CyberWire Daily: "When GoAnywhere Goes Wrong"

Date: October 14, 2025
Host: Maria Ramazes (sitting in for Dave Bittner)
Podcast: N2K Networks

Overview

This episode of CyberWire Daily delves into the critical cybersecurity events and trends of mid-October 2025, focusing on exploited vulnerabilities (notably in GoAnywhere), major breaches (Harvard, SimonMed), regulatory action in semiconductors, business movements in the sector, and in-depth expert insights on hybrid identity security and agentic AI. The episode features a prominent industry voices segment with Semperis CEO Mickey Bresman, exploring how identity is evolving and why ransomware payments are still worryingly frequent.

Key News Highlights and Discussions

1. GoAnywhere Zero-Day Exploitation (02:01–03:59)

• Fortra confirmed that a critical “maximum severity” vulnerability in its GoAnywhere Managed File Transfer software has been exploited in the wild. The flaw, a deserialization bug, potentially allows attackers to inject commands if they forge a license response signature.
• CISA added the bug to its Known Exploited Vulnerabilities Catalog; Microsoft also reported ongoing exploitation linked to ransomware campaigns.
• Expert Insight:
  “The exploitation implies that the attacker has somehow circumvented or satisfied the cryptographic requirements needed to exploit this vulnerability.”
  — Ben Harris, Watchtower CEO (cited from CyberScoop, 03:10)

2. Harvard Breach via Oracle Zero-day (03:59–05:38)

• Harvard University suffered a cyber compromise through a zero-day in Oracle’s E-Business Suite, following their appearance on the CLOP ransomware gang’s leak site. Oracle issued an emergency patch.
• A spokesperson stated:
  “This issue has impacted many Oracle E Business Suite customers and is not specific to Harvard... we believe this incident impacts a limited number of parties associated with a small administrative unit.” (04:47)

3. Banking Trojan Hits Brazilian WhatsApp Users (05:38–06:22)

• Sophos described a malware campaign delivering a banking trojan via WhatsApp web sessions, targeting Brazilian users of major banks and cryptocurrency exchanges.
• Over 400 customer environments and 1,000 endpoints observed with the first-stage PowerShell activity.

4. CISA Faces Reduction in Force Amid Shutdown (06:22–07:09)

• Ongoing US government shutdown is forcing CISA to operate at 35% staffing, endangering cybersecurity readiness.
• “Experts warn that amid rising cyber threats, even temporary staffing gaps could hinder detection, response and information sharing.” (07:01)

5. SimonMed Ransomware Breach (07:09–08:03)

• SimonMed Imaging reported a ransomware breach impacting 1.2 million patients—ID scans, personal details, and medical reports at risk.
• The Medusa gang claimed responsibility and demanded $1 million ransom.
• SimonMed implemented password resets, enforced MFA, and is offering affected individuals free identity protection.

6. Netherlands Blocks Chinese Semiconductor Moves (08:03–08:52)

• Invoking the Goods Availability Act, the Dutch government overrode business decisions at Nexperia (partially Chinese-owned), citing governance failures.
• Parental company Wingtech condemned it as “geopolitically motivated.”

7. UK’s Ofcom Fines 4chan (08:52–09:22)

• Ofcom levied its first Online Safety Act-related fine (£20,000, plus potential daily penalties) against 4chan, for non-compliance on risk assessment information.
• 4chan’s lawyers dispute UK jurisdiction, framing the order as a free speech conflict.

8. Weekly Business Breakdown (09:22–11:03)

• $250M raised over 7 investments and 12 acquisitions.
  • Filigran (France): Raised $58M to expand their open GRC cyber risk platform globally.
  • Synechron: Acquired RapDev, Calte, and Wavegen to launch a global ServiceNow business and expand beyond finance.
  • SAIC: Purchased Silver Edge Government Solutions ($205M) to integrate AI/ML SaaS (Soar) into its services.

Industry Voices: Hybrid Identity Security & Agentic AI

Guest: Mickey Bresman, CEO, Semperis
Interviewer: Dave Bittner
Timestamps: 12:58–24:20

Main Takeaways

• Hybrid Identity Security is Here to Stay

  • “Hybrid environments will remain the standard for God knows for how long, maybe even forever… The vast majority… see their companies remaining as hybrid.” — Mickey Bresman (14:04)
  • The diversity of the audience—from those managing 5 to 5,000+ domain controllers—reflects the breadth of identity security needs.

• Identity’s Central Role in Modern Security

  • “Identity is more critical than ever and it just continues to get more and more attention from the security teams… In the new modern enterprise with remote work [and] cloud applications, identity plays the biggest role in terms of how do you actually defend the organization.” (15:08)

• Agentic AI as a New Identity Type

  • Traditional: Human and machine identities.

  • Emerging: “Agentic AI” introduces identities that are neither human nor traditional machine.

  • “All of the sudden we have a third bucket that is called agentic AI or basically agent identities… that requires a completely different approach on when we introduce this new type of an identity to the organization, how do we make sure it is done in a secured manner?” (15:36)

  • Key Discussion (16:03–17:57):

    • Questions around management of agentic AI identities, especially with organizations potentially using multiple vendor systems (Microsoft Copilot, Gemini, etc.).
    • “Should I make the assumption that I’ll be able to manage those identities in [my current identity provider], or should I be starting to think of those identities existing only inside of Gemini?” (17:36)

• Why Ransomware Victims Pay and How to Avoid It (20:15–24:20)

  • 70% of victim companies paid a ransom, per Semperis’ global report.
  • Two Main Reasons:
    • Inability to recover quickly (“no way to bounce back in a reasonable amount of time”) is the number one driver.
    • Sensitivity of stolen data, though payment doesn’t guarantee data won’t be published: “Even if you pay ransom, you actually should assume that data still can be published…" (21:12)
  • Advice:
    Prepare, rehearse, and document disaster recovery.
    “If you can now speak to the management with the confidence of saying... we are well organized, we are well planned and we can… go live again in 24 hours, I guarantee to you… the management will be very unlikely to decide to pay ransom.” (23:31)

Quick Bytes

• Casino Card Shuffler Hacked (25:28–26:36)
  • Researchers embedded sensors and wireless gear in a casino card shuffler to track shuffled cards and provide real-time player advice on smartphones—a blend of low-tech subterfuge and high-tech espionage.
  • Host comment: “Even your shuffler might be listening.”

Notable Quotes

• On Hybrid Identity:
  “Hybrid environments will remain the standard… The vast majority… see their companies remaining as hybrid.” — Mickey Bresman, 14:04

• On Agentic AI:
  “Now all of the sudden we have a third bucket that is called agentic AI… that requires a completely different approach.” — Mickey Bresman, 15:36

• On Ransomware Payment Risks:
  “Even if you pay ransom, you actually should assume that that data still can be published, because we’ve seen multiple times that the bad actors are not necessarily going to play by the rules.” — Mickey Bresman, 21:12

• On Ransomware Preparation:
  “You actually tested and tried to make sure that you understand what needs to happen… You also tried your recovery process… so basically you have a clear understanding of what the bounce back process looks like.” — Mickey Bresman, 22:54

Key Segments by Timestamp

• GoAnywhere/Fortra Exploit: 02:01–03:59
• Harvard/Oracle Breach: 03:59–05:38
• Brazilian WhatsApp Trojan: 05:38–06:22
• CISA Staffing Crisis: 06:22–07:09
• SimonMed Ransomware: 07:09–08:03
• Netherlands & Nexperia: 08:03–08:52
• Ofcom Fines 4chan: 08:52–09:22
• Business Breakdown: 09:22–11:03
• Mickey Bresman on Identity Security: 12:58–24:20
• Casino Card Shuffler Hack: 25:28–26:36

Tone & Style

The episode delivers factual, rapid-fire news in an even, analytical tone. The industry voices segment is reflective, practical, and offers actionable advice—mirroring the directness and clarity of cybersecurity practitioners.

Summary for Non-Listeners

This episode is a succinct yet comprehensive snapshot of the current global cyber threat, regulatory backlash, and defense strategies. It’s particularly essential for anyone interested in practical security management, the evolving hybrid enterprise, and the looming challenges posed by AI—both for defenders and identity architects.