A cybersecurity CEO is charged with attempting to infect a hospital with malware global CISOs band together to urge world governments to harmonize cyber rules. Microsoft Mystery Folder Fix might need a fix of its own and lots of AI talks at B-Side San Francisco with also RSA Kicking off this week. This is Cybersecurity today, and I'm your host, David Shipley.
Security Affairs reported Saturday that Jeffrey Bowie, CEO of the cybersecurity firm, Veritaco, is facing two counts of violating Oklahoma's computer crimes act for allegedly infecting employee computers at the Oklahoma City St. Anthony Hospital. So what happened? According to police, back on August 6th, security cameras allegedly caught Bowie roaming the halls of Oklahoma City's St. Anthony's Hospital.
After trying a few locked offices, he reportedly found staff computers slipped in a thumb drive and planted malware that snapped a screenshot every 20 minutes and sent images to an outside server. When staff asked what he was doing, Bowie allegedly said he had a relative in surgery and quote, needed to check something. End quote, hospital. IT later discovered the malicious software and thankfully, no patient data was exposed.
The hospital says its security measures contained the threat immediately, and it worked with law enforcement from day one. Two weeks ago, on April 14th, police picked up Bowie with an arrest warrant. For context, St. Anthony's is a 773 bed medical center in Oklahoma City's midtown, offering everything from heart surgery to behavioral health. And this story highlights how important physical security remains when it comes to protecting information and systems.
It'll be interesting to see what comes out of this case regarding what happened and what the motivations were of the accused. Chief Information Security Officers from 45 powerhouse companies like Big Tech Titans, global Banks, hospital Networks, you name it, have fired off a joint letter to the G seven and the Organization for Economic Cooperation and Development or OECD. What are they asking for?
They're asking to stop drowning in a patchwork of cyber rules from different regions, jurisdictions at the national and sometimes subnational level. They're urging world leaders to use these forums to sync up cybersecurity regulations instead of letting everyone go their own way, creating confusing, sometimes conflicting in different requirements. Four big things they're asking for. Single playbook, an alignment and consistent enforcement of rules that already exist.
Working together between the private sector and the public sector on what's to come next in the regulatory framework. They wanna be brought in earlier when new standards are being contemplated. They're looking for faster intelligence sharing between governments and the private sector and breaking down bureaucratic walls so that data can move at machine speed, and certainly at the speed of attackers, and they wanna make sure business gets at the table and stays at the table.
Now, while all this matters is that this list cuts across almost every sector. And signals growing fatigue with regulatory spaghetti cross the world and the timing is key. The G seven is set to meet in Canada this year, and numerous regulations have popped up both in North America, in Europe, the UK and Australia, that are starting to affect companies that operate globally. Now, if IT regulators listen, we could see a more cohesive approach that improves protection.
However, given the geopolitical context we're now in particularly with respect to the trade situation, cooperation may not be high on the agenda. Remember the story earlier this month about Microsoft creating a mystery folder in Windows called Inet Pub that looked to be part of a security patch. Well, it turns out this particular cure may also have problems of its own.
As we noted when we first covered this a few weeks ago, deleting or messing with that inet pub folder that was created by the window system can cause all kinds of problems, including preventing further security updates. The creation of this folder, which was originally a part of Microsoft's Internet Information Systems or ISS Web server software, was a mitigation for CVE 20 25 21 2 0 4, an exploitable elevation of privileges flaw with windows process activation.
It was a workaround for the flaw instead of patching the code as it would block a particular kind of sim link attack path. Now cybersecurity researcher and for those paying attention, regular Paine. In Redmond side, Kevin Beaumont, who famously highlighted all the privacy and security flaws in Microsoft's AI recall tool, shared a workaround recently that attackers could use that could also affect that INET pub folder. In Beaumont's example, attackers running as a standard user.
No administrative rights required. Could use another SIM link approach called MK Link to tie INET Pub to a particular system, executable. When Windows updates tries to run again, it will check that inet pub folder hits the MK link and then breaks. There are lots of great talks on AI this year and its implications for cybersecurity at B-Side San Francisco.
I. Particularly enjoyed the, let's talk about the AI apocalypse by Dylan Ayrey who gave a great primer on weaponizing large language models to create malware and props to, , Ayrey for both an incredibly creative style in the presentation and for the quality academic references. The talk was recorded and hopefully will be available on B side's YouTube channel in the coming weeks or months.
During his talk, Ayrey highlighted a fantastic research paper titled Quote, refusal in Large Language Models is mediated by a single direction end quote that explains how generative AI large language models map relationships between words in an almost three dimensional spatial map and how they use directional mapping to help generate their results. When a model refuses to give an answer due to safety guardrails, that's often done in a single direction.
In this map, the researchers found that that direction can be discovered and removed, unlocking previously blocked content. That paper is available on archive.org and a link to it will be available in the show notes. Also the AI village demo at B Side San Francisco of deep fake video and audio technology. Running on 6-year-old hardware was fascinating.
I learned quite a bit about the interesting ways companies are trying to use, to detect deep fake videos, including heartbeat analysis of the video by looking at things that are imperceptible to the human eye, but possible to measure by computers. Unfortunately, this talk was not recorded.
Perhaps one of the funniest but also deeply insightful talks I've seen in years came from the fantastic folks at the Electronic Frontier Foundation titled quote, tracking the world's dumbest Cyber mercenaries End quote. The presentation by Eva Galpin and Cooper Quentin dove into the years long investigation EFF did on the cyber mercenaries dark caVeritacol.
As this took place on BSides main stage, fingers crossed that the recording will also be available as well, and it is well worth the watch A link to ffs Interesting 2023 Work on Dark Carrall is included in the show notes and is also worth a read. Finally, RSA, the world's largest cybersecurity vendor conference kicks off this week in San Francisco. Expect lots of press releases from vendors highlighting their latest wares.
And for those of you that enjoy a good buzzword bingo game, make sure you add agentic AI to your card. I'll be sharing highlights from sessions and from the vendor booths on LinkedIn and with Jim. If you're at RSA and you'd like to connect, drop me a note on LinkedIn or at David [email protected]. I've been your host, David Shipley, sitting in for Jim Love, who will be back on Wednesday. Thanks for listening.