Decoding the 2025 Cybersecurity Executive Order: What Every Tech Professional Needs to Know

I’m excited to share my thoughts on the latest Executive Order signed by the President today, January 16, 2025. This order, titled “Strengthening and Promoting Innovation in the Nation’s Cybersecurity,” marks a significant step forward in our national cybersecurity strategy.

If you would prefer to listen here is an overview provide by NotebookLM:

Key Points of the Executive Order

Enhanced Public-Private Partnerships
The order emphasizes the critical need for stronger collaboration between government agencies and private sector entities. This approach recognizes that cybersecurity is a shared responsibility and that the most effective defense strategies leverage the strengths of both sectors.

Investment in Emerging Technologies
A major focus of this order is the promotion of innovation in cybersecurity. It calls for increased investment in cutting-edge technologies such as artificial intelligence, quantum computing, and advanced encryption methods. These technologies have the potential to revolutionize our cyber defense capabilities.

Workforce Development
Recognizing the ongoing shortage of cybersecurity professionals, the order outlines initiatives to bolster education and training programs. This includes expanding scholarship opportunities and creating more pathways for individuals to enter the cybersecurity field.

Supply Chain Security
The order addresses the critical issue of supply chain vulnerabilities, which have been exploited in several high-profile attacks in recent years. It mandates stricter security standards for software and hardware used in critical infrastructure and government systems.

Implications for Cybersecurity Professionals

As cybersecurity enthusiasts, this Executive Order should be seen as a positive development. It demonstrates a commitment at the highest levels of government to addressing the evolving cyber threats we face. The focus on innovation and emerging technologies aligns with the direction many of us in the field have been advocating for years.

The emphasis on workforce development is particularly encouraging. It acknowledges the need for a larger and more diverse pool of cybersecurity talent, which is crucial for meeting the challenges of an increasingly complex threat landscape.

Challenges and Opportunities

While the order sets ambitious goals, implementation will be key. We should expect to see new initiatives and funding opportunities in the coming months. For those in the cybersecurity field, this presents exciting opportunities for research, innovation, and career advancement.

However, we must also be prepared for the challenges that come with rapid technological change. As we adopt new technologies and strategies, we’ll need to remain vigilant and adaptable.

In conclusion, this Executive Order represents a significant step forward in our national cybersecurity posture. It aligns with the realities of the current threat landscape and sets a course for a more secure digital future. As cybersecurity professionals and enthusiasts, we have a crucial role to play in turning these directives into reality.

Weekly Cybersecurity Wrap-up 1/13/25

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

I took a few weeks off, but I’m back now and there is a lot of news happening. I hope you enjoy this weeks round up.

Projects

TryHackMe – Splunk: Setting up a SOC Lab – Complete
TryHackMe – Search Skills – In Prgoress

Videos

Articles

Chinese hackers also breached Charter and Windstream networks – More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon.
Green Bay Packers’ online store hacked to steal credit cards – The Green Bay Packers American football team is notifying fans that a threat actor hacked its official online retail store in October and injected a card skimmer script to steal customers’ personal and payment information
Washington Attorney General Sues T-Mobile Over 2021 Data Breach – Washington State Attorney General Bob Ferguson has filed a lawsuit against T-Mobile over a 2021 data breach that impacted over 76 million consumers.
Apple offers $95 million in Siri privacy violation settlement – Apple has agreed to pay $95 million to settle a class action lawsuit in the U.S. alleging that its Siri assistant recorded private conversations and shared them with third parties.
A Us Soldier Was Arrested for Leaking Presidential Call Logs – US authorities have arrested soldier Cameron John Wagenius for his alleged involvement in leaking presidential phone records.
Volkswagen Breach Exposes Data of 800K EV Customers – Ethical hacking group Chaos Computer Club uncovered exposed data of electrical vehicle owners across the company’s VW, Audi, Seat, and Skoda brands.
Telegram hands over data on thousands of users to US law enforcement – Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement.
Suspected Chinese underwater spy drone found by fishermen in waters off the Philippines – A submarine drone suspected to be from China was recovered in waters off the central Philippines, police said on Thursday, warning of “potential national security implications.”
Google: Chinese hackers likely behind Ivanti VPN zero-day attacks – Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called ‘Dryhook’ and ‘Phasejam’ that is not currently associated with any threat group.
Fed ‘Cyber Trust’ Label: Good Intentions That Fall Short – The voluntary program is intended to boost consumer confidence in vulnerable IoT devices, but experts want to see vendors held to a higher standard.
Over 4,000 backdoors hijacked by registering expired domains – Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them.
Top 5 Malware Threats to Prepare Against in 2025 – 2024 had its fair share of high-profile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises
A Day in the Life of a Prolific Voice Phishing Crew – Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way.

Podcasts

Only Malware in the Building – Malware metamorphosis: 2024 reflections and 2025 predictions
Smashing Security 399: Honey in hot water, and reset your devices

TryHackMe | Advent of Cyber 2024 – Day 24

Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.

TryHackMe | Advent of Cyber 2024 – Day 23

Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.

TryHackMe | Advent of Cyber 2024 – Day 22

Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.

TryHackMe | Advent of Cyber 2024 – Day 21

Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.

TryHackMe | Advent of Cyber 2024 – Day 20

Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.

TryHackMe | Advent of Cyber 2024 – Day 19

Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.

PRC-linked Cyber Espionage: Protecting Your Mobile Communications

The Cybersecurity and Infrastructure Security Agency (CISA) recently released guidance on best practices for securing mobile communications. This comes in response to identified cyber espionage activity by actors linked to the People’s Republic of China (PRC) government. These actors are targeting commercial telecommunications infrastructure to steal call records and compromise communications of high-profile individuals, such as those in senior government or political positions.

If you would rather listed to an AI generated podcast summarizing the findings you can find that here:

While anyone can benefit from implementing these best practices, CISA specifically urges highly targeted individuals to immediately review and apply these measures. It’s important to understand that all communication between mobile devices and internet services is potentially at risk. This includes both government-issued and personal devices.

Key Recommendations for Everyone

The guidance emphasizes several key best practices for enhancing mobile security:

1. Prioritize End-to-End Encrypted Communication:

Adopt messaging apps like Signal that guarantee end-to-end encryption for secure communication. This provides a layer of protection against interception.

2. Enable Phishing-Resistant Authentication:

Utilize FIDO (Fast Identity Online) for the strongest form of multifactor authentication (MFA). Hardware-based FIDO security keys like Yubico or Google Titan are most effective, with FIDO passkeys being an acceptable alternative.
Take inventory of valuable accounts (email, social media) and enroll them in FIDO-based authentication. Prioritize accounts like Microsoft, Apple, and Google. Disable less secure forms of MFA once FIDO is enabled.
Gmail users should enroll in Google’s Advanced Protection Program (APP) for enhanced protection against phishing and account hijacking.

3. Move Away from SMS-Based MFA:

Avoid using SMS for authentication, as messages are not encrypted and can be intercepted.
Use authenticator apps like Google Authenticator, Microsoft Authenticator, or Authy for less important accounts, but remember that they are still vulnerable to phishing.
Disable SMS for each account once enrolled in authenticator-based MFA to eliminate this exploitable fallback mechanism.

4. Employ a Password Manager:

Utilize password managers such as Apple Passwords, LastPass, 1Password, or others to securely store and manage passwords. Many offer features like weak password alerts and authenticator code generation.
Protect your password manager’s primary password with a strong, unique passphrase and ensure all stored passwords are also strong, unique, and random.

5. Set a Telco PIN:

Enable an additional PIN or passcode for your mobile phone account with your telecom provider. This adds a layer of security against SIM swapping attacks.
Combine this with MFA on your mobile carrier account and update your account password using a password manager.

6. Update Software Regularly:

Keep mobile device operating systems and applications updated. Enable automatic updates for timely patching.

7. Use the Latest Hardware:

Opt for newer phone models that support the latest security features.

8. Avoid Personal VPNs:

Personal VPN services can increase your attack surface by shifting risk to the VPN provider. Many also have questionable security and privacy policies.

Device-Specific Recommendations

In addition to the general recommendations, the guidance offers specific advice for iPhone and Android users:

iPhone:

Enable Lockdown Mode: This feature restricts certain apps, websites, and features to reduce your attack surface.
Disable “Send as Text Message” in Message Settings: This ensures messages are only sent via iMessage, which offers end-to-end encryption between Apple users.
Protect DNS Queries: Use encrypted DNS services like Cloudflare’s 1.1.1.1 Resolver, Google’s 8.8.8.8 Resolver, or Quad9’s 9.9.9.9 Resolver.
Enroll in Apple iCloud Private Relay: This service enhances privacy and security by masking IP addresses and using secure DNS.
Review and Restrict App Permissions: Regularly review and limit app access to sensitive data like location, camera, and microphone.

Android:

Prioritize Secure Phone Models: Choose models from manufacturers with strong security track records and long-term security update commitments. Look for devices that offer hardware-level security features and commit to at least five years of security updates.
Use RCS Only with End-to-End Encryption: Ensure end-to-end encryption is active when using Rich Communication Services.
Configure Android Private DNS: Use trusted, high-privacy DNS resolvers like those mentioned above for iPhone.
Enable “Always Use Secure Connections” in Chrome: Ensure all website connections default to HTTPS for increased security.
Enable Enhanced Safe Browsing Protection in Chrome: This provides an additional layer of security against malicious websites and downloads.
Confirm Google Play Protect is Enabled: This feature detects and prevents malicious apps. Exercise caution when using third-party app stores.
Review and Restrict App Permissions: Minimize the access apps have to sensitive permissions like location, camera, or microphone.

By following these recommendations, you can significantly enhance the security of your mobile communications and protect yourself against the evolving threats posed by state-sponsored actors and other cybercriminals.

TryHackMe | Advent of Cyber 2024 – Day 18

Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.