Redacted realities: Inside the MoJ hack. - CyberWire Daily

Summary9 min read

CyberWire Daily: Redacted Realities – Inside the MoJ Hack (Released May 19, 2025)

Host: N2K Networks

In this episode of CyberWire Daily, hosted by N2K Networks, listeners are presented with an in-depth analysis of the recent cybersecurity incidents, followed by an insightful interview with Ian Tien, CEO of Mattermost. The episode delves into significant breaches affecting major organizations, highlights emerging threats, and explores the crucial role of collaboration in enhancing cybersecurity defenses.

1. UK Ministry of Justice Suffers Major Data Breach

The episode opens with a critical report on a substantial breach at the United Kingdom’s Ministry of Justice (MoJ). In April 2025, hackers infiltrated the Ministry’s systems, specifically targeting the Legal Aid Agency (LAA). The attackers successfully exfiltrated a wealth of sensitive personal data, including names, addresses, birth dates, national insurance numbers, criminal records, and financial details of Legal Aid applicants dating back to 2010.

Scale of the Breach: While the attackers claim to have accessed 2.1 million records, this figure remains unconfirmed. The breach was initially discovered on April 23 but its enormity only became apparent on May 16, leading to the LAA’s digital services being taken offline.
Attribution & Motive: Officials attribute the breach to longstanding vulnerabilities and mismanagement within the Ministry’s cybersecurity infrastructure. This incident follows a spate of cyberattacks on high-profile UK firms such as Ms. Coop and Dior, signaling potential systemic digital security weaknesses across the nation.
Hacker Group Involvement: BBC cybersecurity journalist Joe Tidey received a tip on Telegram from hackers claiming responsibility. These individuals, likely associated with the ransomware group Dragonforce, expressed frustration over Co-op’s refusal to pay the ransom, which they believe led to the public acknowledgment of the breach by Co-op.
Group Dynamics: Dragonforce, operating on a ransomware-as-a-service model, has recently rebranded as a cartel and has been active since 2023. Although linked to numerous attacks, its exact role in the recent MoJ breach remains unclear, with some experts suggesting involvement from other groups like the Spider Collective.

2. Mozilla Patches Critical JavaScript Engine Flaws in Firefox

In response to urgent security threats, Mozilla has rolled out an emergency update for Firefox to address two critical vulnerabilities within its JavaScript engine. Discovered by researchers from Palo Alto Networks and Trend Micro's Zero Day initiative, these flaws pertain to out-of-bounds read and write issues in JavaScript objects, which could allow remote code execution.

Exploitation Method: Attackers can exploit these vulnerabilities by directing users to malicious websites that require minimal interaction, thereby gaining potential control over affected systems.
Mozilla’s Response: The company has strongly urged all Firefox users to apply the updates immediately to safeguard against possible system compromises.

3. Georgia-Based Harbin Clinic Experiences Data Breach Affecting Over 200,000 Patients

A significant breach at Harbin Clinic, a healthcare provider in Georgia, has compromised the sensitive data of over 210,000 patients. The breach, linked to third-party vendors and managed by National Recovery Services (NRS), occurred in July 2024 but was only disclosed in May 2025.

Exposed Information: The compromised data includes names, addresses, Social Security numbers, birth dates, and financial account details, raising substantial concerns over identity theft and financial fraud.
Organizational Impact: Harbin Clinic, which operates multiple locations and employs over 1,400 staff, faces criticism for the delayed notification of affected individuals and the absence of credit monitoring services.

4. ServiceAid Data Leak Impacts Over 400 Catholic Health Patients

ServiceAid, a California-based enterprise solutions provider, reported an accidental exposure of an Elasticsearch database containing data of over 400 Catholic health patients. The exposure occurred between September 19 and November 5, 2024.

Data at Risk: The exposed information encompasses names, Social Security numbers, medical and insurance details, and login credentials. Although there is no evidence of data theft, ServiceAid cannot entirely dismiss the possibility.
Response Measures: Affected individuals are being offered 12 months of free identity protection services as a precautionary measure.

5. Researchers Highlight Increased Malicious Targeting of iOS Devices

A new report from Ximperium reveals a troubling rise in attacks targeting iOS devices, traditionally considered secure. Cybercriminals are leveraging tools like Trollstore and C Shell, alongside vulnerabilities such as Mac, Dirty Cow, and KFD, to bypass Apple’s security protocols.

Malicious Activities: Sideloaded and unvetted apps, appearing benign, can clandestinely exfiltrate data or compromise devices without detection.
Ximperium’s Findings: The research identified over 40,000 apps utilizing private entitlements and more than 800 apps accessing private APIs, posing significant threats to users and organizations, especially those in regulated sectors.
Defense Recommendations: Organizations are urged to implement stricter app vetting processes, monitor permissions diligently, and actively detect and mitigate sideloaded app threats.

6. ProColor Printer Malware Incident Uncovered

YouTuber Cameron Coward surfaced alarming news while reviewing a high-end ProColor inkjet printer priced at $6,000. During his review, his antivirus software detected malware on the included USB device, specifically a worm and a file infector named Floxif.

Manufacturer’s Response: ProColor initially dismissed these detections as false positives. However, further investigation by cybersecurity firm GData revealed the presence of malware, including a backdoor and a crypto-stealing Trojan dubbed Snipvex, in official ProColor software downloads.
Financial Impact: GData traced approximately $100,000 in stolen Bitcoin linked to the Snipvex Trojan.
Remediation Steps: ProColor has since acknowledged the possibility of malware introduction via USB devices and has cleaned up its software downloads. Experts recommend users to perform thorough system scans and consider full reinstallation if infection is detected.

7. Pupkin Stealer Targets Windows Systems

The newly identified malware, Pupkin Stealer, is an information-stealing tool written in C, first observed in April 2025. Despite its lightweight nature and lack of advanced evasion techniques, Pupkin Stealer effectively targets Windows systems to harvest:

Stolen Data: Browser credentials, messaging app sessions (e.g., Telegram), Discord desktop files, and screenshots.
Exfiltration Method: Utilizes Telegram’s bot API to blend stolen data within legitimate traffic, enabling stealthy transfers.
Operational Strategy: The malware compresses stolen data into a zip archive enriched with system metadata, operating without persistence mechanisms, indicative of a “quick hit and run” approach.
Distribution & Origin: Likely distributed via malware-as-a-service platforms, with potential ties to a developer known as Ardent, possibly of Russian origin. The malware underscores a trend of cybercriminals exploiting legitimate services like Telegram for clandestine operations, posing significant risks to e-commerce and individual users.

8. Alabama Man Sentenced for SIM Swap Attack on SEC’s Twitter Account

Eric Council Jr., a 25-year-old from Alabama, received a 14-month prison sentence for orchestrating a SIM swap attack that compromised the SEC’s X Twitter account.

Modus Operandi: In January 2024, Council utilized a fake ID to obtain a replacement SIM card linked to a government phone associated with the SEC account. He activated the card, retrieved a password reset code, and passed it to a co-conspirator.
Impact of the Attack: The hacker posted a fraudulent statement claiming SEC approval of Bitcoin ETFs, which temporarily spiked Bitcoin prices by over $1,000 before causing a $2,000 drop when the misinformation was debunked.
Legal Consequences: Council was compensated $50,000 for his involvement, to be forfeited. Additionally, he pleaded guilty to charges of identity theft and fraud and will undergo supervised release for three years post-incarceration, with imposed Internet restrictions.

9. Interview with Ian Tien, CEO of Mattermost: Enhancing Cybersecurity through Effective Collaboration

A significant portion of the episode features an interview with Ian Tien, CEO of Mattermost, conducted at the RSAC 2025 conference. The discussion centers around the pivotal role of collaboration in strengthening cybersecurity, especially within critical infrastructure sectors.

Key Insights from Ian Tien:

Importance of Collaboration: Tien emphasizes that effective communication is essential during mission-critical situations such as power outages, cyber breaches, or system outages. “If something has to work, it's got to be built in a certain way where you can communicate even in sort of unforeseen circumstances,” he states ([15:17]).
Real-World Application: Using the example of interconnected systems, Tien highlights the risks of relying solely on SaaS providers. He references the CrowdStrike outage, which disrupted airlines and communication systems, underscoring the necessity for mission-critical systems to have separate, resilient architectures ([15:48]).
Recent Events Reflection: Discussing the major power outage in Spain and Portugal, Tien notes the cascading effects on telecommunications and transportation. He states, “If your primary system is running on the electric grid that has the outage, you can’t communicate effectively,” underscoring the need for emergency contingency systems ([17:09]).
Common Misconceptions: Tien identifies a prevalent blind spot where organizations reactively use insecure communication channels during emergencies, leading to data leaks and compliance issues. “You’ve gone outside the main system for security, but now you’ve got all this information floating around on people's devices,” he explains ([18:04]).
Role of Open Source Software: Highlighting the flexibility and resilience of open-source solutions, Tien advocates for their use in critical infrastructure. “Mattermost being open source and being in control, having our customers in control,” he remarks, emphasizing the importance of transparency and adaptability in security protocols ([20:23]).
Recommendations for Organizations: Tien advises organizations to engage in tabletop exercises and leverage Mattermost’s open-source platform to build and maintain secure, resilient communication systems. He encourages adopting reference architectures and maintaining full visibility and control over their communication tools ([21:48]).
Final Thoughts: Tien concludes by reflecting on the shift towards digital sovereignty, asserting that while interdependence on SaaS services persists, organizations must retain elements of control over their critical systems to ensure security and operational integrity ([22:38]).

10. Pwn to Own Berlin 2025: Ethical Hackers Take Center Stage

Concluding the episode, the host reports on the Pwn to Own Berlin 2025 competition, a premier event celebrating the prowess of ethical hackers. Hosted by Trend Micro's Zero Day initiative, the event awarded over $1 million to researchers who uncovered 28 zero-day vulnerabilities across various technologies.

Notable Achievements:
- STAR Labs SG secured the largest single payout with a $320,000 reward for the first-ever VMware ESXi hack.
- AI Platforms: A novel inclusion in the competition, AI systems earned $140,000 for exposing vulnerabilities in tools like Nvidia's Triton inference server.
- Mozilla's Prompt Response: Mozilla swiftly addressed $50,000 worth of Firefox vulnerabilities by issuing patches on the same day.
Significance: The event underscored the indispensable role of ethical hacking in identifying and mitigating security flaws, fostering a proactive security culture in the digital realm.

Conclusion

This episode of CyberWire Daily provides a comprehensive overview of recent cybersecurity incidents affecting major institutions, highlights emerging threats and vulnerabilities, and underscores the importance of collaboration and ethical hacking in safeguarding digital infrastructures. Through detailed reporting and expert insights from Ian Tien, listeners gain a nuanced understanding of the evolving cybersecurity landscape and the strategies essential for resilience and protection.

Notable Quotes from the Episode:

Ian Tien on Collaboration: “If something has to work, it's got to be built in a certain way where you can communicate even in sort of unforeseen circumstances.” ([15:17])
On Open Source Importance: “Mattermost being open source and being in control, having our customers in control, they can see all our source code.” ([20:23])
On Strategic Foresight: “Until you're in an emergency, like very often you can't foresee it.” ([18:04])
On Digital Sovereignty: “The world is realizing that the cloud is a social construct created to trust operations and data to someone else's infrastructure.” ([22:38])

For more detailed insights and daily cybersecurity news, visit thecyberwire.com or subscribe to the CyberWire Daily podcast.

Loading summary

Transcript36 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. And now a word from our sponsor. Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate Darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire the UK's Ministry of Justice suffers a major breach. Mozilla patches two critical JavaScript engine flaws in Firefox. Over 200,000 patients of a Georgia based health clinic see their sensitive data exposed. Researchers track increased malicious targeting of iOS devices. A popular printer brand serves up malware. Pupkin stealer targets Windows systems.
[01:32]
Sponsor
An Alabama man gets 14 months in.
[01:34]
Dave Bittner
Prison for a SIM swap attack on the sec. Our guest is Ian Tien, CEO at Mattermost, sharing insights on enhancing cybersecurity through effective collaboration and ethical Hackers win the day at PWN to own Berlin Foreign May 19, 2025 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us. Happy Monday. It is great to have you with us as always. In the uk, hackers breached the Ministry of Justice's systems in April, stealing a significant amount of personal data from the Legal Aid agency. The stolen data may include names, addresses, birth dates, national insurance numbers, criminal records and financial details of Legal aid applicants since 2010. While the attackers claim to have accessed 2.1 million records, this figure is unconfirmed. The breach was discovered on April 23, but its scale became clear on May 16. The LAA's digital services were taken offline. Officials blame long standing vulnerabilities and mismanagement. The Ministry of Justice, working with national cybersecurity bodies, urges past applicants to stay vigilant for fraud. The breach follows a wave of recent cyberattacks on UK firms like ms.co op and Dior, raising concerns about systemic digital security failures. Meanwhile, BBC cybersecurity journalist Joe Tidey received a tip on telegram from hackers claiming responsibility for the cyber attacks on MNS and Co Op. Over a five hour exchange, they provided data samples confirming their involvement. The hackers, likely linked to the ransomware group Dragonforce, were frustrated that Co Op refused to pay the ransom after Tidy alerted Co Op the company acknowledged the breach publicly. Dragon Force operates a ransomware as a service model, offering tools and support to cybercriminals in exchange for a cut of ransoms. Recently rebranded as a cartel, the group has been active since 2023. Though linked to numerous attacks, it remained silent on the retail hacks, possibly due to ransom payments. Some experts suggest the broader scattered spider collective may be behind the campaign, but their exact role remains unclear. Mozilla has issued an emergency security update for Firefox to patch two critical JavaScript engine flaws that allow remote code execution. Discovered by security researchers from Palo Alto Networks and Trend Micro's Zero Day initiative, the vulnerabilities involve out of bounds read Write issues in JavaScript objects. Attackers can exploit them by luring users to malicious websites requiring minimal interaction. Mozilla urges users to update Firefox immediately to protect against potential system compromise. Over 210,000 patients of Georgia based Harbin Clinic had sensitive data exposed in a breach linked to third party vendors and national recovery services. The breach, which occurred In July of 2024, targeted NRS, a debt collection service provider for Harbin. However, Harbin only began notifying affected individuals in May of this year. Nearly 10 months later, exposed data includes names, addresses, Social Security numbers, birth dates and financial account details. The delay and the severity of the stolen information raise concerns about identity theft and financial fraud risks. Harbin recommends affected individuals monitor their financial accounts but has not confirmed offering credit monitoring services. The clinic, headquartered in Rome, Georgia, runs multiple locations statewide and employs over 1400 staff elsewhere. ServiceAid, a California based enterprise solutions provider, reported a data leak affecting over 400 Catholic health patients to the Department of Health and Human Services. The breach involved an Elasticsearch database that was accidentally exposed online from September 19 through November 5, 2024. While there's no evidence the data was stolen, ServiceAid can't rule it out. Exposed information includes names, Social Security numbers, medical and insurance details and login credentials. Affected individuals are being offered 12 months of free identity protection services. A new report from Ximperium warns that iOS devices, often seen as secure, are increasingly targeted through sideloaded and unvetted apps. Attackers exploit flaws in iOS using tools like Trollstore, C Shell and vulnerabilities such as Mac, Dirty Cow and KFD to bypass Apple's protections. These apps may appear benign but can exfiltrate data or compromise devices without detection. Ximperium found over 40,000 apps using private entitlements and over 800 using private APIs, posing serious risks. Organizations, especially in regulated sectors, should adopt stricter app vetting, monitor permissions and detect sideloaded apps. Zimperium urges proactive defenses to counter these threats. Just because an app runs on iOS doesn't mean it's safe. Its behavior and origin matter more than its appearance. If you've bought a UV inkjet printer from the brand procolored recently, you might want to scan your system for malware. YouTuber Cameron Coward, known for his DIY tech reviews, first raised the alarm while reviewing a $6,000 printer. His antivirus flagged threats on the included USB device, specifically a worm, and Floxif, a file infector. When procolord dismissed this as a false positive, Coward turned to Reddit, catching the attention of cybersecurity firm GData. Their investigation found malware including a backdoor and a crypto stealing Trojan called Snipvex, in official Pro colored software downloads. GData traced around $100,000 in stolen Bitcoin linked to Snipvex. ProColor later admitted malware might have been introduced via USB and has since cleaned up its downloads. Experts now urge users to scan their systems and consider full reinstallation if infected. Pupkin Stealer is a newly discovered information stealing malware written in C and first observed in April of this year. Lightweight and lacking advanced evasion tactics, it targets Windows systems to steal browser credentials, messaging app sessions like Telegram, and Discord desktop files and screenshots. The malware exfiltrates data using Telegram's bot API, allowing it to hide within legitimate traffic. Despite its simplicity, pupkinstealer is effective, compressing stolen data into a zip archive enriched with system metadata. It operates without persistence mechanisms, suggesting a quick hit and run strategy. Researchers believe it may be distributed via malware as a service and linked to a developer using the alias Ardent, possibly of Russian origin, The malware highlights a growing trend of cybercriminals exploiting legitimate services like Telegram or for stealthy attacks posing risks to e commerce and individual users alike. Eric Council Jr. A 25 year old from Alabama, has been sentenced to 14 months in prison for a SIM swap attack that compromised the SEC's X Twitter account. In January of 2024, Mr. Counsel used a fake ID to obtain a replacement SIM card tied to a government phone linked to the SEC account. He then activated the card, retrieved a password reset code and passed it to a co conspirator. The hacker posted a false statement claiming SEC approval of Bitcoin ETFs, briefly spiking Bitcoin prices by over $1,000 before a $2,000 drop when the post was debunked. Counsel, who was paid $50,000 for his role, pleaded guilty to identity theft and fraud. He must also forfeit the payment and will be on supervised release for three years post prison with Internet restrictions. Coming up after the break, my conversation with Ian Tien, CEO at Mattermost, sharing insights on enhancing cybersecurity through effective collaboration and ethical hackers Win the day at PWN to own BERLIN Stay with U.S.
[11:46]
Sponsor
Compliance regulations, third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you've ever found yourself drowning in spreadsheets, chasing down screenshots or wrangling manual processes just to keep your GRC program on track, you're not alone. But let's be clear, there is a better way. Banta's trust management platform takes the headache out of governance, risk and compliance. It automates the essentials from internal and third party risk to consumer trust, making your security posture stronger, yes, even helping to drive revenue. And this isn't just nice to have. According to a recent analysis from IDC, teams using Vanta saw a 129% boost in productivity. That's not a typo, that's real impact. So if you're ready to trade in chaos for clarity, check out Vanta and bring some serious efficiency to your GRC game. Vanta GRC how much easier trust can be? Get started@vanta.com Cyber.
[13:04]
Dave Bittner
Worried about cyber attacks? Cybercare from Storm Guidance is a comprehensive cyber incident response and resilience service that helps you stay prepared and protected. A unique onboarding process integrates your team with industry leading experts so if an incident occurs, your response is optimal. Get priority access to deeply experienced responders, digital investigators, legal and crisis PR experts, ransom negotiators, trauma counselors, and much more. The best part? 100% of unused response time can be repurposed for a range of proactive resilience activities. Find out more at Cyber Care Cyberwire. Ian Tien is CEO at Mattermost. I caught up with him on the show floor of the RSAC 2025 conference. In today's sponsored Industry Insights segment, he shares insights on enhancing cybersecurity through effective.
[14:14]
Ian Tien
Collaboration and I am pleased to be joined here at RSAC 2025 with Ian Tien. He is the CEO of Mattermost. Welcome. Thanks for joining us here today.
[14:26]
Thank you so much.
[14:27]
Well, before we dig into our topic here, what is your impression of the show so far? Hasn't been open very long, but there's certainly a Lot of energy here on the show floor.
[14:38]
Yeah, it's fantastic. So seeing a lot of old friends, making new friends. Just love the energy of show. Love the, it's, everyone's got, you know, the late night events and the sort of early morning coffee. So everyone's, everyone's being a champ here. It's excellent.
[14:49]
So for folks who aren't familiar with the company, can you give us a brief description what you all do at Mattermost?
[14:55]
Excellent. So Mattermost is a secure communications and workflow solution for critical infrastructure. So think about anything you need in daily life. You need energy, you need security, you need defense, you need manufacturing. All those critical infrastructure industries need a different type of workflow and collaboration. And that's what we provide.
[15:12]
Well, let's talk about collaboration. Why is that so critical to the folks that you're helping out?
[15:17]
So if you have a mission critical situation, you have to run if the power is out, you have to run if the Internet is out, if you go down then, or if you're breached or you have an outage, then there's follow on effects for other systems and for society in general. So you know, if something has to work it's got to be built in a certain way where you can communicate even in sort of unforeseen circumstances.
[15:39]
Well help me understand how that plays out in the real world. Can you give us an example of how that collaborative network would apply in the real world?
[15:49]
Yeah, absolutely. So a lot of things right now are very interconnected, right. We've kind of moved to a software as a service and sort of international view and saying hey we're going to work with all of all these different SaaS providers and it's great because it's more efficient and you have like bigger security teams in these systems. But what happens is there can be outages of those systems and there's is downstream everyone's affected one if one system goes down, you know, all these other sort of like topple as well, then it becomes a real issue. And if you're mission critical you can't take that risk. I think everyone remembers the crowdstrike outage, you know last year which dot down airlines and you know all these display systems and communication systems. So, so that's an example. If you take critical infrastructure and if it stops working, you know like people can't move, you know, first responders can't act. So mission critical systems need a separate architecture. Very often on premise or managed by a partner that says hey this is if this main system goes down or is Breached, I can still operate and I can still respond to that emergency.
[16:49]
Well, I mean, speaking of which is, we're recording here today, just yesterday, major power outage in Spain and Portugal. Turns out it was not a cyber attack, but the downstream effects of something like that were really clear. There was telecommunications and travel and all those sorts of things. When you look at an event like that, what are your thoughts?
[17:10]
Yeah, absolutely. So we serve the energy space and very often you'll have electric utilities that have, you know, they'll use a prime, a general collaboration solution to like, oh, coordinate and hear some PowerPoint presentations and that's all fine. When there's a critical incident, it's the frontline workers, it's the senior managers and even the C suite that get real time updates that can marshal, marshal resources across the enterprise to really respond to that outage. And you can't do that if your primary system is running on the electric grid that has the outage. So you know, there's going to be the primary and then there's going to be these emergency alternate contingency systems. And that's part of a mature critical infrastructure organization is going to have that across the world. Here in the US domestically as well as international.
[17:55]
Are there common misconceptions or shortcomings that you run into when you're working with people? Is it fair to call them blind spots?
[18:04]
Yeah, so some folks, it's really about strategic, strategic foresight. It's like until you're in an emergency, like very often you can't foresee it. Right. So there's this concept of tabletopping your security procedures. You're saying, okay, here's a, here's a table. We're going to imagine what happens if certain things come to pass. And now you have to tabletop. Well, what happens if our primary communication system is breached or it has an intrusion? And what typically happens is you go on WhatsApp or you go on signal and you're like, okay, we have to respond. We can't use the primary system there. It has a potential intrusion. Let's take screenshots of our logs. Let's go use these systems to chat and communicate and get on calls. And what happens is, you know, you, you hopefully solve the solution. But you've gone, you've gone outside the main system for security, but now you've got all this information floating around on people's devices. If they leave your organization, there it goes. You might be secure, maybe it's got end in encryption, but it's not compliant because you have the data that's going to move around no longer under enterprise control. So those are kind of the blind spots and people and they're saying, okay, they don't see it until it actually happens. They don't see it until the primary system is compromised. And now they've got, they've got, you know, an emergency situation and there's had, they have a to do list of like, okay, we need to not do that in future, we need a secondary system, we need an emergency comms. And that's where, that's how this, this kind of space evolves. It's like, you know the, the saying is it's really the battle so scars that you have that really shape a lot of the critical destruction in the world.
[19:30]
Right, right, right. What's that old saying about calm seas don't make good sailors? Have you heard that one?
[19:37]
Yeah.
[19:37]
Well, and for you all, collaboration is not just the tools that you're providing for people. I mean you all collaborate with some of the biggest, most well known names in cyber.
[19:48]
Yeah, absolutely. So a lot of, we don't talk very, we work with a lot of nationalists to security and critical infrastructure. So a lot of the organizations that respond to critical incidents, that set policies that are really, it's really important for them to always be running. And also another aspect is to have complete privacy on their information. So we absolutely work with some of the largest, most important organizations in the world and it's so important for them to be able to operate and have full control of their communications and data and workflow.
[20:19]
Is there a part for things like open source software to play in this equation?
[20:24]
Yeah, absolutely. So open source is so important what we do because of its ability to adapt to any situation as well as be resilient and independent. So right now it's April 2025 and there's tabletopping right now happening around the world. I came from Tokyo, I came from Singapore, I'm in DC and there's table topping of world. What happens if we have supply chain disruption in our digital services? What if there's some ruling, you know, whether it's, you know, in different regulations that say hey, we actually have to be sovereign, how could we be sovereign? How do we have a supply chain that we operate that's going to be resilient for us? So matter most being open source and being in control, having our customers in control, they can see all our source code. They can, they can scan everything and understand hey, this is going to work, work for us no matter what is critically important. A lot. There's sort of this. The pendulum has kind of swung to more sovereignty and there's a mix. There's always going to be interdependence and SaaS services, but there's got to be a portion that you have full control over.
[21:23]
Right, right. And that visibility that you provide them with gives, I suppose, gives them a level of confidence they can trust. But verify.
[21:32]
Yes, and verify. To trust.
[21:36]
Yeah, yeah. What are your recommendations for people who are beginning this journey? They know this is something they need to pay more attention to. Maybe it's a little intimidating. What's the best place to begin?
[21:49]
Yeah, I think really, you know, it's table topping. Mattermost is open source. We've got our documentation fully open. We can show you reference architectures. You might use a reference architecture, you might use some other product, that's totally fine. Our biggest concern, competitor is actually custom built systems for defense and government, you know, for specific nations. And what we do is say you can build it yourself or you can use our platform, which is open source, which is highly configurable and maintained. We'll stand behind it. We're doing CVEs, we're doing catching and we have a roadmap that constantly delivers value. But the reference architecture and how you lay out your system for critical infrastructure can be used by anyone. So you can check out Mattermost, you can check out our open source code, you can decide if you want to buy or if you want to build.
[22:30]
Okay. All right, well, I think I have everything I need for our story here. Is there anything I missed, anything I haven't asked you that you think it's important to share?
[22:38]
Yeah, thanks. I think one realization that we've seen with our communities around the world is that all software is on premise and the cloud is a social construct created to trust operations and data to someone else's infrastructure. Okay, so the world is kind of realizing that and you're saying, okay, well, how do I think about, you know, the portion of my world which is outsourced in SaaS, which is fine, but everyone needs that portion that they have full control over. So I'll leave you with that idea is that, you know, this is the way that the world is going and I don't know if we're ever going to fully go back to 100% trust in outsourcing the complete systems for critical infrastructure structure.
[23:19]
Dave Bittner
Oh, interesting.
[23:20]
Ian Tien
All right, well Ian, thank you so much for taking the time for us today.
[23:23]
Dave Bittner
Yeah, thank you so much.
[23:24]
Ian Tien
It's a pleasure.
[23:26]
Dave Bittner
That's Ian Tien, CEO at Mattermost and finally at pwn to own Berlin 2025 Cybersecurity talent took center stage with over $1 million awarded to ethical hackers who uncovered 28 zero day vulnerabilities across a broad spectrum of technologies. Hosted by Trend Micro's Zero Day initiative, the event celebrated the skills of white hat researchers who earned $1,078,750 for exploits targeting systems from AI platforms to virtualization software. Making history STAR Labs SG scored the competition's largest single payout for the first ever VMware ESXi hack. They ultimately walked away with $320,000 and the win AI was featured for the first time with $140,000 awarded for hacks on tools like Nvidia's Triton inference server. Mozilla responded swiftly to $50,000 worth of Firefox vulnerabilities, issuing patches the same day. The event was a powerful reminder of the value and necessity of ethical hacking in today's digital world. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show every week. You can find Grumpy Old Geeks, where all the fine podcasts are listed. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. Were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilby is our publisher and I'm Dave Buettner. Thanks for listening. We'll see you back here tomorrow. Hey everybody, Dave here. I've talked about Delete Me before and I'm still using it because it still works. It's been a few months now, and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved, knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees, personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal. 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.