Pete Recommends – Weekly highlights on cyber security issues, June 15, 2025

Subject: Trump cyber executive order aims to amend ‘problematic’ parts of Biden, Obama cyber orders
Source: Nextgov/FCW
https://www.nextgov.com/cybersecurity/2025/06/trump-cyber-executive-order-aims-amend-problematic-parts-biden-obama-cyber-orders/405898/

The order strips certain Biden-era cyber directives and looks to orient federal cyber policy around concrete technical measures, including secure software development, quantum-resistant encryption and labeling standards for IoT devices.President Donald Trump on Friday signed an executive order aiming to streamline past administrations’ cybersecurity executive actions and strip mandates seen as overly prescriptive or ideological.

The order is the first of several mandates already signed by Trump in his second term that explicitly focuses on cybersecurity. It amends parts of a Biden-era order signed in January before Trump’s return to the Oval Office, as well as a cornerstone Obama-era directive signed a decade ago that authorized the use of sanctions on individuals and firms engaged in malicious cyber activities.

The Obama order laid the groundwork for sanctioning policies that have been used by agencies including the State Department and Treasury Department to financially punish people involved in hacking activities that harm U.S. national security.

Trump’s Friday order “limits the application of cyber sanctions only to foreign malicious actors” and prevents “misuse against domestic political opponents and clarifying that sanctions do not apply to election-related activities,” according to an order fact sheet.

Filed: https://www.nextgov.com/cybersecurity/

Subject: Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight
Source: WIRED
https://www.wired.com/story/cybercriminals-are-hiding-malicious-web-traffic-in-plain-sight/

For years, gray-market services known as “bulletproof” hosts have been a key tool for cybercriminals looking to anonymously maintain web infrastructure with no questions asked. But as global law enforcement scrambles to crack down on digital threats, they have developed strategies for getting customer information from these hosts and have increasingly targeted the people behind the services with indictments. At the cybercrime-focused conference Sleuthcon in Arlington, Virginia, today, researcher Thibault Seret outlined how this shift has pushed both bulletproof hosting companies and criminal customers toward an alternative approach. Rather than relying on web hosts to find ways of operating outside law enforcement’s reach, some service providers have turned to offering purpose-built VPNs and other proxy services as a way of rotating and masking customer IP addresses and offering infrastructure that either intentionally doesn’t log traffic or mixes traffic from many sources together. And while the technology isn’t new, Seret and other researchers emphasized to WIRED that the transition to using proxies among cybercrminals over the last couple of years is significant.

“The issue is, you cannot technically distinguish which traffic in a node is bad and which traffic is good,” Seret, a researcher at the threat intelligence firm Team Cymru, told WIRED ahead of his talk. “That’s the magic of a proxy service—you cannot tell who’s who. It’s good in terms of internet freedom, but it’s super, super tough to analyze what’s happening and identify bad activity.” The core challenge of addressing cybercriminal activity hidden by proxies is that the services may also, even primarily, be facilitating legitimate, benign traffic.

[…]

Subject: Feds warn: Hang up on phone scammers pretending to be border patrol agents
Source: UPI.com
https://www.upi.com/Top_News/US/2025/06/10/CBP-phone-scam-bank-information-social-security-information/5491749577255/

June 10 (UPI) — The U.S. Customs and Border Protection law enforcement agency, or CBP, announced Tuesday that anyone who gets a call from someone who claims to be a CBP agent asking for personal information should just hang up.

The CBP reports that its employees have continually received calls about people who have gotten unsolicited calls from scammers posing as U.S. Border Patrol agents and U.S. Customs and Border Protection officers.

Subject: Study: OpenAI Has Been Breached More Than 1000 Times
Source: tech.co
https://tech.co/news/openai-breached-1000-times

Being the most popular AI chatbot on the market certainly puts a target on your back, with a new study revealing that OpenAI has suffered more than a thousand security breaches.On top of that, the study found that five out of the top 10 large-language models (LLMS) on the market have experienced security breaches, further outlining the serious security concerns associated with the generative AI industry.Companies face mounting pressure to introduce rigorous measures governing how employees use AI tools. As history shows us, data breaches can be extremely costly – with the impacts often terminal for many businesses.

New Study Analyzes AI and Cybersecurity – A new study from Cybernews aimed to look at how effective businesses are when it comes to cybersecurity.

To make matters worse, every LLM provider in the study displayed SSL/TLS configuration vulnerabilities, which can expose data to interception via man-in-the-middle attacks. These findings are backed up by a recent study, which found that most cybersecurity breaches are preventable, and businesses are simply not doing enough.

According to our Impact of Technology on the Workplace report, just 27% of senior leaders say that their organization provides safeguards to restrict which information they can input into chatbots. This is backed up by the Cybernews report, which paints a pretty lawless picture of employees’ chatbot usage. From the linked article:

This year, the Impact of Tech on the Workplace Report from Tech.co found a wide range of interesting and valuable statistics on topics like AI, remote work, burnout, cyber-crime, Right to Disconnect laws, and the 4-day work week. Take a look at some of our key findings below and check out the full report for a more detailed look at how technology impacts how we work.

  1. 88% of senior leaders state that technology has improved productivity at their business in the past 12 months.
  2. Only 15% of businesses state they have not used AI at all, compared to 34% in last year’s report.
  3. Only 27% of businesses have implemented policies that strictly limit the kind of data that can be shared with AI models.
  4. 78% of businesses that reduced their workforce due to automation plan to rehire to some degree.
  5. 44% of businesses have not changed their remote work policy over the past year.
  6. 38% of decision makers would consider implementing the 4-day work week.
  7. 77% of senior leaders support a France-style Right to Disconnect law.

Download Report

[46-page PDF:]

Foreword
How is technology affecting business security?
Methodology
How is technology helping business grow?
How is technology changing job roles?
How is technology changing the environment we work in?
Looking ahead

Subject: Protect Yourself Online
Source: Take9
https://www.bespacific.com/protect-yourself-online/

Take9: “Every time you pick up your phone or log into your computer, you’re placing trust in the systems that make them run. Apple, Google, and Microsoft each come with their own set of tools to help protect you, but they vary. Some are automatic. Some need to be turned on. Find your platform below and follow the links to improve your security. Your trust shouldn’t be automatic—it’s something built and earned. Protecting yourself starts with the right tools and smart choices, based on sources you trust – whether that’s from expert reviews, established organizations, or people you know…”

Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.

LinkedIn
Posted in: Cybersecurity, Privacy, Social Media