House panel probed CISA's still-shaky footing, CSRB sackings

As a reminder, on Tuesdays and Thursdays, our premium subscribers have full access to our original content, expansive summaries, intelligently clustered related articles, our best and worst things of the day, and our customary closing thoughts.

So, please consider upgrading your subscription today to access this content along with Metacurity's complete archives.

Summary of the most critical infosec developments you should know today (complete postings available below to premium subscribers).

• The Trump White House is moving to paralyze the Privacy and Civil Liberties Oversight Board, a bipartisan and independent watchdog agency that investigates national security activities that can intrude upon individual rights.
• National security adviser Michael Waltz has authorized a “full review” of the Trump loyalty of dozens of National Security Council career officials who staff the White House on issues including Iranian and North Korean nuclear proliferation, cyber espionage, and Russia’s war in Ukraine.
• One of Donald Trump's first-day executive orders, “Establishing and Implementing the President’s Department of Government Efficiency," or DOGE, made the unit officially part of the US government, embedding it in an existing agency that was formerly part of the Office of Management and Budget called the United States Digital Service, which will now be known as US Doge Service.
• The lawyer for Israeli private investigator Amit Forlit said for the first time publicly that her client is being prosecuted over allegations that an Exxon Mobil lobbyist hired him to hack emails of environmental activists.
• Conor Fitzpatrick, also known as Pompompurin, the founder and administrator of the cybercrime platform BreachForums, will be resentenced after a three-judge panel vacated a controversial district court decision that set him free after just 17 days in prison.
• Payment card giant MasterCard fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name.
• The hacker who breached education tech giant PowerSchool claimed in an extortion demand that they stole the personal data of 62.4 million students and 9.5 million teachers.
• An investigation by the Hong Kong Office of the Privacy Commissioner for Personal Data (PCPD) concluded that the Hong Kong branch of the international charity Oxfam failed to implement adequate measures to protect its information systems, leading to the leak of personal information belonging to 550,000 individuals last July.
• Microsoft's LinkedIn has been sued by Premium customers who said the business-focused social media platform disclosed their private messages to third parties without permission to train generative artificial intelligence models.
• Oracle announced the release of 318 new security patches as part of its January 2025 Critical Patch Update (CPU), including over 180 fixes for vulnerabilities that can be exploited remotely without authentication.
• The Nasdaq’s official X account was compromised when hackers used it to promote a fraudulent memecoin.
• A deal signed last week between Iran and Russia includes commitments to deepen the countries’ military, security, and technological ties, specifically addressing cooperation in cybersecurity and internet regulation.
• A joint CISA/FBI advisory released technical details of at least two elaborate exploit chains used by Chinese professional hackers to break into Ivanti Cloud Service Appliances (CSA).
• Researchers at ESET report that PlushDaemon, a previously undocumented advanced persistent threat (APT) group, conducted a cyber espionage operation targeting South Korean VPN software in 2023.
• A new survey by Hiscox reveals that only 18% of businesses have successfully recovered all of their data after paying their ransomware attackers.
• Benjamin Flesch, a security researcher in Germany, reports that OpenAI's ChatGPT crawler appears willing to initiate distributed denial of service (DDoS) attacks on arbitrary websites, a reported vulnerability the tech giant has yet to acknowledge.
• Saudi Arabian digital security firm Elm Company said it had agreed to acquire business services firm Thiqah from the kingdom's Public Investment Fund (PIF) in a deal valued at 3.4 billion riyals ($906 million).

House panel probed CISA's still-shaky footing, CSRB sackings

One of the most startling recommendations in the Project 2025 report prepared for the Trump administration was to dismantle the Cybersecurity and Infrastructure Security Agency (CISA) and place whatever was left inside the Department of Transportation, a prospect that has seemingly diminished since election day.

But last week, Kristi Noem, Trump's nominee for secretary of the Department of Homeland Security (DHS), which houses CISA, again raised the notion that CISA needs to shrink and that its mission should be refocused. Based on a long-held GOP complaint, Noem justified her position by saying that CISA's relatively minor forays into tracking online misinformation violated the agency's remit.

"They're using their resources in ways that [were] never intended. The misinformation and disinformation that they have stuck their toe into and meddled with should be refocused back onto what their job is," Noem said. "[CISA] needs to be much more effective, smaller, more nimble to really fulfill their mission."

News broke after Noem testified that the Cyber Safety Review Board had lost or had been stripped of its private sector members, who were preparing a report on the Chinese threat group Salt Typhoon's intrusions into US telco networks. Not surprisingly, both of these developments were aired during the first hearing of the new Congress held by the House Homeland Security Committee yesterday, which focused on global cyber threats to the homeland.

In kicking off the hearing, Committee chair Mark Green (R-TN) stressed the importance of cybersecurity to the nation's safety. "We have lots of work to do to support and secure the homeland, and that is why cybersecurity is our top priority. It is why the topic of our first full committee hearing is cybersecurity."