CyberWire Daily – "The Day the Cloud Got Foggy"
Date: October 20, 2025
Host: Dave Bittner, N2K Networks
Featured Guest: Jeff Collins, CEO of Wanaware
Episode Overview
This episode delivers a packed briefing on the latest cybersecurity news, highlighting the ramifications of a major AWS outage, new exposures and breaches involving F5 and Citrix products, international cyber accusations between the US and China, judicial action against the NSO Group, and a notable funding and M&A surge in the cyber sector. The featured interview explores how hospital consolidation is reshaping asset visibility and operational risk in healthcare IT, followed by a look at one man's ongoing legal struggle to legitimize AI-generated art.
Key News and Analysis Segments
Major AWS Outage and Its Ripple Effects
[03:00]
- A widespread outage in AWS's US East 1 region caused service disruptions across major apps, including Snapchat, Robinhood, Roblox, and Fortnite.
- Outage fueled attack speculation and geopolitical anxiety, though official sources say there is “no evidence” of malicious action.
- Notable guidance:
- Security teams urged to stress-test multi-region failover and vendor resilience.
- Transparent incident communications are critical to managing public trust and speculation.
Quote:
"It's noteworthy that a single cloud region's failure can interrupt trading, communications and gaming at scale." — Dave Bittner [03:33]
F5 Exposure and Nation-State Breach
[04:10]
- Over 262,000 F5 Big IP systems exposed online; over 130,000 in the US.
- F5 disclosed a nation-state breach, source code theft, and delayed public disclosure at US government’s request.
- Activity linked to China-nexus group UNC5221 and the “Brickstorm” backdoor.
- Call to action:
- Secure management interfaces, assess for compromise, apply updates promptly.
- CISA and NCSC urge organizations to locate and secure F5 assets.
Quote:
"Broad exposure plus uncertain patching increases exploitation risk." — Dave Bittner [05:01]
Citrix Netscaler Gateway Flaw Exploited by Salt Typhoon
[05:34]
- China-based Salt Typhoon exploited Citrix flaw to breach a European telecom via stealthy, trusted software.
- Attackers used Snappy Bee (DeeDrat) and DLL sideloading.
- Lesson:
- Highlights importance of anomaly-based detection and proactive monitoring of critical infrastructure.
Court Bars NSO Group from WhatsApp Targeting
[06:50]
- Federal judge grants permanent injunction against NSO, reduces Meta’s punitive damages award.
- Pegasus spyware found capable of continued WhatsApp infiltration.
- Symbolic legal action against commercial spyware; injunction covers WhatsApp only.
Quote:
"The unauthorized access harms users' informational privacy... the order blocks data collection and addresses zero click techniques." — Dave Bittner [07:36]
China Accuses NSA of Hacking
[08:08]
- Chinese Ministry of State Security alleges US NSA hacked the National Time Service Center, exploiting mobile employee devices.
- Details include credential theft since April 2023.
- Context: Escalating US-China cyber tensions.
ConnectWise and Dolby Security Flaws
[09:10]
- ConnectWise patches two critical “adversary in the middle” flaws; urges on-prem customers to update and enforce secure communication configurations.
- Dolby decoder flaw (research by Google) allows zero-click remote code execution on Android via malicious audio payloads.
Cybersecurity M&A and Funding Surge
[10:25]
- Hot streak in M&A:
- NSO Group acquired by a US investment group (Israeli control retained).
- Level Blue acquires Cybereason.
- Kaseya absorbs Inky; Nomui acquires Intragen.
- Funding rounds: Resistant AI ($25M), Pantheron ($12M), Site Hop (£7.5M), among others.
- Trend:
- Bundling of XDR, MDR, DFIR, email security, and IAM solutions.
- Quote:
"The pattern points to bundling XDR, MDR, DFIR, email security and IAM at scale." — Dave Bittner [12:27]
Featured Interview: Hospital Consolidations & Asset Visibility
Risk Landscape: Device Proliferation and Unknown Assets
[15:05 – 18:26]
- Jeff Collins (Wanaware CEO): Hospital M&A and clinic acquisition drives a deluge of assets—laptops, desktops, IoT devices, medical machines—often untracked.
- Unknown networked devices, even if rarely used, pose outsized security/operational risk:
- Unpatched and unmanaged devices can empower attackers or cause cascading operational failure if critical.
- Quote:
“A lot of risk is happening within those organizations, specifically within the realm of assets that they just don't know about, which creates security and operational concerns...” — Jeff Collins [15:30]
Fallout from Hospital Mergers
[18:26 – 20:07]
- Most organizations lack full asset inventories.
- Breaches often trace back to unknown/poorly managed devices.
- Operational incidents underreported unless patient outcomes are impacted (less public visibility).
State of the Art: Asset Discovery and Inventory
[20:07 – 22:08]
- Modern best practice: Leverage existing technologies (endpoint protection, firewalls) rather than deploying new agents or scans, which can increase risk.
- The issue often lies in correlation and actionability of data, not in data collection itself.
- Advice:
- Integrate and correlate data from current systems before investing in new tools.
- Focus on quantification and mitigation of risk.
Quote:
“Don't go buy and deploy new scanners or ... agents... leverage the technologies you have... and collectively understand the scope of what you have organizationally.” — Jeff Collins [21:10]
Ongoing Monitoring & Mitigating Risk
[22:08 – 25:34]
- Continuous, adaptive monitoring is mandatory in dynamic hospital IT environments.
- Must detect new assets, adapt to technology evolution, and enable fast, effective response to outages/breaches.
- Distinguish between operational incidents and security breaches, but both require robust incident response.
- Concept: Evaluating the “blast radius” when something fails or is breached.
- Quote:
“You have to continuously be able to understand new things coming in... and then ultimately ... minimize and mitigate that risk, both from a cybersecurity as well as an operational perspective.” — Jeff Collins [22:50]
Advice to Security Professionals Overwhelmed by Alerts
[25:34 – 28:28]
- Many pros fear more alerts add noise, not value (historically many "false positives").
- The key is contextualization: Systematically discerning what truly needs attention.
- Systems should filter out non-actionable alerts, letting people focus on critical risks.
- Quote:
“Mitigating false positives... all need to be done by systems ... so we're not getting more and more alerts ... that waste people's time.” — Jeff Collins [28:06]
Closing Highlight: The Fight for AI Art Copyright
[29:58]
- Jason Allen continues his multi-year campaign to claim copyright for AI-generated art (“Théâtre d’Opéra Spatial”)—first winning, then infuriating, the art world.
- His argument: The creative act lies in crafting countless prompts, not just in the machine’s output.
- Ongoing legal debate: What constitutes human authorship in the age of generative AI?
Quote:
“Whether it’s art or algorithm, Allen's work has definitely sparked some creative debate.” — Dave Bittner [31:06]
Notable Quotes Recap
- “It's noteworthy that a single cloud region's failure can interrupt trading, communications and gaming at scale.” — Dave Bittner [03:33]
- “Broad exposure plus uncertain patching increases exploitation risk.” — Dave Bittner [05:01]
- “A lot of risk is happening ... specifically within the realm of assets that they just don't know about...” — Jeff Collins [15:30]
- “You have to continuously be able to understand new things coming in... and then ultimately ... minimize and mitigate that risk...” — Jeff Collins [22:50]
- “Mitigating false positives... all need to be done by systems ... so we're not getting more and more alerts ... that waste people's time.” — Jeff Collins [28:06]
- “Whether it's art or algorithm, Allen's work has definitely sparked some creative debate.” — Dave Bittner [31:06]
Segment Timestamps
- [03:00] – AWS Outage: Scope, Response, Lessons
- [04:10] – F5 Exposure & UNC5221 Breach
- [05:34] – Citrix Gateway Exploited by Salt Typhoon
- [06:50] – US Court Bars NSO Group from WhatsApp
- [08:08] – China NSA Hacking Accusations
- [09:10] – ConnectWise & Dolby Security Disclosures
- [10:25] – M&A and Funding Standouts
- [15:05] – Interview: Hospital IT Risks with Jeff Collins (intro)
- [15:18 – 28:28] – Deep Dive: Asset Visibility in Healthcare; Best Practices; Contextualizing Alerts
- [29:58] – AI Art Copyright Legal Battle
