CyberWire Daily – Detailed Summary
Episode: "FCC resets cyber oversight"
Date: November 3, 2025
Host: Dave Bittner (N2K Networks)
Main Theme
This episode examines the Federal Communications Commission’s (FCC) move to roll back recent cybersecurity mandates prompted by nation-state attacks, provides an industry news round-up—including cybercrime cases, disclosures, and regulatory shifts—and features an in-depth interview with Caleb Tolan, host of the new “Data Security Decoded” podcast, exploring the intersection of cyber research, policy, and defense perspectives.
Key Discussion Points & Insights
1. FCC’s Rollback of Cybersecurity Mandates (00:45)
- Background:
- In the wake of the Salt Typhoon hacking campaign (Chinese state-backed actors attacking major US telecoms and accessing communications involving political figures), the FCC had issued strict requirements: annual compliance reports and formal risk management plans.
- Current Developments:
- FCC Secretary Marlene Dorch now deems these rules “legally erroneous and overly broad,” noting they imposed "inflexible, redundant requirements regardless of company size or risk profile."
- The FCC will pivot to voluntary, public-private cybersecurity partnerships.
- Telecoms claim improved defenses: faster patching, tighter access, better threat-sharing.
- Criticism:
- Senator Mark Warner criticizes weaker oversight: “weak oversight contributed to what he called the worst telecom hack in our nation's history” (02:10).
- FCC vote on rollback scheduled for November 20th.
2. Major Cybercrime & Breaches Update
-
Extradition of ‘Mr. ICQ’ (Yuri Riptsoff) (03:05):
- Ukrainian national involved in the Jabber Zeus banking trojan group, indicted in 2012, extradited from Italy.
- Allegedly responsible for tens of millions in theft; coordinated notification and laundering.
- Links to Evil Corp and over $100 million in global financial theft.
-
Cyber Negotiators Become Criminals (04:10):
- Two US professionals, Kevin Tyler Martin and Ryan Clifford Goldberg, charged with orchestrating ransomware attacks while employed to negotiate for victims.
- Victims include a Florida medical firm ($10 million demand, $1.2 million ultimately stolen).
- Digital Mint (employer) fired the suspects, cooperated with FBI.
-
Ernst & Young Cloud Exposure (05:22):
- 4TB unencrypted SQL backup accidentally leaked via misconfigured Azure server, discovered by Neo Security.
- EY Italy acquisition was the source, no client/confidential data exposed according to EY.
-
University of Pennsylvania Data Breach (06:02):
- Hacker accessed 1.2 million donor, student, alumni records via compromised employee SSO.
- Systems including Salesforce and SAP accessed; 700,000+ received “got hacked” emails.
- Attacker denies political motives; intent was donor database possibly for future disclosure.
-
UK Water Utilities Under Attack (07:08):
- Five attacks on British water suppliers since 2024 (record for any two-year period).
- No disruption of water safety, but growing cyber risks flagged.
- Upcoming Cybersecurity and Resilience bill likely to lower reporting threshold, praised voluntary reporting, with NCSC urging segmentation between IT/OT.
3. Business Brief – M&A and Funding News (08:07)
- Acquisitions:
- Jumpcloud buys Breeze (ITDR).
- Presidio buys Irish MSP Ergo.
- MTX Group buys Verify ID AI (AI identity verification).
- DeWitt acquires Israel’s Cloudwise (cloud management/security).
- Advent Partners buys majority of Australian MSP FX.
- Insight Enterprises to acquire Sukuro (Sydney-based).
- Funding:
- Chainguard: $280M (software supply chain security).
- Sublime Security: $150M (AI email defense).
- Conductor 1: $79M, SimSpace: $39M, Nexus AI: $30M, Cyber Ridge: $26M, Darwin AI: $15M, Akuru: $10M, Polygraph: $9.5M.
- Resource: Full business brief available on CyberWire Pro.
Interview Segment: Data Security Decoded Podcast Preview (14:02)
Guest: Caleb Tolan, Host of Rubrik's Data Security Decoded
Host: Dave Bittner
Show’s Origin & Mission (14:22)
- Created as Rubrik launched its Zero Labs research division.
- Purpose:
- Provide “vendor agnostic actionable insights to reduce data security risk and improve cyber resilience outcomes.”
- Mixes guests from threat intelligence, cyber policy, defenders on the enterprise side.
- Actionable insights for building resilience.
Quote:
“We want to provide kind of that cutting edge in real time research from the cyber researchers... but we also want to have the conversation with cyber policy writers and the folks who are actually crafting policy... it’s important to have those policy conversations as well and have that perspective mixed in so that our listeners are fully informed.”
— Caleb Tolan (15:25)
Podcast Format & Target Audience (15:25)
- Diverse topics:
- Real-time threat intelligence.
- Cyber policy (US and international).
- Defender stories from the front lines.
- Strategic/business-level discussions (with CIOs, CISOs, etc.).
- Bridging technical and non-technical communication.
Quote:
“There’s also this conversation to be had about communicating as a technical leader to non technical leaders and speaking the language of business and speaking the language of risk.”
— Caleb Tolan (15:47)
Upcoming Episodes & Sneak Peeks (16:58)
- Lauren Zabrick (formerly CISA, now in non-profit):
- Focus: Secure by Design/Secure by Demand, elevating underrepresented voices (“Share the Mic in Cyber”).
- Securing software supply chains.
- Geopolitical risks for local governments:
- “How different counties and local governments are uniquely impacted” by both sophisticated and state-sponsored threats, despite limited resources.
- Critical infrastructure security for under-resourced entities.
Quote:
“...counties and local governments oftentimes are the ones running our water supply systems, our electrical grids, all sorts of critical services, how they can secure these critical systems while being underfunded and under resourced.”
— Caleb Tolan (17:54)
Caleb Tolan’s Background (19:16)
- Non-technical roots:
- Studied musical theater and political science/communications.
- Career aspirations began in DC policy, pivoted to enterprise tech via Nutanix.
- Joined Rubrik, drawing on background in storytelling to amplify cybersecurity conversations.
“Going back to that original background, starting in theater... focusing on listening and reacting and being very present in real time and telling a really impactful story... sharing the stories of so many people who are doing really critical work for our critical infrastructure, for our national security, for our global political ecosystem is a really interesting and intriguing feat.”
— Caleb Tolan (20:54)
- Lighthearted exchange about favorite musicals (Music Man, Big Fish) and theater fandom. (21:57–23:07)
Notable Quotes & Memorable Moments
- On weak cyber oversight and recent telecom breaches:
- “Weak oversight contributed to what he called the worst telecom hack in our nation's history.”
— Senator Mark Warner cited by Dave Bittner (02:10)
- “Weak oversight contributed to what he called the worst telecom hack in our nation's history.”
- On cybercrime professionalism:
- “Instead of having sort of the smaller pool of high sophistication actors... we see that being given to much lower sophistication, lower tech folks ... they basically need a phone and a bitcoin wallet.”
— Trevor Hilligoss, Spycloud (11:25)
- “Instead of having sort of the smaller pool of high sophistication actors... we see that being given to much lower sophistication, lower tech folks ... they basically need a phone and a bitcoin wallet.”
- On podcasting and theater:
- “There’s nothing like live theater.”
— Dave Bittner (23:07)
- “There’s nothing like live theater.”
Timestamps for Major Segments
- FCC cybersecurity rollback & industry news: 00:45–08:07
- Business Brief (M&A, funding): 08:07–11:06
- Rise of cybercrime enablement markets (Spycloud interview): 11:06–12:36
- Data Security Decoded podcast feature/interview: 14:02–23:24
- Humorous cybercrime story (massage scandal): 23:26–end
Conclusion & Key Takeaways
This episode offers a broad sweep of recent policy shifts, criminal cases, and security lapses in the global cyber landscape. The highlight is a lively and insightful preview of “Data Security Decoded,” aimed at bridging research, policy, and the lived experience of defenders, capturing the human stories behind cybersecurity’s technical headlines.
Listeners not only get industry updates but also a sense of the evolving conversations happening at the intersection of technology, governance, and narrative storytelling.
