In this episode of 'Cybersecurity Today', host David Shipley covers multiple key stories: Veritaco CEO Jeffrey Bowie is charged with attempting to infect a hospital with malware. Global Chief Information Security Officers (CISOs) call on world governments to harmonize cybersecurity regulations. Issues arise with Microsoft's recent 'Mystery Folder' security patch. Highlights from B-Side San Francisco's AI discussions include talks on weaponizing large language models and detecting deep fake technology. Additionally, the RSA Conference kicks off, promising numerous vendor announcements and updates.
00:00 Cybersecurity CEO Charged with Hospital Malware Attack
01:56 Global CISOs Call for Unified Cyber Regulations
03:59 Microsoft's Mystery Folder Fix Issues
05:37 AI Talks at B-Side San Francisco
08:08 RSA Conference Highlights and Conclusion
Episode Transcript
A cybersecurity CEO is charged withattempting to infect a hospital
with malware global CISOs bandtogether to urge world governments
to harmonize cyber rules.
Microsoft Mystery Folder Fix mightneed a fix of its own and lots of
AI talks at B-Side San Franciscowith also RSA Kicking off this week.
(00:21):
This is Cybersecurity today, andI'm your host, David Shipley.
Security Affairs reported Saturday thatJeffrey Bowie, CEO of the cybersecurity
firm, Veritaco, is facing two counts ofviolating Oklahoma's computer crimes act
for allegedly infecting employee computersat the Oklahoma City St. Anthony Hospital.
(00:43):
So what happened?
According to police, back on August6th, security cameras allegedly caught
Bowie roaming the halls of OklahomaCity's St. Anthony's Hospital.
After trying a few locked offices, hereportedly found staff computers slipped
in a thumb drive and planted malware thatsnapped a screenshot every 20 minutes
and sent images to an outside server.
(01:04):
When staff asked what he wasdoing, Bowie allegedly said he
had a relative in surgery andquote, needed to check something.
End quote, hospital.
IT later discovered the malicioussoftware and thankfully, no
patient data was exposed.
The hospital says its security measurescontained the threat immediately, and it
worked with law enforcement from day one.
(01:26):
Two weeks ago, on April 14th, policepicked up Bowie with an arrest warrant.
For context, St. Anthony's is a 773bed medical center in Oklahoma City's
midtown, offering everything fromheart surgery to behavioral health.
And this story highlights how importantphysical security remains when it comes
to protecting information and systems.
(01:48):
It'll be interesting to see what comes outof this case regarding what happened and
what the motivations were of the accused.
Chief Information Security Officersfrom 45 powerhouse companies like Big
Tech Titans, global Banks, hospitalNetworks, you name it, have fired
off a joint letter to the G sevenand the Organization for Economic
(02:09):
Cooperation and Development or OECD.
What are they asking for?
They're asking to stop drowning in apatchwork of cyber rules from different
regions, jurisdictions at the nationaland sometimes subnational level.
They're urging world leadersto use these forums to sync up
cybersecurity regulations insteadof letting everyone go their own
(02:30):
way, creating confusing, sometimesconflicting in different requirements.
Four big things they're asking for.
Single playbook, an alignmentand consistent enforcement
of rules that already exist.
Working together between the privatesector and the public sector on what's
to come next in the regulatory framework.
(02:52):
They wanna be brought in earlier whennew standards are being contemplated.
They're looking for faster intelligencesharing between governments and the
private sector and breaking downbureaucratic walls so that data can
move at machine speed, and certainlyat the speed of attackers, and they
wanna make sure business gets atthe table and stays at the table.
(03:15):
Now, while all this matters is that thislist cuts across almost every sector.
And signals growing fatigue withregulatory spaghetti cross the
world and the timing is key.
The G seven is set to meet in Canada thisyear, and numerous regulations have popped
up both in North America, in Europe, theUK and Australia, that are starting to
(03:39):
affect companies that operate globally.
Now, if IT regulators listen,we could see a more cohesive
approach that improves protection.
However, given the geopolitical contextwe're now in particularly with respect
to the trade situation, cooperationmay not be high on the agenda.
(03:59):
Remember the story earlier this monthabout Microsoft creating a mystery
folder in Windows called Inet Pub thatlooked to be part of a security patch.
Well, it turns out this particularcure may also have problems of its own.
As we noted when we first coveredthis a few weeks ago, deleting or
messing with that inet pub folder thatwas created by the window system can
(04:21):
cause all kinds of problems, includingpreventing further security updates.
The creation of this folder, whichwas originally a part of Microsoft's
Internet Information Systems orISS Web server software, was a
mitigation for CVE 20 25 21 2 0 4, anexploitable elevation of privileges
(04:43):
flaw with windows process activation.
It was a workaround for the flaw insteadof patching the code as it would block a
particular kind of sim link attack path.
Now cybersecurity researcher and forthose paying attention, regular Paine.
In Redmond side, Kevin Beaumont, whofamously highlighted all the privacy
(05:04):
and security flaws in Microsoft'sAI recall tool, shared a workaround
recently that attackers could use thatcould also affect that INET pub folder.
In Beaumont's example, attackersrunning as a standard user.
No administrative rights required.
Could use another SIM link approachcalled MK Link to tie INET Pub to
(05:26):
a particular system, executable.
When Windows updates tries to runagain, it will check that inet pub
folder hits the MK link and then breaks.
There are lots of great talks on AIthis year and its implications for
cybersecurity at B-Side San Francisco.
I. Particularly enjoyed the, let's talkabout the AI apocalypse by Dylan Ayrey who
(05:50):
gave a great primer on weaponizing largelanguage models to create malware and
props to, , Ayrey for both an incrediblycreative style in the presentation and
for the quality academic references.
The talk was recorded and hopefullywill be available on B side's YouTube
channel in the coming weeks or months.
(06:11):
During his talk, Ayrey highlighted afantastic research paper titled Quote,
refusal in Large Language Models ismediated by a single direction end quote
that explains how generative AI largelanguage models map relationships between
words in an almost three dimensionalspatial map and how they use directional
(06:32):
mapping to help generate their results.
When a model refuses to give an answerdue to safety guardrails, that's
often done in a single direction.
In this map, the researchersfound that that direction can be
discovered and removed, unlockingpreviously blocked content.
That paper is available onarchive.org and a link to it will
(06:55):
be available in the show notes.
Also the AI village demo at BSide San Francisco of deep fake
video and audio technology.
Running on 6-year-oldhardware was fascinating.
I learned quite a bit about theinteresting ways companies are trying
to use, to detect deep fake videos,including heartbeat analysis of the
(07:16):
video by looking at things that areimperceptible to the human eye, but
possible to measure by computers.
Unfortunately, this talk was not recorded.
Perhaps one of the funniest but alsodeeply insightful talks I've seen in
years came from the fantastic folksat the Electronic Frontier Foundation
titled quote, tracking the world'sdumbest Cyber mercenaries End quote.
(07:41):
The presentation by Eva Galpin andCooper Quentin dove into the years
long investigation EFF did on thecyber mercenaries dark caVeritacol.
As this took place on BSides main stage,fingers crossed that the recording will
also be available as well, and it is wellworth the watch A link to ffs Interesting
2023 Work on Dark Carrall is included inthe show notes and is also worth a read.
(08:08):
Finally, RSA, the world's largestcybersecurity vendor conference
kicks off this week in San Francisco.
Expect lots of press releases fromvendors highlighting their latest wares.
And for those of you that enjoy agood buzzword bingo game, make sure
you add agentic AI to your card.
I'll be sharing highlights fromsessions and from the vendor
(08:28):
booths on LinkedIn and with Jim.
If you're at RSA and you'd like toconnect, drop me a note on LinkedIn or
at David shipley@beauceronsecurity.com.
I've been your host, DavidShipley, sitting in for Jim Love,
who will be back on Wednesday.
Thanks for listening.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com