A

You're listening to the Cyberwire Network powered by N2K.

B

We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first. And it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indee indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need.

A

Fortra confirms an exploitation of the Maximum Go Anywhere flaw Harvard investigates a claim of a breach Banking Trojan targets Brazilian WhatsApp users reduction in force hits CISA Simon Med says 1.2 million hit by Medusa Ransomware Netherlands invokes the Goods Availability act against a Chinese company we have our business breakdown on today's industry voices. We are joined by Mickey Bresman sharing insights on hybrid identity security and Beware of the shuffler. Today is October 14, 2025. I'm Maria Ramazes, host of T Minus Space Daily, sitting in for Dave Bittner and this is your Cyberwire Intel Briefing. Thank you for joining me today. Let's get into it. Security firm Fortra has belatedly confirmed in the wild exploitation of a maximum severity vulnerability in its Go Anywhere managed file transfer software which was patched three weeks ago. The vulnerability is a deserialization flaw that allows an actor with a validly forged license response signature to to deserialize an arbitrary actor controlled object, possibly leading to command injection. The U.S. cybersecurity and Infrastructure Security Agency, or CISA, added the flaw to its known exploited vulnerabilities catalog two weeks ago and Microsoft last week published a report on the active exploitation. CISA and Microsoft both say the vulnerability is being used in ransomware campaigns. Researchers at Watchtower, who published a report on the vulnerability last month, note that some details of the exploitation are still unclear. Watchtower's CEO Ben Harris told CyberScoop that the exploitation implies that the attacker has somehow circumvented or satisfied the cryptographic requirements needed to exploit this vulnerability. Harvard University has disclosed that it was compromised by a zero day flaw affecting Oracle's E Business Suite system and the school is investigating a potential breach. After the CLOP ransomware gang listed the university on its leak site, Oracle issued an emergency patch for the flaw last week. A Harvard spokesperson told Leaping Computer that Harvard is aware of reports that data associated with the university has been obtained as the result of a zero day vulnerability in the Oracle E Business Suite system. This issue has impacted many Oracle E Business Suite customers and is not specific to Harvard. While the investigation is ongoing, we believe that this incident impacts a limited number of parties associated with a small administrative unit. Upon receiving it from Oracle, we applied a patch to remediate the vulnerability. We are continuing to monitor and have no evidence of compromise to other university systems. Sophos describes a malware campaign targeting Brazilian WhatsApp users with a banking Trojan that's tailored for customers of Brazilian banks and cryptocurrency exchanges. The malware is delivered by tricking users into executing a malicious file attached to a self spreading message received from a previously infected WhatsApp web session. It then sends similar malicious messages to all of the victim's contacts. Sophos has observed first stage PowerShell activity associated with this campaign in over 400 customer environments and on more than 1000 endpoints. As the US government shutdown drags on, CISA is now facing reductions in Force or RIFs that threaten its already lean operations. With over 1,000 employees already departed this year, CISA had slated only 889 staffers to remain on duty during the shutdown, which is roughly 35% of its workforce. Last week, RIF notices began rolling out across the agency, but putting the future staffing levels of its critical cybersecurity divisions at risk. Experts warn that amid rising cyber threats, even temporary staffing gaps could hinder detection, response and information sharing. US Medical imaging provider Simon Med Imaging disclosed a data breach affecting 1.2 million patients stemming from unauthorized access between January 21 and February 5, 2025. The breach was uncovered when a vendor notified Simon Med of a security incident. On January 27th. Investigators confirmed suspicious network activity the next day, attackers claimed responsibility via the Medusa ransomware group, demanding $1 million in leaking data such as ID scans, patient details and medical reports. SimonMed responded by resetting passwords, enforcing multi factor authentication, deploying endpoint detection and restricting third party access. So far, Simon Med reports no confirmed misuse of the stolen data and is offering affected individuals free identity protection services. The Government of the Netherlands has invoked extraordinary powers to override business decisions at Nexperia, which is a semiconductor firm partly owned by China, citing serious governance shortcomings. Under the newly Applied Goods Availability Act, Dutch authorities can block or reverse asset transfers and strategic moves by perceived as threats to critical technological know how. Naxperia's parent Wingtech condemned the decree as geopolitically motivated and vowed to appeal in court. The move reflects broader concerns over Chinese influence and intellectual property transfer in the semiconductor sector, especially where cutting edge technology like lithography is involved. The UK regulator Ofcom has issued a 20,000 pound fine that to US based forum 4chan, marking the first enforcement under the UK's Online Safety Act. The penalty stems from 4chan's failure to respond to legally mandated requests for its illegal harms, risk assessment and other compliance documentation. Ofcom will also impose an extra 100 pound daily fine for up to 60 days if the site still does not comply for its part. 4chan's lawyers contend that Ofcom lacks authority over a US platform and and they refuse to pay, arguing that the action conflicts with America's free speech protections. And now for our business breakdown. Last week's business breakdown highlights a staggering $250 million raised across seven investments and 12 acquisitions. On the investment front, French open source security solution provider Filigran finished its Series c round raising $58 million. The funding will be used to accelerate the company's development of its open GRC platform and which is an open source platform for threat informed cyber risk management. Alongside further developing this platform, Filigran is also looking to scale its presence in Saudi Arabia, Japan, the United States and the Dock region for acquisitions. The digital consulting Firm Synechron acquired three companies as it looks to launch its new global ServiceNow business. The three companies are rap Dev, Calte and Wavegen. Rap Dev is one of the world's largest datadog partners. Wavegen is the leading Appian partner and Calte architects and delivers full scale ServiceNow implementations. Alongside debuting a global ServiceNow business, Synechron is also looking to expand outside the financial sector into new markets such as healthcare and energy. Additionally, saic, which is the Virginia based defense contractor has acquired Silver Edge Government Solutions for $205 million. With this acquisition, SAIC is looking to incorporate SilverEdge's flagship product, Soar, into its offerings. And Soar is a SaaS service that utilizes automation, AI, ML data visualization and cross domain capabilities to deliver turnkey customizable software solutions to clients. And that wraps this week's Business breakdown for deeper analysis on major business moves shaping the cybersecurity landscape. Subscribe to N2K Pro and check out TheCyberWire.com every Wednesday for the latest updates. Stick around after the break on today's industry voices, we are joined by Mickey Bresman sharing insights on hybrid identity security and Beware of the Shuffler.

B

What'S your 2am Security worry? Is it do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber and now a word from our sponsor, ThreatLocker, the powerful zero trust enterprise solution that stops ransomware in its tracks. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy, ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker.

A

Foreign Today's industry voices Dave Bittner recently sat down with Mickey Bresman, Semperis CEO and shared insights on hybrid identity security and their hip conference. Here's their conversation.

C

So the identity security motion is keep on growing more like bigger and more important to the different audiences both security and IT operational ones. I think there are several interesting key takeaways that I have from this event where first of all we have the biggest number of attendees till date. I believe that we were at roughly 400 attendees, which is obviously great to see that it's keep on growing. I think the main things that I have as takeaways from the conference is that it was very interesting to hear that Microsoft is committed to active directory security and support. We had Microsoft speakers on stage. It was also interesting to see the type of audience that we had where you had people that have responsibility for five domain controllers and all the way to more than 5,000 domain controllers. So it's a very diverse type of a group. I think also an interesting takeaway was that hybrid environments will remain the standard for God knows for how long, maybe even forever as opposed to the previous thinking that potentially companies will be either on prem either in the cloud reality wise, the vast majority of that in this year, all suggesting that they see their companies remaining as hybrid. I think another interesting point was around the fact that, and that's my observation that identity is more critical than ever and it just continues to get more and more attention from the security teams with the clear understanding that in the new modern enterprise with remote work cloud applications, identity plays the biggest role in terms of how do you actually defend the organization. And obviously you cannot have a conference today without bringing up AI, but in this case AI have a different application for the identity security space. What I mean by that is one of the conclusions that is currently coming out from Heap is that agentic AI is actually introducing a new type of identities. So if traditionally organizations thought about identities as a human identity and there was another classification of a machine identity, now all of the sudden we have a third bucket that is called agentic AI or basically agent identities because those are not humans obviously, but they also don't behave like machine identities. And that requires a completely different approach on when we introduce this new type of an identity to the organization, how do we make sure that it is done in a secured manner and is managed correctly in the organization?

B

What were some of the conversations around that topic with the agentic AI? Where do you suppose we're headed?

C

Yeah, that's a great one. I think there is a lot of questions that coming up. Obviously the adoption of agentic AI is it's infinity, it's just starting. And I think what we are seeing is companies trying to understand what does it actually mean to their environments. As an example, one of the questions that customers are currently trying to answer for themselves is will my organization have multiple agentic AI type of systems? Maybe I'm going to use Microsoft Copilot and at the same time going to be using Gemini as an example if there is, and that's most likely what's going to happen, at least from what I'M hearing and then if that is indeed the case, then it creates a new type of a question. And again, I'm looking at right now, from the identity point of view, where will those identities be coming from? Meaning is it reasonable to assume that we will still have the agentic AI identities exist in the same IDPs that we having today? Or will it mean now that we will need to rethink the entire model because all of a sudden potentially those identities will not exist outside or will not be managed. Would be probably better way to put it outside of the provider of those identities. To put it very simple, if my company is using Entra ID as the identity source in the cloud, then I think it's reasonable to assume that the gendk identities will be managed in antwerid. But if I'm now adopting Gemini as an example, should I make the assumption that I'll be able to manage those identities in entry ID as well, or should I be starting to think of those identities existing only inside of Gemini, which is obviously a completely different type of an approach?

B

Well, from the unique point of view that you and your colleagues at Cempras have, where are you seeing enterprises falling short when it comes to securing Active Directory?

C

That's a very big question. Yeah, look, there's a lot of interesting questions or things that we're seeing now in the industry. By the way, another interesting point that I've seen coming here from the conference is Active Directory has been around for more than 25 years, which is typically seen as something in the technology space. We often refer to technology that has been here for a while. We will refer to it as a legacy, which will typically imply that, you know, it's not the best of what you can have and you should probably thinking about adopting something else. But the reality is, from what I'm hearing from customers is that that's not how they see it. What they see is the fact that Active Directory has been around for 25 years makes it very mature and that maturity is actually is seen as an advantage. So I think it was very interesting to see that many companies got to this realization that they will continue and have Active Directory as the core of their identity story for a long period of time. At this point I'm no longer trying to make any predictions till when, because it made me forever. One of the examples that people kept using at the conference all the time is Mainframe, where it's just there and it's been there and there have been multiple instances where people thought that it will not be, but the reality is that it is still very much there. It basically requires organizations to rethink. If Active Directory is going to be the source of my identity story for my company for the years to come, then obviously I need to rethink how do I make sure that that system is secured, how do I make sure that that system is properly protected and managed? And then obviously I need to make sure that if something happens and somebody compromises that system, that I have a way to bounce back and have the system up and running in a relatively short period of time.

B

I was looking through the global ransomware report that you all published earlier this year. One of the statistics that caught my eye was that 70% of companies paid the ransom when they were victimized. Do you have any advice for organizations, ways to drive down that number for sure?

C

Well, Dave, you know, if you think about why would somebody decide to pay ransom? In most cases, the answer is going to be one of the two reasons. The first one, you just concluded that you have no way to bounce back in a reasonable amount of time. So let's say that. And I actually would argue that that is the biggest reason. So just to explain a bit, the second reason is going to be because you had a data that was stolen from the organization that you deemed to be so sensitive that if it would have been published, and it's going to hurt you tremendously. So maybe let's start with the second point. The second point to me is that even if you pay ransom, you actually should assume that that data still can be published, because we've seen multiple times that the bad actors are not necessarily going to play by the rules, so to speak. And it might be that they will take your money, but they will still go ahead and publish it. And we also seen instances where now it's a bit more organized, so you might have more than one group of bad actors actually working against you. And we're seeing, without mentioning names, although it was very publicly covered, we've seen those situations where you paid who you thought is the main ransomware group, but then another group showed up and said, well, we actually have not been paid, so we're going to publish your data in any case. So I think from that point of view, I know it's very tricky to decide if you should or should not be paying in order to get your data back. But my main point there is that even if you do pay, you can't really know if you will or will not get your data back. So let's assume for a Minute that that is not the main decision in terms of should you be paying or not, meaning the data that have been stolen. And let's go back to the first point which I think is the more critical how fast can I actually bounce back? And I will suggest to think about it. If I'm now taking the CEO point of view and my company was hit, I would want to know a couple of things. How fast can we go back to what is defined as at least the minimal operational mode of my company? And probably the bigger question that I'm going to have, how much trust do I have in the numbers that are being put in front of me by my IT organization? If they're saying that they will bounce back as an example, in a matter of 48 hours, can I really believe that that's what's going to happen? And the only way to do that, and that's the question of what can be done, is to make sure that you actually have your playbooks, your runbooks all ready to go, that you know how to approach your cyber insurance provider in the case of an emergency. You actually tested and tried to make sure that you understand what needs to happen if one of the decision makers is not available, like who becomes the next in line. You also tried your recovery process, not just by restoring a server, but you actually made sure that you understand how you will be communicating with the different teams. You understand what is the sequence of events that is going to take place. So basically you have a clear understanding of what is the bounce back process looks like. And if you have that and you can now speak to the management with the confidence of saying we've done it before, we are well organized, we are well planned and we can guarantee that. We, you know, guarantee is a big term here, but we are very confident that we can go live again in 24 hours. I guarantee to you in this case that the management will be very unlikely to decide to pay ransom.

A

That was Mickey Bresman Sempera CEO sharing insights on hybrid identity security and their hip conference.

B

At Talas. They know cyber security can be tough and you can't protect everything. But with Talas, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most, applications, data and identity. That's Thales T H A L E S Learn more at Thales Group.

A

When did making plans get this complicated, it's time to streamline with WhatsApp, the secure messaging app that brings the whole group together. Use polls to settle dinner plans, send event invites and pin messages so no one forgets mom 60th and never miss a meme or milestone. All protected with end to end encryption. It's time for WhatsApp message privately with everyone. Learn more@WhatsApp.com and finally, a group of researchers hacked an automatic card shuffler used in casinos by sneaking tiny sensors and wireless gear inside the basically turning a blackjack shoe into a spy gadget. The mod lets them track cards positions as they get shuffled and deliver real time advice to a player's phone. Wagers aside, it's a brilliant act of low tech villainy meets high tech mischief. Casinos, please take note, even your shuffler might be listening.

C

Foreign.

A

And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of our podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cyber security. If you you like our show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K senior producer is Alice Carruth. Our producer is Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman. Our Executive producer is Jennifer Ibin. Peter Kilby is our publisher and I'm your host Maria Ramazes. In this week, Dave Bittner thanks for listening. I'll see you tomorrow.

B

Foreign Cyber Innovation Day is the premier event for cyber startups, researchers and top VC firms building trust into tomorrow's digital world. Kick off the day with unfiltered insights and panels on securing tomorrow's technology. In the afternoon, the 8th annual Data Tribe Challenge takes center stage as elite startups pitch for exposure, acceleration and funding. The Innovation Expo runs all day, connecting founders, investors and researchers around breakthroughs in cybersecurity. It all happens November 4th in Washington, DC. Discover the startups building the future of cyber. Learn more@cid.datatribe.com.