CyberWire Daily - FCC resets cyber oversight.
Episode Date: November 3, 2025The FCC plans to roll back cybersecurity mandates that followed Salt Typhoon. The alleged cybercriminal MrICQ has been extradited to the U.S. Ransomware negotiators are accused of conducting ransomwar...e attacks. Ernst & Young accidentally exposed a 4-terabyte SQL Server backup. A hacker claims responsibility for last week’s University of Pennsylvania breach. The UK chronicles cyberattacks on Britain’s drinking water suppliers. Monday business brief. Our guest is Caleb Tolin, host of Rubrik's Data Security Decoded podcast. Hackers massage the truth. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Caleb Tolin, host of Rubrik's Data Security Decoded podcast, as he is introducing himself and his show joining the N2K CyberWire network. You can catch new episodes of Data Security Decoded the first and third Tuesdays of each month on your favorite podcast app. Selected Reading FCC plans vote to remove cyber regulations installed after theft of Trump info from telecoms (The Record) Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody (Krebs on Security) Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says (Chicago Sun Times) Ernst & Young cloud misconfiguration leaks 4TB SQL Server backup on Microsoft Azure (Beyond Machines) Penn hacker claims to have stolen 1.2 million donor records in data breach (Bleeping Computer) Hackers are attacking Britain’s drinking water suppliers (The Record) JumpCloud acquires Breez. Chainguard secures $280 million in growth financing. Sublime Security closes $150 million Series C round. (N2K Pro) Hackers steal data, extort $350,000 from massage parlor clients (Korea JoongAng Daily) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Risk and compliance shouldn't slow your business down.
Hyperproof helps you automate controls, integrate real-time risk workflows,
and build a centralized system of trust so your teams can focus on growth, not spreadsheets.
From faster audits to stronger stakeholder confidence,
hyperproof gives you the business advantage of smarter compliance.
Visit www.hyperproof.io to see how leading teams are transforming their GRC programs.
At TALIS, they know cybersecurity can be tough and you can't protect everything.
But with TALIS, you can secure what matters most.
With Talis's industry-leading platforms, you can protect critical applications, data, and
identities, anywhere and at scale with the highest ROI.
That's why the most trusted brands and largest banks, retailers, and healthcare companies in the world
rely on Talis to protect what matters most.
Applications, data, and identity.
That's Talas.
T-H-A-L-E-S.
Learn more at Talisgroup.com slash cyber.
The FCC plans to roll back cybersecurity mandates that followed Salt Typhoon.
The alleged cyber criminal Mr. ICQ has been extradited to the U.S.
Ransomware negotiators are accused of conducting ransomware attacks.
Ernst & Young accidentally exposed a 4-terabyte sequel server backup.
A hacker claims responsibilities for last week's University of Pennsylvania breach.
The UK Chronicles Cyberattacks on Britain's drinking water suppliers.
We've got our Monday business brief.
Our guest is Caleb Tolan, host of Rubrics Data Security Decoded podcast.
And hackers massage the truth.
It's Monday, November 3rd, 2025.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Hello, and thanks for joining us here today.
It's great as always to have you with us.
The Federal Communications Commission plans to rescind several cybersecurity mandates
introduced after the Salt Typhoon hacking campaign,
in which Chinese state-backed actors breached major U.S. telecoms to steal communications
involving Donald Trump, J.D. Vance, and other officials.
The rules issued in January, required carriers to implement formal risk management plans
and certify compliance annually.
FCC Secretary Marlene Dorch
called the measures legally erroneous
and overly broad,
arguing they imposed
inflexible, redundant requirements
regardless of company size or risk profile.
Instead, the FCC said
it will emphasize voluntary collaborative
cybersecurity efforts
through public-private partnerships.
Telecom companies told the agency
they have already strengthened defenses,
citing,
patching, tighter access controls, and expanded threat sharing with U.S. agencies.
Critics, including Senator Mark Warner, warned that weak oversight contributed to what he called
the worst telecom hack in our nation's history. The FCC will vote on the rollback, November 20th.
Ukrainian national Yerli Ripsov, known online as Mr. ICQ, has been extradited to the U.S. after his
arrest in Italy for his role in the Jabber Zeus cybercrime group, Krebson security reports.
Indicted in 2012, Ribsoff allegedly helped develop and operate a modified version of the
Zeus banking trojan that stole tens of millions of dollars from U.S. businesses through
man in the browser attacks. The malware intercepted online banking data, enabling the group
to redirect payroll funds through networks of money mules. Investigators say Ripsov has
helped manage victim notifications and launder stolen funds.
His former associate, Vykaslav Penkov, was sentenced in 23 to 18 years in prison.
The Jabber-Zus operation is also linked to Maxim Jakobetz, leader of Evil Corp,
a Russian-based gang responsible for over $100 million in global financial theft.
Two U.S. cybersecurity professionals have been indicted for allegedly conducting ransomware attacks
while employed to negotiate with cybercriminals.
Prosecutors say Kevin Tyler Martin,
a former ransomware negotiator at Digital Mint,
and Ryan Clifford Goldberg,
an incident response manager at Cignia,
conspired with another Digital Mint employee
to extort millions from multiple organizations
between May 2023 and April 2025.
The group reportedly infected a Florida medical firm
demanding $10 million and ultimately stealing $1.2 million in cryptocurrency,
which they laundered through mixers and digital wallets.
They also targeted companies in Maryland, California, and Virginia.
Both men have been charged with conspiracy, extortion, and damaging protected computers.
Digital Mint fired the suspects and cooperated with the FBI,
stressing that no client systems were compromised.
Goldberg is in custody, Martin,
was released on bond.
Ernst & Young accidentally exposed a 4-terabyte SQL server backup on Microsoft Azure,
discovered in October 2025 by Dutch firm Neo-security during attack surface scans.
The leak traced to a misconfigured cloud storage instance from an EY-Italy acquisition
left the massive file publicly accessible.
EY said no client or confidential data was compromised and attributed the
issue to an isolated system outside its global network. The exposure's contents and duration
remain unclear, though the file was confirmed unencrypted. A hacker has claimed responsibility
for the University of Pennsylvania breach that led to offensive We Got Hacked emails sent to alumni
and students last week. The attacker says the intrusion exposed data on 1.2 million donors,
students, and alumni, including personal and demographic details, donation history, and estimated
net worth. Using a compromised employee's pen-key SSO credentials, the hacker allegedly accessed
Penn's Salesforce, SAP, Kulik, SharePoint, and VPN systems before being locked out. They then
used Salesforce Marketing Cloud to send mass emails to about 700,000 recipients. The hacker denies
political motives, saying their goal was Penn's donor database, which they may release later.
Penn confirmed it is investigating, while experts urge donors to watch for fishing and fraudulent
solicitations. Hackers have launched five cyberattacks on Britain's drinking water suppliers since
24, the highest number in any two-year span, according to data from the Drinking Water Inspectorate.
While none disrupted water safety, the incidents targeted the organizations behind critical infrastructure, underscoring growing cyber risks.
The attacks were voluntarily reported, despite not meeting the threshold under the NIS regulations, which only mandate disclosure if essential services are disrupted.
Officials plan to lower that bar through the upcoming cybersecurity and resilience bill.
Experts praised the voluntary transparency, citing the importance of the importance of the bill.
of sharing intelligence about ransomware and industrial control system threats.
Britain's National Cybersecurity Center urges utilities
to strengthen segmentation between IT and operational systems
to reduce future attack impact.
Turning to our Monday business brief,
the cybersecurity sector saw a wave of acquisitions and funding rounds last week.
Jump Cloud acquired identity threat detection firm Breeze
to expand its ITDR capability,
while Presidio agreed to buy Irish MSP ergo, strengthening its U.K. and Ireland presence.
MTX Group acquired Verify ID AI, boosting its AI-based identity verification offerings.
Do It purchased Israel's cloud-wise to integrate compliance and security with cloud management,
and Advent partners took a majority stake in Australian MSPFX.
Meanwhile, Insight Enterprises plans to acquire Sydney-based Securo to grow its APEC cybersecurity footprint.
On the funding front, ChainGuard raised $280 million to accelerate software supply chain security adoption,
and Sublime Security secured $150 million for AI-driven email defense.
Other raises include Conductor 1 with $79 million, Sim Space, $39 million, Nexosac,
AI, 30 million, Cyber Ridge, 26 million, Darwin AI, 15 million, Akuru, 10 million, and Polygraph
at $9.5 million. Be sure to check out our complete weekly business brief, part of CyberWire
Pro, on our website.
Coming up after the break, my conversation with Caleb Tolan, host.
of Rubrics Data Security Decoded podcast,
will have a preview of his show
debuting right here on the N2K CyberWire Network.
And hackers massage the truth.
Stay with us.
What happens when cybercrime becomes as easy as,
shopping online.
SpyCloud's Trevor Hillegas joined Dave Bittner on the CyberWire Daily
to explain how a wave of cybercrime enablement services
are lowering the barrier to entry
and making sophisticated attacks available to anyone.
I think it's a pretty good general term that describes kind of an umbrella
of tools and services that I would kind of tag as criminal or criminal adjacent.
Instead of having sort of the smaller pool,
of high sophistication actors that are able to kind of carry out these really vast and costly
cyber attacks.
You know, we see that being given to much lower sophistication, lower tech folks that are,
you know, a much lower barrier to entry to get into this field.
The person that's buying access to this, they basically need a phone and a Bitcoin wallet.
Make sure you hear this full conversation and learn how the underground
economy is reshaping cyber risk.
Visit explore.
Thecyberwire.com slash spy cloud.
That's explore.
Thecyberwire.com slash spy cloud.
What's your 2am security worry?
Is it, do I have the right controls in place?
Maybe are my vendors secure?
Or the one that really keeps you up at night?
How do I get out from under these old tools and manual processes?
That's where Vanta comes in.
Vanta automates the manual work,
so you can stop sweating over spreadsheets,
chasing audit evidence, and filling out endless questionnaires.
Their trust management platform continuously monitors your systems,
centralizes your data,
and simplifies your security at scale.
And it fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time.
With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep.
Get started at Vanta.com slash cyber. That's V-A-N-T-A-com slash cyber.
Caleb Tolan is host of Rubrics Data Security Decoded podcast, which is joining the N2K CyberWire Network.
Here's our conversation.
Caleb, welcome to the show.
Very excited for your new podcast.
This is Rubrics Data Security Decoded podcast.
Happy to have you with us today.
Thank you for having me.
I'm incredibly excited to chat with you more about it.
We have some really interesting conversations on the podcast.
podcast. And I think this will be a productive conversation. Well, we're excited to have the show
join us here on the N2K CyberWire Network. Tell us about the origin story of this podcast. What did
you set out to do? Yeah, so we started the podcast when Rubrik, the company sponsoring the podcast,
launched our research division, Rubrik Zero Labs. And Rubrik Zero Labs started with the mission
to provide vendor agnostic, actionable insights to reduce data security risk.
and improve cyber resilience outcomes.
And while we've kind of expanded our credo
a little bit outside of just focusing
on the Rubrik Zero Labs research,
we do include all of that
and like to feature the interesting insights
that that organization creates.
We also have brought in so many interesting guests
across threat intelligence, cyber policy,
the defender world as well,
kind of on the enterprise side.
And we ultimately are still striving
towards improving cyber resilience outcomes
for our listeners
and providing those actionable, actionable insights for our listeners.
Well, help me understand the mix that you're looking to achieve here.
I mean, how much of it is technical, how much of it is conversations about folks' experiences?
Yeah, it's a nice mix of all of it because we want to provide kind of that cutting edge in real-time research
from the cyber researchers and the community out there of threat intelligence analysts who are finding
new vulnerabilities, new tactics from threat actors, but we also want to have the conversation
with cyber policy writers and the folks who are actually crafting policy, not here just in the
U.S., but also globally as well, because so many of our listeners come from Europe or Asia, where
honestly, if you're operating a multinational company, there's so many challenges you have
from a regulatory standpoint. It's important to have those policy conversations as well and have
that perspective mixed in so that our listeners are fully informed. And from there,
two, we also want to speak with the defenders themselves and hear their stories from the
front lines. We want to have the conversations with the folks who are in the socks, who are
doing the fingers on keyboards work. And we also want to have the strategic conversations with
the CIOs, CSOs, CTOs, chief data officers, all of these folks who are at the more board level
because there's also this conversation to be had about communicating as a technical leader to
non-technical leaders and speaking the language of business and speaking the language of risk.
So we kind of are balancing all of these conversations within the podcast, which is sometimes
a little tricky because we're publishing an episode usually twice a month. So there's a lot of
content that we have to get out there. And I know folks are hungry for, but that's kind of the
mix that we're looking to get. Well, can you give us a preview of some of the episodes you have
coming up and some of the folks you're going to be talking to? Yes, absolutely. Actually, we have an
episode going out tomorrow with Lauren Zabrick, who was formerly at SISA. Now she runs another
organization that is kind of continuing some of her mission and her work that she was performing at
Sisa and through the Share the Mic and Cyber program as well, which is a kind of subsidiary of
New America, helping elevate different underrepresented communities in the cybersphere and
talking about policy and technology and how these worlds intercollide, if you will. And so that
one's going live tomorrow and they are doing some really interesting work at her organization.
So I highly recommend folks give that a listen. We're going to be talking about secure by design,
secure by demand. And really, it's a conversation about securing the software supply chain for
organizations and for ultimately end customers. And then we also have some interesting insights
from some cyber researchers coming. I don't want to tease too much of it because I don't want to give
away the full story. But some interesting insights about how different counties and local governments
are uniquely impacted by this geopolitical landscape because they're oftentimes the targets
from very sophisticated cybercrime groups and threat actors, state-sponsored oftentimes,
but these organizations are critically underfunded and under resources and understaffed.
So how these organizations operating critical infrastructure, because counties,
And local governments, oftentimes are the ones running, our water supply systems, our electrical grids, all sorts of critical services, how they can secure these critical systems while being underfunded and under-resourced.
So those are two episodes we have coming up soon. I am very eager to get those out and hope folks enjoy the insights that we glean from those.
It sounds interesting. I've had the pleasure of interviewing Lauren Zabrick several times over the years.
and every conversation I've had with her is time well spent.
Yes, yeah. Lauren's great.
Shout out to Lauren.
I'm sure you're listening and many folks in the Cyberwire world I know
are familiar with her and the great work that she's done.
Well, Caleb, tell us a little bit about yourself.
Where did you get started in all this?
And what led you to where you are today?
Yeah, so funny enough, going back to when I was in college,
actually, I did not at all pursue an education in the technical sphere.
I spent most of my time studying musical theater, actually,
and I'd say that was about three years of my time in school.
And, you know, I'm a lifelong theater, theater nerd, if you will,
love seeing shows when I can and participating to some extent
and definitely having a lot of jams out in the car
to different musicals and soundtracks.
You know, I kind of made a transition to focus more on communications
and actually political science.
So when I graduated, I was looking at.
looking to go into the D.C. area and kind of help, you know, make an impact from a policy
perspective in a political standpoint. And ultimately, that was not for me. I mean, I thought I was
going to go up. I don't know if you've seen the TV show scandal. But I was planning to go up
to D.C. and be the next Olivia Pope. And that did not work out for me. And I didn't, that wasn't
the right path for me. So I ended up actually kind of stumbling my way into working.
in this enterprise tech world.
And I, most recently, prior to my current role,
was over at Nutanix.
And that was my big introduction
to the world of enterprise technology, cloud computing,
and my first exposure to this world.
And I've been at Rubrik for a little over four and a half years now,
and it's been really exciting to see
the more niche area of cybersecurity,
because it's obviously such a dynamic field to be in
because we're sitting here, we're talking about technology, but we're also talking about
policy. We're talking about even the psychology of what it's like to be a defender and the toll that
it takes on you as oftentimes a very mission-driven person. And so going back to that original
background, starting in theater, something that we learned a lot about in school was focusing on
listening and reacting and being very present in real time and telling a really impactful story.
And so that is why I think that this.
opportunity to do this podcast and share the stories of so many people who are doing really
critical work for our critical infrastructure, for our national security, for our global
political ecosystem is a really interesting and intriguing feat. Well, I'm a theater kid myself,
and I have to say all those lessons I learned along the way have served me well in my own job
here, interviewing and reporting and doing all the things I do here. So it sounds like,
You are well-equipped and on your way.
Yeah, yeah.
Well, what's your favorite show?
Do you have a favorite one?
I think it's hard.
In terms of musicals, it's hard to beat the Music Man.
Very nice.
Very nice.
I remember in high school, it was going to be a production that we were going to do.
And then ultimately, it fell through the cracks and we weren't able to pull it off.
So that was a little unfortunate.
But it is a great show and a classic, for sure.
One of my favorites is Big Fish, which is a musical based off of the movies.
if anybody's seen it.
I mean, it's incredible.
I actually haven't even seen it in person.
I've just seen, you know, bootleg clips and listen to the music,
but it's just an incredible way to tell a very mystical and magical story
and navigating a interesting and dynamic relationship between father and son.
I think it's just a beautiful story and it's a beautifully done show.
I also got to see, I mentioned this in one of our recent episodes,
because I like to talk about things that people are obsessed with outside of cyber,
but I was recently in New York and got to see O'Mary with Jinks Mansou,
who was playing Mary Todd Lincoln at the time, and that was a play, not a musical, but it was
just exceedingly hilarious. And it's a very, very good show. So love it. Love meeting a fellow
theater nerd. Yeah. Well, there's nothing like live theater. And Caleb Tolan is host of Rubrics
Data Security Decoded podcast. They are joining us here on the N2K Cyberwire Network. You can find
that wherever you get your favorite podcast. Please do check it out. Caleb, thanks so much for joining
Thank you, Dave.
That's Caleb Tolan, host of the Data Security Decoded podcast from Rubrik.
Be sure to check it out wherever you get your favorite podcasts.
And finally, South Korean Police,
have busted a fishing gang with a particularly creative business model,
blackmailing people over massage videos that never existed.
According to the local provincial police agency,
a hacker in his 30s and three 20-something accomplices,
stole client data from a massage parlor owner's phones,
then used it to threaten 62 victims with imaginary footage of their visits.
Their script, pay up, or your massage session,
goes viral. Police traced the group to a local office packed with burner phones, laptops,
and what must have been a very awkward to-do list. The hacker, already in custody for another
cybercrime, was joined by ten helpful accomplices who managed everything from hiding fugitives
to laundering the loot. Authorities say the gang's operation has been permanently shut down.
No patch or update required.
And that's the Cyberwire.
For links to all of today's stories, check out our daily briefing at the Cyberwire.com.
Don't forget to check out the Grumpy Old Geeks podcast where I contribute to a regular segment on Jason and Brian's show every week.
You can find Grumpy Old Geeks where all the fine podcasts are listed.
we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights
that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show,
please share a rating and review in your favorite podcast app. Please also fill out the survey
in the show notes or send an email to Cyberwire at N2K.com. N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman.
Our executive producer is Jennifer Ibin.
Peter Kilpe is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
Thank you.