CyberWire Daily - Who turned out the lights?
Episode Date: January 16, 2026Who turned out the lights in Venezuela? The European Space Agency confirms a series of cyberattacks. Dutch police nab the alleged operator of a notorious malware testing service. The U.S. and allies i...ssue new guidance on OT security. Researchers warn of automated exploitation of a critical Hewlett-Packard Enterprise OneView flaw. TamperedChef cooks up trojanized PDF documents to deliver backdoor malware. A bluetooth vulnerability puts devices at risk. Cisco patches a maximum-severity zero-day exploited since November. Jen Easterly heads up RSAC. Our guest is Zak Kassas from Ohio State University, discussing GPS alternatives. Vintage phones face modern problems. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Maria Varmazis from T-Minus pace sits down with Zak Kassas from the Ohio State University to discuss the study “Navigating the Arctic Circle with Starlink and OneWeb LEO Satellites”.This conversation is a preview of tomorrow’s Deep Space episode from T-Minus Space Daily. Selected Reading Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities (The New York Times) Sensitive European Space Agency Data Leaked to the Dark Web by String of Cyberattacks (IBTimes UK) Operation Endgame: Dutch Police Arrest Alleged AVCheck Operator (Hackread) CISA, Allies Sound Alarm on OT Network Exposure (GovInfo Security) RondoDox botnet exploits critical HPE OneView bug (The Register) TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals (Infosecurity Magazine) WhisperPair Attack Leaves Millions of Bluetooth Accessories Open to Hijacking (SecurityWeek) Cisco finally fixes AsyncOS zero-day exploited since November (Bleeping Computer) Former CISA Director Jen Easterly Appointed CEO of RSAC (SecurityWeek) iPhone 4 makes comeback — but experts warn of security risks (New York Post) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Most environments trust far more than they should, and attackers know it.
Threat Locker solves that by enforcing default deny at the point of execution.
With Threat Locker Allow listing, you stop unknown executables cold.
With ring fencing, you control how trusted applications behave.
And with Threat Locker, DAC, defense against configurations, you get real assurance that your environment is free,
of misconfigurations and clear visibility into whether you meet compliance standards.
Threat Locker is the simplest way to enforce zero-trust principles without the operational pain.
It's powerful protection that gives CISO's real visibility, real control, and real peace of mind.
Threat Locker makes zero-trust attainable, even for small security teams.
See why thousands of organizations choose Threat Locker to minimize alert fatigue,
stop ransomware at the source, and regain control over their own.
environments. Schedule your demo at Threatlocker.com slash N2K today.
Who turned out the lights in Venezuela? The European Space Agency confirms a series of
cyber attacks. Dutch police nab the alleged operator of a notorious malware testing service.
The U.S. and allies issue new guidance on OT security. Researchers warn of automated exploitation
of a critical Hewlett-Packard Enterprise One View flaw.
Tampered Chef cooks up trojanized PDF documents.
A Bluetooth vulnerability puts devices at risk.
Cisco patches a maximum severity zero day.
Jen Easterly heads up RSAC.
Our guest is Zach Kassas from Ohio State University discussing GPS alternatives.
And vintage phones face modern problems.
It's Friday, January 16th, 20th.
I'm Dave Bittner and this is your Cyberwire Intel Briefing.
Thanks for joining us here today. Happy Friday. It's great as always to have you with us.
A January 3rd U.S. cyber operation briefly cut power across Caracas and disrupted Venezuelan radar,
enabling American military helicopters to enter the country undetected and capture
Venezuelan President Nicolas Maduro, now facing drug charges in the U.S.
Officials said the operation demonstrated precise offensive capabilities,
including the ability to quickly restore electricity and limit collateral damage.
Most residents lost power only briefly,
and hospitals relied on backup generators with no reported fatalities.
The mission, known as Operation Absolute Resolve, was publicly acknowledged by U.S. Cyber Command,
though details remain classified.
The operation surfaced during Senate Hewold.
hearings for Joshua M. Rudd as lawmakers reviewed Cyber Command's role.
President Trump alluded to the cyber attack, calling it dark and deadly, while Venezuela has a long
history of blaming U.S. cyber interference for past blackouts without evidence.
The European Space Agency has confirmed a series of cyber attacks that resulted in sensitive
data, including staff email credentials, appearing on dark web forums. The breaches began
in mid-December of last year and affected external servers used for unclassified collaborative
engineering work. Attackers claim to have exfiltrated roughly 200 gigabytes of data, allegedly
including source code, access tokens, and configuration files, some of which are being
offered for sale. ESA said the attackers remained undetected for about a week and stressed
that core mission systems and classified operations were not compromised.
Cybersecurity researcher Clement Porre of ETH Zurich warned that leaked credentials could enable follow-on attacks through credential reuse.
ESA has launched a forensic investigation, isolated, affected infrastructure, and is cooperating with law enforcement,
underscoring broader concerns about cyber risks facing the space sector.
Dutch police have arrested a 33-year-old man at Chippel Airport,
alleging he was the operator of AV-check, a malware testing service used by cybercriminals.
Authorities say AV-check allowed attackers to test malware against antivirus tools
and modify it until detection failed, helping criminals steal data unnoticed.
The suspect was detained upon returning from the United Arab Emirates.
The arrest is part of Operation Endgame,
a multinational effort that has dismantled major malware infrastructure in recent years,
Dutch police worked with the FBI and Finnish authorities,
tracing evidence from servers seized when AV-check was taken offline in mid-20205.
Investigators also identified two Amsterdam-based companies allegedly linked to the service.
The suspect remains in custody while seized devices are examined for ties to other criminal groups.
The U.S. and allied cyber agencies warned that insecure connectivity,
remains one of the fastest ways for threat actors to disrupt operational technology, or OT environments.
New guidance from the FBI, the Cybersecurity and Infrastructure Security Agency,
the UK National Cybersecurity Center, and partners across the Five Eyes and Europe,
outlines eight secure connectivity principles.
The agencies said growing links between OT, IT networks, cloud platforms, and third parties
have expanded opportunities for cyber-interns.
intrusions to cause physical disruption. They urged organizations to treat every new connection
as a risk-based business decision, limit inbound access by default, and use brokered gateways
where external access is required. The guidance also warns that legacy devices, flat networks,
and fragmented remote access increase exposure, while centralized, well-segmented connectivity
improves visibility and resilience.
Checkpoint reports large-scale automated exploitation of a critical Hewlett-Packard Enterprise
One View flaw, now linked to the Rondo Docs botnet.
The maximum severity remote code execution bug affects One View's centralized control of servers
and networking.
Researchers observed tens of thousands of exploit attempts after the flaw was added to SISA's
actively exploited list, confirming a shift for a shift for a number of.
proof of concept to real-world attacks.
Activity was global and largely automated,
underscoring the risk of delayed patching
for high-privileged management platforms.
Researchers at Sophos have detailed
a long-running malvertising campaign
dubbed Tampered Chef
that uses trojanized PDF documents
to deliver backdoor malware and info-stealers.
The campaign has expanded across Europe
with organizations in Germany, the UK, and France most frequently affected,
attackers target sectors that rely on specialized technical equipment,
exploiting users' searches for instruction manuals or PDF tools.
Malicious ads placed prominently in search results direct victims to fake download sites,
leading to credential theft and persistent network access.
Sofo said the operation uses layered evasion tactics,
including staged payloads, abuse of code-signing certificates,
and a 56-day dormancy period to avoid detection.
The firm recommends avoiding ad-based downloads,
restricting approved sources,
and enforcing multi-factor authentication to limit impact.
Academic researchers have disclosed a critical flaw in Google fast pair
that allows attackers to forcibly connect
to vulnerable Bluetooth audio accessories.
The issue stems from improper pairing checks in some fast-pair implementations.
The attack dubbed whisper pair by researchers at K.U. Luven enables attackers within 14 meters
to seize control of earbuds or headphones, play audio, or record sound without consent.
In some cases, attackers could also track users through Google's device-finding network.
Google has issued updates for pixel devices,
But researchers warn users must also install firmware patches from accessory manufacturers to mitigate the risk.
Cisco has patched a maximum severity A-S-ZingoS-Day,
exploited since November against secure email gateway and secure email and web manager appliances
with exposed spam quarantine features.
Cisco said the flaw allows remote command execution with root privileges.
Cisco Talos attributes the attacks to a China-linked group tracked as UAT-9686,
which deployed persistent back doors and tunneling tools.
Sisa added the bug to its exploited vulnerabilities catalog, urging rapid patching and compromise checks.
Jen Easterly has been appointed chief executive officer of the RSA conference,
taking charge of the event's global programming, innovation initiative,
and professional platforms.
Easterly previously led the Cybersecurity and Infrastructure Security Agency,
where she advanced Secure by Design Principles,
launched the known exploited vulnerabilities catalog,
and strengthened public-private coordination on ransomware.
A former NSA White House and Morgan Stanley executive,
Easterly steps into the role as RSAC prepares for its March 26th conference in San Francisco,
expected to draw more than 40,000 attendees worldwide.
We wish Jen Easterly all the best.
Coming up after the break, our guest is Zach Kassas from Ohio State University
discussing GPS alternatives.
Stay with us.
Zach Kassas is a professor at Ohio State University.
He recently caught up with my N2K colleague Maria Vermazes from the T-Minus
from the T-Minus Space Daily podcast to discuss GPS,
alternatives. I'm Zach Kassas. I'm a professor and the electrical computer engineering department
at Ohio State University. I'm also a TRC endowed chair of intelligent transportation systems.
And I'm a director of a U.S. Department of Transportation Center, which we call Carmen. It stands for
the Center for Automated Vehicle Research with Multimodal Assured Navigation. So I focus on resiliency and
accuracy of navigation systems in an nutshell.
Excellent.
Well, thank you so much for joining me today.
And the reason we reached out to you is, as you all know,
you've been working on some very fascinating research that you co-authored a paper on recently
and presented at the I-Tri-E Military Communications Conference in L.A.
and this paper won the Best Paper, the I-Trivel E. Frederick W. Ellersick Award.
I'm trying to make sure I say the names all correctly for the best
paper in the unclassified technical program. So congratulations. That is not a small accomplishment.
But if you could give me a sense of the work that you've been working on, because it's
fascinating. Yeah, well, thank you. So it is honestly, it did caught me by a surprise.
This is the first time I ever attended this conference myself. So it's not my, I would say,
home scientific community. So I was happy that the audience and the attendees,
and the awards committee appreciated the work.
So this is a project that we started around 2017,
which is I saw Leo is going to be booming in a good way,
and will change life as we know it on Earth.
So with the birth, they call it, they call megaconstellations.
So a lot of the purpose of these megac constellations,
of course, I call Star like the daddy of all megac constellations.
they surpass 10,000 satellites in Leo, the purpose of these megaconsolations is brought
that connectivity anywhere on Earth, right? But for myself, which I'm, as I said, interested
in navigation systems, I saw an opportunity to, let's call it GPS 2.0, right? So GPS is a wonderful
system. It had served us beautifully over the year since really the first launch in 1978.
So people may not realize how old of a system it is. And it over-delivered.
what the original designers intended it to do.
But the limitations are no,
and in recent years it's been extremely vulnerable,
and we got so used to it in our daily lives,
and more importantly and more dangerously
in safety-critical systems, like aviation,
like military operations, and so on.
So I thought the answer is going to be,
I'm a big fan of the X-Files,
so they say,
the truth is out there. I said the truth will be out there. It will be in Leo. There are these systems that
maybe we can exploit for navigation. So we started this work in 2017. We started on satellite constellations
before Starlink, so namely the Orbcon constellation and the Eridium constellation. They don't
have as many satellites, obviously, as Starlink, but that was a good starting point. And we learned
a lot so that when we went after Starlink in 2021, we were the first to demonstrate in the
the world that, hey, you can actually pinpoint your location to within about 10 meters or so
with Starlink satellites alone.
And that was the beginning of the journey which led us to this paper.
So over the years, we've taken this concept to ground vehicles.
We've demonstrated you can navigate ground vehicles to meter level accuracy with Starlink.
Two summers ago, we demonstrated that on high altitude.
balloon that flew in New Mexico reaching nearly 80,000 feet above ground level with starlink signals
alone. And then we started thinking, well, where else could we take this? We've also demonstrated
on UAVs, on unmanned aerial vehicles. So that's a little, I would say, a little boring by now.
So we thought, where else could we take it? And the question that I kept getting asked is,
what if you are in the middle of nowhere? Yeah. So what if you are a plane flying over the ocean?
And what if you are sailing across the ocean and you lose GPS for one reason or another?
So we thought, okay, let's take it to the ocean and let's take it somewhat very cold that was in the news.
And I would say nine or so months ago, 10 months ago.
And we took it to the Arctic.
So GPS is not, I would say, you don't have as much coverage from GPS satellites up in the polar region.
Right. Yep.
And it's very, I would say, becoming a very contentious area.
And it's important for U.S.'s national security.
So really that was the biggest driver for my interest in the Arctic.
So we took it to the Arctic.
We wanted to see, are the satellites really transmitting there?
And are their signals useful for exploitation, for navigating a vessel?
And to our surprise, they were not only useful.
They were actually more beautiful.
and this is a technical term,
they're more beautiful than many places
where we tested this.
We've tested Starlink and looked at Starlink
across the U.S., from California to New Mexico,
to Ohio, to Pennsylvania, to Missouri.
So, you know, we've seen enough of those signals,
but what we saw in the Arctic was something else.
Wow.
Okay, so you said beautiful signal,
which is I don't think I've ever heard that phrase before,
but I'm adding that to my lexicon because that's wonderful.
So it makes me wonder about the nature of these signals.
So I was reading in the press release that these are not purposely put out by Starling.
This is not Starlink doing, this is passive data?
I mean, is this metadata?
What exactly are these signals just so I can get a sense of what we're picking up on?
Yeah.
So basically Starlink transmits a calm signal.
Actually, it's a communication signal very similar to how your cell phone operates.
And it's something called an OFDM.
frame, right? So it's similar to
5G and even 4G protocol.
Those signals, they are
intentionally designed and perfected
and optimized for communications.
Now, if you want to use them for
navigation, it's not straightforward
and that's what makes it a research topic.
If they were meant for navigation,
then it's more of a design or an engineering
concern. But what
really got us curious about these signals is, first of all,
you don't know what they are transmitting.
They didn't disclose it.
Like the fact that they are OFDM, that's something we discovered and published on, among others, and the literature.
How do you use what they are transmitting to be able to navigate?
Like, how do you design a receiver that can learn those signals and learn as much as possible from those signals
and then allow you ultimately to navigate as if they are GPS satellites?
Because that's what we are turning those satellites.
And as you said, it's passive.
We eavesdrop on the satellite.
Starting doesn't know that we are sniffing its signal and using it to navigate.
That's one half or one part of the challenge is what do they transmit and how do you use it to navigate.
The other half of the challenge is, where the heck are these satellites?
You don't know precisely where they are in space.
So GPS tells you precisely to within a meter or so where the satellite is in space.
It is intended for you to navigate with it.
So it gives you all the help you need.
It tells you what the signals are, where the satellite is in space,
and it also tells you a lot of the timing error and so forth.
In fact, when we started working on this,
we were using files with an accuracy of several kilometers.
Oh.
Right?
So you barely know where the...
But in space world, this is good enough.
Yeah, yeah, yeah.
It's a vast, it's a desert, right?
It's a vacuum.
Whereas if you know something within a few kilometers,
you cannot expect to know where you are to within few meters.
Right? So we also solved what you call the ephemerus problems where the satellites are in space at any point in time.
So when you marry both together without help of Starlink or talking to them or working with them,
we were able to more or less reverse engineer Starlink for position navigation in time.
That's fascinating.
So that the implications of this, and I know the work is still on,
going, but it is a very known problem about how GPS jamming and spoofing is huge, very dangerous.
You mentioned at the top of our discussion.
And the solutions to this there, I know in the market there are a lot of different directions
of how people are trying to solve this.
But the larger solution is usually, we need to put up more resilient GPS satellite constellations,
but in a way, this is essentially saying there is a completely different path.
I'm wondering in your estimation, is this a matter of years, decades?
I mean, what do you think this would be possible for using this for resilience?
So that's a good question.
And I get asked this often, right?
And this is why I like to think of the future of navigation or the different schools of thought of navigation,
especially if you want to look at Leo.
Like putting more GPS satellites in Mayo in medium Earth orbit.
that's not going to solve the problem. You're going to, you're solving the problem that got us
into the issues we have with the same thinking that got us into that problem to begin with.
So there is something called physics, right? You cannot, you cannot simply, yeah, you cannot simply
just put a satellite there that transmits a much, much more powerful signal, you know, in an economical
way or even in a physically engineered way. So that's why people got excited in Leo. I should say,
You see, Leo for navigation is not a new concept.
It's actually started with the satellite constellation called Transit.
The first satellite constellation for navigation is called Transit.
It's not GPS.
And it was in Leo.
So people knew that Leo is very attractive for navigation.
The problem is you will need way more satellites in Leo than in Neo
to be able to instantaneously know where.
you are anywhere on earth. So back then, people had to wait for nearly an hour to get a position
fix. And I don't think in today's world, you know, you want to wait an hour to know where the closest
coffee shop is. Yeah, nobody's that patient. Right. Yeah. So it is not a new concept.
I think it's going to be fascinating to see. So I'm just curious if you've heard from the satellite
operators at all or any of them. We have. We have. We often get contacted by all kinds of people,
including some of the big satellite operators. And but technically,
you know, the signal is out there.
Yes, right.
The moment you transmit it,
and we are only listening to what we call synchronization sequences.
We are not listening to data traffic,
nor we have that capability or interest.
So, yeah, we have been contacted by some of these operators,
and they're aware of what we are doing.
Actually, some of them even learn about their system from what we are doing.
I was going to say, that's really neat.
I mean, this is a really, it's a really interesting concept.
And, I mean, I'm really looking forward to hearing the subsequent research
that you all are working on as well.
Because if the signal is there
and it's a matter of just being able to pick it up,
that honestly sounds like an opportunity
for a lot of these providers as well.
So this is
very fascinating. So I really
appreciate you taking the time to explain it to me.
So thank you again
and all the best on your research.
I look forward to hearing more.
There is an extended version of this interview
running this weekend over on
the T-Minus Space Daily podcast feed.
Do check that out.
And finally, our nostalgia desk tells us the tech-weary generation is rediscovering optimism,
circa June 2010, by dusting off the iPhone 4, a device last unveiled when hope was high and cellular networks were slow.
Online, devotees praise its grainy photos as vintage, contrasting them with today's hyper-real images from modern phones,
introduced by Steve Jobs at Apple's 2010 developer conference, the phone has become something of a retro status symbol, with resale prices soaring and searches spiking.
But nostalgia comes with consequences.
Security experts warn that using a 16-year-old smartphone is less retro-cheek and more assume breach.
The device stopped receiving updates in 2014 long before modern protections existed.
Apple considers such hardware obsolete, meaning no fixes, no parts, and no mercy.
For purists, determined to relive the vibe, experts suggest extreme digital minimalism,
no accounts, no apps, no web browsing, maybe no signal at all.
Kind of like vinyl records, the iPhone 4 revival is less about technical superiority
and more about longing for a simpler, more tangible era,
just as music fans accept pops, skips, and careful handling in exchange for warmth and authenticity.
Retro-tech devotees are embracing grainy photos, limited features, and inconvenience as part of the charm.
The appeal is emotional, not rational, a deliberate step backward from frictionless modern tech chosen for feel rather than function.
And that's the Cyberwire. For links to all of today's stories, check out our daily
briefing at the cyberwire.com. A quick programming note, we will not be publishing this coming
Monday, January 19th, in honor of Martin Luther King's birthday. We'll be back in our usual routine
on Tuesday the 20th. We'll see you then. Be sure to check out this weekend's research Saturday
and my conversation with Ben Fallon, security operations analyst at Huntress. We're discussing
their work ClickFix gets creative, malware buried in images.
That's Research Saturday. Do check it out.
We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey and the show notes or send an email to Cyberwire at N2K.com.
N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester.
with original music by Elliot Peltzman.
Our executive producer is Jennifer Ibn.
Peter Kielby is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here next week.
If you only attend one cybersecurity conference this year,
make it RASAC 2026.
It's happening March 23rd through the 26th in San Francisco,
bringing together the global security community
for four days of expert insights,
hands-on learning, and real innovation.
I'll say this plainly, I never miss this conference.
The ideas and conversations stay with me all year.
Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next.
Register today at rsacconference.com slash cyberwire 26.
I'll see you in San Francisco.