Podcasts
CyberWire Daily
Ep 2244
The CyberWire Daily Podcast 2.12.25
Ep 2244 | 2.12.25

DOGEgeddon: The cyber crisis hiding in plain sight.

Show Notes
Transcript

Is DOGE a cyberattack against America? Is DOGE a cyberattack against America? The White House plans to nominate a new national cyber director. Patch Tuesday updates. Ivanti discloses a critical stack-based buffer overflow vulnerability. The GAO identifies cybersecurity gaps in the U.S. Coast Guard’s efforts to secure the Maritime Transportation System. An Arizona woman pleads guilty to running a laptop farm for North Korea. A notorious swatter gets a prison sentence. Our guests are  Gianna Whitver and Maria Velasquez, co-hosts of the Breaking Through in Cybersecurity Marketing podcast. Plague-themed phishing tests take it too far. 

Today is Wednesday February 12th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Is DOGE a cyberattack against America?

In an editorial for Foreign Policy,  Bruce Schneier and Davi Ottenheimer make the case that Elon Musk’s DOGE team represents a serious cyberattack against America. 

The editorial highlights what may be the most alarming national security crisis in modern U.S. history—not due to foreign cyberattacks, but because of unchecked internal access granted under dubious authority. The newly created Department of Government Efficiency (DOGE), led by individuals with unclear credentials, has infiltrated critical government systems, including the Treasury Department, OPM, and even classified intelligence networks. These intrusions have exposed vast amounts of sensitive data and fundamentally weakened national cybersecurity defenses.

What sets this apart from previous breaches is not just the scale but the method. Unlike adversaries who spend years infiltrating systems in secrecy, DOGE personnel have been granted high-level access in plain sight, stripping away essential security safeguards. Career officials responsible for protecting these systems have been sidelined, and critical protections like auditing and incident response have been dismantled.

The editorial argues that this is more than just reckless mismanagement—it’s a systematic gutting of national security protocols. The Treasury’s financial infrastructure, the identities of intelligence personnel, and even AI-trained on sensitive data are now potentially compromised. Worse, unauthorized modifications to core systems could leave lasting vulnerabilities, paving the way for future exploitation by foreign adversaries.

A federal judge has intervened, but that alone won’t undo the damage. The piece calls for immediate action: revoking unauthorized access, restoring security protocols, and conducting rigorous audits. Without these steps, the editorial warns, the U.S. government risks long-term structural damage to its most essential systems—damage that may already be irreversible.

The White House plans to nominate a new national cyber director. 

President Donald Trump plans to nominate Sean Cairncross as the next national cyber director, despite his lack of cybersecurity leadership experience. Cairncross, a longtime GOP insider, previously served as CEO of the Millennium Challenge Corporation and held senior roles within the Republican National Committee.

If confirmed, he would lead the White House’s Office of the National Cyber Director (ONCD), which was created in 2021 to oversee U.S. cyber strategy. The Biden administration’s approach to ONCD was marked by leadership turnover and concerns about competing power centers.

Observers worry the Trump administration may downsize the office, even as the U.S. faces growing cyber threats from China-linked hacking campaigns. Cairncross would replace Harry Coker, who recently left for Maryland’s commerce secretary role.

Patch Tuesday updates. 

Microsoft has released security updates for four new zero-day vulnerabilities, including two actively exploited flaws. The February Patch Tuesday update covers over 50 CVEs, including 22 remote code execution (RCE) bugs and 19 privilege escalation vulnerabilities. Among the most concerning is CVE-2025-21391, which allows attackers to delete critical system files and escalate privileges, potentially crippling servers. Another, CVE-2025-21418, affects Windows networking and grants system-level access, enabling attackers to manipulate security settings and execute malicious code.

Intel issued 34 security advisories, including a critical privilege escalation flaw in Server Board BMC firmware. AMD addressed multiple high-severity vulnerabilities in processors, graphics drivers, and its system management mode, while Nvidia patched security flaws in its GPU software and container toolkit.

Siemens and Schneider Electric also released updates for industrial control system vulnerabilities. With major cyber threats ongoing, these updates emphasize the need for organizations to promptly patch critical systems to prevent exploitation.

Ivanti discloses a critical stack-based buffer overflow vulnerability.

Ivanti has disclosed CVE-2025-22467, a critical stack-based buffer overflow vulnerability in its Connect Secure (ICS) product, rated 9.9 on the CVSS scale. The flaw allows remote authenticated attackers to execute arbitrary code. It affects versions up to 22.7R2.5 and is fixed in 22.7R2.6. Ivanti urges users to update immediately or implement interim measures like network segmentation and log monitoring. While no active exploitation is reported, past Ivanti vulnerabilities have been targeted by APT groups, emphasizing the need for prompt patching.

The GAO  identifies cybersecurity gaps in the U.S. Coast Guard’s efforts to secure the Maritime Transportation System.

The Government Accountability Office (GAO) has identified cybersecurity gaps in the U.S. Coast Guard’s efforts to secure the Maritime Transportation System (MTS) and issued five recommendations. The Coast Guard must improve incident data accuracy, enhance cyber deficiency tracking, align its strategy with national goals, and address competency gaps in cybersecurity personnel.

GAO’s findings, based on reports, inspections, and stakeholder interviews from 2019 to mid-2024, highlight threats from state-sponsored actors (China, Iran, North Korea, Russia) and cybercriminals. Past cyberattacks have disrupted port operations, and future incidents could have severe consequences.

The Coast Guard assists MTS operators with cybersecurity guidance, inspections, and technical support but lacks a complete cybersecurity incident tracking system. GAO also found gaps in its cyber strategy and workforce competencies. The Department of Homeland Security (DHS) concurred with GAO’s recommendations, emphasizing the need for urgent improvements to prevent cyberattacks on critical maritime infrastructure.

An Arizona woman pleads guilty to running a laptop farm for North Korea. 

Christina Marie Chapman, 48, of Arizona, pleaded guilty to running a laptop farm that helped North Korean IT workers fraudulently gain employment at over 300 U.S. companies. From 2020 to 2023, she helped North Koreans steal identities of 70+ Americans, making it appear they were U.S.-based while working remotely from China, Russia, and other countries. The scheme generated $17.1 million, most of which was sent to North Korea’s government.

Chapman laundered the funds by processing paychecks and transmitting false documents to U.S. agencies. The workers she assisted had ties to North Korea’s weapons programs and attempted to gain employment at U.S. government agencies.

Chapman faces 7 to 9 years in prison, with sentencing set for June 16. Her case is part of a broader FBI crackdown on North Korean IT fraud, which has led to extortion attempts and security breaches at U.S. companies.

A notorious swatter gets a prison sentence. 

Alan W. Filion, 18, of Lancaster, California, was sentenced to 48 months in prison for making interstate threats, including over 375 swatting calls from 2022 to 2024. His false threats targeted religious institutions, schools, government officials, and individuals, often claiming to have planted bombs or planned mass shootings. His actions led to armed law enforcement responses, detentions, and resource diversion.

Filion admitted to running a swatting-for-profit operation, advertising his services online. He was arrested in January 2024 for a May 2023 threat to a Florida religious institution, where he falsely claimed to possess weapons and planned a mass shooting. He also pleaded guilty to threats against a high school, a Historically Black College, and a federal law enforcement officer.

The FBI and U.S. Secret Service investigated the case, with multiple law enforcement agencies assisting. 

 

Today, I speak with co-hosts of the Breaking Through in Cybersecurity Marketing podcast Gianna Whitver and Maria Velasquez about  their plans for 2025. And, plague-themed phishing tests taking it too far.

We’ll be right back.

Welcome back. You can listen to new episodes of Breaking Through in Cybersecurity Marketing every Wednesday airing on the N2K CyberWire network and wherever you get your podcasts. 

Plague-themed phishing tests take it too far. 

And finally, It was a calm Sunday morning when Alicia Riley received an email about an Ebola outbreak at UC Santa Cruz. As a disease expert, she panicked—until she clicked the link and realized she was the outbreak. It was just a phishing test from the university’s IT department. Cue the rage.

Phishing drills, meant to educate employees, have become more elaborate—and infuriating. According to the Wall Street Journal, some tests dangle lost puppies, open enrollment links, or even free Eagles tickets (which, shockingly, worked). One cybersecurity pro once made a NASA employee cry by promising a trip to see the final Space Shuttle launch.

But do these tests actually work? Studies suggest not really—one found they made people more susceptible to phishing. And when tests go too far (like pretending Ebola is on campus), they undermine trust in real alerts. Some workplaces punish clickers harshly—one hospital revokes email access or even fires repeat offenders. There’s an argument that having employees worry that their organization is actively trying to deceive them is, in the long run, corrosive. 

Lesson learned? Cybersecurity is important—but so is not causing mass hysteria. These are challenging times and a lot of people are feeling anxious about a lot of things. So, if your organization is using phishing tests as part of your security awareness training, please - be mindful, and dial it in. 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.