1 00:00:00,774 --> 00:00:04,584 Cybersecurity today would like to thank Meter for their support in bringing you 2 00:00:04,584 --> 00:00:09,624 This podcast Meter delivers a complete networking stack, wired, wireless and 3 00:00:09,624 --> 00:00:14,304 cellular in one integrated solution that's built for performance and scale. 4 00:00:14,544 --> 00:00:18,684 You can find them at meter.com/cst. 5 00:00:20,154 --> 00:00:23,964 Unsupported edge devices are becoming a global infrastructure risk. 6 00:00:24,174 --> 00:00:28,794 Microsoft Exchange online flags, legitimate emails as phishing. 7 00:00:29,124 --> 00:00:32,814 Google warns governments to start preparing now for post quantum 8 00:00:32,814 --> 00:00:38,094 cybersecurity and open claw fallout continues as new research finds 9 00:00:38,094 --> 00:00:40,374 growing infrastructure exposure. 10 00:00:40,644 --> 00:00:42,714 This is cybersecurity today. 11 00:00:42,864 --> 00:00:47,754 I'm your host, Jim Love a new advisory from the Cybersecurity 12 00:00:47,754 --> 00:00:49,734 and Infrastructure Security Agency. 13 00:00:49,734 --> 00:00:52,159 CSA landed this week with little noise. 14 00:00:52,979 --> 00:00:54,039 It shouldn't have. 15 00:00:54,744 --> 00:00:57,654 It describes a problem that's already playing out in the 16 00:00:57,654 --> 00:00:59,844 real world in a big way. 17 00:01:00,384 --> 00:01:04,404 The update follows a cyber incident in Poland's energy sector. 18 00:01:04,824 --> 00:01:08,424 Attackers got into operational technology systems by exploiting 19 00:01:08,424 --> 00:01:11,574 vulnerable internet facing edge devices. 20 00:01:11,874 --> 00:01:16,104 These are the systems that sit at the edge of the network, firewalls, 21 00:01:16,104 --> 00:01:22,404 routers, VPN appliances, the gear that decides what gets in and what stays out. 22 00:01:23,154 --> 00:01:26,484 The incident itself is documented by Cert Polska. 23 00:01:26,694 --> 00:01:28,944 It happened in December, 2025. 24 00:01:28,944 --> 00:01:29,694 We've covered it. 25 00:01:29,904 --> 00:01:33,684 It affected renewable energy sites, a combined heat and power 26 00:01:33,684 --> 00:01:35,994 plant, and a manufacturing company. 27 00:01:36,234 --> 00:01:40,764 The attackers broke in through exposed edge devices, deployed wiper malware. 28 00:01:41,419 --> 00:01:47,809 Damaged remote terminal units, wiped human machine interfaces and corrupted firmware 29 00:01:47,929 --> 00:01:49,369 on operational technology equipment. 30 00:01:51,219 --> 00:01:55,239 Power generation, fortunately continued, but operators lost 31 00:01:55,239 --> 00:01:58,659 visibility and control and that matters. 32 00:01:58,869 --> 00:02:03,939 Systems were running, but the people responsible for them couldn't reliably 33 00:02:03,939 --> 00:02:09,009 see what's happening or intervene if something went wrong in industrial 34 00:02:09,009 --> 00:02:11,349 environments, that's not resilience. 35 00:02:11,694 --> 00:02:17,304 That's just huge risk in power systems that can have a huge impact. 36 00:02:17,334 --> 00:02:21,834 If you pull a power system offline quickly, it can take the whole 37 00:02:21,834 --> 00:02:26,484 network with it in the same way in industrial environments, this 38 00:02:26,484 --> 00:02:29,214 is not resilience, it's just risk. 39 00:02:30,324 --> 00:02:32,934 So CASA's message is straightforward. 40 00:02:33,234 --> 00:02:37,404 Unsupported edge devices are now one of the most reliable entry 41 00:02:37,404 --> 00:02:39,684 points for persistent threat actors. 42 00:02:40,074 --> 00:02:43,944 once these devices reach end of vendor support, they stop 43 00:02:43,944 --> 00:02:45,924 receiving security updates. 44 00:02:46,134 --> 00:02:50,424 Any vulnerability that becomes public stays exploitable forever. 45 00:02:52,509 --> 00:02:57,579 In the Polish case, attackers also relied on default credentials to move 46 00:02:57,579 --> 00:03:00,129 deeper into industrial control systems. 47 00:03:00,369 --> 00:03:02,259 That's not a vendor specific flaw. 48 00:03:02,439 --> 00:03:07,239 It's a pattern we keep seeing across sectors and countries when those edge 49 00:03:07,239 --> 00:03:10,689 devices fail, everything's exposed. 50 00:03:11,189 --> 00:03:12,809 It's a disaster. 51 00:03:14,189 --> 00:03:17,549 This advisory is tied to CS a's new binding operational 52 00:03:17,549 --> 00:03:20,069 directive, 26 dash oh two. 53 00:03:20,519 --> 00:03:25,139 It orders US federal agencies to immediately update supported 54 00:03:25,229 --> 00:03:30,329 edge devices, identify all end of support devices within three months, 55 00:03:30,429 --> 00:03:35,289 And remove those unsupported devices entirely over the following year. 56 00:03:36,009 --> 00:03:40,869 The language is calm, but the assessment is not unsupported. 57 00:03:40,869 --> 00:03:47,499 Devices are enabling sustained cyber campaigns against critical infrastructure, 58 00:03:47,979 --> 00:03:52,479 and the scale of this problem is where things get uncomfortable. 59 00:03:53,169 --> 00:03:57,969 CSA didn't publish its internal list of end of support devices, probably 60 00:03:57,969 --> 00:04:02,049 for good reason, but independent research gives us a partial view. 61 00:04:02,529 --> 00:04:07,359 There was a study by Bishop Fox that identified tens of thousands of clearly 62 00:04:07,359 --> 00:04:12,639 unsupported internet exposed devices and another couple of hundred thousand, 63 00:04:13,029 --> 00:04:18,279 yes, I said it, a couple of hundred thousand that could not be definitively 64 00:04:18,279 --> 00:04:23,859 classified because of visibility and configuration limits, and it's important 65 00:04:23,859 --> 00:04:25,689 to be clear about what that represents. 66 00:04:25,869 --> 00:04:31,659 That's one vendor ecosystem, one set of devices, just one. 67 00:04:33,204 --> 00:04:36,774 There are no reliable global counts, at least that I can find. 68 00:04:37,134 --> 00:04:42,654 But once numbers reach this type of range, precision stops being the point. 69 00:04:43,074 --> 00:04:46,434 There are unquestionably hundreds of thousands of 70 00:04:46,434 --> 00:04:49,074 exposed edge devices worldwide. 71 00:04:49,494 --> 00:04:54,744 When you include other vendors, regions, less visible deployments, that number 72 00:04:54,744 --> 00:04:56,934 plausibly reaches into the millions. 73 00:04:58,179 --> 00:05:00,159 And these devices aren't peripheral. 74 00:05:00,519 --> 00:05:02,589 They sit at the network perimeter. 75 00:05:02,739 --> 00:05:08,439 They hold and regulate privileged access, and they are often the only barrier 76 00:05:08,439 --> 00:05:13,839 between the internet and operational technology that was never designed 77 00:05:13,839 --> 00:05:16,359 to be exposed in the first place. 78 00:05:17,019 --> 00:05:21,339 The Polish incident didn't cause a blackout, which is good news. 79 00:05:21,879 --> 00:05:27,879 The bad news is it showed how easily control and visibility can disappear 80 00:05:28,059 --> 00:05:30,849 when that edge quietly fails. 81 00:05:33,489 --> 00:05:37,749 Microsoft is investigating an issue in exchange online where legitimate 82 00:05:37,779 --> 00:05:42,519 emails are being incorrectly flagged as phishing and quarantined 83 00:05:43,209 --> 00:05:47,559 The problem surfaced over the weekend and has affected organizations globally. 84 00:05:48,909 --> 00:05:52,749 According to reporting by bleeping computer, the false positives appear to be 85 00:05:52,749 --> 00:05:58,359 tied to Microsoft's anti phishing systems rather than customer misconfiguration. 86 00:05:58,749 --> 00:06:03,429 In many cases, emails sent from trusted external or even internal domains 87 00:06:03,609 --> 00:06:05,859 were suddenly classified as malicious. 88 00:06:05,859 --> 00:06:11,049 Even though they passed standard authentication checks like SPFD, Kim 89 00:06:11,049 --> 00:06:16,599 and DARC for affected organizations, the impact was immediate and operational. 90 00:06:16,839 --> 00:06:21,339 Legitimate business emails were being diverted into quarantine, delayed or 91 00:06:21,339 --> 00:06:26,259 even blocked outright with administrators left scrambling to determine whether 92 00:06:26,259 --> 00:06:30,879 they were facing an actual phishing campaign or a detection failure. 93 00:06:31,239 --> 00:06:36,609 In some cases, users were told messages were unsafe when they were anything but. 94 00:06:37,614 --> 00:06:40,734 Microsoft has acknowledged the issue and said it's reviewing recent 95 00:06:40,734 --> 00:06:42,744 changes to its detection logic. 96 00:06:43,104 --> 00:06:46,764 While the company has not confirmed a single root cause, it's indicated 97 00:06:46,764 --> 00:06:50,544 that adjustments were being made to reduce the false positives 98 00:06:50,694 --> 00:06:52,794 and restore normal mail flow. 99 00:06:53,554 --> 00:06:57,304 No evidence has been reported that the emails were genuinely malicious or that 100 00:06:57,304 --> 00:06:59,644 customer environments were compromised. 101 00:06:59,914 --> 00:07:05,314 So this is not a breach, but it's still a reminder of how much trust organizations 102 00:07:05,314 --> 00:07:07,174 place in automated security systems. 103 00:07:08,564 --> 00:07:14,174 When detection tools fail quietly, they don't just stop threats, they stop work. 104 00:07:14,324 --> 00:07:19,064 And when those tools sit inside, managed cloud services, customers 105 00:07:19,064 --> 00:07:24,554 have limited visibility into what changed, when it changed, or why. 106 00:07:27,324 --> 00:07:30,624 Google is warning governments and industry that the transition to 107 00:07:30,624 --> 00:07:36,924 post quantum cybersecurity needs to start now, not later in a new 108 00:07:36,924 --> 00:07:38,964 policy push in technical briefing. 109 00:07:38,964 --> 00:07:43,854 The companies arguing that waiting until practical quantum computers arrive will 110 00:07:43,854 --> 00:07:46,429 be too late to protect sensitive data. 111 00:07:47,724 --> 00:07:52,404 In a post published on the Google blog, the company says that the harvest now 112 00:07:52,404 --> 00:07:55,764 decrypt later Threat is already real. 113 00:07:56,214 --> 00:08:01,224 Adversaries can steal encrypted data today and store it until future quantum 114 00:08:01,224 --> 00:08:05,454 systems are powerful enough to break widely used encryption methods like 115 00:08:05,454 --> 00:08:08,484 RSA and Elliptic Curve cryptography. 116 00:08:09,714 --> 00:08:12,384 Google's message is not that quantum computers are about 117 00:08:12,384 --> 00:08:14,004 to crack encryption tomorrow. 118 00:08:14,574 --> 00:08:19,524 It's that cryptographic transitions are slow, complex, and deeply embedded. 119 00:08:19,914 --> 00:08:24,234 Replacing encryption across operating systems, cloud services, 120 00:08:24,234 --> 00:08:28,884 network devices, and industrial systems can take a long time. 121 00:08:28,884 --> 00:08:31,884 They say maybe even a decade or more. 122 00:08:32,814 --> 00:08:36,834 So the company is urging governments to accelerate adoption of post quantum 123 00:08:36,834 --> 00:08:41,364 cryptography standards, particularly those finalized by the US National 124 00:08:41,364 --> 00:08:43,584 Institute of Standards and Technology. 125 00:08:43,634 --> 00:08:48,944 Google says organizations should begin inventorying where cryptography is used, 126 00:08:49,154 --> 00:08:53,834 testing quantum resistant algorithms and planning staged migrations. 127 00:08:54,584 --> 00:08:56,384 Google's role here is notable. 128 00:08:56,414 --> 00:09:00,764 It has already deployed post quantum protections in parts of Chrome, 129 00:09:00,974 --> 00:09:05,024 Google Cloud, and its internal infrastructure, giving it real 130 00:09:05,024 --> 00:09:07,484 experience with the trade-offs involved. 131 00:09:07,754 --> 00:09:09,524 The core point is simple. 132 00:09:10,244 --> 00:09:14,354 Quantum computing doesn't need to arrive suddenly to create risk. 133 00:09:14,564 --> 00:09:19,484 The risk window opens the moment attackers decide Data is worth stealing 134 00:09:19,484 --> 00:09:21,974 today, so it can be decrypted tomorrow. 135 00:09:22,484 --> 00:09:26,984 And for anyone who thinks that quantum computers are a distant or theoretical 136 00:09:26,984 --> 00:09:32,354 problem, our sister podcast hashtag trending is running a story today on how 137 00:09:32,354 --> 00:09:37,784 Google has made real progress towards a commercially viable quantum computer. 138 00:09:38,204 --> 00:09:42,614 You can find it@technewsday.com under podcasts, or just search 139 00:09:42,614 --> 00:09:47,024 for hashtag trending and gym love wherever you get your podcasts. 140 00:09:49,279 --> 00:09:53,339 Just what it seemed, the open clause security incident might be settling down. 141 00:09:53,489 --> 00:09:57,389 New research shows the situation is still evolving, and in 142 00:09:57,389 --> 00:09:59,249 some ways it's getting worse. 143 00:10:00,614 --> 00:10:05,174 A report from Security Scorecard says The real risk tied to open 144 00:10:05,174 --> 00:10:10,934 claw is not runaway AI behavior or speculative super intelligence fears. 145 00:10:11,204 --> 00:10:16,724 It's exposed infrastructure According to researchers systems connected to Open 146 00:10:16,724 --> 00:10:22,814 Claw are continuing to surface online with misconfigurations weak access controls 147 00:10:22,964 --> 00:10:25,544 and unnecessary internet exposure. 148 00:10:26,114 --> 00:10:29,504 Security Scorecard says the pace of discovery has been so fast that it's 149 00:10:29,504 --> 00:10:34,544 been necessary to build a live public dashboard to track all the newly 150 00:10:34,544 --> 00:10:37,394 identified exposures as they appear. 151 00:10:37,934 --> 00:10:41,414 That alone tells you this is not a static cleanup problem. 152 00:10:42,284 --> 00:10:46,994 The research highlights a familiar pattern, rapid deployment, complex 153 00:10:46,994 --> 00:10:51,614 architectures and security controls that lag behind functionality. 154 00:10:52,454 --> 00:10:56,474 As organizations rush to experiment with these agent-based systems and 155 00:10:56,474 --> 00:11:02,114 interconnected AI services, supporting infrastructure, APIs, cloud services, 156 00:11:02,114 --> 00:11:06,974 orchestration layers were often left more exposed than intended. 157 00:11:08,204 --> 00:11:11,594 What's notable is what the report does not claim. 158 00:11:11,894 --> 00:11:16,124 There's no suggestion of sentient AI or science fiction scenarios. 159 00:11:16,494 --> 00:11:21,584 Just exposed services, over permissive access internet facing systems 160 00:11:21,764 --> 00:11:23,564 that were never meant to be public. 161 00:11:25,289 --> 00:11:30,599 One detail in security scorecard's live dashboard really stands out when exposures 162 00:11:30,599 --> 00:11:36,299 are broken down by industry, one of the leading adopters and the most exposed 163 00:11:37,169 --> 00:11:40,619 IT and technology companies themselves. 164 00:11:41,249 --> 00:11:45,344 There's no public data showing exactly how those systems are configured 165 00:11:45,564 --> 00:11:49,679 or how exposed they are internally, but given what we've already 166 00:11:49,679 --> 00:11:53,849 seen with open claw deployments, it's hard to rule anything out. 167 00:11:54,989 --> 00:11:59,219 So the open clause story is no longer about a single breach or a single fix. 168 00:11:59,579 --> 00:12:04,679 It's about how quickly modern systems can change and how easily security 169 00:12:04,679 --> 00:12:12,294 debt can accumulate when complexity outpaces visibility and architecture. 170 00:12:13,655 --> 00:12:14,465 What can we do? 171 00:12:14,705 --> 00:12:17,195 Well, check your organization. 172 00:12:17,285 --> 00:12:21,845 Check to see if you have any exposures, . And this is just my opinion, but I've 173 00:12:21,845 --> 00:12:28,115 said it many times, unless you've got it totally isolated and you know exactly 174 00:12:28,115 --> 00:12:30,365 what you're doing at the command level. 175 00:12:30,875 --> 00:12:36,845 Get anything from open claw off your system and have somebody competent. 176 00:12:37,175 --> 00:12:37,895 Check it out. 177 00:12:39,007 --> 00:12:39,937 That's our show. 178 00:12:40,327 --> 00:12:43,417 We'd like to thank Meter for their support in bringing you this podcast 179 00:12:43,657 --> 00:12:47,707 Meter delivers full stack networking infrastructure, wired, wireless, 180 00:12:47,767 --> 00:12:50,017 and cellular to leading enterprises. 181 00:12:50,317 --> 00:12:54,607 Working with their partners, meter designs, deploys and manages everything 182 00:12:54,607 --> 00:12:59,287 required to get performant, reliable and secure connectivity in a space. 183 00:12:59,557 --> 00:13:03,847 They design the hardware, the firmware build, the software, manage deployments. 184 00:13:04,272 --> 00:13:05,682 Even run support. 185 00:13:05,802 --> 00:13:10,062 It's a single integrated solution that scales from branch offices 186 00:13:10,302 --> 00:13:14,292 to warehouses to large campuses, all the way to data centers. 187 00:13:14,622 --> 00:13:17,922 You can book a demo at meter.com/cst. 188 00:13:18,162 --> 00:13:22,662 That's METE r.com/cst. 189 00:13:23,562 --> 00:13:24,672 I'm your host, Jim Love. 190 00:13:25,512 --> 00:13:26,442 Thanks for listening.