Transcript
A (0:02)
You're listening to the Cyberwire Network, powered by N2K. Risk and compliance shouldn't slow your business down. Hyperproof helps you automate controls, integrate real time risk workflows, and build a centralized system of trust so your teams can focus on growth, not spreadsheets. From faster audits to stronger stakeholder confidence, Hyperproof gives you the business advantage of Smarter compliance. Visit www.hyperproof.IO to see how leading teams are transforming their GRC programs. At Talas, they know cybersecurity can be tough and you can't protect everything. But with Thales, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most applications, data and identity. That's Talas T H A L E S learn more@talasgroup.com Cyber China linked hackers target Cisco firewalls MIT Sloan withdraws a controversial AI driven ransomware paper A new study questions the value of cybersecurity Training hackers exploit OpenAI's API as a malware command channel. Apple patches over 100 security flaws across devices A Florida based operator of mental health and addiction treatment centers exposes sensitive patient information. OPM plans a mass deferment for Cyber Corps scholars affected by the government shutdown. Lawmakers urge the FTC to investigate Flock Safety's cybersecurity gaps. Cybercriminals team with organized crime for high tech cartel cargo thefts Ben Yellen from the University of Maryland center for Cyber Health and hazard strategies discusses ICE's controversial facial scanning initiative and A priceless theft meets a worthless password. It's Tuesday, November 4, 2025. I'm Dave Bittner and this is your CYBERW Intel Briefing. Thanks for joining us here today. It's great as always to have you with us. China Affiliated threat group Storm 1849, also tracked as UAT 4356, has been exploiting Cisco Adaptive Security appliance firewalls used by governments and major firms worldwide. According to Palo Alto Networks Unit 42, the hackers leverage two known Cisco vulnerabilities to gain persistent control over critical network gateways. Targets include US Federal and state agencies, defense contractors and financial institutions, as well as organizations in Europe, Asia, Africa, and the Middle East. Despite CISA's emergency patch directive, attacks persisted through October. But pausing briefly during China's Golden Week, experts warn that affected entities must not only patch but also reset configurations and credentials to fully remove intrusions. MIT Sloan has retracted a working paper that falsely claimed over 80% of ransomware attacks in 2024 involved artificial intelligence. The study, co authored with cybersecurity firm Safe Security, faced strong backlash from independent researchers, including Kevin Beaumont and Marcus Hutchins, who called the report ridiculous and nonsense, citing its lack of evidence and inclusion of long defunct malware like Emotet. Even Google's AI overview disputed the statistic. Following the criticism, MIT removed the paper and said it is revising the work after recent reviews, co author Michael Siegel acknowledged that an updated version is forthcoming, emphasizing the paper's intent to explore AI's growing role in ransomware rather than assert a precise figure. Beaumont later accused MIT Sloan and Safe Security of spreading cyberslop or baseless AI claims for profit, warning that such hype misleads security leaders and undermines trust in cybersecurity research. A UC San Diego Health study of nearly 20,000 employees found that cybersecurity training had little impact on phishing susceptibility. Trained workers were about as likely to click phishing links as untrained ones, regardless of when they last took training. Popular lures included fake HR and vacation policy updates. Researcher Ariana Merian said results showed users eventually fall for a lure, suggesting organizations should emphasize technical defenses like multi factor authentication and spam filtering instead of relying on training alone. Microsoft has uncovered a stealthy backdoor dubbed Sesame OP, that hijacks OpenAI's assistance API to control infected systems. Instead of using the API for normal chatbot interactions, attackers use it as a covert command and control channel, blending malicious traffic with legitimate AI activity. The backdoor, first detected in July, employs. Net app domain manager injection, layered encryption, and heavy obfuscation to execute and exfiltrate commands invisibly by routing through OpenAI's trusted infrastructure. Sesame Op avoids traditional detection methods like suspicious IPs or domains. Microsoft emphasized that this is not an OpenAI vulnerability but a misuse of legitimate capabilities. The company shared indicators and hunting queries to help defenders flag unusual API activity. OpenAI has since disabled a compromised account linked to the attack. Experts warn that as AI integration expands, trusted cloud services will increasingly be repurposed for stealth operations. Apple has released major security updates for iOS, iPadOS, and macOS, addressing more than 100 vulnerabilities. IOS and iPadOS 26.1 fix 56 issues, including 19 in the WebKit browser engine, while iOS Tahoe 26.1 patches 105 flaws. The bugs could allow data theft memory corruption or sandbox escapes. Many were discovered by Google's Big Sleep AI, which identifies exploitable weaknesses before attackers can act. Apple also issued fixes for macOS, Sequoia, Sonoma, TVOS, WatchOS, Vision OS and Safari. Oglethorpe Inc. A Florida based operator of mental health and addiction treatment centers, is notifying over 92,000 patients of a data breach discovered in June. The company reported the incident to the main attorney general, saying attackers accessed its IT systems and stole personal data, including names, Social Security numbers and medical information. While no misuse has been confirmed, Oglethorpe is offering affected individuals 12 months of credit monitoring. The firm, which runs facilities in Florida, Ohio and Louisiana, has rebuilt compromise systems, notified the FBI and strengthened network defenses. Experts say breaches involving behavioral health data carry heightened risks of emotional and social harm. Security consultant Dave Bailey emphasized that such incidents erode patient trust and urged healthcare providers to go beyond compliance by prioritizing risk based protections for sensitive health information. The U.S. office of Personnel Management says it will coordinate a mass deferment for participants in the federal Cyber Corps Scholarship for Service program once the government shutdown ends. The program, run by the National Science foundation with OPM and dhs, funds cybersecurity students tuition in exchange for post graduation. Federal service scholars unable to find qualifying jobs must normally repay their awards due to hiring freezes and budget cuts. Many current and recent graduates fear they'll owe as much as $100,000amid limited federal openings. OPM spokesperson McLaurin Pinover said the deferment will grant more time for job placement and added that no participants have yet been sent to repayment. OPM director Scott Kupor emphasized that recruiting cybersecurity and AI specialists remain a national priority and that new guidance will urge agencies to fully leverage the SFS program once operations resume. Senator Ron Wyden, Democrat from Oregon, and Representative Raha Krishnamoorthy, Democrat from Illinois, have asked the Federal Trade Commission to probe police surveillance firm Flock Safety over alleged weak cybersecurity. Their letter cites at least 35 hacked customer accounts and criticizes Flock for not requiring multi factor authentication or supporting phishing resistant mfa. The lawmakers warn that poor security could expose location data on millions of Americans. Flock's license plate reader network spans over 8,000 communities nationwide. Both the FTC and Flock declined to comment. Researchers at Proofpoint warn that cybercriminals are teaming with organized crime groups to carry out a modern wave of cargo thefts targeting US Logistics firms. The attackers infiltrate freight brokers, load boards, post fake shipping jobs and use malicious remote monitoring and Management tools such as Enable or Screen Connect to gain network access. Once inside, they steal credentials and impersonate brokers to redirect legitimate shipments to criminal controlled addresses. Goods stolen range from electronics to energy drinks, with losses totaling millions of dollars. Proofpoint says the criminals are opportunistic, targeting carriers of all sizes. Cargo Net's latest data supports the trend, reporting over $111 million in losses across 772 thefts in the third quarter of 2025, with an average stolen shipment worth $336,000. Experts expect these cyber enabled social engineering schemes to grow more sophisticated as attackers exploit public load board data to value shipments. Coming up after the break, my caveat. Co host Ben Yellen discusses ICE's controversial facial scanning initiative and a priceless theft meets a worthless password. Stay with us.