Former nat sec advisor not sure US infrastructure is secure • The Register
Infosec in Brief If a cyberattack hit critical infrastructure in the US, it would likely crumble, former deputy national security adviser and NSA cybersecurity director Anne Neuberger said last week.
Neuberger, speaking at the AI Expo for National Competitiveness on Wednesday, said that she lacked confidence in the resilience of US infrastructure for a number of reasons – including the Trump administration’s cuts to the Cybersecurity and Infrastructure Security Agency’s (CISA’s) workforce.
It’s never a good time to lose talented cyber defenders
“There’s old tech, there’s tech that wasn’t built to be connected to the internet to be accessible, and there’s still less cybersecurity for operational systems than there are for IT systems,” the Biden-era official told the audience at her Wednesday talk.
Since it was an AI conference, Neuberger naturally pushed for the introduction of more AI to secure critical infrastructure. She described such systems as being better able to evaluate legacy systems to discover weak points, and also pushed for the use of more digital twinning to evaluate internet-connected infrastructure.
Job cuts under Trump, Neuberger added, were just one more argument in favor of implementing AI to pick up the slack when it comes to security critical infrastructure.
“It’s never a good time to lose talented cyber defenders,” Neuberger noted. “It’s [also] an opportunity to say … let’s approach national cyberdefense differently with a more targeted approach, using AI to close the holes in the most critical infrastructure.”
CISA, the agency responsible for securing government systems and handling critical infrastructure security, has been hard hit as the Trump administration looks to reduce spending. Layoffs at the agency have pushed several of high-ranking officials, leading to concerns of a brain drain that could further weaken US cybersecurity.
Trump’s budget proposal unveiled last month would further cut CISA’s budget by 17 percent, or around $491 million, and lead to the shedding of a third of the Agency’s staff.
Critical vulnerabilities of the week: ConnectWise exploit added to KEV catalog
CISA added the ConnectWise crack we reported on last week to its known exploited vulnerabilities catalog,
Doing so resolved some of the mystery around a message that ConnectWise sent to some customers warning that a nation-state actor had broken into its IT environment and then breached some of its customers.
The flaw added to the KEV catalog was CVE-2025-3935. ConnectWise patched CVSS 8.1 vulnerability, a deserialization flaw in ASP.NET‘s ViewState in ScreenConnect, in April.
Elsewhere:
- CVSS 9.8 – CVE-2021-32030: ASUS GT-AC2900 and EOL Lyra Mini Wi-Fi routers allow for authentication bypasses that could give attackers unauthorized access to admin interfaces.
- CVSS 9.3 – CVE-2024-56145: The Craft CMS is vulnerable to RCE if the register_argc_argv setting is enabled in php.ini.
- CVSS 8.6 – CVE-2025-21480: Multiple Qualcomm chipsets are vulnerable to memory corruption due to an unauthorized command execution vulnerability.
- CVSS 8.6 – CVE-2025-21479: This issue also affects Qualcomm chips and is similar to 21480, only affecting graphics instead of graphics windows.
Nastyware redux: FBI warns of Badbox reboot; Kaspersky finds new Mirai variant
After the Badbox botnet roared back to life earlier this year, the FBI has warned the public to beware of a growing number of Badbox 2.0 infections.
The Feds last week published a statement advising the Badbox 2.0 botnet has compromised a considerable number of Android-based streaming devices, plus projectors, digital picture frames, and other devices. The botnet’s operators are trying to sell access to the machines. Devices infected by Badbox 2.0 are often shipped with the malware, or infected by downloads from third-party app stores.
Another warning from last week came from Kaspersky researchers who spotted a new Mirai botnet variant targeting digital video recorder-based monitoring systems. The attackers deploying the variant are relying on CVE-2024-3721, an OS command injection vulnerability in affected DVRs made by a vendor named TBK, to install their malicious software. Patches are available to fix the flaw.
Kaspersky noted that there are around 50,000 exposed and vulnerable systems discoverable online.
Explanation demanded for CISA’s plan to can app security program
Republican congressman Andrew Garbarino (R-NY) is wondering why CISA plans to eliminate its Mobile App Vetting (MAV) program, and he’s asking US Homeland Security Secretary Kristi Noem to explain.
MAV is a CISA program that allows executive branch agencies – and others – to have apps intended for deployment on government-managed devices examined for potential flaws, vulnerabilities and risks that could open government employees up for compromise. The program considers commercial apps or those Uncle Same writes for its own use.
Garbarino last week wrote a letter to Noem, whose Department of Homeland Security manages CISA, expressing surprise that CISA intends to end the valuable program this month.
“The termination of mobile device security programs would not only create a void in the ability to assess vulnerabilities on mobile devices, but also send the wrong signal to [federal civilian executive branch] FCEB agencies,” Garbarino said. He noted that FCEB agencies are currently on heightened alert due to the Salt Typhoon breaches that saw Chinese cyberspies break into US government infrastructure and telecom providers.
As the agency responsible for securing the communications sector in the US, Garbarino said, CISA can hardly afford to abandon such a critical program. Noem has until June 13 to explain her agency’s rationale.
Kettering confirms Interlock behind breach, leak of cancer patient data
Healthcare provider Kettering has admitted that the 941 GB of patient data dumped online last week by ransomware gang Interlock is legitimate, much to the dismay of the cancer patients who had their care disrupted by the gang’s activity.
Kettering said Interlock did the deed, and that it has ejected the ransom crew from its systems.
Data exposed in the breach included ID cards, payment data, financial reports and other data on both patients and staff.
Doxxers sent down to prison
A pair of US cybercriminals who stole data from a federal law enforcement database, and used it to extort victims to prevent exposure of their personal data, have been sentenced to prison for their crimes.
The Department of Justice last week announced that Sagar Steven Singh, a.k.a. “Weep,” and Nicholas Ceraolo, a.k.a. “Convict,” will spend 27 and 25 months behind bars, respectively. The pair were convicted on charges of conspiracy to commit computer intrusion and aggravated identity theft.
The pair, part of a doxxing gang called “ViLE,” committed their crimes with the help of web portal credentials stolen from a law enforcement officer that granted them access to a database of nonpublic police records and intelligence reports.
In one instance, Singh used the data stolen to threaten to harm a victim’s family if they didn’t hand over personal information, telling them “you’re gonna comply to me if you don’t want anything negative to happen to your parents.”
Good riddance. ®
