Podcasts
CyberWire Daily
Ep 2257
The CyberWire Daily Podcast 3.4.25
Ep 2257 | 3.4.25

CISA keeps watch on Russia.

Show Notes
Transcript

CISA says it will continue monitoring Russian cyber threats. Broadcom patches zero-days that can lead to VM escape. Google patches 43 Bugs, including two sneaky zero-days. CISA flags vulnerabilities exploited in the wild. Palau's health ministry recovers from ransomware attack. Lost and found or lost and leaked? On this week's Threat Vector segment, David Moulton previews an episode with Hollie Hennessy on IoT cybersecurity risk mitigation and next week’s special International Women's Day episode featuring trailblazing women from Palo Alto Networks sharing their cybersecurity journeys and leadership insights. And is that really you?

Today is Tuesday, March 4th, 2025. I’m Maria Varmazis, host of T-Minus Space Daily in for Dave Bittner. And this is your CyberWire Intel Briefing.

CISA says it will continue monitoring Russian cyber threats.

The US Department of Homeland Security says the Cybersecurity and Infrastructure Security Agency (CISA) will continue monitoring cyber threats from Russia, asserting that media reports to the contrary are false. The Guardian reported over the weekend that CISA staff received a memo directing them to prioritize threats from China, with no mention of Russia. Tricia McLaughlin, Assistant Secretary for Public Affairs at DHS, told CyberScoop that such a memo was never sent, adding, "CISA remains committed to addressing all cyber threats to U.S. critical infrastructure, including from Russia. There has been no change in our posture or priority on this front."

The Guardian's story is separate from reports that Defense Secretary Pete Hegseth ordered Cyber Command to halt offensive operations against Russia during negotiations over the war in Ukraine. The Pentagon hasn't officially commented on these reports, but Bloomberg cites an anonymous senior defense official as saying that "Hegseth has neither canceled nor delayed any cyber operations directed against malicious Russian targets and there has been no stand-down order whatsoever from that priority."

Kim Zetter at Zero Day has written up a useful summary that clarifies reporting on these two stories. We have a link to that piece in our show notes. 

Broadcom patches zero-days that can lead to VM escape.

Broadcom has issued patches for three actively exploited zero-days affecting VMware ESX and any products that contain ESX, including vSphere, Cloud Foundation, and Telco Cloud Platform, SecurityWeek reports. Broadcom warns that the vulnerabilities can lead to a virtual machine escape, stating, "This is a situation where an attacker who has already compromised a virtual machine’s guest OS and gained privileged access (administrator or root) could move into the hypervisor itself."

Google patches 43 Bugs, including two sneaky zero-days.

In March 2025, Google released security updates addressing 43 vulnerabilities in Android, notably two zero-days actively exploited in targeted attacks. One, identified as CVE-2024-50302, is a high-severity information disclosure flaw in the Linux kernel's Human Interface Device driver. This vulnerability was reportedly leveraged by Serbian authorities using an exploit chain developed by Israeli firm Cellebrite to unlock confiscated devices. The exploit chain also included a USB Video Class zero-day (CVE-2024-53104) and an ALSA USB-sound driver zero-day, discovered by Amnesty International's Security Lab in mid-2024. Google had previously provided fixes for these vulnerabilities to OEM partners in January.

CISA flags vulnerabilities exploited in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include several critical security flaws, underscoring the importance of timely remediation to protect organizational networks.

The newly added vulnerabilities are:​

  • CVE-2024-4885: A critical path traversal vulnerability in Progress WhatsUp Gold, which could allow unauthenticated remote code execution.​

  • CVE-2023-20118: A medium-severity command injection vulnerability in Cisco Small Business RV Series Routers, enabling arbitrary command execution or authentication bypass. Notably, Cisco has stated it will not release a fix for this issue.​

  • CVE-2022-43769 and CVE-2022-43939: A pair of vulns, both affecting Hitachi Vantara Pentaho BA Server, which involve special element injection and authorization bypass.

  • CVE-2018-8639: And an improper resource shutdown or release flaw in Microsoft Windows Win32k, which could be exploited to execute arbitrary code.

Federal agencies are mandated to address these vulnerabilities by March 24, 2025. CISA strongly recommends that all organizations, regardless of sector, prioritize the remediation of these vulnerabilities to mitigate potential exploitation risks. And, we have the CVEs for all these vulnerabilities in our selected reading for you should you need them. 

Palau's health ministry recovers from ransomware attack.

The island nation of Palau's Ministry of Health and Human Services (MHHS) is recovering from a ransomware attack it sustained on February 17th, the Record reports. The ministry attributed the attack to the Qilin ransomware gang, adding that the crooks were able to exfiltrate data during the incident. The MHHS stated, "Based on the kind of information that has been stolen, MHHS and its cyber advisors do not perceive any significant impact to the security of individual Palauans. However, MHHS recommends that all Palauans remain vigilant against potential fraud and/or phishing emails that may attempt to use this incident as a means of getting you to release personal information." The ministry added that the attack was "a heinous crime by greedy cyber criminals that has put our ability to provide critical medical care and lifesaving emergency services at risk."

A "defend forward" team from US Cyber Command is on-site assisting with the investigation.

Lost and found or lost and leaked?

​A recent security lapse exposed 14 unprotected databases containing approximately 820,750 sensitive records (totaling 122GB) from Lost and Found Software, utilized by airports across the US, Canada, and Europe. Discovered by cybersecurity researcher Jeremiah Fowler, the breach included detailed information on lost items—such as medical devices, electronics, wallets, and bags—and personally identifiable information (PII) of their owners. Notably, high-resolution images of passports, driver's licenses, and other identification documents were accessible, heightening risks of identity theft and fraud. Additionally, screenshots of payment confirmations, shipping labels, and original receipts were exposed. Upon notification, the company promptly secured the databases. This incident underscores the critical need for robust data protection measures in handling sensitive customer information.

Ransomware attack against Lee Enterprises is still disrupting contractor payments.

US newspaper publisher Lee Enterprises is still grappling with a ransomware attack that occurred on February 3rd, TechCrunch reports. Freelancers and contractors who work for the company told TechCrunch they haven't been paid for their work since the attack took place. One contractor is owed thousands of dollars, and has no timeline for when Lee's payment system will be up and running again.

Lee Enterprises itself has avoided using the term "ransomware," but it mentioned in an SEC filing that the attackers "encrypted critical applications and exfiltrated certain files." The Qilin ransomware gang last week claimed responsibility for the attack. The filing also noted that the incident disrupted "distribution of products, billing, collections, and vendor payments."

TikTok takes aim at Australia.

​In response to Australia's recent legislation banning social media access for children under 16, TikTok has criticized the government's decision to exempt YouTube from this ban, labeling it a "sweetheart deal" that is "illogical, anti-competitive, and short-sighted." This sentiment is echoed by other tech giants, including Meta Platforms and Snapchat, who argue that YouTube offers similar features to those that led to the ban, such as algorithmic content recommendations and exposure to potentially harmful material. Mental health experts have also raised concerns about YouTube's potential to expose children to addictive and dangerous content, questioning the consistency and fairness of the exemption.

 

Coming up after our break, we’ve got our Threat Vector segment with host David Moulton from Palo Alto Networks. And, even your Zoom calls might be catfishing you. 

Our Threat Vector Segment has host David Moulton sharing previews of two upcoming episodes. On this Thursday’s episode, he speaks with Hollie Hennessy, Principal Analyst for IoT Cybersecurity at Omdia, to discuss how attackers exploit vulnerabilities in connected environments and the best approaches for risk mitigation.

The next week on Thursday, March 13th, David shares four conversations with some of the trailblazing women at Palo Alto Networks in honor of International Women’s Day and Women’s History Month.

Don't miss the full episodes of Threat Vector every Thursday. You can find the link to subscribe in our show notes. 

Is That Really You?

Deepfake technology is no longer a futuristic threat—it’s here, and it’s already wreaking havoc. Last year, deepfake attacks in video calls surged by a staggering 300%. Cybercriminals are using AI to impersonate people in real-time, bypassing facial-recognition systems and tricking even the savviest professionals. Even more troubling, these powerful tools are no longer just in the hands of elite hackers—they’re now available in "crime-as-a-service" markets, making it easier than ever for anyone to spoof an identity and launch a scam.

The old tricks, like asking someone to look left to catch a distortion, just aren’t cutting it anymore. This is a serious wake-up call for businesses: traditional identity verification methods are quickly becoming outdated. To keep up with these evolving threats, companies need to implement multi-layered defenses, deploy advanced deepfake detection tools, and, most importantly, train employees to spot these sophisticated scams. As deepfake technology continues to evolve at lightning speed, it’s essential to rethink how we verify identities and stay one step ahead of cybercriminals. Stay vigilant—those video calls might not be as real as they seem.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.