Canada cuts TikTok ties.

The CyberWire Intel briefing addresses significant cybersecurity developments, including Canada's mandate for ByteDance to close its TikTok subsidiary over national security concerns, Cisco's urgent patches for critical vulnerabilities, and the emergence of Steel Fox malware impersonating legitimate software to steal user data. The episode also highlights North Korean campaigns targeting remote workers, a cyber intrusion disrupting Washington state court systems, and a data breach affecting Select Blinds' customers. Additionally, Jeremy Huval from HighTrust discusses AI's rapid evolution, emphasizing the need for organizations to proactively manage AI risks and implement prescriptive security controls.

• Canada has mandated ByteDance, TikTok's parent company, to close its Canadian subsidiary, TikTok Technology Canada, affecting offices in Toronto and Vancouver.
• The decision follows a National Security review under the Investment Canada Act, addressing concerns over foreign investment risks.
• Despite the shutdown, the TikTok app remains available in Canada, with users advised to maintain robust cybersecurity practices.
• ByteDance plans to challenge the decision legally, citing the impact on Canadian employment.

"Canada has ordered ByteDance, the owner of TikTok, to close its Canadian subsidiary TikTok Technology Canada, which will result in shutting down offices in Toronto and Vancouver."

• This quote highlights Canada's action to mitigate security risks associated with foreign investments, specifically targeting ByteDance's operations in Canada.

"The Canadian government cited concerns over potential security threats tied to ByteDance's connections with the Chinese government."

• It underscores the Canadian government's security concerns regarding ByteDance's link to the Chinese government, prompting the subsidiary's closure.

• Cisco has deployed patches for several vulnerabilities in its enterprise products, including a critical flaw in its Unified Industrial Wireless Software, scoring a 10 out of 10 on the CVSS scale.
• The critical vulnerability allows unauthenticated attackers to inject commands with root access via the web-based management interface.
• Additional high-severity vulnerabilities were patched in the Nexus Dashboard Fabric Controller and Enterprise Chat and Email.
• Cisco urges users to update to the latest versions promptly to mitigate these risks.

"Cisco released patches for multiple vulnerabilities in its Enterprise Products, including a critical flaw in its Unified Industrial Wireless software scoring a perfect 10 out of 10 on the CVSS scale."

• This quote emphasizes the severity of the critical vulnerability in Cisco's software, necessitating immediate updates to prevent potential exploitation.

"Cisco addressed nearly two dozen other medium severity issues, affirming that none of the vulnerabilities have been exploited in the wild."

• It reassures users that while multiple vulnerabilities were identified, none have been exploited yet, but updates are crucial for security.

• Steel Fox malware impersonates legitimate software like Foxit PDF Editor and AutoCAD to steal user information.
• Distributed through torrent forums and blogs, it installs via fake software cracks, requesting administrator privileges.
• It uses a vulnerable driver to escalate privileges, making its processes difficult to terminate.
• The malware collects extensive user data, sending it to a command and control server, with victims reported worldwide.

"The malware bundle Steel Fox has been impersonating legitimate software like Foxit PDF Editor and AutoCAD to steal user information since 2023."

• This highlights the deceptive nature of Steel Fox, which masquerades as trusted software to compromise user data.

"Steel Fox uses a vulnerable driver to escalate its privileges, making its processes hard to terminate."

• It explains how Steel Fox exploits vulnerabilities to gain elevated privileges, complicating efforts to remove it from infected systems.

• North Korean campaigns like Contagious Interview and Wage Mole exploit remote work vulnerabilities, often impersonating IT staff.
• Contagious Interview targets developers with fake job postings, infecting them with malware like Beaver Tail and Invisible Feret.
• These campaigns aim to bypass financial sanctions by securing remote jobs under false identities, using AI-generated documents and voiceover tools.
• Companies are advised to verify employment histories and use virtual environments for suspicious files to combat these tactics.

"Zscaler uncovered two North Korean campaigns, Contagious Interview and Wage Mole, aimed at bypassing financial sanctions by securing remote jobs under false identities."

• This reveals the strategic intent behind North Korean cyber operations, leveraging remote work to circumvent sanctions.

"The Contagious Interview campaign lures developers with fake job postings, infecting them with JavaScript-based malware Beaver Tail and Python-based Invisible Feret."

• It describes the modus operandi of the Contagious Interview campaign, which uses fake job offers to deliver malware to unsuspecting developers.

• A suspected cyber intrusion has affected Washington state court systems, impacting multiple counties including King, Pierce, and Thurston.
• Unauthorized network activity was detected, leading to outages in public access to court services.
• The disruption underscores the importance of robust cybersecurity measures in protecting critical public infrastructure.

"A suspected cyber intrusion has disrupted Washington state court systems this week, affecting multiple counties including King, Pierce, and Thurston."

• This indicates a significant cyber incident affecting public services in Washington, highlighting vulnerabilities in state-level cybersecurity.

"The Washington State Administrative Office of the Courts detected unauthorized activity on its network, leading to outages in public access to court services."

• It underscores the direct impact of the cyber intrusion on public access to essential court services, stressing the need for enhanced security protocols.

• Various US court systems and entities in Washington State have experienced cyber attacks, affecting electronic filing and fine payment systems.
• A significant data breach occurred at Home Decor retailer Select Blinds, with hackers embedding malware on the website to capture sensitive customer data.
• The malware attack on Select Blinds was part of a broader trend of using e-skimmers to inject malicious code into online checkout pages.

"Hackers stole credit card and personal data from over 200,000 customers of Home Decor retailer Select Blinds by embedding malware on the company's website."

• This quote highlights the scale of the data breach and the method used by hackers to obtain sensitive information.

"Select Blinds has locked user accounts requiring password changes and removed the malware."

• This quote indicates the company's immediate response to the breach to secure customer accounts and eliminate the threat.

• Bipartisan initiatives aim to strengthen US cybersecurity, but face resistance from the Department of Defense regarding an independent study on cyber force readiness.
• Experts emphasize that traditional physical barriers do not protect the US in cyberspace, where adversaries frequently infiltrate critical infrastructure.
• Proposed legislation seeks to assess the US's cyber personnel strategy and the potential creation of a dedicated cyber force.

"Traditional physical barriers like oceans don't shield the US in cyberspace, where adversaries routinely infiltrate critical infrastructure."

• This quote underscores the vulnerability of the US in the digital realm despite geographical advantages.

"The proposed legislation seeks to evaluate whether the US has the Cyber Personnel strategy and resources necessary to counter growing digital threats."

• This quote explains the goal of the proposed legislation to ensure the US is adequately prepared for increasing cyber threats.

• The Defense Department's opposition may be due to concerns about revealing readiness deficiencies in cyber personnel recruitment and training.
• Fragmented recruitment and training across military branches harm overall readiness, requiring a unified approach.
• Congress is urged to proceed with the study to assess America's cyber force posture despite institutional resistance.

"The defense Department's resistance may stem from concerns about uncovering readiness deficiencies as recruitment and training for cyber roles remain fragmented across military branches."

• This quote suggests the possible reasons behind the Defense Department's reluctance to support the independent study.

"Congress, they argue, should not bow to defense department pressure but instead move forward with the study to assess America's Force posture in cyberspace."

• This quote calls for Congress to prioritize cybersecurity readiness over institutional pressures.

• Global cyber threats are escalating, with specific references to Chinese incursions, Iranian attacks, and cyber warfare in Ukraine.
• An independent and transparent assessment is crucial to provide unbiased insights into necessary reforms for national cybersecurity.

"With threats escalating globally, including Chinese incursions into US infrastructure, Iranian attacks on water systems, and cyber warfare in Ukraine, the authors stress that the US cannot afford to delay."

• This quote emphasizes the urgency of addressing cybersecurity threats due to their increasing frequency and severity worldwide.

"An independent transparent assessment would offer unbiased insights into the readiness and potential reforms needed to secure the nation against digital threats."

• This quote highlights the importance of an objective evaluation to identify and implement effective cybersecurity measures.

• There is a rapid adoption and experimentation phase with AI in both threat actors and organizations, with AI systems not yet widely used for security campaigns.
• The explosive growth of AI technologies, such as ChatGPT, indicates a fast-paced evolution in AI capabilities and potential applications in cybersecurity.

"Both are working to understand AI's capabilities and both are sort of in this kicking the tires phase of AI."

• This quote illustrates the current exploratory stage of AI adoption in cybersecurity by both attackers and defenders.

"Nothing about AI has been slow ever since the explosive adoption of ChatGPT a few years ago."

• This quote reflects the rapid development and integration of AI technologies in various sectors, including cybersecurity.

• AI is moving beyond the experimental phase, with rapid adoption and integration of AI tools expected.
• The complexity and lack of transparency in AI systems make risk communication more challenging.

"We're leaving the kicking the tires experimentation phase and we're about to rapidly find ourselves surrounded by AI tools."

• The AI industry is shifting from testing and experimentation to widespread adoption and use of AI technologies.

"When I think about AI, I think about how much of a black box it is and how complex it is, and how that really makes that message of risk... a lot more complicated."

• The complexity and opaque nature of AI systems present challenges in effectively communicating the associated risks.

• Trustworthy and responsible AI includes considerations beyond cybersecurity, such as sustainability, safety, privacy, reliability, fairness, and accountability.
• Organizations like NIST and ISO are developing frameworks to address these broader risks.

"Under this kind of responsible and trustworthy AI umbrella, you start to talk about risks around sustainability and the environmental impact of AI system creation and training... safety and humans' well-being... privacy... reliability and fairness and accountability."

• A comprehensive approach to AI risk management involves addressing a wide range of factors beyond traditional cybersecurity concerns.

"Certainly, cybersecurity is an important part of trustworthy and responsible AI, but it is just that—it's a part."

• Cybersecurity is a crucial component of trustworthy AI, but it is only one aspect of a broader framework.

• Prescriptive controls provide specific actions needed to achieve high-level security goals in AI systems.
• There is a need for detailed guidance on implementing secure AI development and deployment practices.

"What we mean when we say a prescriptive framework is warranted for AI Security... there's a lot of really good thinking and direction at a high level about if you want to secure AI you should have these goals in mind."

• A prescriptive framework offers concrete steps to achieve overarching security objectives for AI systems.

"We've done a lot of work to sort of fill that gap."

• Efforts are being made to develop detailed, actionable guidance for securing AI systems.

• There is extensive collaboration and a plethora of guidance available on AI, which can be overwhelming for organizations.
• Navigating the AI standards landscape is challenging due to the abundance of information and standards.

"I read somewhere that there was something like 400 different AI working groups... just in the US alone in 2024."

• There is a significant amount of collaborative effort in developing AI standards and practices.

"You're almost drowning at it... it's overwhelming really navigating the AI standards landscape isn't their core focus."

• The sheer volume of AI guidance can be daunting for organizations trying to implement AI technologies.

• Organizations should build on existing risk management and governance processes rather than starting from scratch.
• Integrating AI-specific considerations into existing frameworks is more effective than creating entirely new programs.

"Don't try to start from scratch if you can help it... the organization that you're in very likely has processes for risk management and processes for governance."

• Leveraging existing processes and augmenting them with AI-specific measures is recommended for effective risk management.

"Instead of a single group within the organization trying to stand up a complete new program for AI in a silo..."

• Collaborative integration of AI considerations into existing organizational structures is preferable to isolated efforts.

• Emphasizes the importance of continuous learning due to rapid changes in AI technology.
• Highlights the emergence of agentic AI and the potential growth of small language models.
• Suggests that companies need dedicated learners to avoid falling behind in AI advancements.

"Embrace continual learning because with AI like I mentioned there's just so much change in the past year or two we saw the explosive just generative AI period in 2025 my read is we're going to see a lot more agentic AI which are these really capable almost autonomous Aid driven agents that can do things on your behalf."

• Continuous learning is crucial to keep up with the fast-paced evolution in AI, particularly with new developments like agentic AI.

• Advises examining current control frameworks to incorporate AI-specific assurances and insights.
• Recommends moving to a control framework with AI specificities if current frameworks lack them.
• Highlights the necessity of AI integration to address emerging risks.

"Look to your existing control framework or your existing it Assurance mechanisms whether it's a certification or some assessment or some internal audit capability that exists in the company and see what can be offered by way of AI within that framework or within those practices."

• Companies should leverage existing frameworks to integrate AI, ensuring they address new risks and maintain control.

• Advocates for a proactive approach to AI adoption to manage risks and capitalize on opportunities.
• Acknowledges the tension between adopting AI and waiting for market and regulatory developments.
• Emphasizes the importance of embracing AI for future organizational success.

"As soon as AI is used within a company, there's new risks that the company needs to consider and guess what that's happening now whether those charge with governance of the company have really made it a focus to tackle or not it's happening now."

• The proactive adoption of AI is necessary to manage emerging risks and position organizations as future winners.

• Discusses the targeting of Bengal cat enthusiasts by the Gut Loader malware gang.
• Describes the method of attack using SEO-poisoned search results leading to malware downloads.
• Highlights the creativity and persistence of cybercriminals in finding new targets.

"The gut loader malware gang typically laser focused on high value targets like Banks has turned its gaze toward an unusual group Australian fans of Bengal cats."

• Cybercriminals are creatively targeting niche groups, demonstrating the need for vigilance and caution online.

• Stresses the importance of being cautious when downloading files from unfamiliar sources.
• Encourages users to think critically and verify the safety of online content.
• Uses the Bengal cat case as a reminder of potential cyber threats in unexpected areas.

"This cat-loving cyber Caper reminds us just how far cyber criminals will go and how important it is to think twice before downloading anything from that helpful Forum post."

• The unusual targeting of Bengal cat enthusiasts underscores the necessity of cybersecurity awareness and caution in online activities.