Podcast Summary
CyberWire Daily: "TikTok Lives to Scroll Another Day"
Date: January 23, 2026
Host: Dave Buettner (N2K Networks)
Episode Link
Episode Overview
This episode delivers the latest cybersecurity news, focusing on TikTok's resolution with the US government, urgent vulnerabilities, emerging threats in vishing (voice phishing), the intersection of business and cybersecurity, and changes in popular open-source bug bounty programs. A special interview with Chris Nyhuis (Founder & CEO of Vigilant) offers actionable advice for organizations seeking to improve practical defenses of money, identity, and devices in 2026.
Key News and Discussion Points
1. TikTok US Deal Resolves Six-Year Security Battle
[01:31-03:30]
- Summary:
TikTok will remain operational in the US after negotiating a deal for its US operations to be majority-owned (>80%) by non-Chinese investors including Oracle, MGX, Silver Lake, and Michael Dell’s office. ByteDance will retain <20% and license its algorithm to the US company. Adam Presser (former TikTok executive) will lead the entity. - Security Issues:
While this counters fears of Chinese government influence and surveillance, critics argue that continued ByteDance algorithm licensing leaves some risk unresolved. - Quote (Dave Buettner, Host):
“Critics note that ByteDance will still license its algorithm to the new company, raising questions about whether security concerns are fully resolved.” (03:30) - Political Response:
President Trump called the deal “a decisive conclusion to the long running dispute.” - Context:
A 2024 law had threatened a ban if ByteDance didn't divest.
2. Quantum Computing Legislation in Jeopardy
[03:30-04:40]
- Issue:
The National Quantum Initiative act has expired, risking US leadership in quantum computing. Federal officials urge reauthorization and expanded funding ($1.5B bipartisan bill in Congress). - Risks:
Without renewed investment, the US could fall behind China in quantum capabilities.
3. Critical Security Vulnerabilities & Active Attacks
a. Fortinet FortiCloud SSO Flaw
[04:40-05:40]
- Critical bypass exploited:
Attackers create admin/VPN accounts, exfil config data.
Immediate recommendations: restrict admin access, disable SSO, treat affected systems as compromised. - Action by CISA:
Flaw added to Known Exploited Vulnerabilities; urgent patching needed.
b. Zimbra Collaboration Suite Flaw
[07:40-08:20]
- Vulnerability:
Local File Inclusion lets unauthenticated attackers access files via webmail interface. - Impact:
Sensitive data exposure; active exploitation ongoing. - Action:
CISA urges rapid patching and prioritization.
4. Legislative Updates on Surveillance & Law Enforcement
[05:40-06:40]
- Ireland's Pending Spyware Legislation:
Would permit covert surveillance by law enforcement using spyware—with court approval and safeguards for necessity/proportionality. - Also enables:
Mobile device identifier scanning for location tracking.
5. Emerging Social Engineering: Sophisticated Vishing
[06:40-07:40]
- Okta’s Warning:
New phishing kits target organizations with real-time voice phishing (vishing), leading victims through fake login pages during IT-impersonation calls. - Impact:
Can bypass MFA; linked to theft/extortion with connections to Shiny Hunters group. - Defensive Advice:
Move to phishing-resistant MFA (FIDO2, passkeys). - Quote (Dave Buettner):
“Attackers guide victims through fake login pages that dynamically mirror real authentication and multi-factor prompts…” (07:15)
6. High-Profile Data Breach Claims
[07:40-08:20]
- Under Armour Incident:
72M customer records reportedly posted online after a breach attributed to Everest ransomware group. - Data exposed:
Emails, names, demographics, locations, purchases—but not payment cards. - Under Armour response:
Investigating, disputes that core systems/passwords were compromised.
7. Operational Security Blunder: Ransomware Lapse Recovers Victims' Data
[08:20-09:20]
- Incident:
Ransomware gang “Ink” left RESTIC backup credentials exposed, enabling researchers (Cyber Centaurs) to retrieve and decrypt stolen data tied to 12 US organizations. - Impact:
Shows both attacker vulnerability and defender opportunity. - Action:
Detection rules released for defenders.
8. ATM Jackpotting Cases
[09:20-10:00]
- Summary:
DOJ deports two Venezuelans for installing malware on US ATMs, part of a broader crackdown against criminal groups using Plautus malware.
Interview: Chris Nyhuis (Vigilant) on Practical Cybersecurity Steps
[13:43–26:53]
1. State of Cybersecurity Preparedness in 2026
[14:11-15:00]
-
Nyhuis’ Assessment:
Most organizations are not prepared for modern threats: “The cyber industry isn’t prepared, but then the organizations out there…either don’t have the resources on their staff to man some of the technology they’re purchasing…or they are buying things that just really can’t hit the mark at defending them.” (14:18) -
Emerging Risks:
Growing nation-state activity from China, Iran, Russia.
2. Shift in Detection Strategies & Risks
[15:00-16:34]
- Trend:
Security detection is moving "upstack" (cloud, endpoint), while attackers exploit "downstack" (network layer) weaknesses. - Business problem:
Vendors market upstack solutions (cheaper) that may only offer partial visibility. - Memorable Analogy:
“You’re making cyber decisions with a lot less information and data than you had before.” (16:24)
3. Awareness and Industry Influence
[16:34-18:04]
- Are end users aware?
Nyhuis says consumers desire complete protection but often fall for best-practice lists and marketing, which may not align with actual cyber defense needs. - Quote:
"Those best practices…are really driven in a lot of cases by who's marketing the best and who's marketing the best is not always the best at cyber warfare." (16:55) - Private Equity’s Impact:
"A lot of cyber is driven by private equity. And that's not always a good thing." (18:04)
4. The Reality of AI in Cyber Defense
[18:04-20:16]
- AI today:
Useful for scaling but generally used to cut analyst costs and increase vendor margin—not replace human expertise. - Advice:
Organizations must question whether technological capabilities or profit motives are driving vendor decisions. - Quote:
“AI is a hyperscaler in some sense to help assist cyber detection…but it isn’t even close to being a place where it can be replaced. But a lot of consumers are buying AI technology.” (19:27)
5. What Organizations Should Ask Vendors
[20:16-24:25]
- For Endpoint technology:
- Demand specifics on detection curation for your organization.
- Aggregated detection intelligence may not represent smaller organizations.
- Network detection:
- Ask about architectural realities—e.g., lost data on mirror ports, ASIC limitations, and reduced storage for packet capture.
- "A mirror port…loses 30% of the packets going across your network." (21:55)
- “A lot of these companies even have reduced the storage on these devices…You can’t do continuous PCAP anymore…and so they marketed things like smart PCAP…well, that doesn’t help you because frankly, an event’s happened. You need to know what happened before it.” (22:28)
- General:
- Scrutinize how solutions actually work—corners are being cut, and that's visible in breach data.
6. Strategic Recommendations for Leaders
[24:25-26:53]
- For CEOs:
- Become actively involved in cyber decision-making; let security staff "coach" you.
- Not understanding cyber is a key reason for lack of proper budgeting.
- For Buyers:
- Avoid the lowest-cost provider; demand side-by-side comparisons, require forensic proof and real data.
- Prefer US-based providers with US citizens managing your infrastructure due to growing nationalist boundaries in cyber law and compliance.
- Quote:
“I would highly and very strongly…really challenge yourself to work with US Based companies that have US Citizens protecting your infrastructure.” (25:45)
Final News Highlight: End of Curl’s Bug Bounty Program
[29:06-30:36]
- Curl Project (open-source software):
Announced end of its HackerOne bug bounty, citing overwhelming volume of low-quality, often AI-generated vulnerability reports. - Maintainer Daniel Stenberg:
“The fix is remove the bounty, remove the incentive, and restore sanity... Starting February 1st, Curl will accept reports directly via GitHub, offer no money, and reserve the right to publicly mock especially bad submissions.” (30:20)
Notable Quotes & Moments
- On TikTok’s future:
"While the agreement allows TikTok to remain in the US market, critics note that ByteDance will still license its algorithm to the new company, raising questions about whether security concerns are fully resolved." — Dave Buettner (03:29) - On cyber vendor marketing:
"…best practices…are really driven in a lot of cases by who's marketing the best and who's marketing the best is not always the best at cyber warfare." — Chris Nyhuis (16:55) - On AI in cyber defense:
“AI is a hyperscaler…to help assist cyber detection…But…a lot of consumers are buying AI technology [because]…it’s to replace the very costly human analyst and increase their margin.” — Chris Nyhuis (19:28) - On national boundaries in cyber:
“We’re going to see…significant change in the boundaries of cybersecurity and they’re going to start looking more like nation lines.” — Chris Nyhuis (25:28) - On the end of Curl bug bounties:
“The fix is remove the bounty, remove the incentive, and restore sanity.” — Daniel Stenberg (30:20)
Important Timestamps
- 01:31: Episode headlines and TikTok deal
- 03:30: ByteDance, US security debate, and algorithm concerns
- 04:40: Quantum initiative and risks to US leadership
- 05:40: Fortinet SSO vulnerability exploits
- 06:40: Ireland’s proposed spyware legislation
- 07:00: Okta warning on advanced vishing kits
- 07:40: Under Armour breach, Zimbra flaw, Ink ransomware opsec mishap
- 09:20: DOJ ATM jackpotting prosecutions
- 13:43-26:53: Interview with Chris Nyhuis (practical security advice for orgs)
- 29:06: Curl bug bounty axed due to AI-generated spam reports
Takeaways
- Major Tech: TikTok’s US future secure, but with enduring algorithm risks.
- Urgent Threats: Fortinet and Zimbra users must patch now due to active exploitation.
- Trends: Vishing attacks are more sophisticated; conventional defenses may be bypassed.
- Market Warnings: Organizations must beware of solutions driven by hype, marketing, or margin—ask real, hard questions about detection and architecture.
- Leadership: CEO awareness and involvement are essential. Work with local, citizen-run security providers as regulatory boundaries tighten.
- Open Source Warning: Low-quality, automated bug submissions may undermine bounty programs—a trend to watch for other projects.