Microsoft flaws fuel global breaches. - CyberWire Daily

Summary9 min read

Podcast Summary: CyberWire Daily – "Microsoft Flaws Fuel Global Breaches"

Release Date: July 21, 2025
Host: N2K Networks

Introduction

In the July 21, 2025 episode of CyberWire Daily, hosted by Dave Bittner, a comprehensive array of pressing cybersecurity issues were discussed. The episode delved into significant vulnerabilities exploited by hackers, critical IT outages, governmental stances on encryption, digital sovereignty concerns, and notable breaches impacting major corporations. Additionally, an insightful conversation with Maria Vermazes, host of T Minus Space Daily, explored the implications of spectrum usage by satellite communications on amateur radio enthusiasts.

1. Microsoft SharePoint Zero-Day Vulnerabilities and Global Breaches

Timestamp: [00:02 – 13:58]

The episode opens with alarming news about two zero-day flaws in Microsoft SharePoint, which have been exploited globally, affecting US federal and state agencies, universities, energy firms, and various international entities. These vulnerabilities specifically target on-premise SharePoint servers, leaving Microsoft 365 unaffected.

Nature of the Vulnerabilities:
- Remote Code Execution (RCE): Allows attackers to execute arbitrary code on affected servers.
- Tool Shell Attacks: Enabled the bypassing of previous patches, making systems susceptible to further breaches.
Microsoft's Response:
- Emergency updates were issued for SharePoint Subscription Edition and SharePoint 2019.
- A patch for SharePoint 2016 is still pending.
Broader Impact:
- Despite mitigation advice, numerous servers remain vulnerable.
- At least 50 breaches have been reported, including U.S. government and European agencies.
- The FBI, CISA, and international partners are actively investigating.

Notable Quote:

"Hackers accessed sensitive data and cryptographic keys, allowing potential re-entry even after patching." – Dave Bittner [10:30]

Expert Recommendations:

Patching Alone Isn't Sufficient: Security experts emphasize the need for admins to rotate machine keys and monitor systems for signs of compromise.

2. Alaska Airlines IT Outage

Timestamp: [13:58 – 15:00]

Alaska Airlines experienced a significant IT outage on the evening of July 20, which grounded its fleet and temporarily halted all Alaska and Horizon Air flights for approximately three hours, with operations resuming by 11 PM Pacific Time.

Impact:
- While most flights were grounded, the late-night timing minimized the number of affected departures.
- Alaska Airlines has not disclosed the specific cause of the outage.
Security Concerns:
- The outage raises alarms about the potential for cyberattacks on airlines, with groups like the Scattered Spider Gang being potential suspects.

Operational Response:

Alaska Airlines is working to restore normal operations and has warned of possible ongoing delays.

3. UK Government Reconsiders Apple iCloud Backdoor Demand

Timestamp: [15:00 – 19:48]

The UK government is re-evaluating its demand for Apple to provide access to encrypted iCloud data, influenced by pressures from the Trump administration and US Vice President J.D. Vance.

Background:
- In January, the Home Office mandated that Apple create a backdoor under the UK's Investigatory Powers Act.
- Apple responded by withdrawing its most secure cloud service from the UK and is legally challenging the order, joined by WhatsApp.
Implications:
- This issue has ignited a significant encryption battle, attracting criticism from both the US government and privacy advocates.
- UK Officials have admitted mishandling the situation, leading to internal disagreements on next steps.

Governmental Stance:

The Labor government is cautious about provoking US leadership, concerned about threats to free speech and international data agreements.

Notable Quote:

"Apple withdrew its most secure cloud service from the UK and is challenging the order in court." – Dave Bittner [18:00]

4. French Senate Report Raises Concerns Over Digital Sovereignty

Timestamp: [19:48 – 22:18]

A recent French Senate report has highlighted growing dependence on US tech giants, particularly Microsoft, expressing concerns over national digital sovereignty.

Key Findings:
- National Data Security: Reliance on American firms like Microsoft exposes public data to US surveillance laws such as FISA.
- Economic Impact: Europe allocates 265 billion euros annually to US tech companies, bolstering American employment while diminishing EU independence.
- Public Sector Deals: Critical IT systems, including a 74 million euros contract for the education sector, are outsourced to American firms.
Criticism:
- Bureaucratic Inertia: Slow movement to adopt European alternatives is blamed on perceived high costs.
- Market Control: U.S. firms dominate 69% of Europe's cloud market, raising calls for stronger digital sovereignty measures.

Notable Insight:

"Despite previous warnings, France continues outsourcing critical IT systems to American firms." – Dave Bittner [21:00]

5. Meta Declines to Sign EU's New Voluntary AI Code of Practice

Timestamp: [22:18 – 24:46]

Meta has opted out of signing the EU's new voluntary AI code of practice, citing concerns over legal uncertainty and regulatory overreach.

EU's AI Initiatives:
- The code aims to guide companies in compliance ahead of the AI Act set to take effect on August 2nd.
Meta’s Position:
- Argues the regulation could hinder innovation and negatively impact European tech competitiveness.
- OpenAI, in contrast, has agreed to sign, highlighting a divide among tech giants.
Regulatory Tensions:
- Reflects a broader tension between the EU's strict regulatory approach and the US's industry-friendly stance under the Trump administration.

Notable Quote:

"Meta argues the regulation could hinder innovation and harm European tech competitiveness." – Dave Bittner [23:00]

6. CrowdStrike Outage Disrupted US Hospitals

Timestamp: [24:46 – 27:00]

A 2025 report reveals that a faulty CrowdStrike software update led to widespread outages, disrupting over 750 US hospitals.

Impact on Healthcare:
- More than 200 hospitals lost access to critical systems such as health records and fetal monitors.
- The UCSD-led study warns of potential public health crises, comparing the incident to major cyberattacks despite services recovering within six hours.
CrowdStrike’s Response:
- Disputes the study’s findings, suggesting possible overlap with a Microsoft Azure outage.
- Emphasizes that only one third of US hospitals were scanned, implying the true impact may be underestimated.
Expert Recommendations:
- Calls for enhanced preparedness and real-time visibility into hospital IT systems to mitigate similar risks in the future.

Notable Quote:

"Researchers argue the breadth of the outage and its potential health risks show the need for better preparedness." – Dave Bittner [26:00]

7. World Leaks Extortion Group Breaches Dell's Customer Solutions Centers

Timestamp: [27:00 – 28:30]

The World Leaks extortion group has compromised Dell's customer solutions centers, which are used for product demos and testing.

Details of the Breach:
- Dell confirmed the attack but assured that the affected platforms are isolated from core systems and do not handle real customer data.
- The stolen data is believed to be synthetic or publicly available, with only a dated contact list being legitimately compromised.
Extortion Group’s Evolution:
- Formerly known as Hunters International, World Leaks has shifted focus from ransomware to pure data extortion.
- Claims responsibility for nearly 50 victims to date, though Dell has not been publicly listed.
Security Implications:
- Highlights the trend of extortion gangs prioritizing data theft over encryption, posing significant risks to organizations.

Notable Quote:

"The event highlights the evolving tactics of extortion gangs, focusing on data theft rather than encryption." – Dave Bittner [28:00]

8. Hewlett Packard Enterprise Issues Critical Security Warnings

Timestamp: [28:30 – 30:00]

Hewlett Packard Enterprise (HPE) has identified two severe security flaws in their Aruba Instant On access points, widely used by small to medium businesses.

Vulnerability Details:
- First Flaw:
  - Involves hard-coded admin credentials, allowing remote attackers to bypass authentication and gain full access to the web interface.
- Second Flaw:
  - Enables command injection via the command line interface but requires admin access, making it chainable.
Potential Exploits:
- Remote Alterations: Attackers could modify device settings, install backdoors, or initiate lateral attacks.
Remediation:
- HPE advises users to upgrade firmware immediately, as no workarounds are available.
- The vulnerabilities do not affect Instant On switches, only access points.

Research Disclosure:

Discovered by researcher ZZ from Ubisec Tech Sirius Team.
No known active exploitation at the time of reporting.

Notable Warning:

"These flaws currently have no known active exploitation, but do pose significant risk if left unpatched." – Dave Bittner [29:00]

9. UK Transport Company Collapses Due to Single Password Compromise

Timestamp: [30:00 – 32:00]

A single compromised password led to the downfall of KNP, a 158-year-old UK transport firm, resulting in the loss of 700 jobs.

Attack Details:
- Perpetrated by the Akira gang through a ransomware attack.
- Encrypted company data demanding a ransom that KNP could not afford, despite possessing cybersecurity insurance and being industry compliant.
Consequences:
- Operational Collapse: The breach crippled KNP's operations entirely.
- Ransomware Trends: Experts highlight a surge in such attacks, with an estimated 19,000 incidents in the UK last year.
Industry Impact:
- Major Firms Affected: Companies like M&S and Co-op have also suffered similar fates.
- Small Businesses: Often bear the brunt due to lower defenses and resources.
Government Response:
- National Cybersecurity Center and National Crime Agency are urging improved cyber hygiene.
- Consideration of new regulations banning ransom payments by public bodies and mandating incident reporting.

Notable Insight:

"KNP's case highlights how simple lapses can lead to catastrophic outcomes in a growing digital crime wave." – Dave Bittner [31:00]

10. Interview with Maria Vermazes on AST Space Mobile and Amateur Radio Spectrum

Timestamp: [32:00 – 25:31]

In an in-depth conversation, Dave Bittner interviews Maria Vermazes, host of T Minus Space Daily, about AST Space Mobile's request to utilize amateur radio spectrum for satellite communications and the potential repercussions for amateur radio enthusiasts.

AST Space Mobile's Proposal:
- Seeks to expand from five existing satellites to over 200 in a low earth orbit (LEO) constellation.
- Requests access to the 430–440 MHz (70 centimeter) band, traditionally used by amateur radio operators.
Concerns Raised:
- Interference: Potential for increased noise floor and interference, hindering amateur radio operations.
- Secondary User Status: AST Space Mobile would be a secondary user, meaning they must accept interference from primary users (government radar) and cease operations upon interference reports.
- Emergency Communications: Amateur radio plays a vital role in emergency responses, and spectrum congestion could impair these efforts.

Notable Quotes:

"AST Space Mobile is looking to have a low earth orbit cellular network." – Dave Bittner [15:03]
"If interference from a secondary user is detected or reported, the secondary user is required to shut down their use of the frequency." – Dave Bittner [18:53]

Regulatory and Advocacy Efforts:
- Amateur Radio Organizations are mobilizing to protect spectrum rights, emphasizing the importance of maintaining access for hobbyists and emergency communications.
- Comment Period: The FCC is accepting comments until July 21st, encouraging stakeholders to voice their concerns.
Global Implications:
- While the request is US-based, advocacy for spectrum protection is also emerging in the UK and other regions, highlighting the international impact of such proposals.
Recommendations for Amateur Radio Operators:
- Engage with Regulators: Submit comments to the FCC and collaborate with amateur radio organizations to influence decision-making.
- Stay Informed: Keep abreast of developments and participate in advocacy efforts to safeguard spectrum access.

Conclusion of Interview: Maria and Dave underscore the delicate balance between advancing satellite communication technologies and preserving essential spectrum access for amateur radio enthusiasts and emergency services.

Conclusion

The July 21, 2025 episode of CyberWire Daily provided a thorough examination of significant cybersecurity challenges facing governments, corporations, and individuals. From critical vulnerabilities in widely-used software to geopolitical tensions over digital sovereignty, the episode highlighted the interconnected nature of modern cyber threats. The insightful interview with Maria Vermazes shed light on the nuanced impacts of spectrum allocation on specialized communities, emphasizing the need for balanced regulatory approaches. As cyber threats continue to evolve, the discussions underscore the importance of proactive defense measures, informed policy-making, and collaborative efforts across sectors to safeguard digital infrastructures and services.

For more detailed insights and continuous updates on cybersecurity trends, subscribe to CyberWire Daily on your preferred podcast platform.

Loading summary

Transcript29 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network. Powered by N2K CISOs and CIOs know machine identities now outnumber humans by more than 80 to 1, and without securing them, trust, uptime, outages and compliance are at risk. Cyberark is leading the way with the only unified platform purpose built to secure every machine identity, certificates, secrets and workloads across all environments, all clouds and all AI agents. Designed for scale, automation and quantum readiness, Cyber Arc helps modern enterprises secure their machine future. Visit cyberark.com machines to see how Microsoft issues emergency updates for zero day SharePoint flaws Alaska Airlines resumes operations following an IT outage the UK government reconsiders demands for Apple iCloud backdoors a French Senate report raises concerns over digital sovereignty Meta declines to sign the EU's new voluntary AI code of practice. A new report claims last year's CrowdStrike outage disrupted over 750 hospitals. The World Leaks extortion group has breached Dell's customer solutions centers. Hewlett Packard Enterprise issues a critical warning about two severe security flaws. A single compromised password leads to a UK transport company's demise. My conversation with Maria Vermazes, host of T Minus Space Daily, about a company's request to use amateur radio spectrum for satellite communications and an AI assistant falls for fake metadata mag foreign it's Monday, July 21, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great to have you with us. Hackers exploited two zero day flaws in Microsoft SharePoint, launching a global cyber attack that hit US federal and state agencies, universities, energy firms and international entities. The attacks targeted on premise SharePoint servers, not Microsoft 365. These vulnerabilities enable remote code execution and were exploited in tool shell attacks or bypassing previous patches. Microsoft has issued emergency updates for SharePoint subscription edition and 2019, with a patch for 2016 still pending. Despite early mitigation advice, many servers remain vulnerable. Hackers accessed sensitive data and cryptographic keys, allowing potential RE entry even after patching. At least 50 breaches have been reported, including U.S. government and European agencies. The FBI, CISA and international partners are investigating. Security experts warn that simply patching isn't enough. Admins must rotate machine keys and check for signs of compromise. Alaska Airlines grounded its fleet due to an unspecified IT outage on the evening of July 20, temporarily halting all Alaska and Horizon Air flights. The issue lasted about three hours, with operations resuming by 11pm Pacific Time. While the airline hasn't detailed the cause? Recent airline targeted cyber attacks raise concerns, with the scattered spider gang a possible suspect. Although most flights were grounded, the late night timing affected fewer scheduled departures. Alaska warned of ongoing delays as it works to restore normal operations. The UK government is reconsidering its demand that Apple provide access to encrypted iCloud data amid pressure from the Trump administration and US Vice President J.D. vance. In January, the home Office ordered Apple to create a backdoor under the UK's Investigatory Powers Act. But US officials warn this could threaten tech partnerships and privacy rights. Apple withdrew its most secure cloud service from the UK and is challenging the order in court. Joined by WhatsApp, the move has sparked a major encryption battle and drawn criticism from both the US government and privacy advocates. UK officials admit the home office mishandled the situation and now face internal disagreement over how to proceed. The labor government, focused on digital trade and AI, is wary of provoking US leaders who see the issue as a threat to free speech and international data agreements. A French Senate report has criticized the government's growing reliance on US tech giants, especially Microsoft, warning it compromises national digital sovereignty and exposes public data to US surveillance laws like FISA and cloud. Despite previous warnings, France continues outsourcing critical IT systems to American firms, including a 74 million euros deal for the education sector. Officials admit French data hosted by Microsoft cannot be guaranteed safe from US authorities. Critics blame bureaucratic inertia and the dismissal of European alternatives as too costly. A 2025 report revealed Europe sends 265 billion euros annually to U.S. tech firms, fueling American jobs while weakening EU independence. While countries like Denmark are shifting to open source solutions, EU institutions are slow to act. The European Parliament has called for stronger digital sovereignty, noting U.S. firms control 69% of Europe's cloud market and store most Western data. Meta has declined to sign the EU's new voluntary AI code of practice, warning it creates legal uncertainty and overreaches the upcoming AI Act's scope. The code aims to guide companies in complying with AI rules before they take effect on August 2nd. Meta argues the regulation could hinder innovation and harm European tech competitiveness. OpenAI, by contrast, has agreed to sign. Meta's stance reflects growing tension between the EU's strict regulatory approach and the U.S. s more hands off pro industry stance under the Trump administration, a year after a faulty crowdstrike software update triggered mass computer crashes, new research reveals the incident disrupted at least 759 US hospitals, more than 200 of which lost access to patient critical systems like health records and fetal monitors. The UCSD led study warns the event was a potential public health crisis, drawing comparisons to major cyberattacks. Though most services recovered within six hours, researchers stress even short delays in care can harm patients. CrowdStrike disputes the findings, blaming possible overlap with a Microsoft Azure outage and calling the research. However, the study suggests the true impact may be underestimated, as only One third of U.S. hospitals were scanned. Researchers argue the breadth of the outage and its potential health risks show the need for better preparedness and real time visibility into hospital IT failures, whether from bugs or cyberattacks. The extortion group World Leaks, formerly known as Hunters International, has breached Dell's customer solution centers, environments used for product demos and testing. Dell confirmed the attack but emphasized that the affected platform is isolated from core systems and does not handle real customer data. The stolen data is believed to be synthetic or publicly available, with only a dated contact list considered legitimate. World Leaks, which pivoted from ransomware to pure data extortion in early 2025, has claimed nearly 50 victims so far, but has not publicly listed Dell. The group has also exploited outdated sonic wall devices in other attacks. Dell declined to reveal how the breach occurred or details about ransom demands, stating the incident is still under investigation. The event highlights the evolving tactics of extortion gangs, focusing on data theft rather than encryption. Hewlett Packard Enterprise has issued a critical warning about two severe security flaws in Aruba instant on access points used widely by small to medium businesses. The primary flaw involves hard coded admin credentials, allowing remote attackers to bypass authentication and gain full web interface access. A second flaw enables command injection via the command line interface but requires admin access, making it chainable. With the first vulnerability, exploitation could allow attackers to alter device settings, install backdoors or launch lateral attacks. HP urges users to upgrade their firmware as there are no workarounds and the vulnerabilities are not present in instant on switches. Discovered by a researcher known as ZZ from Ubisec Tech Sirius Team, these flaws currently have no known active exploitation, but do pose significant risk if left unpatched. A single compromised password led to the collapse of 158-year-old UK transport firm KNP, costing 700 jobs after a ransomware attack by the Akira gang. The hackers encrypted company data demanding a ransom KNP couldn't pay despite having cybersecurity insurance and industry compliant it. The breach crippled operations. Experts warn such attacks are rising, with an estimated 19,000 ransomware incidents in the UK last year. The National Cybersecurity center and National Crime Agency report increasing attacks driven by low barriers to entry and high profits. While major firms like M and S and Co Op have also been hitting, small businesses often bear the brunt. Authorities urge better cyber hygiene and are considering new rules banning ransom payments by public bodies and mandating incident reporting. KNP's case highlights how simple lapses can lead to catastrophic outcomes in a growing digital crime wave. Coming up after the break, my conversation with Maria Vermaze, host of the T Minus Space Daily, about one company's request to use amateur radio spectrum for satellite communications and an AI assistant falls for fake metadata magic. Stay with us. Bad actors don't break in, they log in. Attackers use stolen credentials in nearly 9 out of 10 data breaches. Once inside, they're after one thing your data. Varonis AI powered data security platform secures your data at scale across las SaaS and hybrid cloud environments. Join thousands of organizations who trust Varonis to keep their data safe. Get a free data risk assessment@varonis.com Foreign is AI built for the enterprise SOC, fully private schema, free and capable of running in sensitive air gapped environments. Krogle autonomously investigates thousands of alerts weekly, correlating insights across your tools without data leaving your perimeter. Designed for high availability across geographies, it delivers context aware, auditable decisions aligned to your workflows. Krogle empowers analysts to act faster and focus on critical threats, replacing repetitive triage with intelligent automation to help your SOC operate at scale with precision and control. Learn more@krogle.com that's C R O gl.com I recently spoke with Maria Vermazes, host of the T Minus Space Daily podcast right here on the N2K CyberWire network about one company's request to use amateur radio spectrum for satellite communications.
[14:02]
Maria Vermazes
Dave, thank you so much for speaking with me today. It's always good to speak with you.
[14:06]
Dave Bittner
Yeah, it's my pleasure to be here. Thanks for having me.
[14:09]
Maria Vermazes
I got an email in my personal inbox from HAM Radio Prep, which I've been a subscriber to for a while and it was sort of this red alert that hey, AST Space Mobile is requesting more access to some spectrum that is frequently used by amateur radio enthusiasts and my cursory reading of this email was essentially that AST Space Mobile, which is a huge space based telecoms company, they have I think five satellites in orbit right now that share some spectrum that's used by amateur radio enthusiasts around the world, but they want to put like 200 plus more satellites in A constellation that might also use the spectrum, which I imagine might cause a problem for AM radio folks around the world. So you are the perfect person to help me understand this because I just kind of wanted to get a sense from a person who has amateur radio expertise like what this would mean in that world. So what's your read on this, Dave?
[15:03]
Dave Bittner
So as I read it, AST Space Mobile are looking to have a low earth orbit cellular network.
[15:12]
Maria Vermazes
Yes.
[15:13]
Dave Bittner
And that's like the hot space right now in space, in LEO satellites, right?
[15:18]
Maria Vermazes
That's right.
[15:19]
Dave Bittner
So that's what they're, that's what they're fixing to do here. And like you said, they already have a handful of satellites up there and they want to have total of around 250. When all is said and done and reading through their requests from the FCC for this special exemption that they're hoping to get, they're looking to use the 430 through 440 MHz band, which is also referred to as the 70 centimeter band, for secondary and emergency communications with the satellites for telemetry, tracking and command. So ttnc, as the satellite folks say it, and this has some of the folks in the amateur radio world concerned because the 430-440 MHz band is set aside for amateur radio use here in the United States and indeed most other places around the world. But there's some interesting nuance here.
[16:21]
Maria Vermazes
So, yes, I knew there would be. This is why I really wanted you to walk me through this.
[16:26]
Dave Bittner
Yeah, yeah. So again, AST Space Mobile is only looking to use these frequencies for secondary and emergency use. Now, that could mean a lot of different things. Does that mean that if any particular satellite's primary trans transmitter goes down, that it falls back to this frequency and then just uses that for the rest of its service life? Don't know. Maybe. In the application, AST is very specifically saying to the FCC that it wants to use these frequencies outside of the United States. And they have their relay stations are around the world and are outside of the United States. So this brings up the question of, so do the satellites, if they're using this band, do they turn it off when they're flying over the U.S. do they mute themselves when they're flying over the U.S. radio signals famously do not obey borders. So that's an interesting question. But the other thing that caught my eye is that the use of this band for amateur radio folks, the hams are considered secondary users of these frequencies.
[17:42]
Maria Vermazes
Hmm. Yeah. So what does that mean?
[17:45]
Dave Bittner
So the primary users are Mostly the government. So they use these for things like radar. And so the secondary users are allowed to use them, but they have to accept interference from other users. Okay, so in other words, first on the line are the government people who are using radar. They have priority. The hams are next in line, but they have to accept any interference that may come from the primary user, the radar user, and that's the pecking order. So what's interesting about this is AST Space Mobile, because their use would be empowered by an exemption, would also be listed as a secondary user. And so a secondary user has to accept interference from other users. But also if interference from a secondary user is detected or reported, the secondary user is required to shut down their use of the frequency. So you see where I'm going here, Maria.
[18:54]
Maria Vermazes
Yeah. So they're not gonna be top of the heap there, but you're gonna have a lot of people competing in the secondary user space, potentially, right? Yeah. So I'm wondering if the amateur radio perspective is it's getting too crow or we're getting pushed out, or is there something special about this band specifically for amateur radio users at least, you know, you and I both being in the US for our perspective, like what is it about this band that's important?
[19:19]
Dave Bittner
Well, let's get to that. But let's put a button on that previous question, which is if these satellites are flying, if let's say you have 250 satellites in low earth orbit and they're making use of this band, and as the law is written and I understand it, let's say an amateur radio operator said, hey, these satellites are interfering with my use of the band, does that mean the FCC can go to AST Space Mobile and say shut them down?
[19:49]
Maria Vermazes
I don't think so. Right. Or does amateur radio essentially become a tertiary user, which does not exist, but essentially bump down a little bit, I would imagine. Yeah.
[20:00]
Dave Bittner
And that's the concern. That's the concern is that through this exemption, the FCC will be allowing the use of this spectrum to this space company and that just from being big and bad and present and ubiquitous, that there's the potential for them to stomp all over the amateur radio users and basically increase the noise floor of everything that's going on in the band and just make things harder for the people who want to use the band for amateur radio stuff. Now, the 70 centimeter band is not the most popular band in amateur radio. It's pretty much point to point. It is a high quality band that's used for some voice. It's used for amateur satellite communications. People use it to communicate with the International Space Station for low bandwidth TV so they can send images on these frequencies. But it's not the band that I think most hams reflexively go out to use. For example, the local amateur radio club that I'm a member of has repeaters on the 2 meter band and the 77, the 70 centimeter band. I would say the 2 meter band repeaters probably get used 10 to 1 over the 70 centimeter band. And that's, you know, no particular reason for that. That's just the way that it falls, the way that some of the radios are configured and just how the chips have fell. So there's also this argument that, okay, hams, you know, it's not like you guys are using this band all that much, so share the precious bandwidth because again, as you know, Maria, it's very.
[21:58]
Maria Vermazes
Crowded on the spectrum.
[21:59]
Dave Bittner
Yeah, bandwidth is just more and more, you know, more and more precious. And the higher a frequency you can use, the more carrying capacity it has for information. So this is desirable band. And this company is saying, we'd like to, we'd like the FCC to make an exemption for us to share it.
[22:19]
Maria Vermazes
So if I'm understanding correctly, there is a lot of nuance this. Dave, I really appreciate that you dug into this because I was thinking reflexively, I saw that email and I went, whoa. Well, that's interesting. But it sounds like from the AST space mobile side, again, them being a secondary user. So they're not even at the top of the pecking order there. So this is not going to be their main bit of spectrum that they would be needing. It would be sort of a backup, which of course they would still need, but it wouldn't be the main conduit, so to speak. And even for amateur radio folks, at least for the US I don't know about other use. Globally, I'm, I'm sure that would be an interesting thing to look into. But at least within the United States, because this is the FCC we're talking about here, amateur radio folks, this is not their favorite place to communicate either. But I'm sure philosophically it's a matter of, well, if we keep, you know, whittling down the spectrum that amateur radio folks can use, that further endangers a hobby that's already defensive about people taking their spectrum. Understandably, I'm, I'm, you know, I'm not, I'm not against that. I understand why people are so it is an interesting situation.
[23:24]
Dave Bittner
Yeah, it's Also interesting that you mentioned that this particular request is US based, but a lot of the advocacy to protect this spectrum is coming out of the uk. Oh yeah, that's interesting.
[23:40]
Maria Vermazes
What's up with that?
[23:42]
Dave Bittner
Well, I'm kind of connecting dots here, so I cannot claim to have an absolutely rock solid answer here. I suspect that part of that is coming because AST has said that they're specifically not planning on using this spectrum within the United States, but they're not making that promise to the rest of the world.
[24:07]
Maria Vermazes
Oh, that is interesting.
[24:09]
Dave Bittner
Yeah. So if you're in the uk, you're thinking, here's this company out of Texas who's going to be putting up all of these satellites, this constellation of satellites, and this is gonna presumably, or at least has the potential to raise the noise floor on this band. And let's not forget, you know, amateur radio is also about responding to emergencies. We've seen that certainly here in the U.S. so there's concerns that it could degrade ability to respond in the case of an emergency. So there's that.
[24:46]
Maria Vermazes
What is the recourse then outside of the United States? Is it the itu? I mean, who. I mean, can anything. I'm not saying something has to be done, but if one feels that something should be done, what do you do?
[24:58]
Dave Bittner
Yeah, I think you complained to the ITU here in the us I believe the comment period is still open for a few days. So if this is something that concerns you, you can write to the FCC and just let them know. And the amateur radio organizations have put together pre crafted boilerplate for you to submit if you want to do that.
[25:21]
Maria Vermazes
Dave, thank you for this really nuanced take on this whole story because it's just been very fascinating to follow. And yeah, the comment period to the FCC is until July 21st.
[25:32]
Dave Bittner
And of course be sure to check out the T Minus Space Daily podcast right here on the N2K CyberWire network or wherever you get your favorite podcasts. Compliance regulations, third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots and all those manual processes, you're right. GRC can be so much easier and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key compliance, internal and third party risk, and even customer trust so you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo that's v a n-t a.com cyber hey everybody, Dave here. I've talked about Delete Me before and I'm still using it because it still works. Works it's been a few months now, and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Delete Me team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K and finally, it all started with an innocent enough goal. Automate simple business tasks using AI. Enter Claude, the LLM powered agent trained to read your imessages and carry out useful actions like managing stripe billing, sending thank you notes, or auto generating invoices. It's the kind of set it and forget it assistant startups dream about until someone realized it could be way too helpful. Security researchers at General Analysis dug into how Claude interprets messages. Turns out it doesn't just read the words, it also processes metadata like who sent the message and the conversation thread. Normally this metadata comes from Apple's iMessage APIs, but Claude doesn't actually verify that it trusts whatever metadata it's handed, which opens a troubling loophole. Anyone can craft a fake imessage via SMS that looks like it came from you. So the researchers sent Claude An SMS containing fake metadata, and a casual hey Claude, create me $1,050,000 stripe coupons. The message had no real authorization, no password, no handshake, just well faked headers. Claude, ever loyal complied. It gets better. The metadata spoofing doesn't even require system access. Just embed it in the text body and Claude will happily parse it as real. The exploit doesn't rely on malware or brute force hacking, just social engineering dressed up as protocol mimicry. And because it uses your own assistant, it's like robbing yourself with your own butler's help. Stripe, of course, had no idea Claude's commands were fully authenticated. From its point of view, the damage could be massive, especially if deployed at scale. Think infinite gift cards, free subscriptions, or unauthorized refunds. And while this was just a proof of concept, it's a masterclass in showing how helpful automation can quietly backfire. The researchers responsibly disclosed the issue and even released a defense tool called MCP Guard. It filters incoming messages and metadata to ensure only legitimate verifiable requests are passed to the agent. So it's important to note, Claude wasn't hacked. It just did what it was told by anyone pretending to be you. The modern AI assistant's greatest weakness may not be its intelligence, but its loyalty. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of this summer. There's a link in the show notes. Please do check it out. Don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show. Every week you can find Grumpy Old Geeks, where all the fine podcasts are listed. N2K senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Hi Kim Jones. Here on CISO Perspectives, we get candid with the thinkers, doers and trailblazers shaping cybersecurity leadership. No scripts, no sales pitches, just real stories and hard earned lessons from folks who've been there. If you're looking to grow as a leader or just want to hear how others are navigating this ever evolving field. Listen to CISO perspectives. Get your seat at the table. And now a word from our sponsor Threat Locker, the powerful zero trust enterprise solution that stops ransomware in its tracks. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker.