Podcasts
CyberWire Daily
Ep 2256
The CyberWire Daily Podcast 3.3.25
Ep 2256 | 3.3.25

Is it cyber peace or just a buffer?

Show Notes
Transcript

Cyber Command ordered to halt offensive operations against Russia during Ukraine negotiations. Ransomware actors exploit Paragon Partition Manager vulnerability. Amnesty International publishes analysis of Cellebrite exploit chain. California orders data broker to shut down for violating the Delete Act. On our Afternoon Cyber Tea segment with host Ann Johnson of Microsoft Security, Ann speaks with Igor Tsyganskiy, Microsoft's Global Chief Information Security Officer, about "The Power of Partnership in Cyber Defense." And it’s the end of an era.

Today is Monday, March 3rd, 2025. I’m Maria Varmazis, host of T-Minus Space Daily in for Dave Bittner. And this is your CyberWire Intel Briefing.  Thanks for joining us on this first Monday in March. Onto to today's stories.

Cyber Command ordered to halt offensive operations against Russia during Ukraine negotiations.

The Record reports that US Defense Secretary Pete Hegseth has ordered Cyber Command to halt offensive cyber operations against Russia. The full scope of the directive is unclear, but it doesn’t include the NSA or its signals intelligence operations targeting Russia. The Washington Post cites a current US official familiar with the order as saying the pause is meant to last only as long as negotiations over the war in Ukraine continue. The Post says the operations being halted "could include exposing or disabling malware found in Russian networks before it can be used against the United States, blocking Russian hackers from servers that they may be preparing to use for their own offensive operations, or disrupting a site promoting anti-U.S. propaganda."

The New York Times observes that "Former officials said it was common for civilian leaders to order pauses in military operations during sensitive diplomatic negotiations, to avoid derailing them. Still, for President Trump and Mr. Hegseth, the retreat from offensive cyberoperations against Russian targets represents a huge gamble. It essentially counts on Mr. Putin to reciprocate by letting up on what many call the 'shadow war' underway against the United States and its traditional allies in Europe."

The Pentagon declined to comment on the report. A senior Defense official told the Record, "Due to operational security concerns, we do not comment nor discuss cyber intelligence, plans, or operations. There is no greater priority to Secretary Hegseth than the safety of the Warfighter in all operations, to include the cyber domain."

Ransomware actors exploit Paragon Partition Manager vulnerability.

Researchers at Microsoft discovered five vulnerabilities affecting a driver used by Paragon Partition Manager, one of which is being exploited by ransomware actors, BleepingComputer reports. Microsoft has observed ransomware attackers using the flaw to achieve SYSTEM-level privilege escalation before executing additional malware.

An advisory from the CERT Coordination Center (CERT/CC) explains, "An attacker with local access to a device can exploit these vulnerabilities to escalate privileges or cause a denial-of-service (DoS) scenario on the victim's machine. Additionally, as the attack involves a Microsoft-signed Driver, an attacker can leverage a Bring Your Own Vulnerable Driver technique to exploit systems even if Paragon Partition Manager is not installed."

Paragon Software has issued patches for the flaws, and users of Partition Manager should upgrade to the latest version.

Amnesty International publishes analysis of Cellebrite exploit chain.

Amnesty International has published a follow-up to its December 2024 report on the Serbian government's alleged misuse of Cellebrite's cell phone data extraction tool. Amnesty's latest report, published on Friday, outlines "a new case of misuse of a Cellebrite product to break into the phone of a youth activist in Serbia." The report shares technical details on "a sophisticated zero-day exploit chain targeting Android USB drivers, developed by Cellebrite."

Amnesty explains, "The exploit, which targeted Linux kernel USB drivers, enabled Cellebrite customers with physical access to a locked Android device to bypass an Android phone’s lock screen and gain privileged access on the device. As the exploit targets core Linux kernel USB drivers, the impact is not limited to a particular device or vendor and could affect a very wide range of devices. The same vulnerabilities could also expose Linux computers and Linux-powered embedded devices to physical attacks, although there is no evidence that this exploit chain has been designed to target non-Android Linux devices."

Last week, Cellebrite announced it would suspend its services in Serbia, citing Amnesty's December report.

California orders data broker to shut down for violating the Delete Act.

The state of California's Privacy Protection Agency (CPPA) last Thursday ordered a data broker to cease operations for three years for failing to register with the state, the Record reports. The California Delete Act, which took effect in January 2024, requires data brokers to register with the CPPA in order to provide a mechanism through which consumers can request to have their data deleted. The broker in this case, called "Background Alert," has agreed to the settlement terms. The Record notes that such a ruling against a data broker is unprecedented.

Thousands of working API keys and passwords found in AI training dataset.

Researchers at Truffle Security found just under twelve thousand valid API keys and passwords in the Common Crawl database, an enormous open-source repository of web data used for training AI models. The secrets included an AWS root key, live Slack webhooks, and nearly 1,500 unique Mailchimp API keys. 

The researchers stress that Common Crawl isn’t to blame–the keys were publicly exposed because web developers hardcoded them into front-end HTML and JavaScript, and the web pages were then archived by Common Crawl.

Polish Space Agency sustains cyberattack.

Poland’s Minister for Digitalisation said yesterday that the Polish Space Agency's (POLSA) IT infrastructure sustained an unauthorized intrusion, and the Agency has disconnected its network from the Internet while it investigates the incident.

The nature of the attack is unclear. The Register cites a source inside the agency as saying the incident was related to an internal email compromise, and staff have been told to rely on phones instead. Stay tuned for further developments here and on our T-Minus Space Daily podcast.

 

Coming up after our break, Ann Johnson from Microsoft Security joins us for her monthly Afternoon Cyber Tea segment. And, we click end call with an old friend.

 

Next up is our monthly Afternoon Cyber Tea podcast segment with host Ann Johnson of Microsoft Security. Today,  Ann speaks with Igor Tsyganskiy, Microsoft's Global Chief Information Security Officer, about "The Power of Partnership in Cyber Defense." Ann and Igor discuss the challenges and optimism driving the fight against cyber threats. 

 

To hear the full conversation on Ann’s show, check out the link in our show notes. You can catch new episodes of Afternoon Cyber Tea every other Tuesday on the N2K CyberWire network and on your favorite podcast app.

 

It's the end of an era with Skype clicking that “end call” button for good.

Last week, Microsoft announced that it’s officially pulling the plug on Skype, with the service shutting down on May 5th. At this point, Skype has become more of a niche app—back in 2023, Microsoft said it still had 36 million users, which is a huge drop from its peak of 300 million including our own Dave Bittner who conducted all of his interviews for this podcast via Skype back in the day. 

Even though Skype is fading out, its impact is still everywhere. The technology behind it helped shape the security and privacy features that protect today’s most popular messaging apps. In many ways, the world is safer and more free because Skype’s original developers pioneered ideas that set the foundation for modern encrypted communication. Ending call. 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Maria Varmazis. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.