Dark mode: ON

Infosec Decoded Season 5 #70: Destroying the CDC

With Doug Spindler and sambowne@infosec.exchange

Recorded Fri, Sep 5, 2025

AI

UK government trial of M365 Copilot finds no clear productivity boost
There was no discernible gain in productivity – speeding up some tasks yet making others slower due to lower quality outputs.
The AI Doomsday Machine Is Closer to Reality Than You Think
War game simultaions show that current LLMs showed a preference to escalate aggressively, use firepower indiscriminately and turn crises into shooting wars — even to the point of launching nuclear weapons.

The Pentagon claims that won’t happen in real life, that its existing policy is that AI will never be allowed to dominate the human “decision loop” that makes a call on whether to, say, start a war — certainly not a nuclear one.

But some AI scientists believe the Pentagon has already started down a slippery slope by rushing to deploy the latest generations of AI as a key part of America’s defenses around the world.

Hackers Threaten to Submit Artists' Data to AI Models If Art Site Doesn't Pay Up
The ransomware note says: “We have breached the website Artists&Clients to steal and encrypt all its data...If this ransom is not paid, we will release all data publicly on this Tor site, including source code and personal data of users. Additionally, we will submit all artwork to AI companies to be added to training datasets.”

Politics

How many wars has President Trump really ended?
Florida working to end vaccine mandates
Trump "worthy of the Nobel Peace Prize" for COVID vaccines, Pfizer CEO says
RFK Jr. says CDC director’s firing is just a start
California, Oregon and Washington ally on vaccines in rebuke to Trump’s CDC
Pfizer Inc. (PFE)’s Updated COVID-19 Vaccine COMIRNATY LP.8.1 Gets FDA Approval, Ships Nationwide
OTC nasal spray seemed to cut COVID infections by 67% in mid-sized trial
Amazon azelastine nasal spray
Trump’s second presidency is ‘most dangerous period’ since second world war, Mitch McConnell says
Congress Pushes DHS for Details on ICE’s New Facial Recognition App
It taps into an unprecedented array of government databases and uses a system ordinarily reserved for when people enter or exit the U.S.
SAP splashes €20B on Euro sovereign cloud push
German giant takes aim at US hyperscaler dominance as some EU customers fret amid Trump 2.0 rhetoric
Leaving MAGA: NY mom who fell for anti-vaxxers, QAnon and Trump describes painful escape

Infosec

Reviewing COBOL For Fun And Profit - Nick Dunn
VisualCodeGrepper - Code security scanning tool
This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In
The videos obtained by the hacker and shared with 404 Media capture people clearly unaware that a third party may be watching or listening in. One appears to show a driver heading towards the entrance of the CIA’s headquarters. Other images, which are publicly available in a map that Nexar publishes online, show drivers around sensitive Department of Defense locations.
ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)
The servers used a sample ASP.NET Viewstate key that had been exposed in Sitecore deployment guides
Exclusive: How North Korean hackers are using fake job offers to steal cryptocurrency
The recruiter tells applicants to visit an obscure website to run a skills test and record a video. That site installs malware and steals cryptocurrency.
BYOVD-DriverKiller
He did reverse engineering and exploitation on a legitimate, signed driver, not present in blocklists. He found an API call that terminated a process and exploited it. But his attack requires local Administrator privileges, so it's a hacking exercise, not a real security threat.