A

You're listening to the Cyberwire Network, powered by N2K.

B

Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring Fencing, you control how trusted applications behave, and with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose Threat Locker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. Who turned out the lights in Venezuela? The European Space Agency confirms a series of cyber attacks. Dutch police nab the alleged operator of a notorious malware testing service. The U.S. and allies issue new guidance on OT security. Researchers warn of automated exploitation of a critical Hewlett Packard Enterprise oneview flaw Tampered chef cooks up Trojanized PDF documents A Bluetooth vulnerability puts devices at risk. Cisco patches a maximum severity zero day Jenn Easterly heads up rsac. Our guest is Zach Casas from Ohio State University, discussing GPS alternatives and Vintage phones face modern problems. It's Friday, january 16, 2020. Dave I'm dave buettner, and this is your cyberwire intel briefing. Thanks for joining us here today. Happy Friday. It's great as always to have you with us. A January 3rd US cyber operation briefly cut power across Caracas and disrupted Venezuelan radar, enabling American military helicopters to enter the country undetected and capture Venezuelan President Nicolas Maduro, now facing drug charges in the U.S. officials said the operation demonstrated precise offensive capabilities, including the ability to quickly restore electricity and limit collateral damage. Most residents lost power only briefly, and hospitals relied on backup generators with no reported fatalities. The mission, known as Operation Absolute Resolve, was publicly acknowledged by U.S. cyber Command, though details remain classified. The operation surfaced during Senate hearings for Joshua M. Rudd as lawmakers reviewed Cyber Command's role. President Trump alluded to the cyber attack, calling it dark and deadly, while Venezuela has a long history of blaming US Cyber interference for past blackouts without evidence, the European Space Agency has confirmed a series of cyber attacks that resulted in sensitive data, including staff email credentials appearing on dark Web forums. The breaches began in mid December of last year and affected external servers used for unclassified collaborative engineering work. Attackers claim to have exfiltrated roughly 200 gigabytes of data, allegedly including source code, access tokens and configuration files, some of which are being offered for sale. ESA said the attackers remained undetected for about a week and stressed that core mission systems and classified operations were not compromised. Cybersecurity researcher Clement Poure of ETH Zurich warned that leaked credentials could enable follow on attacks through credential reuse. ESA has launched a forensic investigation isolated affected infrastructure and is cooperating with law enforcement, underscoring broader concerns about cyber risks facing the space sector. Dutch police have arrested a 33 year old man at Schiphol Airport, alleging he was the operator of AvCheck, a malware testing service used by cybercriminals. Authorities say AvCheck allowed attackers to test malware against antivirus tools and modify it until detection failed, helping criminals steal data unnoticed. The suspect was detained upon returning from the United Arab Emirates. The arrest is part of Operation Endgame, a multinational effort that has dismantled major malware infrastructure in recent years. Dutch police worked with the FBI and Finnish authorities, tracing evidence from servers seized when Avcheck was taken offline in mid-2025. Investigators also identified two Amsterdam based companies allegedly linked to the service. The suspect remains in custody while seized devices are examined for ties to other criminal groups. The US and allied cyber agencies warned that insecure connectivity remains one of the fastest ways for threat actors to disrupt operational technology or OT environments. New guidance from the FBI, the Cybersecurity and Infrastructure Security Agency, the UK National Cybersecurity center and partners across the Five Eyes and Europe outlines eight secure connectivity principles. The agencies said growing links between OT IT networks, cloud platforms and third parties have expanded opportunities for cyber intrusions to cause physical disruption. They urged organizations to treat every new connection as a risk based business decision, limit inbound access by default and use brokered gateways where external access is required. The guidance also warns that legacy devices, flat networks and fragmented remote access increase exposure while centralized, well segmented connectivity improves visibility and resilience. Check Point reports large scale automated exploitation of a critical hewlett Packard Enterprise OneView flaw now linked to the Rondo Docs botnet. The maximum severity remote code execution bug affects OneView's centralized control of servers and networking. Researchers observed tens of thousands of exploit attempts after the flaw was added to CISA's actively exploited list, confirming a shift from proof of concept to real world attacks. Activity was global and largely automated, underscoring the risk of delayed patching for high privilege management platforms. Researchers at Sophos have detailed a long running malvertising campaign dubbed Tampered Chef that uses Trojanized PDF documents to deliver backdoor malware and infostealers. The campaign has expanded across Europe, with organizations in Germany, the UK and France. Most frequently affected attackers target sectors that rely on specialized technical equipment, exploiting users, searches for instruction manuals or PDF tools. Malicious ads placed prominently in search results direct victims to fake download sites, leading to credential theft and persistent network access. Sofo said the operation uses layered evasion tactics including staged payloads, abuse of code signing certificates and a 56 day dormancy period. To avoid detection, the firm recommends avoiding ad based downloads, restricting approved sources and enforcing multi factor authentication to limit impact. Academic researchers have disclosed a critical flaw in Google Fast Pair that allows attackers to forcibly connect to vulnerable Bluetooth audio accessories. The issue stems from improper pairing checks in some Fast Pair implementations. The attack, dubbed Whisper Pair by researchers at KU Leuven, enables attackers within 14 meters to seize control of earbuds or headphones, play audio or record sound without consent. In some cases, attackers could also track users through Google's Device Finding Network. Google has issued updates for Pixel devices, but researchers warn users must also install firmware patches from accessory manufacturers to mitigate the risk. Cisco has patched a maximum severity async os0day, exploited since November against Secure Email Gateway and Secure Email and Web Manager appliances with exposed spam quarantine features. Cisco said the flaw allows remote command execution with root privileges. Cisco Talos attributes the attacks to a China linked group tracked as UAT 9686, which deployed persistent backdoors and tunneling tools. CISA added the bug to its Exploited Vulnerabilities catalog, urging rapid patching and compromise checks. Jen Easterly has been appointed chief executive officer of the RSA conference, taking charge of the event's global programming innovation initiatives and professional platforms. Easterly previously led the Cybersecurity and Infrastructure Security Agency, where she advanced Secure by design principles, launched the known Exploited Vulnerabilities catalog and strengthened public private coordination on ransomware. A former NSA White House and Morgan Stanley executive, Easterly steps into the role as RSAC prepares for its March 2026 conference in San Francis, expected to draw more than 40,000 attendees worldwide. We wish Jen Easterly all the best. Coming up after the break, our guest is Zach Casas from Ohio State University discussing GPS alternatives. Stay with us. Zach Casas is a professor at Ohio State University. He recently caught up with my N2K colleague Maria Vermazes from the T Minus Space Daily podcast to discuss GPS alternatives.

C

Zach I'm Zach Kassas. I'm a professor in the Electrical and Computer Engineering department at Ohio State University. I'm also a TRC Endowed Chair of Intelligent Transportation Systems and I'm a director of a U.S. department of Transportation center, which we call Carmen. It stands for the center for Automated Vehicle Research with Multimodal Assured Navigation. So I focus on resiliency and accuracy of navigation systems in a nutshell.

A

Excellent. Well, thank you so much for joining me today. And the reason we reached out to you is as you all know, you've been working on some very fascinating research that you co authored a paper on recently and presented at the IEEE Military Communications Conference in la. And this paper won the best paper the IEEE Frederick W. Ellersik Award. I'm trying to make sure I say the names all correctly for the best paper in the unclassified technical program. So congratulations. That is not a small accomplishment, but if you could give me a sense of the work that you've been working on because it's fascinating.

C

Yeah, well, thank you. So it is. Honestly it did caught me by a surprise. This is the first time I ever attended this conference myself. So it's not my, I would say home scientific community. So I was happy that the audience and the attendees and the awards committee appreciated the work. So this is a project that we started around 2017, which is I saw Leo is going to be booming in a good way and will change life as we know it on Earth. So with the birth they call it, they call mega constellations. So a lot of the purpose of these mega constellations, of course I call Star like the daddy of all mega constellations. They surpass 10,000 satellites in Leo. The purpose of these mega constellations is broadband connectivity anywhere on Earth, right. But for myself, which I'm as I said, interested in navigation systems, I saw an opportunity to, let's call it GPS 2.0, right. So GPS is a wonderful system. It had served us beautifully over the years since really the first launch in 1978. So people may not realize how old of a system it is. And it over delivered what the original designers intended it to do, but the limitations are null and in recent years it's been extremely vulnerable and we got so used to it in our daily lives and more importantly and more dangerously in safety critical systems like aviation, like military operations and so on. So I thought the answer is going to be, you know, I'm a big fan of the X Files, so they say the truth is out there. I said the truth will be out there. It will be in leo. There are these systems that maybe we can exploit for navigation. So we started this work in 2017. We started on satellite constellations before Starlink, so namely the Orbcom constellation and the Elidium constellation. We don't have as many satellites obviously as Starlink, but that was a good starting point and we learned a lot. So that when we went After Starlink in 2021, we were the first to demonstrate in the world that, hey, you can actually pinpoint your location to within about 10 meters or so with Starlink satellites alone. And that was the beginning of the journey which led us to this paper. So over the years we've taken this concept to ground vehicles. We've demonstrated you can navigate ground vehicles to meter level accuracy. With Starlink two summers ago, we demonstrated that on a high altitude balloon that flew in New Mexico, reaching nearly 80,000ft above ground level with Starlink signals alone. And then we started thinking, well, where else could we take this? We've also demonstrated it on UAVs on unmanned aerial vehicles. So that's a little, I would say a little boring by now. So we thought, where else could we take it? And the question that I kept getting asked is, what if you are in the middle of nowhere?

A

Yeah.

C

Right. So what if you are a plane flying over the ocean? What if you are sailing across the ocean and you lose GPS for one reason or another? So we thought, okay, let's take it to the ocean and let's take it somewhere very cold. That was in the news in the, I would say nine or so months ago, 10 months ago, and we took it to the Arctic. So GPS is not, I would say you don't have as much coverage from GPS satellites up in the polar region, right?

A

Yep.

C

And it's very, I would say, becoming a very contentious area. And it's important for us's national security. So really that was the big driver for my interest in the Arctic. So we took it to the Arctic. We wanted to see are the satellites really transmitting there and are their signals useful for exploitation for navigating a vessel? And to our surprise, they were not only useful, they were actually more beautiful. And this is a technical term, believe it or not, they're more beautiful than many places where we tested this. We've tested Starlink and looked at Starlink across the, from California to New Mexico to Ohio to Pennsylvania to Missouri. So, you know, we've seen enough of those signals. But what we saw in the Arctic was something else.

B

Wow.

A

Okay. So you said beautiful signal, which is. I don't think I've ever heard that phrase before, but I'm adding that to my lexicon because that's wonderful. So it makes me wonder about the nature of these signals. So I was reading in the press release that. But these are not purposely put out by Starlink. This is not Starlink doing. This is passive data. I mean, is this metadata? What exactly are these signals? Just so I can get a sense of what we're picking up on.

C

Yeah. So basically, Starlink transmits a comm signal. Actually, it's a communication signal, very similar to how your cell phone operates. And it's something called an OFDM frame. Right. So it's similar to 5G and even 4G protocol. Those signals, they are intentionally designed and perfected and optimized for communications. Now, if you want to use them for navigation, it's not straightforward, and that's what makes it a research topic. Right. If they were meant for navigation, then it's more of a design or an engineering concern. But what really got us curious about these signals is, first of all, you don't know what they are transmitting. They didn't disclose it. Like the fact that they are ofdm. That's something we discovered and published on, among others, in the literature. How do you use what they are transmitting to be able to navigate? Like, how do you design a receiver that can learn those signals and learn as much as possible from those signals and then allow you ultimately to navigate as if they are GPS satellites? Because that's what we are turning those satellites. And as you said, it's passive. We eavesdrop on the satellite. Starlink doesn't know that we are sniffing its signal and using it to navigate. That's one half or one part of the challenge is what do they transmit and how do you use it to navigate. The other half of the challenge is where the heck are these satellites? Right? You don't know precisely where they are in space. So GPS tells you precisely to within a meter or so where the satellite is in space. It is intended for you to navigate with it. So it gives you all the help you need. It tells you what the signals are, where the satellite is in space, and it also tells you a lot of the timing error and so forth. In fact, when we started working on this, we were using files with an accuracy of several kilometers. Oh, right. So you barely know where the. But in space world, this is good enough.

A

Yeah, yeah, right.

C

It's a vast. It's a Desert. Right. It's a vacuum. Whereas if you know something to within few kilometers, you cannot expect to know where you are to within few meters. Right. So we also solved what you call the ephemeris problems, where the satellites are in space at any point in time. So when you marry both together without help of Starlink or talking to them or working with them, we were able to more or less reverse engineer Starlink for position navigation in time.

A

That's fascinating. So that the implications of this, and I know the work is still ongoing, but it is a very known problem about how GPS jamming and spoofing is huge, very dangerous. You mentioned at the top of our discussion and the solutions to this there. I know in the market there are a lot of different directions of how people are trying to solve this, but the larger solution is usually we need to put up more resilient GPS satellite constellations. But in a way, this is essentially saying there is a completely different path. I'm wondering, in your estimation, is this a matter of years, decades? I mean, what do you think would be possible for using this for resilience?

C

So that's a good question. And I get asked this often, and this is why I like to think of the future of navigation or the different schools of thought of navigation. Especially if you want to look at leo, like putting more GPS satellites in mil in medium Earth orbit. That's not going to solve the problem. You're solving the problem that got us into the issues we have with the same thinking that got us into that problem to begin with. So that is something called physics. Right. You cannot simply. Yeah. You cannot simply just put a satellite there that transmits a much, much more powerful signal, you know, in an economical way or even in a physically engineered way. So that's why people got excited in leo. And I should say, you see, LEO for navigation is not a new concept. It's actually started with the satellite constellation called Transit. The first satellite constellation for navigation is called Transit. It's not gps, and it was in leo. So people knew that LEO is very attractive for navigation. The problem is you will need way more satellites in LEO than in NEO to be able to instantaneously know where you are anywhere on Earth. So back then, people had to wait for nearly an hour to get a position fixed. And I don't think in today's world, you know, you want to wait an hour to know where the closest coffee shop is.

B

Yeah.

A

Nobody's that patient.

C

Yeah. So it is not a new concept.

A

I think it's going to be fascinating to see. So I'm just curious if you've heard from the satellite operators at all or any of them.

C

We have, we have. We often get contacted by all kinds of people, including some of the big satellite operators. But technically the signal is out there, that's right the moment you transmit it. And we are only listening to what we call synchronization sequences. We are not listening to data traffic nor we have that capability or interest. So yeah, we have been contacted by some of these operators and they're aware of what we are doing. Actually some of them even learn about their system from what we do.

A

I was gonna say that's really neat. I mean, this is a really, it's a really interesting concept and I mean, I'm really looking forward to hearing the subsequent research that you all are working on as well. Because if the signal's there and it's a matter of just being able to pick it up, that that honestly sounds like an opportunity for a lot of these providers as well. So this is very fascinating. So I really appreciate you taking the time to explain it to me. So thank you again and all the best on your research. I look forward to hearing more.

B

There is an extended version of this interview running this weekend over on the T Minus Space daily podcast feed. Do check that out. The world moves fast, your workday even faster. Pitching products, drafting reports, analyzing data. Microsoft 365 Copilot is your AI assistant for work built into Word, Excel, PowerPoint and other Microsoft 365 apps you use, helping you quickly write, analyze, create and summarize so you can cut through clutter and clear a path to your best work. Learn more@Microsoft.com M365 copilot. And finally, our Nostalgia desk tells us the tech weary generation is rediscovering optimism circa June 2010 by dusting off the iPhone4, a device last unveiled when hope was high and cellular networks were slow. Online devotees praise its grainy photos as vintage, contrasting them with today's hyperreal images from modern phones. Introduced by Steve Jobs at Apple's 2010 developer conference, the phone has become something of a retro status symbol, with resale prices soaring and searches spiking. But nostalgia comes with consequences. Security experts warn that using a 16 year old smartphone is less retro chic and more assume breach. The device stopped receiving updates in 2014, long before modern protections existed. Apple considers such hardware obsolete, meaning no fixes, no parts, and no mercy. For purists determined to relive the vibe, experts suggest extreme digital minimalism, no accounts no apps, no web browsing, maybe no signal at all. Kind of like vinyl records. The iPhone 4 revival is less about technical superiority and more about longing for a simpler, more tangible era. Just as music fans accept pops, skips and careful handling in exchange for warmth and authenticity, retro tech devotees are embracing grainy photos, limited features and inconvenience as part of the charm. The appeal is emotional, not rational, a deliberate step backward from frictionless modern tech chosen for feel rather than function. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com a quick programming note we will not be publishing this coming Monday, January 19th, in honor of Martin Luther King's birthday, we'll be back in our usual routine on Tuesday the 20th. We'll see you then. Be sure to check out this weekend's Research Saturday and my conversation with Ben Folland, security operations analyst at Huntress. We're discussing their work. Click Fix gets creative malware buried in images. That's Research Saturday. Do check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here next week. Foreign. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly. I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26. I'll see you in San Francisco.