Transcript
A (0:02)
You're listening to the Cyberwire Network powered by N2K.
B (0:11)
Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring Fencing, you control how trusted applications behave, and with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker make zero trust attainable even for small security teams. See why thousands of organizations choose Threat Locker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. We got your patch Tuesday rundown, China sidelines Western security vendors and a critical flaw puts industrial switches at risk of remote takeover. A ransomware attack disrupts a Belgian hospital, crypto scams hit investment clients, and Eurail discloses a data breach. Analysts press Congress to go on offense in cyberspace, and Sean Planky gets another shot at leading CISA in our Threat Vector segment. David Moulton sits down with Ian Swanson, AI security leader at Palo Alto Networks, about supply chain security and an AI risk assessment cites a football match that never happened. It's Wednesday, January 14, 2026. I'm Dave Buettner and this is your Cyberwire Intel Brief. Thanks for joining us here today. It's great as always to have you with us. Microsoft's January Patch Tuesday addresses at least 113 vulnerabilities across Windows and supported software, including 8 rated critical and 1 confirmed zero day under active exploitation. The zero day affects the Windows Desktop Window Manager and is already being used in attacks. Despite a relatively low CVSS score. Researchers warn it can undermine core protections like address space layout randomization and be chained with other flaws, making rapid patching essential. Microsoft also fixed critical Office bugs exploitable via preview pane and removed legacy modem drivers linked to long known privilege escalation risks. Separately, vendors flagged a critical secure boot bypass tied to expiring certificates, urging careful remediation. Browser updates from Mozilla and pending Chrome and Edge patches add to the busy patch cycle. Adobe delivered fixes for 25 vulnerabilities across 11 products, including one critical flaw. The most severe issue is an XML external entity injection bug in Apache Tika modules that can enable remote code execution through malicious PDF files. Adobe resolved it in Cold Fusion updates and assigned a top priority rating urging immediate patching. Additional updates addressed high severity code execution flaws in Dreamweaver and multiple Creative Cloud tools. Adobe reports no evidence of active exploitation. Fortinet released patches for six vulnerabilities, including two critical flaws affecting Fortisim and fortaphone. The most serious is an unauthenticated OS command injection bug in Fortisim that could allow remote code execution and can be addressed by restricting access to a monitoring port. A second critical issue in Forta Phone could expose device configurations without authentication. Fortinet also fixed a high severity buffer overflow in fortaos and related products, plus several lower severity bugs. No active exploitation was reported. Chinese authorities have instructed domestic companies to stop using cybersecurity software from about a dozen US And Israeli vendors, citing national security concerns, according to sources briefed on the matter. An exclusive report from Reuters says the affected firms include VMware, Palo Alto Networks, Fortinet and Check Point Software. Beijing is concerned the software could collect and transmit sensitive data overseas as it accelerates efforts to replace Western technology with domestic alternatives amid rising U S China tensions. Regulators and the companies decline to comment. The move comes as both sides prepare for renewed high level diplomacy and reflects long standing Chinese concerns that foreign cybersecurity tools could enable espionage or sabotage. Moxa warned of a critical vulnerability, exposing its industrial Ethernet switches to remote unauthenticated takeover. The flaw stems from how a third party open SSH library is handled and and allows remote code execution when SSH agent forwarding is abused. Affected devices include multiple EDS and RKS switch models running older firmware. Moxa has released patched firmware and urges operators to update immediately. Until then, administrators should isolate vulnerable devices from the Internet and restrict access to trusted networks only. A ransomware attack has severely disrupted operations at Az Monica Hospital in Belgium, forcing canceled surgeries and reduced emergency services. The hospital shut down all servers across its Antwerp and Dern campuses to contain the incident, which prosecutors confirmed as a cyber attack. The Belgian Red Cross helped transfer seven critically ill patients to other hospitals after their safety could not be guaranteed. Ambulances are no longer bringing patients to Azmonica, increasing pressure on nearby facilities. Access to electronic patient records is unavailable, disrupting consultations, imaging and chemotherapy. Hospital leaders say servers were taken offline proactively to prevent patient data compromise while care continues with support from neighboring hospitals. U.S. digital Investment Advisor Betterment confirmed a breach that allowed attackers to send fraudulent crypto related emails to some customers. The incident stemmed from unauthorized access to a third party marketing platform, not Betterment's core systems. Using legitimate Betterment email infrastructure, the attacker promoted a fake rewards scam, claiming to triple Bitcoin and Ethereum deposits while no customer accounts or credentials were accessed. Exposed data included names, contact details, addresses and dates of birth. Betterment warned customers on January 9th removed the attacker's access and said there's no evidence of further compromise. Some users later reported temporary access issues. The company says they're strengthening defenses against social engineering and and that they plan a detailed post incident report. European rail pass provider Eurail, also known as Interrail, confirmed a data breach that exposed customer information with notifications sent out this week. Potentially affected data includes names, contact details, dates of birth and passport information. Customers in the Discover EU program may also have ID copies and health data and bank references exposed, according to the European Commission. Eurail says systems are secured, regulators notified and there's no evidence of misuse so far. Cyber policy analysts warned lawmakers that China and other adversaries are running persistent, large scale cyber campaigns against US Critical infrastructure at little cost or risk. Testifying before the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, panelists argued current US Authorities are outdated and overly restrictive, limiting offensive cyber operations that could deter adversaries. They cited attacks on U.S. water systems and China's Volt Typhoon as evidence of growing civilian risk. Experts urged clearer interagency roles for faster information sharing with industry and a shift from reactive responses to sustained defend forward operations. Crowdstrike called for increasing the pace of infrastructure takedowns as the White House weighs a more assertive cyber posture. President Donald Trump has renominated Shawn Planky to lead the Cybersecurity and Infrastructure Security Agency, reviving a nomination that stalled in the Senate last year. Planky's earlier bid advanced out of committee but was blocked by Senate holds tied to unrelated disputes, leaving CISA without a permanent director throughout 2025. The renewed nomination signals continued White House support, though it remains unclear whether those obstacles have been resolved. Planky previously served in cybersecurity roles during Trump's first term and most recently acted as a senior advisor on Coast Guard matters. The administration says confirming Planki remains a priority, citing the need for stable leadership at the nation's lead civilian cyber defense agency. Coming up after the break on our Threat Vector segment, David Moulton sits down with Ian Swanson, AI security leader at Palo Alto Networks. They're talking supply chain security and an AI risk assessment cites a football match that never happened. Stay with us. On today's Segment from the Threat Vector Podcast. David Moulton sits down with Ian Swanson, former CEO of Protect AI and now the AI security leader at Palo Alto Networks. They're talking supply chain security.