Daily Cyber Threat Brief: Dec 22’s Top Cyber News NOW! – Ep 1031

Date: December 22, 2025
Host: DJ B (filling in for Dr. Gerald Auger)
Produced by: Simply Cyber Media Group

Episode Overview

This episode delivers the top cybersecurity news stories relevant to industry practitioners, analysts, and leaders. DJ B covers major incidents and trends from over the weekend, offers technical insight and practical recommendations, and encourages community engagement with a light, personable touch.

Key News Stories & Expert Commentary

1. U.S. Defense Bill Funds Cyber Command and Mandates Phone Security

[03:36–06:53]

Summary:
The $901B National Defense Authorization Act (NDAA) is signed, preserving the leadership structure for U.S. Cyber Command and NSA, with explicit allocations for Cyber Command’s growth and Pentagon mobile security, including encrypted phones for senior DOD officials.
Commentary:
- DJ B notes this should have already been standard:
  
  “You would think…their phones were already encrypted…especially for higher people within the government.” – DJ B [04:30]
- The bill formalizes existing practices rather than introducing groundbreaking controls.

2. Iranian APT “Infy” Resurfaces with New Malware

[06:53–14:38]

Technical Details:
- "Infy" (aka Prince of Persia) emerges five years after prior campaigns.
- Known for the Foudre (downloader and profiler) & Tonair (data extraction) malware, typically distributed via phishing with macro-laden Excel files.
- Targets: Iran, Iraq, Turkey, India, Canada, select European countries.
- Uses sophisticated command-and-control protocols, notably via HTTPS with unique parameters ([09:29–14:38]).
Key Insights:
- Macros in Excel are less effective post-2022, as Microsoft blocks them by default, but user training remains crucial.
- No public IOCs in the report, but traffic patterns (domain, query format) can be hunted internally.
Quotes:

"User training in here is the biggest one...that they know what a phishing email looks like." – DJ B [11:53]

3. Android Botnet “Kimwolf” Hits 1.8 Million Devices for DDoS

[14:38–20:44]

Details:
- Kimwolf is a new Android-based botnet (linked to Isuru) infecting mainly smart TV boxes.
- Over 1.8 million devices compromised, issuing 1.7 billion DDoS commands.
- Employs DNS-over-TLS and elliptic curve signatures to hide/safeguard C2 communications.
Advice & Perspective:
- TV boxes (Fire Stick, Xfinity, etc.) are primary targets, largely outside enterprise perimeter but a growing home-network risk.
- Users are encouraged to monitor home network traffic or block identified C2 domains.
Quote:

“...a great opportunity in your home network to see if your TV box is actually doing that.” – DJ B [18:47]

4. Microsoft Teams Suffers Brief Global Outage

[20:44–24:11]

Event:
- Teams was down for roughly one hour, affecting US and Europe users on all platforms (desktop, mobile).
- No deeper technical root cause discussed.
Business Insight:
- DJ B highlights enterprise reliance on SaaS and the impact on help desks when core tools go down.
- Uptime realities—legacy “five nines” (99.999%) moving to “three nines” (99.9%) for cloud SaaS.
Quote:

“Tickets are going to go crazy...We have succumbed to everything being SaaS operated. … There’s really nothing I can do about this.” – DJ B [21:09]

5. Cybersecurity Pros Plead Guilty to Ransomware Attacks

[30:15–36:26]

Incident:
- Ryan Clifford Goldberg (Signia IR manager) and Kevin Tyler Martin (Digital Mint) pleaded guilty to conducting ransomware attacks using ALF V/BlackCat while employed as incident responders.
- Victims: medical, pharma, engineering, and drone companies; $1.3M extracted.
Commentary:
- Severe breach of trust and professional ethics, potentially damaging trust across the industry.
- Lighter sentences due to guilty pleas; forfeited $342k against much larger total ransomware take.
Quotes:

“This is disgusting to me. They work at a cybersecurity firm…What they did is…extorted [victims] for money when they’re supposed to be the good guys.” – DJ B [31:22]
“This is what gives us a bad name.” – DJ B [33:54]

6. ATM Jackpotting Ring Indicted for $Millions in Losses

[36:26–41:12]

Incident:
- 54 people indicted over a nationwide ATM malware scheme linked to “Trende Aragua,” a transnational cybercrime/terrorist group.
- Technique: physical ATM compromise, malware-laden hard drives, mass cash “jackpots.”
Security Implications:
- Blurred line between cyber and physical security.
- DJ B points out this scenario is typical CISSP study material—security is multi-faceted.
Quote:

“This isn’t really a cybersecurity story…This is more of a security story in the sense of…physical security.” – DJ B [37:14]

7. NIST Tries to Take Down NTP Servers After Atomic Clock Drift

[41:12–42:06]

Details:
- NIST’s atomic clock NTP service in Boulder disrupted by a storm; attempts to shut down backup generators failed.
- Resulted in microsecond clock drift—potential minor impacts on synchronized systems.
Analysis:
- DJ B humorously questions how a microsecond-scale error would affect real-world systems.
- Reiterates the importance of proper DR/BC planning in critical infrastructure.
Quote:

“This, again, not a security problem…But it does become an issue when it comes to having the right time within your specific servers…” – DJ B [42:06]

Jawjacking (Live AMA & Community Chat)

[49:37–End]

Topics:
- Stranger Things Hype: DJ B invites chat to discuss excitement for the new season—shared cultural fandom.
- ICS/OT Security: Advice for network engineers in industrial environments—strict IT/OT segregation, layered controls, and the complexities of real-world ICS security.
- Lessons from Recent Incidents:
  - Florida water treatment attack: Risks of Internet-exposed RDP/TeamViewer on ICS.
  - Software vulnerabilities & supply chain risks: Ongoing need for asset inventory (SBOM).
- GRC for Consultants: Value of governance, risk, and compliance skills for cybersecurity consultants.
- User/Operator Experience: Making security “hard for the bad guys,” but not impossible for staff.
- Porch Pirates & Glitter Bombs: Community banter about package theft and Mark Rober’s viral anti-thief engineering.
Quotes:

"If you want it [an OT network] to be secure, and you want to know that it's secure as possible, it cannot touch the side that touches the Internet." – DJ B [49:37]
"Compliance is not security. You have a gate in the walkway, but I could just walk right around it." – DJ B [Jawjack, time not precise]

Memorable Moments

DJ B’s candid frustration with cyber pros “gone rogue”:
“This is why we can’t have nice things.” [32:12]
Lively, supportive community chat covers career advice, favorite security tools, and lots of holiday humor.

Timestamps (Quick Reference)

[03:36] Presidential signing of NDAA
[06:53–14:38] Iranian Infy APT update
[14:38–20:44] Kimwolf Android botnet DDoS
[20:44–24:11] Microsoft Teams outage
[30:15–36:26] Ransomware responders indicted
[36:26–41:12] ATM jackpotting ring indicted
[41:12–42:06] NIST atomic clock/NTP server issue
[49:37–end] Jawjacking/AMA (ICS security, Stranger Things, GRC, glitter bombs, etc.)

Tone & Style

Inclusive, practical, and a bit self-deprecating (“everything was messed up…” “I’m all discombobulated…”).
Honest technical analysis, no overhype, and lots of actionable advice for practitioners.
Frequent engagement with the live chat, fostering a supportive learning community.

Final Takeaways

User training remains the gold standard for defending against phishing/malware.
Segregation of IT/OT networks in industrial environments is non-negotiable for security.
Ethics in cybersecurity: Community trust is fragile—defenders cannot afford “bad apples.”
Physical security and cyber converge (e.g., ATM jackpotting, ICS attacks).
SaaS service dependence brings new operational risks—expect outages.
Lighthearted, communal vibe even in the face of serious incidents, underscoring cybersecurity as a team effort.

For those who missed it, the daily news rundown covers what matters, adds context, and keeps it real. The community AMA (Jawjacking) continues after the news—great for questions, career advice, and a dash of Stranger Things fandom.

Listen to the next episode live at 8 AM Eastern, or catch up at simplycyber.io/streams.

Daily Cyber Threat Brief: Dec 22’s Top Cyber News NOW! – Ep 1031

Date: December 22, 2025
Host: DJ B (filling in for Dr. Gerald Auger)
Produced by: Simply Cyber Media Group

Episode Overview

Key News Stories & Expert Commentary

1. U.S. Defense Bill Funds Cyber Command and Mandates Phone Security

[03:36–06:53]

Summary:
The $901B National Defense Authorization Act (NDAA) is signed, preserving the leadership structure for U.S. Cyber Command and NSA, with explicit allocations for Cyber Command’s growth and Pentagon mobile security, including encrypted phones for senior DOD officials.
Commentary:
- DJ B notes this should have already been standard:
  
  “You would think…their phones were already encrypted…especially for higher people within the government.” – DJ B [04:30]
- The bill formalizes existing practices rather than introducing groundbreaking controls.

2. Iranian APT “Infy” Resurfaces with New Malware

[06:53–14:38]

Technical Details:
- "Infy" (aka Prince of Persia) emerges five years after prior campaigns.
- Known for the Foudre (downloader and profiler) & Tonair (data extraction) malware, typically distributed via phishing with macro-laden Excel files.
- Targets: Iran, Iraq, Turkey, India, Canada, select European countries.
- Uses sophisticated command-and-control protocols, notably via HTTPS with unique parameters ([09:29–14:38]).
Key Insights:
- Macros in Excel are less effective post-2022, as Microsoft blocks them by default, but user training remains crucial.
- No public IOCs in the report, but traffic patterns (domain, query format) can be hunted internally.
Quotes:

"User training in here is the biggest one...that they know what a phishing email looks like." – DJ B [11:53]

3. Android Botnet “Kimwolf” Hits 1.8 Million Devices for DDoS

[14:38–20:44]

Details:
- Kimwolf is a new Android-based botnet (linked to Isuru) infecting mainly smart TV boxes.
- Over 1.8 million devices compromised, issuing 1.7 billion DDoS commands.
- Employs DNS-over-TLS and elliptic curve signatures to hide/safeguard C2 communications.
Advice & Perspective:
- TV boxes (Fire Stick, Xfinity, etc.) are primary targets, largely outside enterprise perimeter but a growing home-network risk.
- Users are encouraged to monitor home network traffic or block identified C2 domains.
Quote:

“...a great opportunity in your home network to see if your TV box is actually doing that.” – DJ B [18:47]

4. Microsoft Teams Suffers Brief Global Outage

[20:44–24:11]

Event:
- Teams was down for roughly one hour, affecting US and Europe users on all platforms (desktop, mobile).
- No deeper technical root cause discussed.
Business Insight:
- DJ B highlights enterprise reliance on SaaS and the impact on help desks when core tools go down.
- Uptime realities—legacy “five nines” (99.999%) moving to “three nines” (99.9%) for cloud SaaS.
Quote:

“Tickets are going to go crazy...We have succumbed to everything being SaaS operated. … There’s really nothing I can do about this.” – DJ B [21:09]

5. Cybersecurity Pros Plead Guilty to Ransomware Attacks

[30:15–36:26]

Incident:
- Ryan Clifford Goldberg (Signia IR manager) and Kevin Tyler Martin (Digital Mint) pleaded guilty to conducting ransomware attacks using ALF V/BlackCat while employed as incident responders.
- Victims: medical, pharma, engineering, and drone companies; $1.3M extracted.
Commentary:
- Severe breach of trust and professional ethics, potentially damaging trust across the industry.
- Lighter sentences due to guilty pleas; forfeited $342k against much larger total ransomware take.
Quotes:

“This is disgusting to me. They work at a cybersecurity firm…What they did is…extorted [victims] for money when they’re supposed to be the good guys.” – DJ B [31:22]
“This is what gives us a bad name.” – DJ B [33:54]

6. ATM Jackpotting Ring Indicted for $Millions in Losses

[36:26–41:12]

Incident:
- 54 people indicted over a nationwide ATM malware scheme linked to “Trende Aragua,” a transnational cybercrime/terrorist group.
- Technique: physical ATM compromise, malware-laden hard drives, mass cash “jackpots.”
Security Implications:
- Blurred line between cyber and physical security.
- DJ B points out this scenario is typical CISSP study material—security is multi-faceted.
Quote:

“This isn’t really a cybersecurity story…This is more of a security story in the sense of…physical security.” – DJ B [37:14]

7. NIST Tries to Take Down NTP Servers After Atomic Clock Drift

[41:12–42:06]

Details:
- NIST’s atomic clock NTP service in Boulder disrupted by a storm; attempts to shut down backup generators failed.
- Resulted in microsecond clock drift—potential minor impacts on synchronized systems.
Analysis:
- DJ B humorously questions how a microsecond-scale error would affect real-world systems.
- Reiterates the importance of proper DR/BC planning in critical infrastructure.
Quote:

“This, again, not a security problem…But it does become an issue when it comes to having the right time within your specific servers…” – DJ B [42:06]

Jawjacking (Live AMA & Community Chat)

[49:37–End]

Topics:
- Stranger Things Hype: DJ B invites chat to discuss excitement for the new season—shared cultural fandom.
- ICS/OT Security: Advice for network engineers in industrial environments—strict IT/OT segregation, layered controls, and the complexities of real-world ICS security.
- Lessons from Recent Incidents:
  - Florida water treatment attack: Risks of Internet-exposed RDP/TeamViewer on ICS.
  - Software vulnerabilities & supply chain risks: Ongoing need for asset inventory (SBOM).
- GRC for Consultants: Value of governance, risk, and compliance skills for cybersecurity consultants.
- User/Operator Experience: Making security “hard for the bad guys,” but not impossible for staff.
- Porch Pirates & Glitter Bombs: Community banter about package theft and Mark Rober’s viral anti-thief engineering.
Quotes:

"If you want it [an OT network] to be secure, and you want to know that it's secure as possible, it cannot touch the side that touches the Internet." – DJ B [49:37]
"Compliance is not security. You have a gate in the walkway, but I could just walk right around it." – DJ B [Jawjack, time not precise]

Memorable Moments

DJ B’s candid frustration with cyber pros “gone rogue”:
“This is why we can’t have nice things.” [32:12]
Lively, supportive community chat covers career advice, favorite security tools, and lots of holiday humor.

Timestamps (Quick Reference)

[03:36] Presidential signing of NDAA
[06:53–14:38] Iranian Infy APT update
[14:38–20:44] Kimwolf Android botnet DDoS
[20:44–24:11] Microsoft Teams outage
[30:15–36:26] Ransomware responders indicted
[36:26–41:12] ATM jackpotting ring indicted
[41:12–42:06] NIST atomic clock/NTP server issue
[49:37–end] Jawjacking/AMA (ICS security, Stranger Things, GRC, glitter bombs, etc.)

Tone & Style

Inclusive, practical, and a bit self-deprecating (“everything was messed up…” “I’m all discombobulated…”).
Honest technical analysis, no overhype, and lots of actionable advice for practitioners.
Frequent engagement with the live chat, fostering a supportive learning community.

Final Takeaways

User training remains the gold standard for defending against phishing/malware.
Segregation of IT/OT networks in industrial environments is non-negotiable for security.
Ethics in cybersecurity: Community trust is fragile—defenders cannot afford “bad apples.”
Physical security and cyber converge (e.g., ATM jackpotting, ICS attacks).
SaaS service dependence brings new operational risks—expect outages.
Lighthearted, communal vibe even in the face of serious incidents, underscoring cybersecurity as a team effort.

For those who missed it, the daily news rundown covers what matters, adds context, and keeps it real. The community AMA (Jawjacking) continues after the news—great for questions, career advice, and a dash of Stranger Things fandom.

Listen to the next episode live at 8 AM Eastern, or catch up at simplycyber.io/streams.

wavePod

🔴 Dec 22’s Top Cyber News NOW! - Ep 1031

Summary

Daily Cyber Threat Brief: Dec 22’s Top Cyber News NOW! – Ep 1031

Episode Overview

Key News Stories & Expert Commentary

1. U.S. Defense Bill Funds Cyber Command and Mandates Phone Security

2. Iranian APT “Infy” Resurfaces with New Malware

3. Android Botnet “Kimwolf” Hits 1.8 Million Devices for DDoS

4. Microsoft Teams Suffers Brief Global Outage

5. Cybersecurity Pros Plead Guilty to Ransomware Attacks

6. ATM Jackpotting Ring Indicted for $Millions in Losses

7. NIST Tries to Take Down NTP Servers After Atomic Clock Drift

Jawjacking (Live AMA & Community Chat)

Memorable Moments

Timestamps (Quick Reference)

Tone & Style

Final Takeaways

Summary

Daily Cyber Threat Brief: Dec 22’s Top Cyber News NOW! – Ep 1031

Episode Overview

Key News Stories & Expert Commentary

1. U.S. Defense Bill Funds Cyber Command and Mandates Phone Security

2. Iranian APT “Infy” Resurfaces with New Malware

3. Android Botnet “Kimwolf” Hits 1.8 Million Devices for DDoS

4. Microsoft Teams Suffers Brief Global Outage

5. Cybersecurity Pros Plead Guilty to Ransomware Attacks

6. ATM Jackpotting Ring Indicted for $Millions in Losses

7. NIST Tries to Take Down NTP Servers After Atomic Clock Drift

Jawjacking (Live AMA & Community Chat)

Memorable Moments

Timestamps (Quick Reference)

Tone & Style

Final Takeaways