A

You're listening to the Cyberwire Network powered by N2K.

B

At Talas, they know cybersecurity can be tough and you can't protect everything. But with Thales, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Talas to protect what matters most applications, data and identity. That's Talas T H A L E S. Learn more@talasgroup.com cyber Cisco patches critical vulnerabilities in its Unified Contact Center Express software CISA lays off 54 employees despite a federal court order halting workforce reductions GOOT loader malware returns A South Korean telecom is accused of concealing a major malware breach Russia's Sandworm launches multiple wiper attacks against Ukraine China hands out death sentences to scam compound kingpins. My guest is Dr. Sasha O', Connell, senior director for Cybersecurity Programs at ASPEN Digital and Meta's moral compass points to profit it's Thursday, November 6, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great to have you with us. Cisco has issued patches for two critical vulnerabilities in its Unified Contact Center Express software that could allow remote attackers to gain full control of affected systems. The most severe flaw was found in the platform's Java Remote method invocation process and enables unauthenticated command execution with root privileges. Researcher Jamel Harris discovered the issue, which Cisco attributed to improper authentication mechanisms. A separate critical flaw in the UCCX Editor app could let attackers bypass authentication and run arbitrary scripts with admin permissions by directing login requests to a malicious server. Cisco urges customers to upgrade immediately, though it reports no active exploitation. The company also patched a related high severity denial of service bug in Cisco Identity Services Engineering. The Department of Homeland Security is moving forward with layoffs at CISA despite a federal court order temporarily halting some government wide workforce reductions during the shutdown. In a legal filing, Acting Director Madhu Gatumkala said 54 employees in CISA's stakeholder engagement division received reduction in force notices on October 11 before the injunction was issued. CISA says they maintain compliance with the order, arguing the affected employees are not represented by unions covered under the ruling. The cuts impact staff in partnership, international and academic outreach roles. While the injunction bars layoffs in competitive areas with union members. CISA contends its planned reductions fall outside that scope. The agency declined to comment further, citing ongoing litigation. Unrelated CISA is warning that attackers are actively exploiting a critical command injection flaw in Control webpanel, a popular Linux server management tool formerly known as the CentOS webpanel. With a CVSS score of 9.0, the vulnerability allows unauthenticated remote attackers to execute arbitrary shell commands if they know a valid non root username. Researcher Maxime Renaudo found the issue in CWP's File Manager Change Perm endpoint, which improperly processes unsanitized input through the CHMOD commands. Exploits enable full system compromise, including reverse shells and data exfiltration. Multiple versions are affected, with over 220,000 CWP instances. Internet facing CISA urges immediate patching or restricting access to trusted networks and conducting compromise assessments. The gut loader malware operation has resurfaced after a seven month hiatus, once again using search engine optimization poisoning to lure victims to fake sites offering free legal document templates. These sites distribute malicious JavaScript files disguised as templates like non disclosure agreements with which install additional payloads such as Cobalt Strike and Backdoors, often leading to ransomware. Researchers from Huntress Labs and the DFIR report note that Gutloder's new campaign uses sophisticated evasion tactics, including custom web fonts that disguise malicious code and malformed zip archives that extract different files depending on the tool used. The campaign also Deploys the Supper Socks 5 backdoor link linked to the Vanilla Tempest ransomware. Affiliate security experts warn users to avoid downloading templates from unverified websites. South Korean telecom giant KT is under investigation for allegedly concealing a major malware breach that infected 43 servers with BPF door and other malicious code between March and July 2024. Investigators say the compromised systems contained customer data, including names, phone numbers and device identifiers. The probe also found severe flaws in KT's femtocell management system, enabling hackers to intercept payment data. Authorities are reviewing legal action and compensation, while KT faces potential obstruction and data protection penalties. Russian state sponsored hacking group Sandworm, also known as APT44, has launched multiple destructive data wiping attacks on Ukraine's government, education, logistics, energy and grain sectors, According to cybersecurity firm eset. The campaigns in June and September of this year used several wiper variants designed to irreversibly erase data and disrupt operations. ESET says the inclusion of Ukraine's grain industry, a vital source of national revenue, suggests an intent to damage the country's wartime economy. Some attacks involve the zero lot and sting wipers deployed via scheduled Windows tasks after access was gained by threat actor UAC0099ESED, also noted parallel Iranian linked wiper activity targeting Israel's energy and engineering sectors. Experts recommend offline backups and robust endpoint protection to mitigate such destructive threats. A Chinese court has sentenced five members of a Myanmar based crime syndicate to death for operating massive online fraud and scamming compounds near the China Myanmar border. The Shenzhen Intermediate People's Court identified the ringleader, Bai Sao Cheng, who his son Bai Ying Kang and three others as key figures behind the network which defrauded victims of more than $4 billion. The Bai family, formerly leading the Kokang Border guard force, ran 41 criminal industrial parks tied to fraud, kidnapping and forced prostitution. Beijing launched its crackdown in 2023 after Chinese citizens were targeted, arresting tens of thousands linked to such syndicates. The scam operations also caused at least six deaths, underscoring Myanmar's central role in global online fraud networks. Coming up after the break, my conversation with Dr. Sasha O', Connell, senior director for cybersecurity programs at Aspen Digital and Meta's moral compass points to profit Stick around.

C

What happens when cybercrime becomes as easy as shopping online? Spy Cloud's Trevor Hilligoss joined Dave Buettner on the Cyberwire Daily to explain how a wave of cybercrime enablement services are lowering the barrier to entry and making sophisticated attacks available to anyone. I think it's a pretty good general term that describes kind of an umbrella of tools and services that I would kind of tag as criminal or criminal adjacent. Instead of having sort of the smaller pool of high sophistication actors that are able to kind of carry out these really vast and costly cyber attacks. We see that being given to much lower sophistication, lower tech folks that are, you know, a much lower barrier to entry. To get into this field, the person that's buying access to this, they basically need a phone and a bitcoin wallet. Make sure you hear this full conversation and learn how the underground economy is reshaping Cyber risk. Visit explore.thecyberwire.com spycloud that's explorer.thecyberwire.com Spycloud.

B

What'S your 2am Security worry? Is it do I have the right controls in place? Maybe are my vendors secure or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started at vanta.com cyber that's V-A-N-T a.com cyber Dr. Sasha O' Connell is senior Director for Cybersecurity Programs at Aspen Digital. I caught up with her for this week's Caveat podcast to discuss 10 years of cybersecurity progress and what comes next. So I would love to start off with a little information about the Aspen Cyber Summit. You all are celebrating 10 years, which is quite a milestone. Can you take us through a little bit of the history of the summit itself and what's led you to where you are today?

A

Sure. So, yes, I've only been at Aspen for just over a year, but I really stand on the shoulders of really great folks who have come before me and built a really strong foundation and growing program that has been focused on convening leaders in this space for, as you mentioned, just about a decade now. You know, in cyber, we always talk about public private partnerships being at the core of our ability to address the threat. And at Aspen Cyber, that was sort of the nascent idea is to create that space to make sure that's happening in a trusted environment. And you know, my predecessors here at the program really laid an amazing foundation and the program has been growing there ever since you mentioned the summit is one part of that work. We also run a US Cyber Group and a Global Cyber Group. Those are a mixture of public and private leaders that meet Chatham House. So those private conversations that go on two, three times a year on a cycle, and that creates that opportunity for folks to not only meet each other and discuss issues of the day, build trust, and then do work and projects that spin off of that. And then the summit, as you mentioned, coming up November 18th here in D.C. we're super excited. That's our time. We really get to open our doors to the public as well and have all those public private partnerships, all that teamwork that's been built, that great thought leadership, we get to put that on the main stage and include a broader audience in that conversation. Our event has been called the Coachella of the cyber policy world and we really lean into that moniker. We cover A lot of sort of heady policy, cybersecurity ground. But we also try and have a good time.

B

Well, you mentioned foundations and your own background comes from a place in public service as well. Can you tell us a little bit about that?

A

Sure. So I spent just shy of 15 years at the FBI. I was neither an agent nor an intel analyst. I was kind of the non traditional, what we called at the FBI at the time MAPA or a management and program analyst. I had an opportunity to work over that 15 years on strategy and policy and performance management, a lot of time on a lot of different programs. But I spent the last really five, six years at the bureau for focused on the cyber program inside the FBI and then ultimately on interagency policy as it relates to many things. But what came to the top was tech policy and cyber policy.

B

I see. Well, let's talk about Aspen Digital and some of the policy priorities that you and your colleagues have there. What is top of mind for you these days?

A

We just started rolling out a whole series, a special project series on offensive cyber operations. So the Trump administration has been forward leaning in this area and expressed an interest in beefing up both capabilities and activities as it relates to going on the offense in cyber. So we picked up that nod, that head nod and said, okay, what do our, the folks in our network, both public, a lot of former public sector leaders as well as private sector leaders, civil society and academics, what advice do folks have? What have they seen in this area? Where do they see this going? So about four weeks ago we launched this series. So that is, is one priority for us. Additional priority that does come as a response to the priorities of this administration is the focus on what it means to move responsibility for cyber to the state and local level. So after the administration issued an executive order to this effect back in March, we've done a series of convenings that then again have resulted in a series of thought leadership publications. We've put out sort of discussing and interrogating this idea. What does it mean to move responsibility back to the states, if you will? What are best practices there challenges and how do we help inform that? So that's just an example of two things we're working on there. Another one that's more kind of, I would say proactive coming from our members. There's a lot of work happening now around public education, around cybersecurity and frauds and scams here at Aspen Digital on behalf of Craig Newmark Philanthropies, we lead a public service awareness campaign called Take nine. And it's a consumer focused public service service awareness campaign that's really focused on getting folks to see themselves in the effort to address cyber frauds and scans in the core message is around slowing down, right. We say in cyber, creating friction in the system. In this context, we're talking about the human in the loop and asking those humans to literally slow down for nine seconds. That nine seconds, it turns out science has told us, helps move us from reacting to responding when we get that email, that phishing email, or a deepfake phone call. Right. With deepfake voice, for example, all of these sophisticated tools. So that public service and communication around cyber, as well as frauds and scams is another priority area for us.

B

Well, I would love to dig into two of the topics that you mentioned, starting with offensive cyber. I mean, I think it's certainly a hot topic for discussion these days and a lot of folks are wondering how this could play out. And my sense is that people are kind of hanging back and seeing how is this going to be enabled. Right. How are we going to be given legal protection and cover to be able to do these sorts of things? What are your insights?

A

I think that's right. I think we're waiting and seeing a little bit. As you know and your listening audience knows, it's a complicated area where, because so much of the critical infrastructure in this country and the data in this country is owned in the private sector, this idea of offensive operations and how, what, how and what the private sector's role in that can and should be, as you mentioned, liability. These are all open questions. So that's exactly what we've been sort of exploring and exploring different opinions. Right. Because opinions do vary in this regard. And I think time will tell where this administration is really headed. There's also a point of view that we shouldn't solely focus on offense. We shouldn't lose track of the basics when it comes to resiliency. Right. In cyber. And that that is ultimately, you know, a good defense, ultimately being really key to a good offense. Shawn Joyce just wrote a really interesting piece that's up on the Aspen Digital website about that as well. Right. So while we wait to see where things shake out on this move to move to more offensive capability and action, there's also, you know, the line of thinking that says let's not forget about fundamentals is a key component as well.

B

Be sure to check out my full conversation with Dr. Sasha O' Connell on this week's episode of Caveat. Wherever you get your favorite podcasts and finally, Meta, it seems, has once again confused moral compass with revenue forecast. Internal documents unearthed by Reuters show the company expected to earn about 10% of its 2024 revenue from scam ads and banned goods. That's right, billions from fake investment schemes, fraudulent e commerce and shady medical products that Meta's own systems flagged as high risk. Rather than ban those advertisers outright, Meta often just charged them more, a sort of fraudster surcharge for the privilege of duping users. The company's own internal estimates put them at showing 15 billion scam ads daily. And when victims clicked, Meta's ad system kindly served them even more. Even as executives congratulated themselves for reducing scam reports, internal slides admitted Meta's platforms had become a pillar of the global fraud economy. Not to worry, Meta promises it's working on it just slowly enough not to upset those quarterly earnings. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Sam.