CyberWire Daily – "The Day the Cloud Got Foggy"

Date: October 20, 2025
Host: Dave Bittner, N2K Networks
Featured Guest: Jeff Collins, CEO of Wanaware

Episode Overview

This episode delivers a packed briefing on the latest cybersecurity news, highlighting the ramifications of a major AWS outage, new exposures and breaches involving F5 and Citrix products, international cyber accusations between the US and China, judicial action against the NSO Group, and a notable funding and M&A surge in the cyber sector. The featured interview explores how hospital consolidation is reshaping asset visibility and operational risk in healthcare IT, followed by a look at one man's ongoing legal struggle to legitimize AI-generated art.

Key News and Analysis Segments

Major AWS Outage and Its Ripple Effects

[03:00]

A widespread outage in AWS's US East 1 region caused service disruptions across major apps, including Snapchat, Robinhood, Roblox, and Fortnite.
Outage fueled attack speculation and geopolitical anxiety, though official sources say there is “no evidence” of malicious action.
Notable guidance:
- Security teams urged to stress-test multi-region failover and vendor resilience.
- Transparent incident communications are critical to managing public trust and speculation.

Quote:

"It's noteworthy that a single cloud region's failure can interrupt trading, communications and gaming at scale." — Dave Bittner [03:33]

F5 Exposure and Nation-State Breach

[04:10]

Over 262,000 F5 Big IP systems exposed online; over 130,000 in the US.
F5 disclosed a nation-state breach, source code theft, and delayed public disclosure at US government’s request.
Activity linked to China-nexus group UNC5221 and the “Brickstorm” backdoor.
Call to action:
- Secure management interfaces, assess for compromise, apply updates promptly.
- CISA and NCSC urge organizations to locate and secure F5 assets.

Quote:

"Broad exposure plus uncertain patching increases exploitation risk." — Dave Bittner [05:01]

Citrix Netscaler Gateway Flaw Exploited by Salt Typhoon

[05:34]

China-based Salt Typhoon exploited Citrix flaw to breach a European telecom via stealthy, trusted software.
Attackers used Snappy Bee (DeeDrat) and DLL sideloading.
Lesson:
- Highlights importance of anomaly-based detection and proactive monitoring of critical infrastructure.

Court Bars NSO Group from WhatsApp Targeting

[06:50]

Federal judge grants permanent injunction against NSO, reduces Meta’s punitive damages award.
Pegasus spyware found capable of continued WhatsApp infiltration.
Symbolic legal action against commercial spyware; injunction covers WhatsApp only.

Quote:

"The unauthorized access harms users' informational privacy... the order blocks data collection and addresses zero click techniques." — Dave Bittner [07:36]

China Accuses NSA of Hacking

[08:08]

Chinese Ministry of State Security alleges US NSA hacked the National Time Service Center, exploiting mobile employee devices.
Details include credential theft since April 2023.
Context: Escalating US-China cyber tensions.

ConnectWise and Dolby Security Flaws

[09:10]

ConnectWise patches two critical “adversary in the middle” flaws; urges on-prem customers to update and enforce secure communication configurations.
Dolby decoder flaw (research by Google) allows zero-click remote code execution on Android via malicious audio payloads.

Cybersecurity M&A and Funding Surge

[10:25]

Hot streak in M&A:
- NSO Group acquired by a US investment group (Israeli control retained).
- Level Blue acquires Cybereason.
- Kaseya absorbs Inky; Nomui acquires Intragen.
Funding rounds: Resistant AI ($25M), Pantheron ($12M), Site Hop (£7.5M), among others.
Trend:
- Bundling of XDR, MDR, DFIR, email security, and IAM solutions.
Quote:

"The pattern points to bundling XDR, MDR, DFIR, email security and IAM at scale." — Dave Bittner [12:27]

Featured Interview: Hospital Consolidations & Asset Visibility

Risk Landscape: Device Proliferation and Unknown Assets

[15:05 – 18:26]

Jeff Collins (Wanaware CEO): Hospital M&A and clinic acquisition drives a deluge of assets—laptops, desktops, IoT devices, medical machines—often untracked.
Unknown networked devices, even if rarely used, pose outsized security/operational risk:
- Unpatched and unmanaged devices can empower attackers or cause cascading operational failure if critical.
Quote:

“A lot of risk is happening within those organizations, specifically within the realm of assets that they just don't know about, which creates security and operational concerns...” — Jeff Collins [15:30]

Fallout from Hospital Mergers

[18:26 – 20:07]

Most organizations lack full asset inventories.
Breaches often trace back to unknown/poorly managed devices.
Operational incidents underreported unless patient outcomes are impacted (less public visibility).

State of the Art: Asset Discovery and Inventory

[20:07 – 22:08]

Modern best practice: Leverage existing technologies (endpoint protection, firewalls) rather than deploying new agents or scans, which can increase risk.
The issue often lies in correlation and actionability of data, not in data collection itself.
Advice:
- Integrate and correlate data from current systems before investing in new tools.
- Focus on quantification and mitigation of risk.

Quote:

“Don't go buy and deploy new scanners or ... agents... leverage the technologies you have... and collectively understand the scope of what you have organizationally.” — Jeff Collins [21:10]

Ongoing Monitoring & Mitigating Risk

[22:08 – 25:34]

Continuous, adaptive monitoring is mandatory in dynamic hospital IT environments.
Must detect new assets, adapt to technology evolution, and enable fast, effective response to outages/breaches.
Distinguish between operational incidents and security breaches, but both require robust incident response.
Concept: Evaluating the “blast radius” when something fails or is breached.
Quote:

“You have to continuously be able to understand new things coming in... and then ultimately ... minimize and mitigate that risk, both from a cybersecurity as well as an operational perspective.” — Jeff Collins [22:50]

Advice to Security Professionals Overwhelmed by Alerts

[25:34 – 28:28]

Many pros fear more alerts add noise, not value (historically many "false positives").
The key is contextualization: Systematically discerning what truly needs attention.
Systems should filter out non-actionable alerts, letting people focus on critical risks.
Quote:

“Mitigating false positives... all need to be done by systems ... so we're not getting more and more alerts ... that waste people's time.” — Jeff Collins [28:06]

Closing Highlight: The Fight for AI Art Copyright

[29:58]

Jason Allen continues his multi-year campaign to claim copyright for AI-generated art (“Théâtre d’Opéra Spatial”)—first winning, then infuriating, the art world.
His argument: The creative act lies in crafting countless prompts, not just in the machine’s output.
Ongoing legal debate: What constitutes human authorship in the age of generative AI?

Quote:

“Whether it’s art or algorithm, Allen's work has definitely sparked some creative debate.” — Dave Bittner [31:06]

Notable Quotes Recap

“It's noteworthy that a single cloud region's failure can interrupt trading, communications and gaming at scale.” — Dave Bittner [03:33]
“Broad exposure plus uncertain patching increases exploitation risk.” — Dave Bittner [05:01]
“A lot of risk is happening ... specifically within the realm of assets that they just don't know about...” — Jeff Collins [15:30]
“You have to continuously be able to understand new things coming in... and then ultimately ... minimize and mitigate that risk...” — Jeff Collins [22:50]
“Mitigating false positives... all need to be done by systems ... so we're not getting more and more alerts ... that waste people's time.” — Jeff Collins [28:06]
“Whether it's art or algorithm, Allen's work has definitely sparked some creative debate.” — Dave Bittner [31:06]

Segment Timestamps

[03:00] – AWS Outage: Scope, Response, Lessons
[04:10] – F5 Exposure & UNC5221 Breach
[05:34] – Citrix Gateway Exploited by Salt Typhoon
[06:50] – US Court Bars NSO Group from WhatsApp
[08:08] – China NSA Hacking Accusations
[09:10] – ConnectWise & Dolby Security Disclosures
[10:25] – M&A and Funding Standouts
[15:05] – Interview: Hospital IT Risks with Jeff Collins (intro)
[15:18 – 28:28] – Deep Dive: Asset Visibility in Healthcare; Best Practices; Contextualizing Alerts
[29:58] – AI Art Copyright Legal Battle

CyberWire Daily – "The Day the Cloud Got Foggy"

Date: October 20, 2025
Host: Dave Bittner, N2K Networks
Featured Guest: Jeff Collins, CEO of Wanaware

Episode Overview

Key News and Analysis Segments

Major AWS Outage and Its Ripple Effects

[03:00]

A widespread outage in AWS's US East 1 region caused service disruptions across major apps, including Snapchat, Robinhood, Roblox, and Fortnite.
Outage fueled attack speculation and geopolitical anxiety, though official sources say there is “no evidence” of malicious action.
Notable guidance:
- Security teams urged to stress-test multi-region failover and vendor resilience.
- Transparent incident communications are critical to managing public trust and speculation.

Quote:

"It's noteworthy that a single cloud region's failure can interrupt trading, communications and gaming at scale." — Dave Bittner [03:33]

F5 Exposure and Nation-State Breach

[04:10]

Over 262,000 F5 Big IP systems exposed online; over 130,000 in the US.
F5 disclosed a nation-state breach, source code theft, and delayed public disclosure at US government’s request.
Activity linked to China-nexus group UNC5221 and the “Brickstorm” backdoor.
Call to action:
- Secure management interfaces, assess for compromise, apply updates promptly.
- CISA and NCSC urge organizations to locate and secure F5 assets.

Quote:

"Broad exposure plus uncertain patching increases exploitation risk." — Dave Bittner [05:01]

Citrix Netscaler Gateway Flaw Exploited by Salt Typhoon

[05:34]

China-based Salt Typhoon exploited Citrix flaw to breach a European telecom via stealthy, trusted software.
Attackers used Snappy Bee (DeeDrat) and DLL sideloading.
Lesson:
- Highlights importance of anomaly-based detection and proactive monitoring of critical infrastructure.

Court Bars NSO Group from WhatsApp Targeting

[06:50]

Federal judge grants permanent injunction against NSO, reduces Meta’s punitive damages award.
Pegasus spyware found capable of continued WhatsApp infiltration.
Symbolic legal action against commercial spyware; injunction covers WhatsApp only.

Quote:

"The unauthorized access harms users' informational privacy... the order blocks data collection and addresses zero click techniques." — Dave Bittner [07:36]

China Accuses NSA of Hacking

[08:08]

Chinese Ministry of State Security alleges US NSA hacked the National Time Service Center, exploiting mobile employee devices.
Details include credential theft since April 2023.
Context: Escalating US-China cyber tensions.

ConnectWise and Dolby Security Flaws

[09:10]

ConnectWise patches two critical “adversary in the middle” flaws; urges on-prem customers to update and enforce secure communication configurations.
Dolby decoder flaw (research by Google) allows zero-click remote code execution on Android via malicious audio payloads.

Cybersecurity M&A and Funding Surge

[10:25]

Hot streak in M&A:
- NSO Group acquired by a US investment group (Israeli control retained).
- Level Blue acquires Cybereason.
- Kaseya absorbs Inky; Nomui acquires Intragen.
Funding rounds: Resistant AI ($25M), Pantheron ($12M), Site Hop (£7.5M), among others.
Trend:
- Bundling of XDR, MDR, DFIR, email security, and IAM solutions.
Quote:

"The pattern points to bundling XDR, MDR, DFIR, email security and IAM at scale." — Dave Bittner [12:27]

Featured Interview: Hospital Consolidations & Asset Visibility

Risk Landscape: Device Proliferation and Unknown Assets

[15:05 – 18:26]

Jeff Collins (Wanaware CEO): Hospital M&A and clinic acquisition drives a deluge of assets—laptops, desktops, IoT devices, medical machines—often untracked.
Unknown networked devices, even if rarely used, pose outsized security/operational risk:
- Unpatched and unmanaged devices can empower attackers or cause cascading operational failure if critical.
Quote:

“A lot of risk is happening within those organizations, specifically within the realm of assets that they just don't know about, which creates security and operational concerns...” — Jeff Collins [15:30]

Fallout from Hospital Mergers

[18:26 – 20:07]

Most organizations lack full asset inventories.
Breaches often trace back to unknown/poorly managed devices.
Operational incidents underreported unless patient outcomes are impacted (less public visibility).

State of the Art: Asset Discovery and Inventory

[20:07 – 22:08]

Modern best practice: Leverage existing technologies (endpoint protection, firewalls) rather than deploying new agents or scans, which can increase risk.
The issue often lies in correlation and actionability of data, not in data collection itself.
Advice:
- Integrate and correlate data from current systems before investing in new tools.
- Focus on quantification and mitigation of risk.

Quote:

“Don't go buy and deploy new scanners or ... agents... leverage the technologies you have... and collectively understand the scope of what you have organizationally.” — Jeff Collins [21:10]

Ongoing Monitoring & Mitigating Risk

[22:08 – 25:34]

Continuous, adaptive monitoring is mandatory in dynamic hospital IT environments.
Must detect new assets, adapt to technology evolution, and enable fast, effective response to outages/breaches.
Distinguish between operational incidents and security breaches, but both require robust incident response.
Concept: Evaluating the “blast radius” when something fails or is breached.
Quote:

“You have to continuously be able to understand new things coming in... and then ultimately ... minimize and mitigate that risk, both from a cybersecurity as well as an operational perspective.” — Jeff Collins [22:50]

Advice to Security Professionals Overwhelmed by Alerts

[25:34 – 28:28]

Many pros fear more alerts add noise, not value (historically many "false positives").
The key is contextualization: Systematically discerning what truly needs attention.
Systems should filter out non-actionable alerts, letting people focus on critical risks.
Quote:

“Mitigating false positives... all need to be done by systems ... so we're not getting more and more alerts ... that waste people's time.” — Jeff Collins [28:06]

Closing Highlight: The Fight for AI Art Copyright

[29:58]

Jason Allen continues his multi-year campaign to claim copyright for AI-generated art (“Théâtre d’Opéra Spatial”)—first winning, then infuriating, the art world.
His argument: The creative act lies in crafting countless prompts, not just in the machine’s output.
Ongoing legal debate: What constitutes human authorship in the age of generative AI?

Quote:

“Whether it’s art or algorithm, Allen's work has definitely sparked some creative debate.” — Dave Bittner [31:06]

Notable Quotes Recap

“It's noteworthy that a single cloud region's failure can interrupt trading, communications and gaming at scale.” — Dave Bittner [03:33]
“Broad exposure plus uncertain patching increases exploitation risk.” — Dave Bittner [05:01]
“A lot of risk is happening ... specifically within the realm of assets that they just don't know about...” — Jeff Collins [15:30]
“You have to continuously be able to understand new things coming in... and then ultimately ... minimize and mitigate that risk...” — Jeff Collins [22:50]
“Mitigating false positives... all need to be done by systems ... so we're not getting more and more alerts ... that waste people's time.” — Jeff Collins [28:06]
“Whether it's art or algorithm, Allen's work has definitely sparked some creative debate.” — Dave Bittner [31:06]

Segment Timestamps

[03:00] – AWS Outage: Scope, Response, Lessons
[04:10] – F5 Exposure & UNC5221 Breach
[05:34] – Citrix Gateway Exploited by Salt Typhoon
[06:50] – US Court Bars NSO Group from WhatsApp
[08:08] – China NSA Hacking Accusations
[09:10] – ConnectWise & Dolby Security Disclosures
[10:25] – M&A and Funding Standouts
[15:05] – Interview: Hospital IT Risks with Jeff Collins (intro)
[15:18 – 28:28] – Deep Dive: Asset Visibility in Healthcare; Best Practices; Contextualizing Alerts
[29:58] – AI Art Copyright Legal Battle

The day the cloud got foggy.

Powered by Wave AI

Summary

CyberWire Daily – "The Day the Cloud Got Foggy"

Episode Overview

Key News and Analysis Segments

Major AWS Outage and Its Ripple Effects

F5 Exposure and Nation-State Breach

Citrix Netscaler Gateway Flaw Exploited by Salt Typhoon

Court Bars NSO Group from WhatsApp Targeting

China Accuses NSA of Hacking

ConnectWise and Dolby Security Flaws

Cybersecurity M&A and Funding Surge

Featured Interview: Hospital Consolidations & Asset Visibility

Risk Landscape: Device Proliferation and Unknown Assets

Fallout from Hospital Mergers

State of the Art: Asset Discovery and Inventory

Ongoing Monitoring & Mitigating Risk

Advice to Security Professionals Overwhelmed by Alerts

Closing Highlight: The Fight for AI Art Copyright

Notable Quotes Recap

Segment Timestamps

Summary

CyberWire Daily – "The Day the Cloud Got Foggy"

Episode Overview

Key News and Analysis Segments

Major AWS Outage and Its Ripple Effects

F5 Exposure and Nation-State Breach

Citrix Netscaler Gateway Flaw Exploited by Salt Typhoon

Court Bars NSO Group from WhatsApp Targeting

China Accuses NSA of Hacking

ConnectWise and Dolby Security Flaws

Cybersecurity M&A and Funding Surge

Featured Interview: Hospital Consolidations & Asset Visibility

Risk Landscape: Device Proliferation and Unknown Assets

Fallout from Hospital Mergers

State of the Art: Asset Discovery and Inventory

Ongoing Monitoring & Mitigating Risk

Advice to Security Professionals Overwhelmed by Alerts

Closing Highlight: The Fight for AI Art Copyright

Notable Quotes Recap

Segment Timestamps