CyberWire Daily - A long day without bars.

Starting point is 00:00:00 You're listening to the Cyberwire Network, powered by N2K. Most environments trust far more than they should, and attackers know it. Threat Locker solves that by enforcing default deny at the point of execution. With Threat Locker Allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with Threat Locker, DAC, defense against configurations, you get real assurance that your environment is free, of misconfigurations and clear visibility into whether you meet compliance standards. Threat Locker is the simplest way to enforce zero-trust principles without the operational pain.

Starting point is 00:00:46 It's powerful protection that gives CISO's real visibility, real control, and real peace of mind. Threat Locker makes zero-trust attainable, even for small security teams. See why thousands of organizations choose Threat Locker to minimize alert fatigue, stop ransomware at the source, and regain control over their own. environments. Schedule your demo at Threatlocker.com slash N2K today. Verizon's hit by a major wireless outage. Poland blocks an attack on its power grid. A massive database of French citizens is exposed. Microsoft shuts down a cybercrime as a service operation. The UK backs away from digital ID plans. California probes GROC deepfakes.

Starting point is 00:01:44 The FTC settles with GM over location data. Palo Alto Networks patches a serious firewall flaw, plus John Serafini of Hawkeye on modern signals intelligence, and federal agents seize devices from a Washington Post reporter. It's Thursday, January 15, 26. I'm Dave Bittner, and this is your Cyberwire Intel briefing. Thanks for joining us here today. It's great as always to have you with us.

Starting point is 00:02:37 Verizon said it restored full service late Wednesday after a widespread wireless outage across the United States that lasted most of the day. The company apologized and said it would issue account credits, but did not disclose the cause, adding earlier that there was no indication of a cyber attack. According to Down Detector, customers began reporting problems shortly before noon in New York, with complaints peaking at more than 177. The most affected cities included New York, Houston, Atlanta, Dallas, and Miami. Smaller numbers of issues were reported by AT&T and T-Mobile users, partly due to call routing effects. The FCC said it was monitoring the outage, and FCC member Anna Gomez called for an investigation. Experts noted such disruptions are often linked to external factors, including third-party vendors or software deployment issue. issues. Poland said it stopped what officials described as the most serious cyber attack on its

Starting point is 00:03:44 energy infrastructure in years, narrowly avoiding a nationwide power outage. The late December attack targeted communications between renewable energy sites, including wind and solar installations and electricity distributors. Officials said the incident nearly caused a blackout and showed signs of coordinated sabotage, which they blamed on Russia. Ministers warned the tactic was new, could recur, and reflects rising threats to Polish infrastructure since Russia's invasion of Ukraine. Security researchers at Cyber News uncovered a massive exposed database containing tens of millions of records on French citizens, likely compiled from at least five separate data breaches.

Starting point is 00:04:31 The archive found on an unsecured. cloud server in France, included voter and demographic data, healthcare registry records, contact details, financial information, and vehicle data. Researchers believe a cybercriminal or data broker merge the datasets to increase resale value. The database was taken down after notification, but posed significant privacy and fraud risks. Microsoft said it has disrupted Red VDS, a cybercrime-as-a-service platform linked to fraud campaigns that caused more than $40 million in losses in the U.S. alone. In coordinated legal action with partners in the U.S. and, for the first time, the U.K., Microsoft seized Red VDS infrastructure on January 14th. The service sold low-cost access to disposable virtual servers used for fishing and business email compromise scams, impacting nearly 190,000 organizations worldwide, mainly in the U.S., Canada, and the U.K.

Starting point is 00:05:39 Microsoft said attackers used generative AI, deep fake video, and voice cloning to create realistic scams. International law enforcement, including Europol, supported the takedown, and Microsoft, urged victims to report incidents to help disrupt future cybercrime. The UK government has dropped plans to require workers to sign up for a new digital ID system to prove their right to work, following political backlash and falling public support. Instead, labor ministers say existing right-to-work checks using documents such as biometric passports will be fully digitized by 2029. The reversal is the latest, in a series of recent policy U-turns, drawing criticism from opposition parties and frustration

Starting point is 00:06:29 within labor's own ranks. Ministers insist mandatory digital checks will still apply, arguing they reduce fraud and illegal working compared to paper systems. The government now says digital ID should be framed more broadly as a tool to access public services, though details of how the system will operate remain unclear. California Attorney General Rob Bonta announced an investigation into X-AI over the alleged proliferation of non-consensual, sexually explicit images generated by its AI model, GROC. According to Bonta, GROC has been used at scale to create deep fake images that sexualize women and children without consent, often using publicly available photos and distributing the results online, including on X. reports cite Grok's explicit spicy mode as a contributing factor.

Starting point is 00:07:29 Bonta said the material has been used for harassment and may include child sexual abuse content, raising serious legal concerns. The investigation will examine whether X-AI violated state laws. Bonta emphasized California's zero-tolerance stance and reiterated his broader efforts to hold AI companies accountable for protecting children and preventing AI-enabled abuse. The U.S. Federal Trade Commission finalized a settlement with General Motors and its OnStar unit over allegations that they collected and sold driver's location and behavior data without consent. The FTC said millions of vehicles transmitted precise geolocation and driving

Starting point is 00:08:15 data every few seconds via OnStar's smart driver feature, which was marketed as a self-assessment tool. The data was sold to third parties, including insurers. The order bans certain data sharing for five years and requires explicit consent, greater transparency, and consumer controls for 20 years. Paloato Networks has patched a high severity vulnerability that could allow unauthenticated attackers to trigger denial of service attacks and force firewalls into maintenance mode. The flaw affects next-generation firewalls running PanOS 10.1 or later, as well as Prisma Access deployments with Global Protect enabled. The company said most cloud-based Prisma Access customers have already been upgraded,

Starting point is 00:09:06 with remaining upgrades scheduled. While nearly 6,000 Palo Alto firewalls are visibly online, there is no confirmation of active exploitation. Palo Alto Networks has released fixes for all affected versions and urges administrators to update promptly. The disclosure comes amid continued attention on Palo Alto firewalls, which have been repeatedly targeted in recent years by both Zero Day and denial of service attacks.

Starting point is 00:09:36 Federal agents searched the home of Washington Post reporter Hannah Nattensen this week, seizing her personal and work devices in a leak investigation that's alarmed press freedom advocates and security professionals alike. The FBI says Nattanson is not a target, but the search was tied to a government contractor accused of improperly retaining classified materials and allegedly messaging the reporter. Such raids on journalists are exceptionally rare, and critics say they send a chilling message to reporters and sources. Beyond the constitutional concerns, the incident underscores a practical lesson for journalists and professionals everywhere,

Starting point is 00:10:22 encrypt both personal and work devices, and assume sensitive data may one day face government scrutiny. With policy changes weakening long-standing protections for reporters' records, Digital security is no longer just best practice. It is a frontline defense for press independence. Advocacy groups warned the move risks deterring vital reporting and eroding trust between journalists and their sources. Coming up after the break, John Serafini from Hawkeye-360 discusses modern signals intelligence.

Starting point is 00:11:06 And when emails fail, try the CEO's password. Stay with us. On game day, pain can hit hard and fast, like the headache you get when your favorite team and your fantasy team both lose. When pain comes to play, call an audible with Advil plus acetaminophen and get long-lasting dual-action pain relief for up to eight hours. Tackle your tough pain two ways with Advil plus acetaminopim. Advil, the official pain relief partner of the NFL.

Starting point is 00:11:46 Ask your pharmacist at this product's rate for you. Always read and follow the label. John Serafini is founder and CEO of Hawkeye 360. He recently sat down with my colleague Maria Vermazas on the T-Minous podcast to discuss commercial signals intelligence. Here's their conversation. I'm John Serafini. I'm the founder and CEO of a company named Hawkeye 360. It's about a decade old.

Starting point is 00:12:18 We started in 2015 timeframe. We just hit 10 years. The company performs on-orbit commercial signals intelligence. We have a constellation of 30 plus satellites that very uniquely flying clusters of three. So think one satellite out front, a second satellite behind a couple hundred kilometers, you're talking about 550 or so kilometers in low Earth orbit. And then a third satellite that oscillates back and forth between the two and a cross-track maneuver. And that satellite architecture allows us to geolocate signals.

Starting point is 00:12:59 Basically, any signal emitting on the face of the earth or in the air or in space, above a watt and power generally, between 30 megahertz and 18 gigahertz, we can detect it, we can process it, we can geolocate, we can analyze it, and we can convert that into actionable intelligence for our customers. And our customers are principally governments, defense, intelligence, national security, some humanitarian and sustainability applications as well, but we're really built from the bottom up to support government users. As for myself, I've been a national security-oriented venture capitalist and small company operator for about 20 years. Previously, I was a U.S. Army

Starting point is 00:13:42 infantry officer and a proud graduate of the United States military camp. Well, it's so wonderful to speak with you and meet you, John. Hawkeye-360 is such an incredible company, And you all have just closed some fantastic news, both completing the acquisition of innovative signal analysis and also closing a Series E. Congratulations. I'm wondering if you can walk me through both these pieces of news. Yeah, thank you so much.

Starting point is 00:14:08 Enormous value created when we close those deals, and they represent, yeah, geez, in some cases, two years worth the work. We've long been in the minds of ISA. It's a wonderful company that for 30 years has been supporting the U.S. defense customer base in providing the very best processing of certain types of space-based RF data and converting that into intelligence products for the U.S. government. So it's a company with an exquisite set of technologies in processing that we're very excited to be able to acquire. very infrequently do you see an acquisition occur that's so perfectly fit between two companies, right? We have our own commercial constellation of satellites that produces RF data.

Starting point is 00:15:03 We have our own commercial platform for processing and analyzing that data. And ISA is truly the best in the world at doing the processing off of certain other types of data that when fused together, it makes our own processing capabilities that much better for our customers, both the U.S. government and now international. We'll be able to better classify different signals, be able to automate the detection of new signal of interest waveforms, and be able to perform geolocation at even better rates than previously was available. So from a strategic fit, this is a home run. Now to finance it, because a great company like ISA is not cheap, we need to go off and raise some capital, recognizing that we're further along

Starting point is 00:15:48 in our development and that the debt markets are available to us, we wanted to kind of split the cost between debt and equity. And so we were able to raise a series E-round from a phenomenal new investor named Center 15, and then couple them with a fellow co-lead in Night Dragon, who's been a great investor for us for the past five years. And they co-led the series E-round together along with some other investors. With that, we then paired a significant amount of debt. from excellent lenders, SVB, and Hercules. So those organizations coming together provide the capital in part for us to acquire the company

Starting point is 00:16:28 and off we go. Fantastic. Well, thank you for that fantastic context. And I'm wondering, just going back to the acquisition of ISA before we'll get into sort of the funding side of things, both are fascinating threads. I'd love if you could help me understand the importance of understanding complex RFFSA, activity. This seems to dovetail really well with the acquisition of ISA and also what Hawkeye

Starting point is 00:16:53 360 has been doing. The environment is ever noisier, and you all are very well known for helping people understand and cut through that noise. So can you help me understand that a bit? Yeah. So, I mean, think of basically two value chains. On the commercial side, you've got the paradigm of Hawkeye putting satellites into space. We own 30 plus satellites in space that generate an enormous amount of RF data. It's all commercial. It's all privately owned by Hawkeye. And then below that in the value chain is Hawkeye doing all of that processing and analyzing the data converting it into actionable intelligence products. And we have a suite of different offerings from raw IQ data all the way to finish intelligence products

Starting point is 00:17:33 for certain domains that we offer to customers. That's one value chain. On the second, think about the U.S. government paradigm where the U.S. government spends a significant amount of money with traditional defense industrial-based entities like North or Blockheed and Raytheon, Boeing, etc. to build certain types of sensors. Those sensors generate data and that data gets analyzed and processed by companies. The very best of those companies in our mindset is this company ISA. So you have a paradigm now of where Hawkeye dominates the commercial value chain, not just collection but processing. It now has a really important position within the U.S. government chain for signals intelligence where we're now doing the processing workforce.

Starting point is 00:18:18 certain U.S. government customers. I think that collectively matching those two together enables us to really unlock a lot of value for our customers. And I'm wondering about that processing what the two-year, five-year, the look-ahead for that looks like in terms of capabilities, because, again, the potential there is huge. And I imagine you all are busy planning around that, too. Yeah, so one of the reasons for the acquisition, Maria,

Starting point is 00:18:44 was this is shovel-ready. The technologies can be integrated together. They're very nicely overlapping, and we can start generating incremental value for our customers, both the U.S. government and international, right off the bat. I mean, there's a little bit of time of technical development work that's got to be invested, but we've done a lot of work to analyze the value of their processing and how well it fits with our RF data to feel extremely confident that this is going to be a one plus one equals a lot more than two outcomes.

Starting point is 00:19:16 for the company. So great acquisition for both ISA and for Hawkeye and hopefully as well for our customers. Thank you for that. And I'd love to switch a little bit to sort of the investment side of things. It was very interested and I know Night Dragon's been a big supporter of Hawkeye 360 for quite some time. If you could tell me about a little bit about the investors that were part of this round, including Night Dragon, I'd love to hear about that. Sure. Well, I can't ask for a better set of investors than we have in the series E-round. Night Dragon led our series C round. This is Dave DeWalt and Ken Gonzalez, and they've been fantastic members of our cap table. And in both cases, have been a wonderful provider of corporate governance on our board. I've been blessed to have

Starting point is 00:20:06 Night Dragon on our cap table. And I wish for all of my defense tech peer companies, for them to have investors as great as Night Dragon. That's thing one. Thing two is I'm exceptionally pleased to welcome Center 15 to our cap table. Ian Weiner is the lead here at Center 15. He's been investing in fantastic defense technology companies for many years. Extremely thoughtful and very well known on Wall Street, given his background there. And the breadth of his limited partners is very significant and will be very helpful to Hawkeye as we grow further. They're so exceptionally pleased to have Ian involved with Hawkeye as well as the co-lead at Center 15. So those two together, plus our fantastic LPs who have been investing in Hawkeyes since the beginning, such as Shield Capital and others, you know, were very fortunate to have them participating so meaningfully in this Series E round.

Starting point is 00:21:02 And I'm curious, something that was mentioned in the release about the Series E was about how the acquisition actually I should mention with ISA, the big differentiator here seems to be on improving signal processing, as you've mentioned several times, as opposed to just increasing satellite capacity. Can you talk a bit about that differentiation? Because it is an interesting angle, and we often hear more about just more satellite capacity. And this seems to be about also getting a lot smarter, right?

Starting point is 00:21:28 Yeah, that's a great question. I mean, ultimately, they're not mutually exclusive. We need to build lots of collection capacity and lots of new sensors in space, as well as other domains, right? like, you know, we want to dominate from geo all the way down the ground. We want to be the best in the world at collecting lots of different types of RF data and fusing it all together and doing the processing and the analysis. And so that will include over time, I would believe, sensors terrestrily, sensors airily, sensors in space,

Starting point is 00:21:59 and being able to operate those at cost-effective means. I mean, we don't want to invest a significant amount of capital for stuff that's not unique, and not cost efficient. So we're very thoughtful about the sensors that we build, and we have a robust plan for building out our architecture over the next couple of years. But that's definitively on its own pathway, and that architecture has been well known for us for a while,

Starting point is 00:22:24 and we're executing against our playbook to do that. At the same time, there's two sides of this coin. There's the RF data and that best-in-class RF raw data that we collect with these sensors, and there's what we can do with it. Like, how do you convert that into something that's understood and valuable to customers? I mean, RF data is not understandable

Starting point is 00:22:47 by a typical human unless you analyze it through the certain processing tools that we have available to us. It's not like an image where you can take a picture from space and look at, you're like, okay, there's 15 cars in that parking lot.

Starting point is 00:23:00 I understand that intuitively. If I deliver to you raw IQ data from space, you're looking at a bunch of weird stuff. It's not until you actually do the processing and the analysis that you can start to extract intelligence about what might be occurring, which is always related to human activity, right? Because a lake doesn't naturally emit RF, a bear doesn't key a Mike. It comes when you see RF activity, you know it's from a human or some set of humans or some set of vehicles or other apparatus that's tied to human activity. And if you look at long enough, as you know, you start to understand human activities. and you can start to extract information about or assess information about intentions,

Starting point is 00:23:42 which is really the holy grail here, is when you've developed an exquisite set of sensors, and you compare that to really great processing capabilities. The faster you can get access to that data, and the faster the revisit rate, and then be the very best at geolocating those emitters and converting that into actionable intelligence, that's the basis of extremely high-quality,

Starting point is 00:24:06 competitive long-term going concern for signals intelligence, which is our goal. And you've mentioned in our conversation a lot of things that I think would be considered force multipliers, and I'm curious what other things you're considering are thinking about for the future that are force multipliers like that. Sure, sure. So a couple of items. I mean, obviously getting the revisit rate down is an important metric. So the more satellites you have overhead, depending upon what orbits they're in, the faster

Starting point is 00:24:34 you can be over any given spot on Earth. so that you can increase the tactical relevance of that data. Secondly, how quickly can you get the data down on the ground, right? You can address that through data, the ground station densifications. You can address that through onboard processing. You can address that through cross-links and being able to use mesh relay networks to move that data down to the warfighter, the intelligence analyst, that much faster. Those are two key levers that we're constantly pushing on.

Starting point is 00:25:05 And if you were to unpack our long-term vision for our architecture, you see we're constantly looking to optimize the revisit rate and we're constantly looking for ways in which to get that data down to the ground faster. So that's on the space-based part, the sensor part, because we're already going to look at other sensory types. But at the same time, the ability to process that data and convert it into the actionable intelligence using our official intelligence, you know, AI, machine learning, that's extremely valuable to us. And that comes to the third lever, which is the amazing people that I get a chance

Starting point is 00:25:39 to work with. And we have today now 400 individuals working within Hawkeye and ISA together combined. These are some of the world's experts in signals intelligence who live in, who just live to access RF data and convert it and to process it. And so we've been able to pull together 400 of these exceptional, thoughtful individuals. And we look forward to working with all of them into the future. You can hear more of the conversation between Maria Vermazas and John Serafini from Hawkeye 360 on the T-Minus podcast wherever you get your favorite podcasts. And finally, for over a year now, researchers have warned that hackers and old-fashioned

Starting point is 00:26:41 organized crime are teaming up to turn cyber flaws into stolen cargo. with the occasional truckload of vapes or missing lobsters as proof of concept. Enter Blue Spark Global, a little-known New York shipping tech firm whose software quietly helps move a sizable chunk of the world's goods. Unfortunately, it also left the digital equivalent of the warehouse doors wide open. Security researcher Eaton Zveri discovered that Blue Spark's platform exposed plain-text passwords admin access, and decades of shipment data through an unauthenticated API. Reporting the flaws proved harder than finding them.

Starting point is 00:27:25 After weeks of unanswered messages, attention finally followed when TechCrunch demonstrated the risk by emailing part of the CEO's password. Blue Spark says the bugs are fixed and new security policies are coming. There's no evidence of misuse, according to the company, though the episode neatly illustrates how cybercrime sometimes thrives less on brilliance and more on silence. And that's the Cyberwire. For links to all of today's stories,

Starting point is 00:28:13 check out our daily briefing at the cyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to Cyberwire at N2K.com.

Starting point is 00:28:37 N2K's senior producer is Alice Caruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Keltsman. Our executive producer is Jennifer Eibon. Peter Kilphe is our publisher, and I'm Dave Bittner. Thanks for listening.

Starting point is 00:28:52 We'll see you back here tomorrow. If you only attend one cybersecurity conference this year, make it R-SAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands-on learning, and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges

Starting point is 00:29:43 and shaping what comes next. Register today at rsacconference.com slash cyberwire 26. I'll see you in San Francisco.

CyberWire Daily - A long day without bars.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.