Week in Review: Salt Typhoon saga, Microsoft MFA bypass, Yahoo cuts Paranoids - Cybersecurity Headlines

Summary7 min read

Cyber Security Headlines: Week in Review – Salt Typhoon Saga, Microsoft MFA Bypass, Yahoo Cuts Paranoids

Released on December 13, 2024, by CISO Series

In this episode of Cyber Security Headlines, hosted by Rich Strafolino of the CISO Series, expert guest Jimmy Sanders, President of ISSA International, delves deep into the week’s most pressing cybersecurity stories. The discussion navigates through sophisticated cyber espionage campaigns, evolving ransomware tactics, significant privacy law violations, vulnerabilities in multi-factor authentication (MFA), and alarming layoffs within Yahoo’s renowned cybersecurity team. Below is a comprehensive summary capturing all key points, discussions, insights, and conclusions from the episode.

1. The Salt Typhoon Cyber Espionage Campaign

Key Developments:

Texas vs. AllState Linked Data Broker: The episode opens with the ongoing intrigue surrounding the Salt Typhoon cyber espionage campaign. Texas authorities are taking action against AllState-linked data brokers amid concerns over data breaches and unauthorized access.
T-Mobile's Concerns: Jeff Simons, CSO of T-Mobile, remarked at [00:40] that the Salt Typhoon campaign employed a novel technique, stating, “not something that I've seen in my 15 plus year career in cybersecurity. It's not something that is well published or read about. There's no CVE for it.” This highlights the sophistication and elusive nature of the attack vector used.
CISA’s Uncertainty: Jeff Green of CISA expressed uncertainty regarding the eviction of adversaries from affected networks, leading to concerns over the scope and persistence of the threat.
White House Insights: Ann Neuberger, White House Cyber and Emerging Tech Lead, mentioned that Chinese cyber spies targeted senior U.S. political figures and stole private communications, exacerbating national security fears.

Discussion Highlights:

Jimmy’s Perspective [03:01]: Jimmy expressed surprise at a CSO acknowledging the novelty of the attack, emphasizing that experienced security leaders should anticipate and counteract such threats proactively. He asserted, “We have to own that. We can't have one silver bullet that breaks through because it didn't have a CVE, and all of a sudden everybody's owned.”
Evolving Threat Landscape: Rich Strafolino connected the dots to zero-day vulnerabilities, noting the inherent challenges in defending against unrecorded attack vectors. Jimmy stressed the importance for telcos to deeply understand their networks to prevent adversaries from navigating undetected.
National Implications: The conversation underscored the broader national security implications, suggesting that such sophisticated attacks by state-sponsored actors like China represent a persistent and escalating threat.

2. Evolution of Black Basta Ransomware Tactics

Key Developments:

Shift to Social Engineering: The Black Basta ransomware group has transitioned from relying solely on botnets to incorporating social engineering methods. Tactics include email bombing, impersonating IT staff, and distributing malicious payloads like Zbot and Darkgate.
Enhanced Attack Strategies: They leverage remote access tools (e.g., AnyDesk, TeamViewer) to deploy malware that harvests credentials, steals VPN configurations, and bypasses MFA protections, facilitating deeper network infiltration.

Discussion Highlights:

Jimmy’s Analysis [05:33]: He articulated that the evolution signifies a response to previously ineffective tactics, highlighting, “Their old tactics stopped working. So they have to... spend more money to do new attacks.” This indicates that improved security measures are forcing threat actors to innovate their strategies.
Proactive Security Measures: Rich posed the question of inevitability regarding evolving threats, to which Jimmy responded that security must continuously adapt, ensuring that yesterday’s attacks are mitigated today. He emphasized, “As we build our security network, the attacks that worked on us yesterday also don't work today.”
Future Outlook: The discussion suggested that as security infrastructures strengthen, ransomware groups might escalate their attacks or seek lower-hanging targets, emphasizing the need for relentless vigilance and adaptability in cybersecurity defenses.

3. Texas Attorney General Targets AllState-Linked Data Broker

Key Developments:

Privacy Law Violations: The Texas Attorney General has accused data broker Arity, owned by Allstate, of sharing consumer information without clear notice or consent. Over the past six weeks, six mobile apps partnered with Arity have been implicated in improperly sharing user data.
Implications for Insurance Pricing: Arity’s data collection, embedded via software development kits (SDKs) in partner apps, is used to recommend insurance pricing based on driving behaviors. While this could potentially lead to fairer insurance rates, the lack of transparency poses significant privacy concerns.

Discussion Highlights:

Jimmy’s Critique [07:32]: He criticized the lack of user consent, asserting, “The fact that they did it without informing is the issue.” He also questioned government intervention in private business practices, hinting at the complexities of regulating data brokers.
Rich’s Observation: Highlighted the practice of burying consent clauses in terms of service, branding it as a “solution” that actually represents user laziness and oversight.
Legal and Ethical Considerations: The dialogue touched upon the broader issues of third-party data sharing, user consent, and the ethical responsibilities of companies handling sensitive consumer information.

4. Microsoft Multi-Factor Authentication (MFA) Bypass – The Authquake Method

Key Developments:

Authquake Exploit: Researchers at Oasis Security unveiled Authquake, an attack method that bypasses Microsoft’s MFA by exploiting the Authenticator app process. The attack allows access to Outlook, OneDrive, Teams, and Azure Cloud instances within an hour, without user interaction or notifications.
Attack Mechanism: Authquake involves simultaneous brute-force attempts to guess the six-digit MFA code, circumventing the limitation on failed attempts by executing multiple tries concurrently.
Microsoft’s Response: Following the discovery in late June, Microsoft deployed a temporary fix a few days later, with a permanent solution implemented in October.

Discussion Highlights:

Jimmy’s Insights [11:59]: He argued that the issue lies not with MFA itself but with alerting and logging systems. “That's an alerting problem. That's a logging problem.” He emphasized the need for robust monitoring to detect repeated failed attempts.
Granularity of MFA Solutions: Rich pointed out varying MFA implementations, noting differences in security levels among text-based, push notifications, authenticator apps, and dedicated hardware solutions. Jimmy concurred, highlighting that not all MFA systems are created equal and underscored the importance of comprehensive logging within platforms like Microsoft’s ecosystem.
Snowflake’s Security Move: Concluding the MFA discussion, Rich shared that Snowflake will block single-factor password sign-ins starting November 2025, mandating MFA for all new accounts as part of their compliance with the CISA Secure by Design pledge.
Jimmy’s Rebuttal [14:09]: He criticized the blanket enforcement of MFA, arguing it creates user friction without considering threat levels or risk profiles. “It's just how you actually log into Snowflake. I hate people making me do two factor.” He advocated for a more nuanced approach, applying MFA based on specific risk criteria rather than universally.

Takeaway: The episode emphasized that while MFA remains a critical security measure, its effectiveness is contingent upon comprehensive monitoring and adaptive implementation strategies.

5. Yahoo’s Cybersecurity Team Layoffs – Outsourcing the "Paranoids"

Key Developments:

Massive Layoffs: Yahoo’s renowned cybersecurity team, nicknamed the "Paranoids," has been reduced by 25% over the past year. Additionally, the offensive security team responsible for conducting red team simulations will now be outsourced.
Leadership Communication: Valerie Labroski, Yahoo’s new CTO, conveyed the layoffs as strategic decisions aimed at enhancing profitability, a stance consistent with Yahoo CEO Jim Lanzone’s prior statements about cost-cutting to boost profits.

Discussion Highlights:

Jimmy’s Shock [16:49]: Expressed disbelief over the decision to eliminate an internal red team, emphasizing the irony in outsourcing the very functions that identify and mitigate internal vulnerabilities. “You're going to outsource the people who show you the attacks of your infrastructure before the outside world.”
Risks of Outsourcing: Rich highlighted the increased threat surface and third-party risks associated with outsourcing critical security functions, suggesting that such moves invite further vulnerabilities.
Accountability Concerns: Jimmy reinforced the idea that accountability cannot be effectively outsourced, noting, “You can't outsource accountability.”
Implications for Yahoo: The layoffs, especially of a skilled internal team, signal potential vulnerabilities and lowered security posture for Yahoo, raising questions about their commitment to robust cybersecurity amidst financial pressures.

Conclusion: The episode underscored the precarious balance between cost management and maintaining a strong security infrastructure, warning against shortcuts that may lead to increased vulnerabilities.

Final Thoughts and Reflections

As the episode concluded, Rich Strafolino extended empathy towards the laid-off Yahoo cybersecurity professionals, acknowledging their expertise and the unfortunate timing of their dismissals during the holidays. The discussion highlighted significant concerns over shifting security strategies, the potential widening of threat surfaces through outsourcing, and the nuanced challenges in implementing effective MFA solutions.

Notable Quote:

Jimmy Sanders at [19:31]: “You can do MFA transparently. There is no reason to do MFA. What it causes me to actually have to do something else.”

This encapsulates the tension between enhancing security measures and maintaining user convenience, a recurring theme in today’s cybersecurity landscape.

Stay Informed: For listeners seeking ongoing updates, Jimmy Sanders shared his contact information, directing audiences to ISSA International’s website and LinkedIn profile. The CISO Series also promoted upcoming events and encouraged community engagement to foster a collaborative approach to tackling emerging cybersecurity challenges.

Disclaimer: The views expressed in this summary reflect the opinions of the podcast participants and do not necessarily represent those of ISSA International.

Loading summary

Transcript55 lines

[00:00]
Jimmy Sanders
From the CISO series, it's cybersecurity headlines.
[00:06]
Rich Strafolino
Salt typhoon intrigue continues. Texas takes on allstatelinked data broker. And goodbye to the paranoids as Yahoo Cybersecurity layoffs hit in. These are some of the stories that my colleagues and I have selected from this past week's cybersecurity headlines. And now we are ready for some insight opinion and expertise from our returning guest after an extended layoff here, Jimmy Sanders, president of I.O. issa International. Jimmy, I am so excited for today's news. Thank you for coming back. I gotta ask, how was your week in cybersecurity?
[00:40]
Jimmy Sanders
My week has been amazing. I went to a lot of holiday parties and I just wish everybody else a great holiday.
[00:46]
Rich Strafolino
Yeah, same wishes from all of us here at the CISO series. And you know, hopefully. I don't know how much good news and good cheer we have to share from our headlines today, but we're going to try to spend some gold from this bad news straw. I don't know. Anyway, we're gonna get into the news before we do so I have to thank our sponsor for today. Threat Locker Zero Trust Endpoint protection platform. Remember, you can join us on YouTube live. Go to cisoseries.com, hit the events dropdown and look for the cybersecurity headlines Week in review image. You can join the fine folks like Kevin Ferrell, the big boss man, David Spark, CCL Maravel. Alicia Gamlin is joining us on LinkedIn. I love seeing all the names. Marvel's always at a lot Super Cyber Friday event. So thrilled to see some familiar names there and some new ones as well. So be sure to join us. We want your contributions in the chat help make the show better. We hope you can join us. Just a quick remember that these are all Jimmy's opinions and not necessarily those of Issa International. We've got about 20 minutes though, so Jimmy, I want some of those opinions. First up here, the intrigue behind Salt Typhoon telco penetration continues. We've got a couple of different stories here. This past week. T Mobile CSO Jeff Simons stated that the massive Salt Typhoon cyber espionage campaign used a novel technique, quote, not something that I've seen in my 15 plus year career in cybersecurity. It's not something that is well published or read about. There's no CVE for it. That sounds troubling. He was referring to the way that cyber spies hop between the organization's network. Adding to the intrigue is a statement From Jeff Green, CISA's executive assistant director for Cybersecurity, who said, we cannot say with certainty that the adversary has been evicted because we don't know the scope of what they're doing. Insert gulp here. The White House cyber and emerging tech lead Ann Neuberger, speaking at a conference, said the Chinese cyber spies recorded very senior US Political figures as well as stealing private communications. So, Jimmy, this has become one of those unfolding nightmares for telcos and by extension, all of us, and national security. How are. How are we supposed to. What are we supposed to make out of all this news? It seems like we're just going to begin getting more of this as the weeks go on.
[03:02]
Jimmy Sanders
I mean, it's making the news, but I'm a little shocked that a CSO would say, oh, it's not something I've seen before. Obviously, if it was something you've seen before, you would have stopped it and called it. Like, that's the whole nature of an attack. I mean, come on now. But, you know, to their credit, obviously, this was a targeted tech. But as a security leader, as we're doing this, we are supposed to be looking for the things that don't have CVEs. We have to own that. Like, we can't have one silver bullet that breaks through because it didn't have a cv, and all of a sudden everybody's owned.
[03:34]
Rich Strafolino
Yeah, he was just kind of describing a zero day. Like, I get that there are novel techniques that, you know, you didn't realize something could be a vector, and now you realize it could be a vector or something like that. But, yeah, that's. That's like kind of what you're in the hot seat for. Right?
[03:48]
Jimmy Sanders
And to me, like, you're a telco. You own the network. If you don't understand how your own network works and how people can hop around your own network, then I got bigger issues.
[04:00]
Rich Strafolino
I have to wonder how. Like, what is the. What is the fallout from this? I guess beyond. I know that's a bigger question, but this just seems so over, like a total own by salt typhoon here. Right. That we can't even say for certain that we've kicked them out of the network yet. Like that. Like that level.
[04:19]
Jimmy Sanders
Why is that even surprising that China's doing that or has done that, or to me, this wouldn't be the first or the last time. Okay, so the fact that we're surprised that it happened or surprised that they're still in. When did they ever leave?
[04:34]
Rich Strafolino
I guess we'll have to echo Cease's recommendation, use all the End to end encryption you can find. And yeah, senior US officials also maybe don't just be like dialing up on the phone also that may be maybe a takeaway. We can also have next up here. Black Basta evolves strategy. The blackbasta ransomware group has shifted tactics using social engineering methods like email bombing, impersonating IT staff, and distributing malicious payloads such as zbot and Darkgate to gain initial access. Once victims install remote Access tools like AnyDesk or TeamViewer, attackers deploy malware to harvest credentials, steal VPN configurations and bypass MFA protections, facilitating deeper infiltration. The shift showcases the ransomware groups are moving from purely botnet reliant approaches to a hybrid model that integrates social engineering. So Jimmy, in a way, not too surprising here, bad actors have to move with the times. I'm curious though, what goes through your mind when you see this constant evolution?
[05:33]
Jimmy Sanders
To me, their old tactics stopped working. So they have to, you know, increase costs to do new attacks. To do all the things that you just described means they have to actually spend more money. And so it's not that the old attack attacks suddenly became more effective. It means they became least effective or they wouldn't have switched up to new attacks. So to me, we're doing a good job in security in that regard.
[05:59]
Rich Strafolino
Is there. I, I guess I. So then what, what do we take when I see, when I see a story like this, I guess, is this a yes? These actors are always evolving. We should just take that as a given. And unless we like you see what I'm saying here.
[06:15]
Jimmy Sanders
Like no, you never, you never take it for a given that it's evolving. But this, the attacks that worked yesterday won't work today. And hopefully as we build our security network, the attacks that worked on us yesterday also don't work today. So as we evolve, as we build up our toolkit, as we do better security, they're going to hopefully ramp up their attacks or they're going to go to the lower hanging fruit.
[06:39]
Rich Strafolino
All right, well, an interesting story here to kind of finish off the top half of the show. Texas adds all State linked data broker to list of alleged Privacy Law violators the Attorney General of Texas has accused the data broker arity of sharing consumers information without clear notice or consent. In the past six weeks, six of the mobile apps that are say are partners have been accused by the state of improperly sharing user data with third parties. Aird is owned by the insurer Allstate. Its official description says it sells recommendations to insurers for how to Price individual customer plans based on their driving behaviors. It gathers data through a software development kit embedded inside mobile apps belonging to its partners. Seems a little messy here, Jimmy. On the one hand, customized data from data brokers should. I mean, there's the possibility of that making insurance maybe more fair. But here we have classic third party vendor syndrome. I guess what should Allstate do here?
[07:33]
Jimmy Sanders
I mean, maybe they should donate to Elon Musk because you know, that'll be the silver bullet to get out of Texas lawsuits. But you know, in truth though, the fact that they did it without informing is consent in all the cases. So for me, regardless if they sold the data, not the fact that they did it without informing the users is the issue. So I agree that something should happen. I'm not in agreement that government should be going out to private companies for doing business.
[08:07]
Rich Strafolino
It's one of those things that if they had buried this in a terms of service. Right, like that. That seems like that's the solution here, right? Is burying the thing that no one will read and people will accept. Laziness. To me, yeah.
[08:21]
Jimmy Sanders
But I've seen Texas go up to companies that had terms of service that, oh, you're not advertising with X anymore. We're going to sue you. So for Texas at least, and I am from Texas, so I can say that from Texas at least they're attacking people who aren't like them. But from an Allstate standpoint, yes, I would agree that I would settle this because the longer it gets out, especially if it was true that you had this Etsy K and you were selling this data that almost goes back to the GM on Star issue where they were selling people's driver's records and they were charging you more money based on, you know, your driving history on the OnStar car and things like that.
[09:03]
Rich Strafolino
So I agree it would be interesting if a side effect of political petty like, like access to political power by Elon Musk somehow gets better privacy practices. Like the most bizarre chain of events of was like, I would never wish for this silver lining in this dark cloud. But that's a very weird outcome for shaking.
[09:29]
Jimmy Sanders
I call it unintended consequences.
[09:31]
Rich Strafolino
Yes.
[09:33]
Jimmy Sanders
It's like when you soundproof your walls in your house, all of a sudden your house gets warmer and better insulated.
[09:40]
Rich Strafolino
Yeah. Elon Musk is the sound insulation of tech privacy policy. All right, we've solved it. Okay. I'm glad we're in a better place now. All right, before we move on to our next story here, a new word from our Sponsor for today Threat Locker do zero day exploits and supply chain attacks keep you up at night? Worry no more. You can harden your security with Threat Locker. Threat Locker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operations are fully supported by their US based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit threatlocker.com that's T H R E A T L O C K E R COM all right, next up here, Microsoft MFA bypassed in Authquake POC Researchers at Oasis Security have presented details of an attack technique that could have given threat actors access to Outlook, emails, OneDrive files, Teams, chats, and Azure Cloud instances. Needing only an hour to execute it required no user interaction, and it would not trigger any notification to the victim. The attack is based on exploitation of the Authenticator app process, in which a user obtains a six digit MFA code on their app. The researchers saw that one session supports up to 10 failed attempts to prevent brute force attacks. So, you know, cuts you off so you can't do a thousand of them. But then they saw that an attacker could execute multiple attempts simultaneously, enabling them to go through possible combinations relatively quickly. Oasis named this attack method Authquake and reported it to Microsoft in late June. A temporary fix was deployed a few days later, followed by a permanent fix in October. So, you know, we always hear stories about, you know, the strengths of MFA are being bypassed through theft. But I'm curious, with Authquake, it seems to be a case of a weakness in the authentication method itself. When you see stories like this, Jimmy, does it, does it make you worried that, you know, we've pinned a lot of hopes on mfa, right, to solve a lot of problems. Is there like MFA weakness fatigue setting in? Maybe.
[11:59]
Jimmy Sanders
I don't think so. To me, at least in this case. Like obviously you know, there's other cases, but in this case, if it took you an hour of an attacking multiple times, then that's not an MFA problem, that's an alerting problem. That's a logging problem. Because if you can sit at a console and attack a thousand times, getting errors that many times and then good success and nobody sees it after an hour. That's a, that's a security design problem and not an NFA problem.
[12:33]
Rich Strafolino
And as CCL in our chat likes to point out, not all MFA is made the same. I mean, we saw that you Know, when we saw the first raft of this with, you know, I mean, I know SSO is not mfa, but when we saw like, you know, text based, you know, push notifications versus authenticator apps versus, you know, dedicated hardware and that kind of stuff. Certainly there are, there are levels of mfa, right?
[12:52]
Jimmy Sanders
Yeah, there's definitely levels of mfa. The and the other thing that they're saying, if you read between the lines it says the user doesn't get notified. But everybody knows if you're in the cloud with Microsoft anyway, there's logs that are going on to Microsoft. So either the Microsoft security team should be getting notified. If they're not, then that's a bigger issue.
[13:12]
Rich Strafolino
Yeah.
[13:12]
Jimmy Sanders
Because somebody's trying something over a thousand times or whatever over an hour and nobody's letting you know about it, you know, or there's need to be better logging within the Microsoft ecosystem because MFA isn't the silver bullet to good security.
[13:28]
Rich Strafolino
That that may be the takeaway of the show. We might have to save that. It may not be the silver bullet, but just wanted to get out from this kind of our MFA section of the day with this that Snowflake has announced that starting in November we've covered a lot about the issues they've had this year. Security wise, that's starting in November of next year 2025, Snowflake will block sign ins using single factor passwords. They've already made all new accounts MFA by default. And this is all part of their compliance with CISA Secure by Design pledge. So some good news. I know Snowflake. That had a lot of far reaching consequences.
[14:04]
Jimmy Sanders
I hate that.
[14:06]
Rich Strafolino
Oh, you hate that?
[14:07]
Jimmy Sanders
I hate it.
[14:08]
Rich Strafolino
Give it to me quick, Jimmy.
[14:09]
Jimmy Sanders
I hate people making me do two factor. For what if I just wouldn't log on and browse the web or do something simple all of a sudden now I got to go through these hoops just because you got bad security to make me do two factor.
[14:21]
Rich Strafolino
Okay, so to you this is a user friction problem that's going to. Do you think that has knock on effects then for better security etiquette down the road?
[14:30]
Jimmy Sanders
Yeah, because if people think that you're doing better security because now you have to do two forms of authentication that has nothing to do with their infrastructure at Snowflake. It's just how you actually log into Snowflake.
[14:42]
Rich Strafolino
Okay, this might be my new favorite take of all. I love the security kind of theater of this all kind of calling that out. That's awesome.
[14:54]
Jimmy Sanders
No, because you can do MFA transparently. There is no reason to do mfa. What it causes me to actually have to do something else.
[15:04]
Rich Strafolino
Snowflake, let's, let's take this to heart. Now. I, I will say this is, this is part of a wider rollout. This is not something that's going to be changing kind of overnight. So I think to me, at least they are doing the, at least this handle.
[15:17]
Jimmy Sanders
They're making it to every customer regardless of threat level, risk level. Like if you told me that if you're doing over this many transactions or if it's your high risk entity, then you do an mfa, that's the risk applied. But when you just blanket everybody with security, draconian because you feel like it. That's what I hate.
[15:38]
Rich Strafolino
Okay, well, we will. I'm curious if we'll see a similar reaction as this continues to roll out through November next year. Jimmy, thank you so much for that take. I got to get you for one more story though, before we get out of here. Yahoo Cybersecurity Team Sees layoffs outsourc under New CTO Yahoo's famous cybersecurity team, known as the paranoids, has lost 25% of its staff over the last year, according to TechCrunch. The paranoid's offensive security team, which conducts cyber attack simulations to identify weaknesses in the company's network before external hackers can pretty much Red teaming was completely eliminated this week and will now be outsourced. Valerie Labroski, Yahoo's new chief cto, announced these changes in an email to staff stating this was a very difficult decision and one I have not taken lightly. So, Jimmy, despite lots of buzzwordy verbiage around strategic adjustments, the overarching sense is that this is more about cutting costs to enhance profitability, which is actually what Yahoo Chief executive Jim Lanzone told Axios last year when they were laying off 1600 employees. What does your spidey sense say about removing security staff, especially their famous Red team, in favor of external contractors?
[16:50]
Jimmy Sanders
At first I thought it was an April fool joke because you let go of your Red team who and you say you're going to outsource it. So you're going to outsource the people who show you the attacks of your infrastructure before the outside world. And so now you're going to go outside of your company to find people to attack you like.
[17:09]
Rich Strafolino
Did. Yeah. Did no one. Well, and I'll give full credit to our producer Steve Prentice here for kind of pointing this out of literally the theme that we have had all year long, right, has been third party risk. Is this thing that is so not impossible. But it's such a huge threat surface. Right. And to invite it seems just like inviting trouble. This seems so ill timed with kind of way the winds are going right now.
[17:36]
Jimmy Sanders
No. And unfortunately, generally the thing that you usually see that happens either before or after this is never good for the company.
[17:46]
Rich Strafolino
Yeah. And Yahoo. Not exactly. I guess already the most stellar record. Right. When we come to when you know, not to cast aspersions or anything, they've had their security incidents in the past, but wow. Okay, before I get to my point, ccl, you can't outsource accountability. That's, that's, that's pretty great. Ccl, I think that that kind of. Jimmy gets to your point.
[18:12]
Jimmy Sanders
Certainly that's a hot take. I love that.
[18:17]
Rich Strafolino
All right, well our thoughts go out to. We've had some colleagues on this show and on some of our other shows from Yahoo's team. So thoughts out to them. Hope they all great talent that's out there finds a good landing, good space for them going forward. And thanks also to everybody to contribute. In our chat, I saw Maxtronic popping in, having some fun there with what MFA could stand for. Appreciate that. Maxtronic, cc, acl, of course, Kevin Farrell, all of our regulars are in there. So thank you so much for that. Before you get out of here, Jimmy, was there any story that was a thumbs up or just made the eyes roll to the back of your head this week?
[18:52]
Jimmy Sanders
I guess the eyes roll was the laying out for the Yahoo team. They have an amazing security of team there that they laid off. You know, the paranoid and a lot of them. And so that's a very unfortunate thing, especially during the holidays. Like what timing is that?
[19:06]
Rich Strafolino
Yeah. Oh, that's. Yeah. I mean no good timing, but there's certainly bad timing for that. And that is. Yeah, yeah. Not great. Not great. Jimmy, where can people find you online if they want to keep following you on the cyberspace?
[19:21]
Jimmy Sanders
You can check me out LinkedIn or you can always go to issa.org we publish things there. My LinkedIn is there.
[19:28]
Rich Strafolino
All right, excellent. And you guys have an event coming up, right?
[19:31]
Jimmy Sanders
Yes, we have our 40th anniversary celebration. It will be April 2025. We'll be celebrating 40 years and we look forward to inviting everybody there.
[19:40]
Rich Strafolino
Let me offer you an early congratulations and I'm sure you will have some more details as we get closer to that. People want to participate. That is awesome. And also awesome is you, Jimmy Sanders, President of Issa International. Thank you so much for being on the show. This was phenomenal.
[19:58]
Jimmy Sanders
No, this was fun and thanks for having me on.
[20:00]
Rich Strafolino
We, I promise we're not going to wait three and a half years to have you back on again. That is my solemn pledge to you and our AUD because this was a ton of fun. Thanks also to our sponsor for today, Threat Locker Zero Trust, Endpoint Protection Platform. Thanks again to our audience. I know we can't always get every single comment up on the screen, but we are reading them during the course of the show. They do make the show better and sometimes we just get pearls of wisdom like Cecel shared. So thank you so much for that and make sure you are coming each and every Friday. We definitely adore you. You will. I mean you could come next Friday. We're not going to have a Super Cyber Friday next week, but we will be back with another episode of the week interview starting at 3:30 the week after that. That's how time works to register for. I'm sorry, I'm talking about Super Cyber Friday. I'm getting confused here. There will be a week in review next week. There's no Super Friday next week. You can find all our information for our events@cisoseries.com look for our events page. I get confused at the end of the year. I'm a simple, simple man. In the meantime, you could of course get your daily newsfix every single day through cybersecurity headlines. Give us about six minutes, we'll get you all caught up. That one is easy to remember. Until the next time we meet, I'm Rich Strafolino reminding you and yours to have a super sparkly day.
[21:21]
Jimmy Sanders
Cybersecurity headlines are available every weekday. Head to csoseries.com for the full stories behind the headlines.