchers at ReversingLabs have discovered malicious machine learning models on Hugging Face, exploiting vulnerabilities in Python’s Pickle serialization format. These models contain embedded payloads capable of executing arbitrary code, posing serious security risks.

Pickle is widely used in ML but allows attackers to embed harmful commands within seemingly legitimate models. The researchers identified two PyTorch-based malicious models, dubbed nullifAl, that bypassed Hugging Face’s security tools by executing payloads early in the Pickle stream.

The incident highlights the risks of collaborative AI platforms, where productivity often outweighs security. Hugging Face is enhancing its protections, but developers should remain cautious, avoid unverified models, and consider safer serialization alternatives. Security experts recommend monitoring for suspicious activity linked to Pickle vulnerabilities to prevent potential cyber threats.

A major data broker faces yet-another data breach lawsuit. 

Gravy Analytics is facing yet another lawsuit over a massive data breach that allegedly exposed 17 TB of personal data, including the precise locations of millions of smartphones. This is the fourth lawsuit since January, following claims that hackers stole sensitive data from the company’s AWS S3 storage buckets and posted evidence on a cybercrime forum.

The stolen data reportedly includes geo-coordinates collected from popular apps like Tinder, Grindr, Candy Crush, MyFitnessPal, and VPN services, affecting users in the U.S., Europe, and Russia.

Gravy, now part of Unacast, has already been banned by the FTC from selling sensitive location data. The lawsuit alleges negligence, breach of contract, and unfair competition. While Gravy denies direct collection of location data, critics argue the company failed to secure its licensed datasets, leading to serious privacy risks.

CISA warns of a critical Microsoft Outlook vulnerability under active exploitation. 

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about active exploitation of a critical Microsoft Outlook vulnerability, CVE-2024-21413. Dubbed “MonikerLink,” this remote code execution (RCE) flaw allows attackers to bypass Office Protected View, making malicious Office files open in editing mode instead of read-only.

The vulnerability affects multiple Microsoft Office products and can be exploited via zero-click attacks, leading to NTLM credential theft, RCE, and full system compromise.

CISA has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to patch by February 27, 2025. 

Next, on our Industry Voices segment, Founder and Chief Security Officer at Fenix24 (phoenix like the city) John Anthony Smith shares insights into why backups are the most important security control. And, Britain’s got new cyber severity scale. We’ll be right back.

Welcome back

The UK’s cyber weather report says expect light phishing with a chance of ransomware. 

And finally, our London Fog desk reports the UK just launched the Cyber Monitoring Centre (CMC), a first-of-its-kind system that ranks cyber incidents like hurricanes—from Category 1 (annoying drizzle) to Category 5 (cyber apocalypse).

Led by former NCSC chief Ciaran Martin, the CMC’s job is to determine whether a cyberattack is a “systemic event”—one so massive it ripples across industries, like NotPetya or CrowdStrike’s recent meltdown. The scale is based on financial losses and the number of affected organizations.

Test runs? MOVEit barely registered, Synnovis’ NHS fiasco hit Category 2, and CrowdStrike’s self-inflicted chaos landed at Category 3. While initially designed for cyber insurers, the CMC hopes to inform policymakers, businesses, and even the UK government.

Skeptics question its long-term impact, but as Martin put it: “If this was easy, someone would have done it already.”

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.
ADVERTISEMENT
Sponsored by Fenix24
Sponsored by Fenix24

Fenix24 is the industry-leading cyber disaster recovery and restoration service. Operating as The World’s First Civilian Cybersecurity Force, the Chattanooga, Tennessee-based company ensures organizations are prepared to effectively resist and rapidly recover from a cyberattack. Learn more.