Podcasts
CyberWire Daily
Ep 2300
The CyberWire Daily Podcast 5.2.25
Ep 2300 | 5.2.25

Wired, but not fired.

Show Notes
Transcript

RSAC 2025 comes to an end. Canadian power company hit by cyberattack. Ascension Health discloses another breach. UK luxury department store Harrods discloses attempted cyberattack. Microsoft fixes bug flagging Gmail as spam. An unofficial version of the Signal app shared in photo. EU fines TikTok for violating GDPR with China data transfer. US Treasury to cut off Southeast Asian cybercrime key player. Passwordless by default coming your way. Our guest is Kevin Magee, from Microsoft, sharing a medley of interviews he gathered on the show floor of RSAC 2025.  

Today is Friday, May 2nd, 2025. I’m Maria Varmazis, host of T-Minus Space Daily podcast for Dave Bittner. And this is your CyberWire Intel Briefing.

RSAC 2025 comes to an end. 

On the final day of RSA Conference 2025, the cybersecurity community discussed  emerging challenges and innovations. The AI governance panel featured leaders from OpenAI, Workday, and Uber, who explored strategies for building trust in AI systems, emphasizing the need for robust safety measures and compliance frameworks. "Legal Eagles & CISOs," highlighted the critical need for collaboration between legal teams and cybersecurity leaders to navigate regulatory landscapes and bolster organizational resilience.​

Deputy National Security Advisor Anne Neuberger offered a comprehensive overview of U.S. cybersecurity policy, discussing initiatives related to AI, 5G/6G technologies, and strategies to combat ransomware and illicit cryptocurrency activities.​ and, RSAC College Day connected aspiring cybersecurity professionals with industry experts, fostering mentorship and career development. 

Stay tuned for a final installment from intern Kevin from the RSAC 2025 floor. 

Canadian power company hit by cyberattack.

Halifax-based electric utility Nova Scotia Power and its parent company Emera have shut down parts of their IT networks while responding to a cyberattack, SecurityWeek reports. The attack disrupted the utility's customer care phone line and online portal, but did not affect physical operations.

The companies stated, "There remains no disruption to any of our Canadian physical operations, including at Nova Scotia Power’s generation, transmission, and distribution facilities, the Maritime Link or the Brunswick Pipeline, and the incident has not impacted the utility’s ability to safely and reliably serve customers in Nova Scotia. There has been no impact to Emera’s US or Caribbean utilities."

CBC News reports that the utility is only responding to emergencies and outages, leaving some new customers unable to get their power turned on.

Ascension Health discloses another breach.

US health system Ascension is informing some patients that their medical data was breached after hackers compromised a third-party vendor in December 2024, the Register reports. The breached data involved personal information, including Social Security numbers, as well as medical information. The medical data included "[i]nformation related to inpatient visits, such as the place of service; physician name, admission and discharge dates; diagnosis and billing codes; medical record number; and insurance company name."

Ascension sustained a separate breach in May 2024 after it was hit by the Black Basta ransomware gang.

UK luxury department store Harrods discloses attempted cyberattack.

London luxury department store Harrods has "restricted internet access" at its locations following an attempted cyberattack, the BBC reports. The company says its flagship store remains open, and customers can still shop online.

Two other major UK retailers, Marks & Spencer and Co-op, are currently recovering from disruptive cyberattacks. The UK's National Cyber Security Centre (NCSC) chief executive Dr. Richard Horne said in a statement, "The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers, and the public. The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture."

Horne added, "These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively."

Microsoft fixes bug flagging Gmail as spam. 

Microsoft has resolved a machine learning (ML) issue in Exchange Online that incorrectly flagged legitimate Gmail emails as spam. The problem, tracked as EX1064599, began on April 25, 2025, causing affected messages to be diverted to users' junk folders. Microsoft attributed the false positives to the ML model misclassifying emails due to similarities with known spam patterns. By May 1, the company reverted to a previous ML model version, effectively mitigating the issue.

An unofficial version of Signal app shared in photo. 

A photograph taken during a Trump cabinet meeting revealed that former National Security Advisor Mike Waltz was using an unofficial version of the Signal messaging app, known as TM SGNL, developed by TeleMessage. This modified app adds message archiving capabilities, potentially compromising Signal's standard end-to-end encryption. The image showed Waltz communicating with top officials, including JD Vance, Tulsi Gabbard, and Marco Rubio, raising concerns about the security of sensitive government communications.

EU fines TikTok for violating GDPR with China data transfer. 

The European Union has fined TikTok €530 million ($600 million) for violating the General Data Protection Regulation (GDPR) by inadequately safeguarding European users' data accessed by staff in China. Ireland's Data Protection Commission found that TikTok failed to ensure EU-equivalent protections and lacked transparency about data transfers. The investigation also revealed that TikTok provided inaccurate information, initially denying storage of EU user data on Chinese servers, only to later admit some data had been stored there. TikTok plans to appeal, asserting that the issues predate its "Project Clover," which aims to localize data within Europe through new data centers.

Ukrainian extradited from Spain for role in Nefilim ransomware. 

Ukrainian national Artem Stryzhak, 35, has been extradited from Spain to the U.S. to face charges related to his alleged role in the Nefilim ransomware operation. According to a superseding indictment unsealed in the Eastern District of New York, Stryzhak is accused of conspiring to commit fraud and extortion by deploying Nefilim ransomware against high-revenue companies across the U.S., Canada, Europe, and Australia between 2018 and 2021. He reportedly entered into an agreement with Nefilim administrators, receiving access to the ransomware in exchange for 20% of the ransom proceeds. The attacks targeted sectors including aviation, chemicals, construction, and insurance, resulting in millions of dollars in losses. Stryzhak is scheduled for arraignment and, if convicted, faces up to five years in prison. ​

US Treasury to cut off Southeast Asian cybercrime key player.

The U.S. Treasury's Financial Crimes Enforcement Network (FinCEN) has designated Cambodia-based Huione Group as a "primary money laundering concern" under Section 311 of the USA PATRIOT Act. This action aims to sever Huione's access to the U.S. financial system, citing its role in laundering over $4 billion in illicit proceeds between August 2021 and January 2025. The funds are linked to North Korean cyber heists and Southeast Asian "pig butchering" scams—fraudulent investment schemes that exploit victims through social engineering tactics.

Passwordless by default coming your way. 

​Microsoft has announced that all new Microsoft accounts will be "passwordless by default" to enhance security against threats like phishing and credential stuffing. Instead of traditional passwords, new users will authenticate using methods such as passkeys, biometric verification (e.g., Windows Hello), security keys, or push notifications.

 

Stay tuned after the break, Kevin Magee is closing out RSAC 2025 with a high-energy medley of interviews straight from the show floor, packed with sharp insights and bold ideas from some of cybersecurity’s standout voices.

Kevin Magee was at the RSA conference this past week, as our intern gathering “kevin on the street interviews. Today he is closing out RSAC 2025 with a high-energy medley of interviews straight from the show floor from some of cybersecurity’s standout voices, here’s his conversations.

That was Kevin Magee reporting from the RSA Conference show floor, where he caught up with some of the industry's leading voices. Want to dive deeper into those conversations? You'll find all his guests linked in the show notes.

This past week, we were joined on the RSAC floor in San Francisco by our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stepping into the role of our honorary intern, Kevin hit the show floor to gather insights and interviews with industry leaders—all featured right here. As RSAC wraps up, Kevin shares his reflections on the conversations that stood out and the key themes he observed throughout the week. Here's Kevin.  

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

Be sure to check out our Research Saturday tomorrow, this week, Dave sits down with Shaked Reiner, Principal Security Researcher at CyberArk, who is discussing their research on"Agents Under Attack: Threat Modeling Agentic AI.". That’s Research Saturday, check it out.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.