CyberWire Daily – “Grounded by ransomware.”

Date: September 22, 2025 | Host: N2K Networks

Episode Overview

In this episode, CyberWire Daily delivers a rapid-fire roundup of critical cybersecurity news, with special attention to a massive ransomware attack that crippled major European airports. The show also highlights legislative uncertainty in U.S. cyber law, recent high-severity vulnerabilities, data breaches, child exploitation crackdowns, and the shifting landscape of industry security testing. The episode concludes with a deep-dive interview featuring Vision Space’s cybersecurity experts discussing real-world vulnerabilities in space mission software, capped with a cautionary tale about youthful cybercrime.

Key News Stories & Analysis

1. Ransomware Halts European Airports

[00:45] A major ransomware attack struck airport operations in Europe, disrupting check-in and boarding systems at airports including Heathrow, Berlin, and Brussels.
- Collins Aerospace’s Muse software was compromised, forcing airports into manual operations.
- “Heathrow warned staff that more than 1,000 computers may be corrupted, with recovery requiring in-person fixes.” (Dave Bittner, 01:01)
- Brussels Airport cancelled nearly 140 flights in one day.
- Collins has issued patches but admits threat actors may still be present—even after system rebuilds.
- The incident illustrates the explosive growth of ransomware in aviation: attacks up 600% year-over-year (source: Talas).
- Criminal groups are “reaping hundreds of millions annually.” (01:48)

2. U.S. Cyber Legislation in Jeopardy

[02:05] The 2015 Cybersecurity Information Sharing Act is set to expire, threatening key liability protections for firms sharing threat intelligence.
- Legislative gridlock centers around proposed changes that critics say would “gut protections and chill sharing.”
- The looming lapse could “have immediate consequences—hesitation to share critical threat data heightened exposure to attacks.” (02:40)
- Senator Rand Paul has specifically objected, advocating for changes at odds with industry consensus.

3. Critical Vulnerabilities and Data Breaches

Microsoft Entra ID Flaw ([03:04])
- Researcher Dirkjean Molema uncovered a design flaw permitting the forging of access tokens—potentially enabling global admin impersonation on victim tenants.
- Microsoft patched the vulnerability swiftly, but the case underscores dangers in legacy and deprecated APIs.
- “Legacy auth paths and deprecated APIs are high risk inventory—remove and monitor them urgently.” (04:01)
Stellantis Data Breach ([04:22])
- Breach through a third-party vendor exposed customer names and emails; no sensitive info reported.
- Stellantis is warning customers to watch for phishing attempts.
Fortra ‘GoAnywhere’ Flaw ([04:46])
- A major vulnerability fixed, related to command injection and remote code execution via deserialization.
- Past ransomware abuses of this software make the issue more urgent.

4. Europol Targets Online Child Sexual Exploitation

[05:05] International investigation identified 51 children and led to action against 60 suspects across 18 countries.
- Used a blend of classic police work and “AI-driven forensic tools.”
- “The cross border nature… underscored the need for real time intelligence sharing.” (05:47)

5. MITRE ATT&CK Evaluation Opt-Outs Signal Industry Shift

[06:15] Microsoft, SentinelOne, and Palo Alto Networks withdraw from MITRE’s 2025 attack evaluations.
- Officially, they cite “resource prioritization and innovation,” but concerns over the test’s relevance and complexity also loom.
- MITRE intends to “reboot its vendor forum” and refine the process for 2026.

6. Crypto Crime Hits Cancer Patient—Streaming Fundraiser Hijacked

[07:01] A Latvian streamer with stage four cancer had $32,000 in crypto donations stolen after downloading a seemingly safe Steam game.
- The game, “Blockblasters,” was updated with a crypto drainer targeting high-value users.
- Researchers traced the theft to larger campaigns totalling $150,000 and involving sophisticated dropper and payload techniques.
- Crypto influencer Alex Becker stepped in, “quickly replaced the stolen funds with a $32,500 donation.” (08:05)
- Underlines vulnerabilities even on trusted gaming platforms.

7. Monday Business Breakdown

[09:00] $390 million raised in recent investments, along with six notable acquisitions:
- Vega: $65 million for R&D and U.S. expansion.
- Irregular: $80 million to secure frontier AI models.
- CrowdStrike: Acquired Pangea to enhance Falcon’s AI capabilities.
- Accenture: Acquired IAM Concepts, enhancing identity offerings in Canada.
For further business details, Dave directs to N2K Pro and TheCyberWire.com.

Expert Interview: Hacking Satellites with Vision Space

Maria Varmazes (Host, T Minus Space Daily) talks to:

Milenko Starchyk — Head of Cybersecurity, Vision Space
Andrei Olchawa — Cybersecurity Engineer, Vision Space

Background & Research ([14:38]–[15:58]):

Vision Space undertook a systematic, multi-year review of mission control and onboard spacecraft software.
Major focus: Open source mission control systems (e.g., NASA’s Core Flight System, F Prime).

Major Insights:

“There’s a lot that could be found potentially… from a cybersecurity perspective, like low hanging fruits.” (Milenko Starchyk, 16:18)
Dominant issue: Space industry still relies heavily on security by obscurity.
- “If you say like, ‘Oh no, my software is so complex only I can use it,’ that’s definitely not the case. Attackers will download all your files… with large language models, even millions of pages of documents in hours and days.” (16:54)
In open source NASA frameworks, “we found quite a lot of vulnerabilities… more general security issues, partially due to the lack of embedded security in these frameworks.” (17:59)

Vulnerability Findings ([18:37]–[19:06]):

Nearly 40 CVEs and “almost 400 days” of analyst time invested.
Vulnerabilities ranged in severity, with several rated 9.8 or 9.9/10.
- Impacts included everything from “information disclosure to actually getting remote code execution on spacecraft platforms.” (Andrei Olchawa, 19:12)
Three impactful Black Hat demos: Compromising mission control via phishing and demonstrating potential for direct spacecraft takeover.

Disclosure & Solutions ([20:35]):

“We followed the response and disclosure process… worked with NASA… to fix those issues.” (Andrei Olchawa, 20:35)
All disclosed vulnerabilities have since been remediated.

Key Takeaways for the Sector ([21:32]):

Compliance ≠ Security:
- “There’s a big risk with going for strictly compliance… you can still get hacked, but it will not affect you on a legal basis, basically.” (Milenko Starchyk, 21:32)
Lack of actual software testing is widespread. “Your security controls are nice, but if you haven’t tested the software… you’re missing the point.”
- Many issues found could have been resolved early with even basic static analysis.
Commercial sector pitfalls:
- Proprietary software: “It often happens that security is at the very low end of the requirement list… left at the end or not considered at all.” (Andrei Olchawa, 23:35)
- Open source: “Software companies would easily assume… it must be secure because it’s from NASA. Actually, this is the software we find the most vulnerabilities in.” (24:03)

Closing Advice ([24:35]):

Build security in from the start—“it’s never too late,” but don’t let checklists lead to false confidence.
- “Not to go with… crazy requirements, but focus on threats that actually can impact your business severely.” (Milenko Starchyk, 24:51)

Notable Quotes & Memorable Moments

On airport ransomware:
“Law enforcement is investigating. The incident highlights the growing ransomware threat, with aviation cyber attacks up 600% in the last year.” — Dave Bittner, [01:38]
On space software obscurity:
“Security by obscurity… is still very popular in the space industry. That’s a very risky assumption.” — Milenko Starchyk, [16:54]
On high-impact vulnerabilities:
“The highest one we have is 9.9 or 9.8 [severity].” — Andrei Olchawa, [18:58]
On compliance-centric approaches:
“You can still get hacked, but it will not affect you on a legal basis, basically.” — Milenko Starchyk, [21:53]
On overlooked software testing:
“A lot of the issues we found could have been easily caught early on and not kept in the software for many years.” — Milenko Starchyk, [22:55]
On commercial space security attitudes:
“Companies would easily assume… it must be secure because it’s from NASA. Actually, this is the software we find the most vulnerabilities in.” — Andrei Olchawa, [24:03]

Final Story: Youthful Cybercrime and Consequences ([26:00])

Noah Urban’s story: From Minecraft SIM swapping as a teen to “Scattered Spider” gang member behind high-profile ransomware attacks.
- “Noah says he wasn’t a coder, just a smooth talking Floridian who discovered sim swapping through Minecraft… tricking Fortune 500 firms may look like a game to teens, but it’s still fraud.” (Dave Bittner, 26:27)
- Noah gets a 10-year sentence, surpassing the prosecutor’s recommendation, serving as a cautionary tale.

Timestamps: Major Segments

00:45 Ransomware grounds European airports
02:05 U.S. cyber legislation at risk
03:04–04:46 Critical vulnerabilities and data breaches
05:05 Europol operation (child exploitation)
06:15 MITRE ATT&CK evaluation opt-outs
07:01 Streamer’s crypto fundraising heist
09:00 Cybersecurity business funding & acquisitions
14:38–25:22 Vision Space on hacking satellites
26:00 The story of Noah Urban and Scattered Spider

Tone & Style

The episode maintains a brisk, pragmatic, and news-driven tone, blending expert commentary with real-world stakes and just enough narrative flair to make the host’s transitions memorable and approachable.

Summary Takeaway

This episode brings into sharp relief the expanding threat and complexity in today’s cybersecurity landscape—from airports and automotive giants to the cutting edge of space technology—while reinforcing that compliance isn’t a substitute for genuine, ongoing security scrutiny. The Vision Space interview particularly brings home the real risks lurking in inherited software and the ever-dangerous lure of “security by obscurity.”

CyberWire Daily – “Grounded by ransomware.”

Date: September 22, 2025 | Host: N2K Networks

Episode Overview

Key News Stories & Analysis

1. Ransomware Halts European Airports

[00:45] A major ransomware attack struck airport operations in Europe, disrupting check-in and boarding systems at airports including Heathrow, Berlin, and Brussels.
- Collins Aerospace’s Muse software was compromised, forcing airports into manual operations.
- “Heathrow warned staff that more than 1,000 computers may be corrupted, with recovery requiring in-person fixes.” (Dave Bittner, 01:01)
- Brussels Airport cancelled nearly 140 flights in one day.
- Collins has issued patches but admits threat actors may still be present—even after system rebuilds.
- The incident illustrates the explosive growth of ransomware in aviation: attacks up 600% year-over-year (source: Talas).
- Criminal groups are “reaping hundreds of millions annually.” (01:48)

2. U.S. Cyber Legislation in Jeopardy

[02:05] The 2015 Cybersecurity Information Sharing Act is set to expire, threatening key liability protections for firms sharing threat intelligence.
- Legislative gridlock centers around proposed changes that critics say would “gut protections and chill sharing.”
- The looming lapse could “have immediate consequences—hesitation to share critical threat data heightened exposure to attacks.” (02:40)
- Senator Rand Paul has specifically objected, advocating for changes at odds with industry consensus.

3. Critical Vulnerabilities and Data Breaches

Microsoft Entra ID Flaw ([03:04])
- Researcher Dirkjean Molema uncovered a design flaw permitting the forging of access tokens—potentially enabling global admin impersonation on victim tenants.
- Microsoft patched the vulnerability swiftly, but the case underscores dangers in legacy and deprecated APIs.
- “Legacy auth paths and deprecated APIs are high risk inventory—remove and monitor them urgently.” (04:01)
Stellantis Data Breach ([04:22])
- Breach through a third-party vendor exposed customer names and emails; no sensitive info reported.
- Stellantis is warning customers to watch for phishing attempts.
Fortra ‘GoAnywhere’ Flaw ([04:46])
- A major vulnerability fixed, related to command injection and remote code execution via deserialization.
- Past ransomware abuses of this software make the issue more urgent.

4. Europol Targets Online Child Sexual Exploitation

[05:05] International investigation identified 51 children and led to action against 60 suspects across 18 countries.
- Used a blend of classic police work and “AI-driven forensic tools.”
- “The cross border nature… underscored the need for real time intelligence sharing.” (05:47)

5. MITRE ATT&CK Evaluation Opt-Outs Signal Industry Shift

[06:15] Microsoft, SentinelOne, and Palo Alto Networks withdraw from MITRE’s 2025 attack evaluations.
- Officially, they cite “resource prioritization and innovation,” but concerns over the test’s relevance and complexity also loom.
- MITRE intends to “reboot its vendor forum” and refine the process for 2026.

6. Crypto Crime Hits Cancer Patient—Streaming Fundraiser Hijacked

[07:01] A Latvian streamer with stage four cancer had $32,000 in crypto donations stolen after downloading a seemingly safe Steam game.
- The game, “Blockblasters,” was updated with a crypto drainer targeting high-value users.
- Researchers traced the theft to larger campaigns totalling $150,000 and involving sophisticated dropper and payload techniques.
- Crypto influencer Alex Becker stepped in, “quickly replaced the stolen funds with a $32,500 donation.” (08:05)
- Underlines vulnerabilities even on trusted gaming platforms.

7. Monday Business Breakdown

[09:00] $390 million raised in recent investments, along with six notable acquisitions:
- Vega: $65 million for R&D and U.S. expansion.
- Irregular: $80 million to secure frontier AI models.
- CrowdStrike: Acquired Pangea to enhance Falcon’s AI capabilities.
- Accenture: Acquired IAM Concepts, enhancing identity offerings in Canada.
For further business details, Dave directs to N2K Pro and TheCyberWire.com.

Expert Interview: Hacking Satellites with Vision Space

Maria Varmazes (Host, T Minus Space Daily) talks to:

Milenko Starchyk — Head of Cybersecurity, Vision Space
Andrei Olchawa — Cybersecurity Engineer, Vision Space

Background & Research ([14:38]–[15:58]):

Vision Space undertook a systematic, multi-year review of mission control and onboard spacecraft software.
Major focus: Open source mission control systems (e.g., NASA’s Core Flight System, F Prime).

Major Insights:

“There’s a lot that could be found potentially… from a cybersecurity perspective, like low hanging fruits.” (Milenko Starchyk, 16:18)
Dominant issue: Space industry still relies heavily on security by obscurity.
- “If you say like, ‘Oh no, my software is so complex only I can use it,’ that’s definitely not the case. Attackers will download all your files… with large language models, even millions of pages of documents in hours and days.” (16:54)
In open source NASA frameworks, “we found quite a lot of vulnerabilities… more general security issues, partially due to the lack of embedded security in these frameworks.” (17:59)

Vulnerability Findings ([18:37]–[19:06]):

Nearly 40 CVEs and “almost 400 days” of analyst time invested.
Vulnerabilities ranged in severity, with several rated 9.8 or 9.9/10.
- Impacts included everything from “information disclosure to actually getting remote code execution on spacecraft platforms.” (Andrei Olchawa, 19:12)
Three impactful Black Hat demos: Compromising mission control via phishing and demonstrating potential for direct spacecraft takeover.

Disclosure & Solutions ([20:35]):

“We followed the response and disclosure process… worked with NASA… to fix those issues.” (Andrei Olchawa, 20:35)
All disclosed vulnerabilities have since been remediated.

Key Takeaways for the Sector ([21:32]):

Compliance ≠ Security:
- “There’s a big risk with going for strictly compliance… you can still get hacked, but it will not affect you on a legal basis, basically.” (Milenko Starchyk, 21:32)
Lack of actual software testing is widespread. “Your security controls are nice, but if you haven’t tested the software… you’re missing the point.”
- Many issues found could have been resolved early with even basic static analysis.
Commercial sector pitfalls:
- Proprietary software: “It often happens that security is at the very low end of the requirement list… left at the end or not considered at all.” (Andrei Olchawa, 23:35)
- Open source: “Software companies would easily assume… it must be secure because it’s from NASA. Actually, this is the software we find the most vulnerabilities in.” (24:03)

Closing Advice ([24:35]):

Build security in from the start—“it’s never too late,” but don’t let checklists lead to false confidence.
- “Not to go with… crazy requirements, but focus on threats that actually can impact your business severely.” (Milenko Starchyk, 24:51)

Notable Quotes & Memorable Moments

On airport ransomware:
“Law enforcement is investigating. The incident highlights the growing ransomware threat, with aviation cyber attacks up 600% in the last year.” — Dave Bittner, [01:38]
On space software obscurity:
“Security by obscurity… is still very popular in the space industry. That’s a very risky assumption.” — Milenko Starchyk, [16:54]
On high-impact vulnerabilities:
“The highest one we have is 9.9 or 9.8 [severity].” — Andrei Olchawa, [18:58]
On compliance-centric approaches:
“You can still get hacked, but it will not affect you on a legal basis, basically.” — Milenko Starchyk, [21:53]
On overlooked software testing:
“A lot of the issues we found could have been easily caught early on and not kept in the software for many years.” — Milenko Starchyk, [22:55]
On commercial space security attitudes:
“Companies would easily assume… it must be secure because it’s from NASA. Actually, this is the software we find the most vulnerabilities in.” — Andrei Olchawa, [24:03]

Final Story: Youthful Cybercrime and Consequences ([26:00])

Noah Urban’s story: From Minecraft SIM swapping as a teen to “Scattered Spider” gang member behind high-profile ransomware attacks.
- “Noah says he wasn’t a coder, just a smooth talking Floridian who discovered sim swapping through Minecraft… tricking Fortune 500 firms may look like a game to teens, but it’s still fraud.” (Dave Bittner, 26:27)
- Noah gets a 10-year sentence, surpassing the prosecutor’s recommendation, serving as a cautionary tale.

Timestamps: Major Segments

00:45 Ransomware grounds European airports
02:05 U.S. cyber legislation at risk
03:04–04:46 Critical vulnerabilities and data breaches
05:05 Europol operation (child exploitation)
06:15 MITRE ATT&CK evaluation opt-outs
07:01 Streamer’s crypto fundraising heist
09:00 Cybersecurity business funding & acquisitions
14:38–25:22 Vision Space on hacking satellites
26:00 The story of Noah Urban and Scattered Spider

Grounded by ransomware.

Powered by Wave AI

Summary

CyberWire Daily – “Grounded by ransomware.”

Episode Overview

Key News Stories & Analysis

1. Ransomware Halts European Airports

2. U.S. Cyber Legislation in Jeopardy

3. Critical Vulnerabilities and Data Breaches

4. Europol Targets Online Child Sexual Exploitation

5. MITRE ATT&CK Evaluation Opt-Outs Signal Industry Shift

6. Crypto Crime Hits Cancer Patient—Streaming Fundraiser Hijacked

7. Monday Business Breakdown

Expert Interview: Hacking Satellites with Vision Space

Background & Research ([14:38]–[15:58]):

Major Insights:

Vulnerability Findings ([18:37]–[19:06]):

Disclosure & Solutions ([20:35]):

Key Takeaways for the Sector ([21:32]):

Closing Advice ([24:35]):

Notable Quotes & Memorable Moments

Final Story: Youthful Cybercrime and Consequences ([26:00])

Timestamps: Major Segments

Tone & Style

Summary Takeaway

Summary

CyberWire Daily – “Grounded by ransomware.”

Episode Overview

Key News Stories & Analysis

1. Ransomware Halts European Airports

2. U.S. Cyber Legislation in Jeopardy

3. Critical Vulnerabilities and Data Breaches

4. Europol Targets Online Child Sexual Exploitation

5. MITRE ATT&CK Evaluation Opt-Outs Signal Industry Shift

6. Crypto Crime Hits Cancer Patient—Streaming Fundraiser Hijacked

7. Monday Business Breakdown

Expert Interview: Hacking Satellites with Vision Space

Background & Research ([14:38]–[15:58]):

Major Insights:

Vulnerability Findings ([18:37]–[19:06]):

Disclosure & Solutions ([20:35]):

Key Takeaways for the Sector ([21:32]):

Closing Advice ([24:35]):

Notable Quotes & Memorable Moments

Final Story: Youthful Cybercrime and Consequences ([26:00])

Timestamps: Major Segments

Tone & Style

Summary Takeaway