CyberWire Daily — "Stomping out critical bugs"

Date: November 6, 2025
Host: Dave Bittner (N2K Networks)
Featured Guest: Dr. Sasha O’Connell, Senior Director for Cybersecurity Programs at Aspen Digital

Episode Overview

This episode of CyberWire Daily delivers key cybersecurity news, focusing on major vulnerabilities, government cybersecurity staffing turmoil, nation-state cyber operations, and critical insights from Dr. Sasha O’Connell on the evolution and future of cyber policy. The program highlights the growing professionalization of cybercriminal services and concludes with a sharp critique of Meta’s priorities around scam advertising.

Key News Highlights

1. Cisco Patches Critical Bugs

[00:44] Cisco rapidly patched two dangerous vulnerabilities in its Unified Contact Center Express software.
- Most Severe Flaw: Java Remote Method Invocation process enabled remote unauthenticated command execution with root privileges.
- Discovery: “Researcher Jamel Harris discovered the issue, which Cisco attributed to improper authentication mechanisms.”
- Action: Cisco urges immediate upgrades, though no current evidence of exploitation was reported.
Secondary Bug: The UCCX Editor app allowed attackers to bypass authentication and run scripts with admin permissions.
Related Issue: A high-severity denial-of-service bug also fixed in Cisco Identity Services Engineering.

2. CISA Layoffs Amid Legal Uncertainty

[01:35] DHS is proceeding with 54 layoffs at CISA’s stakeholder engagement division, despite a federal injunction on broader workforce reductions.
- Reasoning: CISA claims the affected employees are not union-represented and outside the injunction’s protections.
- Impact: Staff losses in partnership, international, and academic outreach roles.
- Silence: “The agency declined to comment further, citing ongoing litigation.”

3. Active Exploitation of Linux Server Management Tool

[02:10] CISA warns of ongoing exploitation of a critical command injection vulnerability in Control Web Panel (formerly CentOS Web Panel), affecting over 220,000 instances.
- CVSS Score: 9.0 — enables attackers to execute shell commands remotely.
- Finding: “Researcher Maxime Renaudo found the issue... which improperly processes unsanitized input through the CHMOD commands.”
- Recommendation: Immediate patching and restriction to trusted networks.

4. Return of Gootloader Malware

[03:16] Gootloader operation resumes after a 7-month hiatus, using SEO poisoning to lure victims with fake legal templates.
- Tactics: Malicious JavaScript, clever evasion with custom web fonts, malformed zip archives.
- Payloads: Cobalt Strike, various backdoors, leading frequently to ransomware.
- Warning: “Affiliate security experts warn users to avoid downloading templates from unverified websites.”

5. Major Breach at South Korean Telecom KT

[04:43] KT allegedly concealed a malware incident affecting 43 servers, exposing customer and payment data.
- Investigation: Ongoing, potential legal and data protection fallout for the company.

6. Sandworm’s Destructive Attacks on Ukraine

[05:23] Russian APT Sandworm (APT44) launched multiple wiper attacks on Ukrainian institutions in June and September, targeting grain, energy, and logistics sectors.
- Tactics: Wipers like ZeroLot, Sting, and parallels drawn to Iranian-linked wiper activity against Israel.
- Analysis: “ESET says the inclusion of Ukraine’s grain industry, a vital source of national revenue, suggests an intent to damage the country’s wartime economy.”
- Recommendation: Offline backups and robust endpoint protection.

7. China Cracks Down on Scam Compounds

[06:34] Shenzhen court sentences five crime syndicate leaders to death for running massive online fraud operations from compounds on the Myanmar border.
- Impact: $4 billion defrauded, 41 criminal parks implicated, numerous Chinese victims.
- Context: “The scam operations also caused at least six deaths, underscoring Myanmar’s central role in global online fraud networks.”

Featured Interview: Dr. Sasha O’Connell on 10 Years of Cyber Policy Progress

[12:44-19:44]

The Aspen Cyber Summit at a Decade

Mission: “In cyber, we always talk about public-private partnerships being at the core of our ability to address the threat. And at Aspen Cyber, that was... the nascent idea: create that space in a trusted environment.” — Dr. Sasha O’Connell [12:52]
Events: US and Global Cyber Groups convene leaders under Chatham House rules; annual summit “open[s] our doors to the public... our event has been called the Coachella of the cyber policy world.” [13:32]
Tone: Balances serious industry policy with energy and accessibility.

Dr. O’Connell’s Public Service Background

[14:39] “I spent just shy of 15 years at the FBI... not as an agent or intel analyst, but as a MAPA — a management and program analyst... ultimately on interagency policy as it relates to tech and cyber policy.” — Dr. Sasha O’Connell

Aspen Digital’s Policy Priorities

[15:30]

Offensive Cyber Operations:
- Exploring strategic, policy, and liability implications of more assertive government cyber action.
- Active convening of expert opinions following the Trump administration’s increased focus.
- “A lot of former public sector leaders as well as private sector leaders, civil society and academics... What advice do folks have? What have they seen in this area?” — Dr. O’Connell
Devolving Cybersecurity to States:
- Responding to an executive order pushing cyber responsibility to state/local levels.
- “What does it mean to move responsibility back to the states, if you will? What are best practices, challenges, and how do we help inform that?” — Dr. O’Connell
Public Education Campaigns:
- “Take Nine” campaign (in partnership with Craig Newmark Philanthropies): Encourages pausing for nine seconds to prevent impulsive actions and scams.
- “We say in cyber, creating friction... asking humans to literally slow down for nine seconds. That nine seconds, it turns out science has told us, helps move us from reacting to responding...” — Dr. O’Connell [16:46]

On Offensive Cyber Policy

[17:59]

Industry and Policy Uncertainty:
- “It’s a complicated area... much of the critical infrastructure... is owned in the private sector. This idea of offensive operations and the private sector’s role... These are all open questions.” — Dr. O’Connell [18:27]
- Balancing offense with resilient defense is essential: “There’s also a point of view that we shouldn’t solely focus on offense... a good defense, ultimately, being really key to a good offense.”
- Notable recent writing by Shawn Joyce on this topic at Aspen Digital.

Cybercrime-as-a-Service & Rising Accessibility

[09:34] Trevor Hilligoss (SpyCloud) Interview Recap:
- “Instead of having... a smaller pool of high sophistication actors... we see that being given to much lower sophistication, lower tech folks... The person that’s buying access to this, they basically need a phone and a bitcoin wallet.” — Trevor Hilligoss

Big Tech’s Role in Online Fraud: Meta Scandal

[19:45] Meta reportedly derived 10% of 2024 revenue from scam ads and banned goods.
- “Rather than ban those advertisers outright, Meta often just charged them more, a sort of fraudster surcharge for the privilege of duping users.”
- Internal slides admitted Meta “had become a pillar of the global fraud economy.”
- Sharp tone: “Not to worry, Meta promises it’s working on it — just slowly enough not to upset those quarterly earnings.”

Notable Quotes & Memorable Moments

On Public-Private Collaboration:
- “In cyber, we always talk about public-private partnerships being at the core of our ability to address the threat.” — Dr. Sasha O’Connell [12:52]
On Cybercrime Enablement:
- “The person that’s buying access to this, they basically need a phone and a bitcoin wallet.”
  — Trevor Hilligoss [09:59]
On Meta’s Moral Calculus:
- “Internal slides admitted Meta’s platforms had become a pillar of the global fraud economy.” — Dave Bittner [19:45]
On Defensive Resilience:
- “A good defense, ultimately, being really key to a good offense.”
  — Dr. Sasha O’Connell [18:58]

Important Segment Timestamps

| Segment | Topic | Timestamp | |-------------------------------|---------------------------------------------------|---------------| | Opening News | Cisco, CISA layoffs, Gootloader, Sandworm | 00:44–09:34 | | Cybercrime-As-A-Service | SpyCloud’s Trevor Hilligoss brief | 09:34–11:04 | | Dr. Sasha O’Connell Interview | Aspen Cyber Summit, cyber policy, public ed | 12:44–19:44 | | Meta Ad Fraud | Critique of Meta’s tolerance for scammy ads | 19:45–20:45 |

Summary

This episode provides an incisive roundup of the week’s cybersecurity landscape, from major vendor vulnerabilities and covert cybercrime infrastructure to the moral hazards of big tech. Dr. Sasha O’Connell traces ten years of growth in public-private partnership and policy development and offers a clear-eyed assessment of offensive cyber’s promises and pitfalls. The show closes with unflinching commentary on Meta’s complicity in scam ad revenue, highlighting ongoing challenges at the intersection of technology, policy, and ethics.

CyberWire Daily — "Stomping out critical bugs"

Date: November 6, 2025
Host: Dave Bittner (N2K Networks)
Featured Guest: Dr. Sasha O’Connell, Senior Director for Cybersecurity Programs at Aspen Digital

Episode Overview

Key News Highlights

1. Cisco Patches Critical Bugs

[00:44] Cisco rapidly patched two dangerous vulnerabilities in its Unified Contact Center Express software.
- Most Severe Flaw: Java Remote Method Invocation process enabled remote unauthenticated command execution with root privileges.
- Discovery: “Researcher Jamel Harris discovered the issue, which Cisco attributed to improper authentication mechanisms.”
- Action: Cisco urges immediate upgrades, though no current evidence of exploitation was reported.
Secondary Bug: The UCCX Editor app allowed attackers to bypass authentication and run scripts with admin permissions.
Related Issue: A high-severity denial-of-service bug also fixed in Cisco Identity Services Engineering.

2. CISA Layoffs Amid Legal Uncertainty

[01:35] DHS is proceeding with 54 layoffs at CISA’s stakeholder engagement division, despite a federal injunction on broader workforce reductions.
- Reasoning: CISA claims the affected employees are not union-represented and outside the injunction’s protections.
- Impact: Staff losses in partnership, international, and academic outreach roles.
- Silence: “The agency declined to comment further, citing ongoing litigation.”

3. Active Exploitation of Linux Server Management Tool

[02:10] CISA warns of ongoing exploitation of a critical command injection vulnerability in Control Web Panel (formerly CentOS Web Panel), affecting over 220,000 instances.
- CVSS Score: 9.0 — enables attackers to execute shell commands remotely.
- Finding: “Researcher Maxime Renaudo found the issue... which improperly processes unsanitized input through the CHMOD commands.”
- Recommendation: Immediate patching and restriction to trusted networks.

4. Return of Gootloader Malware

[03:16] Gootloader operation resumes after a 7-month hiatus, using SEO poisoning to lure victims with fake legal templates.
- Tactics: Malicious JavaScript, clever evasion with custom web fonts, malformed zip archives.
- Payloads: Cobalt Strike, various backdoors, leading frequently to ransomware.
- Warning: “Affiliate security experts warn users to avoid downloading templates from unverified websites.”

5. Major Breach at South Korean Telecom KT

[04:43] KT allegedly concealed a malware incident affecting 43 servers, exposing customer and payment data.
- Investigation: Ongoing, potential legal and data protection fallout for the company.

6. Sandworm’s Destructive Attacks on Ukraine

[05:23] Russian APT Sandworm (APT44) launched multiple wiper attacks on Ukrainian institutions in June and September, targeting grain, energy, and logistics sectors.
- Tactics: Wipers like ZeroLot, Sting, and parallels drawn to Iranian-linked wiper activity against Israel.
- Analysis: “ESET says the inclusion of Ukraine’s grain industry, a vital source of national revenue, suggests an intent to damage the country’s wartime economy.”
- Recommendation: Offline backups and robust endpoint protection.

7. China Cracks Down on Scam Compounds

[06:34] Shenzhen court sentences five crime syndicate leaders to death for running massive online fraud operations from compounds on the Myanmar border.
- Impact: $4 billion defrauded, 41 criminal parks implicated, numerous Chinese victims.
- Context: “The scam operations also caused at least six deaths, underscoring Myanmar’s central role in global online fraud networks.”

Featured Interview: Dr. Sasha O’Connell on 10 Years of Cyber Policy Progress

[12:44-19:44]

The Aspen Cyber Summit at a Decade

Mission: “In cyber, we always talk about public-private partnerships being at the core of our ability to address the threat. And at Aspen Cyber, that was... the nascent idea: create that space in a trusted environment.” — Dr. Sasha O’Connell [12:52]
Events: US and Global Cyber Groups convene leaders under Chatham House rules; annual summit “open[s] our doors to the public... our event has been called the Coachella of the cyber policy world.” [13:32]
Tone: Balances serious industry policy with energy and accessibility.

Dr. O’Connell’s Public Service Background

[14:39] “I spent just shy of 15 years at the FBI... not as an agent or intel analyst, but as a MAPA — a management and program analyst... ultimately on interagency policy as it relates to tech and cyber policy.” — Dr. Sasha O’Connell

Aspen Digital’s Policy Priorities

[15:30]

Offensive Cyber Operations:
- Exploring strategic, policy, and liability implications of more assertive government cyber action.
- Active convening of expert opinions following the Trump administration’s increased focus.
- “A lot of former public sector leaders as well as private sector leaders, civil society and academics... What advice do folks have? What have they seen in this area?” — Dr. O’Connell
Devolving Cybersecurity to States:
- Responding to an executive order pushing cyber responsibility to state/local levels.
- “What does it mean to move responsibility back to the states, if you will? What are best practices, challenges, and how do we help inform that?” — Dr. O’Connell
Public Education Campaigns:
- “Take Nine” campaign (in partnership with Craig Newmark Philanthropies): Encourages pausing for nine seconds to prevent impulsive actions and scams.
- “We say in cyber, creating friction... asking humans to literally slow down for nine seconds. That nine seconds, it turns out science has told us, helps move us from reacting to responding...” — Dr. O’Connell [16:46]

On Offensive Cyber Policy

[17:59]

Industry and Policy Uncertainty:
- “It’s a complicated area... much of the critical infrastructure... is owned in the private sector. This idea of offensive operations and the private sector’s role... These are all open questions.” — Dr. O’Connell [18:27]
- Balancing offense with resilient defense is essential: “There’s also a point of view that we shouldn’t solely focus on offense... a good defense, ultimately, being really key to a good offense.”
- Notable recent writing by Shawn Joyce on this topic at Aspen Digital.

Cybercrime-as-a-Service & Rising Accessibility

[09:34] Trevor Hilligoss (SpyCloud) Interview Recap:
- “Instead of having... a smaller pool of high sophistication actors... we see that being given to much lower sophistication, lower tech folks... The person that’s buying access to this, they basically need a phone and a bitcoin wallet.” — Trevor Hilligoss

Big Tech’s Role in Online Fraud: Meta Scandal

[19:45] Meta reportedly derived 10% of 2024 revenue from scam ads and banned goods.
- “Rather than ban those advertisers outright, Meta often just charged them more, a sort of fraudster surcharge for the privilege of duping users.”
- Internal slides admitted Meta “had become a pillar of the global fraud economy.”
- Sharp tone: “Not to worry, Meta promises it’s working on it — just slowly enough not to upset those quarterly earnings.”

Notable Quotes & Memorable Moments

On Public-Private Collaboration:
- “In cyber, we always talk about public-private partnerships being at the core of our ability to address the threat.” — Dr. Sasha O’Connell [12:52]
On Cybercrime Enablement:
- “The person that’s buying access to this, they basically need a phone and a bitcoin wallet.”
  — Trevor Hilligoss [09:59]
On Meta’s Moral Calculus:
- “Internal slides admitted Meta’s platforms had become a pillar of the global fraud economy.” — Dave Bittner [19:45]
On Defensive Resilience:
- “A good defense, ultimately, being really key to a good offense.”
  — Dr. Sasha O’Connell [18:58]

Stomping out critical bugs.

Powered by Wave AI

Summary

CyberWire Daily — "Stomping out critical bugs"

Episode Overview

Key News Highlights

1. Cisco Patches Critical Bugs

2. CISA Layoffs Amid Legal Uncertainty

3. Active Exploitation of Linux Server Management Tool

4. Return of Gootloader Malware

5. Major Breach at South Korean Telecom KT

6. Sandworm’s Destructive Attacks on Ukraine

7. China Cracks Down on Scam Compounds

Featured Interview: Dr. Sasha O’Connell on 10 Years of Cyber Policy Progress

The Aspen Cyber Summit at a Decade

Dr. O’Connell’s Public Service Background

Aspen Digital’s Policy Priorities

On Offensive Cyber Policy

Cybercrime-as-a-Service & Rising Accessibility

Big Tech’s Role in Online Fraud: Meta Scandal

Notable Quotes & Memorable Moments

Important Segment Timestamps

Summary

Summary

CyberWire Daily — "Stomping out critical bugs"

Episode Overview

Key News Highlights

1. Cisco Patches Critical Bugs

2. CISA Layoffs Amid Legal Uncertainty

3. Active Exploitation of Linux Server Management Tool

4. Return of Gootloader Malware

5. Major Breach at South Korean Telecom KT

6. Sandworm’s Destructive Attacks on Ukraine

7. China Cracks Down on Scam Compounds

Featured Interview: Dr. Sasha O’Connell on 10 Years of Cyber Policy Progress

The Aspen Cyber Summit at a Decade

Dr. O’Connell’s Public Service Background

Aspen Digital’s Policy Priorities

On Offensive Cyber Policy

Cybercrime-as-a-Service & Rising Accessibility

Big Tech’s Role in Online Fraud: Meta Scandal

Notable Quotes & Memorable Moments

Important Segment Timestamps

Summary