A

You're listening to the Cyberwire Network powered by N2K. Do you know how the space and cybersecurity domains connect? T minus Space Cyber Briefing is your guide through the space based systems that expand the attack surface. I'm Maria Varmazis host here at N2K CyberWire and I'm excited to share that T Minus is back now as a weekly podcast, the T Minus Space Cyber Briefing. We have a new dedicated focus on two great things that are even better together. Space and cybersecurity. Because whether we realize it or not, we all depend on space based systems that are, by the way, increasingly Internet enabled. We're talking cybersecurity technologies, policies and organizations that are securing the critical space based infrastructure that powers, protects and connects our lives here on Earth. So join me for T Minus Space Cyber Briefing. New episodes every Sunday.

B

Maybe that's an urgent message from your CEO. Or maybe it's a deep fake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated. Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more. Doppel outpacing what's next in social engineering? Learn more@doppel.com that'S-O-P p e l.com. AI oversight arrives at the White House. A cyber force gains momentum. Critical infrastructure comes under cyber attack. Acer faces zero day trouble. A stock exchange executive gets spied on for months HTTP 2 bomb threatens web servers Quantum's classical side grows bigger. Britain's military chooses Star Shield Spain's infamous hacker gets sentenced. Our guest is Benjamin Morell, Vice President of Security Strategy at Koros Cybersecurity, discussing the role of MSPs and Meta's productivity. Panopticon pauses for personal pit stops. It's Wednesday, 6-3-26. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It is great as always to have you with us. President Trump signed an executive order that marks the administration's most significant move toward regulating artificial intelligence. The order asks technology companies to voluntarily give the federal government up to 30 days to review advanced AI models before public release. A scaled back version of a previously proposed 90 day review period that was abandoned last month after industry pushback. The decision follows months of internal debate over AI's impact on national security and cybersecurity. The order also directs the Treasury Department to establish an AI cybersecurity Clearinghouse to assess vulnerabilities identified by AI systems. Administration officials describe the policy as a way to balance innovation with security concerns. The move represents a shift from Trump's earlier hands off approach, which prioritized helping US companies compete with China. Major technology firms including Microsoft, OpenAI, Google and Anthropic publicly supported the revised order, calling it a reasonable balance between safety and innovation. However, some industry leaders remain concerned that government oversight could slow development and eventually lead to stricter regulations. Growing concerns about AI enabled cyber threats Public skepticism about AI and pressure from security advocates help drive the administration toward a formal oversight process. While the reviews remain voluntary, supporters argue that companies are likely to comply because of the order's political significance. Critics, meanwhile, continue to push for mandatory safety testing and government vetting of advanced AI systems. A bipartisan commission is urging the creation of a dedicated US Cyber force, arguing that the military needs a standalone service focused on digital warfare as cyber threats from adversaries such as Russia and China continue to grow. The proposed force would cost between 6 billion and $11 billion to establish, employ roughly 30,000 military personnel, 5,000 National Guard members and up to 6,000 civilians, and could become operational within 12 to 18 months. The commission on Cyber Force Generation, a joint effort by CSIS and fdd, contends that current military branches have struggled to provide enough cyber Ready personnel to U.S. cyber Command. Supporters argue a dedicated service would create a sustainable pipeline of cyber talent and improve long term readiness. The proposal arrives as Congress prepares its annual defense legislation, with some lawmakers already signaling support for measures that would advance the concept. Cisa, along with several other federal agencies, have issued a joint warning about ongoing cyber attacks targeting Internet exposed automatic tank gauge systems used across critical infrastructure sectors. Attackers are exploiting weak security controls, default credentials, authentication bypasses and software vulnerabilities to gain remote access and manipulate system settings. A successful compromise could disrupt operations, disable alarms, falsify tank readings and increase safety and environmental risks. Agencies are urging operators to remove ATG systems from direct Internet exposure, strengthen authentication, apply patches, enable monitoring and report suspected incidents. Acer has disclosed two critical zero day vulnerabilities affecting wave 7 mesh routers. One flaw allows unauthenticated attackers to access log files containing plain text, web and telnet credentials, while the second involves a hard coded encryption key that could enable attackers to modify backups and establish persistent backdoor access. Security researcher Gergo Papp reported both issues. Acer says patches are in development and expected by the end of this month. Until then, users should disable remote management or restrict remote access to trusted IP addresses to reduce exposure. Researchers at Symantec and Carbon Black uncovered a highly targeted espionage campaign that compromised the Outlook mailbox of a senior executive at a major global stock exchange for five months, enabling attackers to steal email data in small, incremental batches. The attackers used disguised system services, scheduled tasks and a custom tool built on a legitimate library to repeatedly extract Outlook mailbox data while maintaining persistence on the victim's device to avoid detection. The stolen data was exfiltrated through legitimate cloud services, primarily Dropbox and later OneDrive personal, making malicious traffic appear routine. The attackers also used public tools masquerading file names and hard coded Microsoft IP addresses to minimize visibility. Researchers found no evidence linking the activity to a known threat group, but the operational focus, long dwell time and exclusive targeting of a senior executive's mailbox strongly indicate an espionage motive aimed at gathering sensitive business intelligence and strategic information. Britain is reportedly moving some of its military communications onto Starshield, the government focused satellite network billed by SpaceX as a more secure counterpart to Starlink. The shift could make the UK one of the first countries outside the United States to adopt the service for operational military use. Maria Vermazes has more on this story.

A

Thank you Dave. Reuters is reporting that the UK's military has begun using SpaceX's Starshield, which is the version of SpaceX's Starlink satellite constellation specifically built for military and government intelligence use. It is not currently publicly known how much the UK military paid for starshield access or how much military data is being routed through the service, but Reuters says operational traffic started flowing through starshield earlier this year. Now there is increasing urgency for greater data sovereignty, especially in the UK and in Europe as governments seek to move away from using US based services like starshield. That said, the practical reality is that there are not many options for military hardened satellite communications in low Earth orbit. That is, at least for now. For example, in the EU, work continues on the EU's own secure low Earth orbit constellation, the Iris Squared. In the meantime, starting earlier this year, five EU nations began routing sensitive data through eight satellites owned by EU member states via the EU's GovSatCom, which is a patchwork solution making use of existing orbital infrastructure until the purpose built IRIS Squared comes online, currently projected to occur in 2027. For the CyberWire Daily, I'm Maria Varmazes from T Space Hybrid Briefing. Back to you Dave,

B

and be sure to check out the T Minus Space Cyber podcast hosted by Maria Vermazis. Researchers at Calif. Have discovered a new denial of service technique called HTTP 2 bomb that combines several known vulnerabilities into a powerful attack capable of crashing major web servers within seconds. The exploit chains an HPAC compression bomb with slow loris style memory exhaustion techniques, allowing attackers to consume large amounts of server memory while preventing it from being released. Calif estimates the issue could affect more than 880,000 websites. Researchers noted that OpenAI's Codex helped identify how previously known flaws could be combined and into a novel and effective attack. As the quantum computing industry pushes toward larger and more capable systems, researchers say, the often overlooked classical computing infrastructure required to operate them is becoming a critical challenge. Quantum computers rely heavily on classical hardware and software for tasks such as qubit calibration and quantum error correction, both of which grow more demanding as qubit counts increase. An article from the IEEE says. Companies including Nvidia, IBM, Google Quantum AI, Riverlane and qcontrol are developing automated and AI assisted tools to manage these processes. AI shows promise for speeding calibration and decoding errors, though concerns remain about latency and computational overhead. Experts expect future quantum systems to be highly hybrid, combining quantum processors with substantial classical computing resources. As quantum computers scale toward thousands or millions of qubits, researchers say, entirely new approaches to calibration, error correction and supporting infrastructure will likely be required. Spanish hacker Jose Luis Huertas, known online as Alcasec, has been sentenced to two years and seven months in prison after pleading guilty to stealing banking data belonging to more than 574,000 people. Prosecutors reduced the sentence after the 22 year old cooperated with investigators and provided access credentials. Two accomplices also received prison sentences, and authorities seized cash and cryptocurrency linked to the operation. According to prosecutors, Huertas gained access to Spanish government systems using a stolen digital certificate and phishing techniques that captured court employee credentials. He then infiltrated judicial networks, stole banking records and sold the data through online platforms. Police traced cryptocurrency transactions tied to the scheme, recovering more than $543,000 in digital assets. The conviction ends a series of high profile cybercrime activities that had made Huertas one of Spain's most notorious young hackers. Coming up after the break, my conversation with Benjamin Morrill, vice president of security strategy at Koros Cybersecurity. We'll discuss the role of MSPs and Meta's productivity. Panopticon pauses for personal pit stops. Stay with us. What's the one thing in business that's spreading as fast as AI? AI Risk every new tool your team signs up for every vendor that turns on AI features, every new integration, each one creates another opportunity for something to go wrong. And most security programs just weren't built for AI's pace of growth. Enter Vanta. Vanta is the number one agentic trust platform used by more than 16,000 fast moving companies like Ramp, Cursor and Harvey to help ensure they're always audit ready. And now Vanta is helping companies watch for the risks that show up between audits across vendors, AI tools and their entire environment. The Vanta agent works like a 24.7grc engineer in the background, finding issues, drafting fixes and cutting vendor assessment time by up to 50%. Whether you're a fast growing startup or a global enterprise, Vanta is here to help you automate your security and compliance and earn and prove trust. Get started today@vanta.com cyber that's V A N T A dot com cyber. Benjamin Morell is Vice President of Security Strategy at Koros Cybersecurity. And in today's sponsored Industry Voices conversation we Discuss the role MSPs are playing in cybersecurity.

C

The small and medium business clients have always relied very heavily on the msp, whether it was back then doing just sort of the IT lift with a little bit of cybersecurity rub because you know, you would have the firewall that needs to be configured or the credentials needed to be set and passwords managed, for example, and now that's expanded. Cybersecurity is this big beast now that almost needs its own attention and teams from MSPs and sometimes we get to refer to them as Ms. SPS or managed Security Service Providers for example. These guys are still that heavy reliance for these teams. We at CORO call these end users Lean it. This means that they may have a person in house that does it, but is not a practitioner of security, for example. And this means that these lean IT teams then push further up into trying to get professional services from MSPs and MSSPs. And so therefore there are this lifeblood to helping these businesses sort of survive without them needing to find and procure incredible talent that is kind of sparse and very difficult to maintain for even larger businesses.

B

Can we talk about some of the challenges that these SMBs face? I mean, I know fragmentation is a big problem for them. There's so many vendors and so many tools that they're relying on. What are the security consequences of that reality?

C

Absolutely, absolutely. So there's a couple of things that are always going to affect the small medium business, even the middle enterprise you might describe it as things like cost, for example, will always be on the horizon. This cost exercise sometimes means that while a larger business or even an SMB might think of going for the biggest and best on the market, cost is always going to be a differentiator. That means that they can't take that route, which means they sometimes make a call on what might be referred to as risk based on cost. I won't take that sort of step or no step in that direction because if I can't have the best, then I kind of won't do anything. And it could be a mindset that sort of makes sense, but also has a lot of negative impact on how that business's security and risk and posture to the outside world might look. You then also has, as mentioned with being lean it, they lack sort of the internal knowledge and mindset on how to protect their business. And for a lot of these guys, it's very similar to insurance. If you've never been popped, if you've never been touched, you don't really see the problem until it happens. And that might be too late. At that point. The msp, if we bring them back into the conversation, is that little guiding light to try and go, hey, here's what we can do, here's what does work in your budget, here's what you guys kind of need, and here's the best uplift we can get for you. Now, is everyone even up in the large enterprise still always making decisions on risk? Absolutely. Any decision you make to put data somewhere where it could potentially be touched, any decision to connect one service to another, are risks you are taking. And you decide what that risk is worth to you and what that data being in that location is worth. The SMB generally has to take maybe risks that might have a bigger impact because all my data is now stored in one location, because that's kind of how I have to operate as an SMB, which means I need to pay more security for that. But my risk is that all my data is there. I can't fragment it potentially. So for us at Coro, for example, trying to give them something that gets a much larger span across their security posture and give them that uplift in a way that is not difficult or hard. And it's also not as costly, for example, it's sort of the route we try to go and try to avoid and improve this fragmentation exercise of all of these point products that are great at what they do, but very difficult for this sort of market to touch run and even execute within Their businesses.

B

Can we touch on AI? I mean, I think a lot of organizations are, are having trouble finding the right balance between dialing in their use of AI and, and also the potential risks that it introduces.

C

Absolutely, absolutely. We're seeing this a lot and we're starting to see a lot of news reports of this sort of stuff come out. Guys like Clawbot for example, which seems like a great exercise on the surface of being able to run automation between all of these parts of a business, or even just a user's own parts of the business that they have to operate in. But then you have this new utility that no one's tested in house. No one is vetting, no one is making sure it's got the appropriate guardrails, and it's allowed to now just potentially be co opted by an attacker. It may have its own bugs and holes that no one is prepared to deal with or has fathered into what they need to do. So there's this race of attempting to stay ahead of the curb, getting the most out of this AI boom and potentially trying to see return on that AI boom, but doing so in a way that you're not prepared to understand the risks that you've added to your business in doing so. Everyone would like to hope that if you buy something from a vendor, if you acquire something from what you consider a reputable source, it shouldn't become a risk to you, but that's not the case. Anything you bring into a business needs to be vetted, needs to be understood, needs to know what am I doing with it? What are my risks that I'm taking with that sort of exercise. And this AI jump is a great example of that. And we'll continue to see that evolve and we'll continue to see that sort of collapse back in on itself. And I think there's a big role to play for the MSP in being able to educate that. Okay, cool. We can do this. We can take you to a point where this AI is potentially assisting you with improving the way your business runs, or crunching data in a faster mechanism, or automating these processes that you've done manually for so long. But we need to sit down and understand what do we need to do with it? How do we avoid it doing things it doesn't need to. That creates unnecessary risk for us. Let's get the best value return out of it.

B

I know you and your colleagues use your own platform. You call yourselves Customer Zero for the platform. Why is that important? Why does that matter?

C

Yeah, absolutely. Look, I have Worked a number of vendors over my time and I've been into a lot of businesses as well, other vendors that, that do what they need to do within their businesses. And it's not uncommon to find that there's a bit of a mixed spread of not entirely using what you sort of make. And there's a number of reasons for that, depending on what's required. One of the things we wanted to do internally as a business that can sit alongside and fit into that small medium sizing is what can we do to run it for ourselves and how can we feel potentially the pain that a client or a partner might feel that we as the vendor looking from above, think isn't a problem? So we took the exercise of, okay, make sure it's running fully in our own house, then decide what is it not doing for us, what is it doing for us? And are they things that we actually need to change? Is there already a tool we're using that we don't really need to co op? It's fine the way it is, we can't improve on it, it doesn't give us any value train to bring it into our platform, or is there something that we are doing that is quite costly, or the exercise is a lot of effort to run it in that other location when we could be doing it intern outside of that, it's then my ability to speak directly with people who have the best interests of what our security internally looks like, who I can have a very candid conversation with about what are we doing and why are we doing it this way. One of the early things I found was we as a business make a lot of decisions and processes that it's just the way it is, and we don't consider that there might be a better way to do it until perhaps someone has actually shown us there is. The problem is we are expected to be that person to show you that there's a better way. So I'm in that middle ground of being able to work with my team internally and go, what are we doing? Is there a better way we could do it? And is that better way something we could build into coro? And does that then have advantages to our partners and our clients, or are we just solving our own problem internally and it's not really worthwhile for everyone externally? And this is a nice conversation to have, which I can then take as a story to partners, to clients and go, are you feeling this? Is this something that reflects on you, that you haven't considered, that you haven't looked into that you haven't taken advantage of because it's never been presented to you in this methodology.

B

Well, given the reality of where we find ourselves right now, the rapid changes that are being triggered by things like AI, what are your recommendations for the security practitioners in our audience?

C

Absolutely. You want to focus on trying to get, or I guess the other way to put this would be don't go chasing the latest and greatest just because it's the latest and greatest. Be very cautious of people spouting silver bullets. It's always been the case in cyber security, has been since I started, and I'm not even that old. There's always this on the horizon idea that something is going to solve this and once we get to that point, this will all be done. That's not the case. There's always a war that's being ran in the back end, which is, you know, between people utilizing tools to try and gain access to people using tools to try and defend. And much similar to, say, real world, real war that occurs. We end up in this situation where there's innovation that gets created for good and bad reasons and that will always sort of continue on. So always try and double down on having a good fundamental understanding of what you're trying to solve. Always focus on risk. What is the risk? What is the business's appetite for risk? What do they have the ability to actually spend on or run compared to their risk? Don't go, hey, here's the best tech stack in the world where I'm using everything from top right gardener quadrant and it's going to cost you more than you make in a year just to function it. You have to sort of understand what you're trying to solve for and how best you're solving for it and then try and fill in everything else. And there is a lot to be said about being able to train the users within a business to act as human firewalls. They are always going to be a part of the cybersecurity discussion. We see them getting phished for credentials is still probably the most common method for breaches. If we can get them to a point where perhaps we're reducing the amount of breaches that they're involved in, we can get to a better result overall. And this isn't a software sort of discussion. Sure, we can do security awareness training through software platforms, but at the end of the day it's still training these individuals. And if you can make sure that you, as perhaps the security practitioner, keep that in mind. There might be ways to improve businesses that isn't just selling them a tech stack. It's providing them services. It's providing them guidance. And that goes back to why are you using AI and what's its purpose?

B

For example, that's Benjamin Morell, vice president of security strategy at Koros Cybersecurity. And finally, Meta has slightly softened its controversial employee monitoring program, though not enough to make anyone mistake it for a privacy initiative. Under the company's Model Capability initiative, software records employees, mouse clicks and keystrokes to help train AI systems following employee backlash. Meta now says workers can pause tracking for up to 30 minutes when handling personal matters, and a limited group of employees can request exemptions under specific circumstances. For most workers, however, the digital observer remains on duty. Meta has also improved the software's battery performance, suggesting that if your computer is going to watch everything you do, it should at least do so efficiently. CEO Mark Zuckerberg defended the effort, arguing that AI can learn by observing how highly skilled employees use computers. He emphasized that the data is intended for AI training rather than performance monitoring, while adding that if the approach proves successful, Meta may expand similar programs in the future. In other words, the company has offered employees a brief intermission, but the show must go on, And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k. N2K's lead producer is Liz Stokes, were mixed by Trey Hester, with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazis, our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Sa.