OneView gives attackers the full tour.

CyberWire Daily: “OneView gives attackers the full tour.”

Date: December 18, 2025
Host: Dave Bittner (N2K Networks)
Guest: Larry Zorio, CISO, Mark 43

Overview

This episode of CyberWire Daily explores a wave of urgent vulnerabilities and exploits across enterprise IT and cloud infrastructure, as well as international cybercrime crackdowns and policy developments. A major theme is the security risks facing critical infrastructure and public safety agencies, highlighted by a feature interview with Larry Zorio, CISO of Mark 43, about insider risks, outdated systems, and the evolving cyber threat landscape for first responders.

Key News and Analysis Segments

1. Critical Vulnerabilities & Software Updates

HPE OneView Maximum Severity Vulnerability (03:35)
Hewlett Packard Enterprise patched a severe remote code execution flaw in its OneView infrastructure management software, affecting all pre-version 11 releases. There are no mitigations—immediate patching is urged.

“Organizations are urged to patch immediately…no mitigations or workarounds are available.” (03:15, Dave Bittner)
Cisco Zero-Day Under Active Exploitation (04:15)
A Chinese state-linked threat group (UAT9686) is exploiting a zero-day in Cisco AsyncOS-based secure email gateway appliances, gaining root privileges. No patch or workaround is available; CISA added the flaw to its exploited vulnerabilities list.
Chrome Emergency Patch (04:58)
Google issued an emergency Chrome update for high-severity bugs (remote code execution). Users—including on Edge, Brave, Opera, Vivaldi—are urged to update immediately.

2. Law Enforcement & International Cybercrime

French Authorities: Arrests & Espionage (05:17)
- Arrests in a cyberattack on France's Interior Ministry which led to the breach of confidential documents (no ransom demanded).
- Further arrests on an Italian ferry after discovery of remote-access malware, suspected foreign interference under investigation.
US: Unlicensed Crypto Exchange Takedown (06:27)
Authorities dismantled ENote, accused of laundering $70M for cybercriminals. The FBI and partners seized infrastructure; operator Mikhailo Petrovich Chudnovets remains at large.

3. Zero-Day Exploits & Security Research

Sonicwall Zero-Day Attack (07:25)
Exploitation of a privilege escalation vulnerability in Sonicwall's SMA 1000; patches issued, CISA recommends urgency.
Zero Day Cloud Hacking Competition, London (08:02)
Researchers won $320K for cloud infrastructure exploits; 85% success rate, 11 zero-days found.

“Team Xcentcode won the competition with three successful exploits, earning $90,000.” (08:52, Dave Bittner) Notably, high-profile targets (Kubernetes, Docker, major webservers, AI) resisted all exploit attempts.

4. Policy & Data Security

Sen. Ron Wyden Urges Patient Control Over Health Records (09:30)
With data interoperability rules tightening, Wyden asked EHR vendors for stronger patient controls. Epic is responding with opt-out and privacy tracking features.

FEATURE INTERVIEW: Public Safety, Insider Risks & First Responder Challenges

Guest: Larry Zorio, CISO, Mark 43
Segment Starts: 12:17

Annual Cybersecurity Trends for Public Safety

Mark 43 releases a public safety-focused cybersecurity report annually, tracking breaches and challenges, often with a new emphasis (e.g., AI, access management) each year.

“We actually do a lot of tracking ourselves with different trends we see in the industry, especially breaches and attacks on government agencies. So this year was definitely focused... on AI… also access management.” (12:27, Larry Zorio)

Cybersecurity Gaps in Public Safety Agencies (13:08)

Most agencies, especially smaller ones, struggle with:
- Budget constraints and outdated, legacy systems
- Recruitment and retention of cybersecurity talent
“Many of these agencies are struggling with similar things that small businesses are struggling with... technology budgets, a lot of old legacy systems, trying to recruit and retain talent...” (13:13, Larry Zorio)

Key Report Findings (14:08)

98% of law enforcement now see cybersecurity as critical when evaluating technology—a big shift from five years ago, when on-premise control was the priority.

“If you were to ask that question five years ago...you would get a totally different answer... They understand that they need to level up.” (14:18, Larry Zorio)

Insider Threats in First Responder Agencies (15:06)

Agencies handle highly sensitive info (FBI data, warrants, medical info).
Legacy systems often lack basics like role-based access control or logging.
Zero trust adoption remains slow and uneven.

“They have a lot of legacy systems…that just don’t give them what we would consider…table stakes, right, like the role-based access control.” (15:23, Larry Zorio)

Access Control & Multi-Factor Authentication Challenges (16:19)

Many agencies struggle to implement MFA due to both technical and personnel limitations.
Legacy systems often lack detailed logging needed for monitoring.

“They're struggling with multi-factor authentication…finally starting to modernize…The other thing…I’ll mention today…they don’t even have the granularity that you’re looking for in an activity report.” (16:26, Larry Zorio)

Core Systems at Stake (17:54)

Critical systems include:
- 911 call taking and Computer-Aided Dispatch (CAD)
- Records Management Systems (RMS)—“where they live and breathe for 80, 90% of the day”
- License plate readers, analytics platforms
“There’s the 911 call taking system…records management systems, that is basically where they live and breathe…” (18:06, Larry Zorio)

AI and “Shadow AI” Concerns (19:27)

Emergence of “shadow AI”—employees using unauthorized AI tools.
Agencies look for state or federal guidance and push providers to build secure AI within approved systems.

“Many of them are aware that they are using these shadow it, these shadow AI tools and they are concerned about it.” (19:39, Larry Zorio)

The “Haves and Have Nots” Gap (20:44)

Large cities have cybersecurity resources; small towns might not even have an IT manager.
Some state governments offer shared services to help smaller agencies.

“It very much is a have and a have nots in this space. We do talk around, especially with those smaller agencies. A lot of states are actually offering these smaller agencies services.” (21:17, Larry Zorio)

Practical Recommendations (21:51)

Choose a security framework (NIST, ISO, CIS) to guide planning.
Use the framework to secure funding and grants, and build a roadmap for improvements.
Having a plan helps in advocating for resources with leadership.

“Just settle on a framework…find one that works for your agency…Having a framework…allows them to go to town leadership, city leadership, state leadership, and say, hey, we do have a plan…” (21:56, Larry Zorio)

Notable Quotes & Memorable Moments

“A near total majority, 98%, of law enforcement believe that cybersecurity is an important part of evaluating technology.” (14:10, Larry Zorio)
“Legacy systems… just don’t give them what we would consider…table stakes, like role-based access control.” (15:23, Larry Zorio)
“Even these legacy systems…they don’t even have the granularity that you’re looking for in an activity report…” (16:47, Larry Zorio)

Right to Repair Bounties (24:33)

Nonprofit Fulu pays for proof that users can regain control of DRM-locked, abandoned, or restricted devices—spotlighting ownership rights and legal barriers.

“Fulu now offers cash rewards for fixes that bypass DRM, expired software support or parts pairing schemes… fixing these devices can violate US Copyright law. Fulu pays anyway.” (24:40, Dave Bittner)

Timestamps for Important Segments

[03:35] HPE OneView vulnerability
[04:15] Cisco zero-day active exploitation
[04:58] Chrome emergency patch
[05:17] France: cyber arrests and foreign interference
[06:27] US: ENote unlicensed crypto exchange takedown
[07:25] Sonicwall zero-day
[08:02] Zero Day London hacking contest
[09:30] Sen. Wyden and EHR privacy
[12:17] Interview: Larry Zorio, insider threats in public safety
[14:08] Report findings (“98% of law enforcement…”)
[15:06] Insider threat discussion
[16:19] Access control/MFA challenges
[17:54] Core first responder systems
[19:27] Shadow AI concerns
[20:44] Resource gap between agencies
[21:51] Recommendations for public safety organizations
[24:33] Right to repair bounties

Summary Takeaways

Public safety agencies face unique cybersecurity obstacles but increasing awareness and shifting habits around modern security practices.
Insider threats and legacy technology are major weak points, especially outside major cities.
State and federal frameworks, planning, and funding grants are critical tools for progress.
In broader news, 2025 continues to see advanced persistent threats across high-profile vendors and infrastructure, with both law enforcement and security research driving progress (and payouts) on both defensive and offensive fronts.
Ongoing debates and action on digital ownership, repair rights, and health data privacy highlight the human side of these technical challenges.

CyberWire Daily: “OneView gives attackers the full tour.”

Date: December 18, 2025
Host: Dave Bittner (N2K Networks)
Guest: Larry Zorio, CISO, Mark 43

Overview

Key News and Analysis Segments

1. Critical Vulnerabilities & Software Updates

HPE OneView Maximum Severity Vulnerability (03:35)
Hewlett Packard Enterprise patched a severe remote code execution flaw in its OneView infrastructure management software, affecting all pre-version 11 releases. There are no mitigations—immediate patching is urged.

“Organizations are urged to patch immediately…no mitigations or workarounds are available.” (03:15, Dave Bittner)
Cisco Zero-Day Under Active Exploitation (04:15)
A Chinese state-linked threat group (UAT9686) is exploiting a zero-day in Cisco AsyncOS-based secure email gateway appliances, gaining root privileges. No patch or workaround is available; CISA added the flaw to its exploited vulnerabilities list.
Chrome Emergency Patch (04:58)
Google issued an emergency Chrome update for high-severity bugs (remote code execution). Users—including on Edge, Brave, Opera, Vivaldi—are urged to update immediately.

2. Law Enforcement & International Cybercrime

French Authorities: Arrests & Espionage (05:17)
- Arrests in a cyberattack on France's Interior Ministry which led to the breach of confidential documents (no ransom demanded).
- Further arrests on an Italian ferry after discovery of remote-access malware, suspected foreign interference under investigation.
US: Unlicensed Crypto Exchange Takedown (06:27)
Authorities dismantled ENote, accused of laundering $70M for cybercriminals. The FBI and partners seized infrastructure; operator Mikhailo Petrovich Chudnovets remains at large.

3. Zero-Day Exploits & Security Research

Sonicwall Zero-Day Attack (07:25)
Exploitation of a privilege escalation vulnerability in Sonicwall's SMA 1000; patches issued, CISA recommends urgency.
Zero Day Cloud Hacking Competition, London (08:02)
Researchers won $320K for cloud infrastructure exploits; 85% success rate, 11 zero-days found.

“Team Xcentcode won the competition with three successful exploits, earning $90,000.” (08:52, Dave Bittner) Notably, high-profile targets (Kubernetes, Docker, major webservers, AI) resisted all exploit attempts.

4. Policy & Data Security

Sen. Ron Wyden Urges Patient Control Over Health Records (09:30)
With data interoperability rules tightening, Wyden asked EHR vendors for stronger patient controls. Epic is responding with opt-out and privacy tracking features.

FEATURE INTERVIEW: Public Safety, Insider Risks & First Responder Challenges

Guest: Larry Zorio, CISO, Mark 43
Segment Starts: 12:17

Annual Cybersecurity Trends for Public Safety

Mark 43 releases a public safety-focused cybersecurity report annually, tracking breaches and challenges, often with a new emphasis (e.g., AI, access management) each year.

“We actually do a lot of tracking ourselves with different trends we see in the industry, especially breaches and attacks on government agencies. So this year was definitely focused... on AI… also access management.” (12:27, Larry Zorio)

Cybersecurity Gaps in Public Safety Agencies (13:08)

Most agencies, especially smaller ones, struggle with:
- Budget constraints and outdated, legacy systems
- Recruitment and retention of cybersecurity talent
“Many of these agencies are struggling with similar things that small businesses are struggling with... technology budgets, a lot of old legacy systems, trying to recruit and retain talent...” (13:13, Larry Zorio)

Key Report Findings (14:08)

98% of law enforcement now see cybersecurity as critical when evaluating technology—a big shift from five years ago, when on-premise control was the priority.

“If you were to ask that question five years ago...you would get a totally different answer... They understand that they need to level up.” (14:18, Larry Zorio)

Insider Threats in First Responder Agencies (15:06)

Agencies handle highly sensitive info (FBI data, warrants, medical info).
Legacy systems often lack basics like role-based access control or logging.
Zero trust adoption remains slow and uneven.

“They have a lot of legacy systems…that just don’t give them what we would consider…table stakes, right, like the role-based access control.” (15:23, Larry Zorio)

Access Control & Multi-Factor Authentication Challenges (16:19)

Many agencies struggle to implement MFA due to both technical and personnel limitations.
Legacy systems often lack detailed logging needed for monitoring.

“They're struggling with multi-factor authentication…finally starting to modernize…The other thing…I’ll mention today…they don’t even have the granularity that you’re looking for in an activity report.” (16:26, Larry Zorio)

Core Systems at Stake (17:54)

Critical systems include:
- 911 call taking and Computer-Aided Dispatch (CAD)
- Records Management Systems (RMS)—“where they live and breathe for 80, 90% of the day”
- License plate readers, analytics platforms
“There’s the 911 call taking system…records management systems, that is basically where they live and breathe…” (18:06, Larry Zorio)

AI and “Shadow AI” Concerns (19:27)

Emergence of “shadow AI”—employees using unauthorized AI tools.
Agencies look for state or federal guidance and push providers to build secure AI within approved systems.

“Many of them are aware that they are using these shadow it, these shadow AI tools and they are concerned about it.” (19:39, Larry Zorio)

The “Haves and Have Nots” Gap (20:44)

Large cities have cybersecurity resources; small towns might not even have an IT manager.
Some state governments offer shared services to help smaller agencies.

“It very much is a have and a have nots in this space. We do talk around, especially with those smaller agencies. A lot of states are actually offering these smaller agencies services.” (21:17, Larry Zorio)

Practical Recommendations (21:51)

Choose a security framework (NIST, ISO, CIS) to guide planning.
Use the framework to secure funding and grants, and build a roadmap for improvements.
Having a plan helps in advocating for resources with leadership.

“Just settle on a framework…find one that works for your agency…Having a framework…allows them to go to town leadership, city leadership, state leadership, and say, hey, we do have a plan…” (21:56, Larry Zorio)

Notable Quotes & Memorable Moments

“A near total majority, 98%, of law enforcement believe that cybersecurity is an important part of evaluating technology.” (14:10, Larry Zorio)
“Legacy systems… just don’t give them what we would consider…table stakes, like role-based access control.” (15:23, Larry Zorio)
“Even these legacy systems…they don’t even have the granularity that you’re looking for in an activity report…” (16:47, Larry Zorio)

Right to Repair Bounties (24:33)

Nonprofit Fulu pays for proof that users can regain control of DRM-locked, abandoned, or restricted devices—spotlighting ownership rights and legal barriers.

“Fulu now offers cash rewards for fixes that bypass DRM, expired software support or parts pairing schemes… fixing these devices can violate US Copyright law. Fulu pays anyway.” (24:40, Dave Bittner)

Timestamps for Important Segments

[03:35] HPE OneView vulnerability
[04:15] Cisco zero-day active exploitation
[04:58] Chrome emergency patch
[05:17] France: cyber arrests and foreign interference
[06:27] US: ENote unlicensed crypto exchange takedown
[07:25] Sonicwall zero-day
[08:02] Zero Day London hacking contest
[09:30] Sen. Wyden and EHR privacy
[12:17] Interview: Larry Zorio, insider threats in public safety
[14:08] Report findings (“98% of law enforcement…”)
[15:06] Insider threat discussion
[16:19] Access control/MFA challenges
[17:54] Core first responder systems
[19:27] Shadow AI concerns
[20:44] Resource gap between agencies
[21:51] Recommendations for public safety organizations
[24:33] Right to repair bounties

Summary Takeaways

Public safety agencies face unique cybersecurity obstacles but increasing awareness and shifting habits around modern security practices.
Insider threats and legacy technology are major weak points, especially outside major cities.
State and federal frameworks, planning, and funding grants are critical tools for progress.
In broader news, 2025 continues to see advanced persistent threats across high-profile vendors and infrastructure, with both law enforcement and security research driving progress (and payouts) on both defensive and offensive fronts.
Ongoing debates and action on digital ownership, repair rights, and health data privacy highlight the human side of these technical challenges.

Powered by Wave AI

Summary

CyberWire Daily: “OneView gives attackers the full tour.”

Overview

Key News and Analysis Segments

1. Critical Vulnerabilities & Software Updates

2. Law Enforcement & International Cybercrime

3. Zero-Day Exploits & Security Research

4. Policy & Data Security

FEATURE INTERVIEW: Public Safety, Insider Risks & First Responder Challenges

Annual Cybersecurity Trends for Public Safety

Cybersecurity Gaps in Public Safety Agencies (13:08)

Key Report Findings (14:08)

Insider Threats in First Responder Agencies (15:06)

Access Control & Multi-Factor Authentication Challenges (16:19)

Core Systems at Stake (17:54)

AI and “Shadow AI” Concerns (19:27)

The “Haves and Have Nots” Gap (20:44)

Practical Recommendations (21:51)

Notable Quotes & Memorable Moments

Right to Repair Bounties (24:33)

Timestamps for Important Segments

Summary Takeaways

Summary

CyberWire Daily: “OneView gives attackers the full tour.”

Overview

Key News and Analysis Segments

1. Critical Vulnerabilities & Software Updates

2. Law Enforcement & International Cybercrime

3. Zero-Day Exploits & Security Research

4. Policy & Data Security

FEATURE INTERVIEW: Public Safety, Insider Risks & First Responder Challenges

Annual Cybersecurity Trends for Public Safety

Cybersecurity Gaps in Public Safety Agencies (13:08)

Key Report Findings (14:08)

Insider Threats in First Responder Agencies (15:06)

Access Control & Multi-Factor Authentication Challenges (16:19)

Core Systems at Stake (17:54)

AI and “Shadow AI” Concerns (19:27)

The “Haves and Have Nots” Gap (20:44)

Practical Recommendations (21:51)

Notable Quotes & Memorable Moments

Right to Repair Bounties (24:33)

Timestamps for Important Segments

Summary Takeaways