Daily Cyber Threat Brief Podcast — Ep. 1042

Date: January 9, 2026
Host: Dr. Gerald Auger, Simply Cyber Media Group
Special Segment: Friday Jawjacking Panel (Fleetus, James McQuiggan, Eric Taylor)
Episode Theme: The essential cybersecurity news and lessons practitioners and business leaders must know — all delivered with lively community-driven discussion, meme energy, and actionable advice.

🚩 Episode Overview

In this Friday episode, Dr. Gerald Auger brings cybersecurity professionals, newcomers, and community regulars together for the latest insights into critical cyber threats, technical vulnerabilities, and industry trends shaping the week. Expect practical recommendations, reflections on organizational culture, stories from the trenches, and a few dad jokes to keep spirits high. The midroll features the rotating “dad jokes of the week,” and the show concludes with a special “jawjacking” AMA panel on careers, business alignment, and surviving in messy security environments.

📰 Key Cybersecurity Headlines & Insights

1. Microsoft 365 to Require Mandatory MFA for Admins (10:24–16:21)

• Summary:
  Beginning February 9th, Microsoft will enforce Multi-Factor Authentication (MFA) for all users accessing the Microsoft 365 admin center. This is a hard block: if MFA isn’t enabled, access is denied — a move long overdue for high-value admin portals.

• Expert Take:

  • “You have to be an absolute donkey to not have MFA on the admin portal... Are you kidding me?” (13:02, Gerald)
  • Applauds Microsoft for pushing security forward, while noting surprise at lateness.
  • Offers practical advice:
    • Check what MFA options are supported (phone, hardware tokens, authenticator apps, etc.).
    • Discuss with GRC teams which methods are safest—phone call MFA, for instance, is a well-known bypass target.
  • Takeaway:
    “For practitioners: validate NOW if admin MFA is enforced and notify your team. Get ahead to avoid any lockout issues.” (13:33, Gerald)

2. Cisco ISE Vulnerability: POC But (So Far) Low Risk (18:27–23:14)

• Summary:
  A medium-severity flaw (CVSS 4.9) in Cisco Identity Services Engine (ISE) allows authenticated remote admin users to access sensitive info. POC exploit exists.

• Expert Take:

  • Context is everything. “If a threat actor gets admin... they own you. They are the captain now.” (21:15, Gerald)
  • Only impactful if chained with other exploits (i.e., not an immediate crisis).
  • Action:
    Patch, but don’t panic—pay more attention if additional vulnerabilities appear that make a full exploit chain possible.

3. Illinois DHS: Four-Year Data Exposure of PHI (24:00–28:44)

• Summary:
  700,000+ residents’ protected health (PHI) and PII data leaked for up to four years after being exposed in mapping tool web resources.

• Lessons & Tips:

  • This kind of accidental data exposure is “just a day of the week” now.
  • “Look at your organization like a threat hunter would,” leveraging OSINT techniques or tools like Shodan Monitor to catch public exposures.
  • For mature orgs: test what’s publicly accessible on your domains with fresh eyes/spoofed accounts.

4. Microsoft Exchange Outage: IMAP4 Mailbox Access Disrupted (28:46–30:53)

• Summary:
  IMAP mailbox access was intermittently down due to an authentication misconfiguration. No user counts or region detail available.

• Expert Take:

  • Upside of the cloud: response/patch is fast and outside your hands.
  • Downside: “You have no control… you’re at their whim.”
  • Engineers can (and will) make mistakes — cloud or not, have redundancy plans.

5. OpenAI Prompt Injection: ShadowLeak & Zombie Agent (37:11–43:53)

• Summary:
  OpenAI’s ChatGPT subject to indirect prompt injection techniques (“ShadowLeak,” “Zombie Agent”). These allow malicious instructions hidden in, e.g., emails, to extract sensitive data via the AI agent—even after initial patches.

• Security Message:

  • “AI is an opaque box… Developers often do not know every behavioral edge.”
  • Real corporate risk: uncontrolled sprawl of AI tool usage means possible mass data exfiltration.
  • Band-aid fixes that treat symptoms but not root cause create ongoing opportunity for attackers to adapt.
  • Advice for security teams:
    • Work to govern AI tool use (reference sponsor Area’s focus).
    • Educate the workforce: “Once data is pasted into a public AI tool, it's gone forever.” (43:49, Gerald)

6. CISA Adds HPE OneView & Old PowerPoint RCE to Known Exploited Vulnerabilities (KEV) Catalog (43:56–49:49)

• Summary:

  • HPE OneView: CVSS 10.0, active exploitation.
  • Microsoft PowerPoint (2009): CVSS 8.8, still targeted despite being patched in 2009.

• Prioritization Guidance:

  • “KEV catalog cuts through noise — these vulnerabilities are being actively exploited, raise their patch priority immediately.” (44:59, Gerald)
  • For old, unpatched software: “Why are you running PowerPoint 2009? Patch or retire these anchors… hand out a Speak & Spell instead.” (49:16, Gerald)

7. SaaS Email Platforms: Internal Phishing via Misconfig Attack Paths (49:49–55:36)

• Summary:
  Attackers are spoofing internal emails using domain routing misconfigs in platforms like MS 365 and Google Workspace, bypassing usual anti-phishing controls.

• Response Fundamentals:

  • “Just because it says ‘from: yourdomain.com’ doesn’t mean it’s safe. Teach staff to be alert.”
  • Technical Recommendations:
    • Set up SPF, DKIM, DMARC (with hard fail).
    • Budget for email/appsec controls as a risk reducer (“one compromise will cost far more”).

8. Veeam Critical RCE Patch (55:36–59:41)

• Summary:
  Major remote code execution (RCE) bug (CVSS 9.0) in Veeam Backup & Replication—patch released.

• Practical Advice:

  • “Backups are a crown jewel for ransom response—patch Veeam as a priority.”
  • Know your recovery order for critical systems; don’t discover dependencies mid-disaster.
  • “If you don’t know the order to restore, you’re courting a six-week outage like Land Rover Jaguar” (58:46, Gerald)

💡 Notable Quotes & Memorable Moments

• On Lazy Security:
  “You have to be an absolute donkey to not have MFA on the admin portal...” (13:02, Gerald)

• On Admin-Level Vulns:
  “If a threat actor gets admin... spoiler alert... they are the captain now.” (21:15, Gerald)

• On AI Sprawl:
  “Once someone pastes an Excel spreadsheet with sensitive info into ChatGPT and says ‘summarize this,’ that data is gone.” (42:49, Gerald)

• On Old Vulnerabilities:
  “Why are you running PowerPoint 2009? … Hand them a Speak & Spell.” (49:16, Gerald)

• On Friday:
  “With this large cup of coffee, this smile on my face, and being Friday, right here, this is a visual representation of my vibe. Oh, let it wash over you in an awesome wave.” (09:42, Gerald)

😂 Friday Dad Jokes Segment — James McQuiggin (34:56–36:40)

A few rib-ticklers:

• “Did you hear about the joke about immortality? It never gets old.” (35:10, James)
• “Two thieves stole a calendar. They each got six months.”
• “The bread factory burned down. Their business is toast.”
• “The T-Rex selling guns? Mostly a small arms dealer.” (36:36, James, crowd favorite)

🤝 Jawjacking Panel (61:19–End)

Topics & Advice Included:

• Breaking into Security Manager Roles:
  • “You’ve got to be bilingual — speak business first, then tech. Learn what matters to leadership. You’ll earn the title through delivering value.” (101:32, Fleetus)
  • TryHackMe/etc. is more technical; management requires people, process, and project skills.
• First Security Officer at a Company Stuck in Checkbox Mode:
  • “Advise. Don’t force. Document risks. Show how it touches the business. If they won’t listen, upskill yourself for the next role.” (74:06–76:16, Gerald)
  • “Figure out what the company truly values (ops/data/both) to communicate risks in their language.” (78:07–80:13, Eric)
  • Use the CIS Controls IG1 for a meaningful starting point.
• Am I Ready for the SOC? (14 Years Help Desk Experience):
  • “You probably are! EC-Council’s certs are...not the ticket. Highlight your log, sysadmin, and incident skills—go for it!” (103:09, Eric)
  • Entry SOC analyst pay: $60–75k (location-dependent).
• LinkedIn Messaging for Job Search:
  • “Deliver value and engage publicly, not just in private DMs. Comment, create useful content, tag thoughtfully.” (109:04–110:33, Gerald)
  • “It’s a long game — start before you need a job.” (108:04, James)
• AI-Enabled Wearables in Meetings:
  • “These new glasses/pins are a privacy swamp. Don’t bring them near sensitive data, healthcare, gov — consent is complicated for everyone in the room.” (90:43–91:47, Fleetus)

⏰ Selected Timestamps for Reference

• 10:24 — Microsoft MFA enforcement
• 20:11 — Cisco ISE vulnerability
• 24:00 — Illinois PHI data breach
• 28:46 — MS Exchange mailbox outage
• 37:11 — Prompt injection issues, ShadowLeak
• 43:56 — CISA KEV updates
• 49:49 — Phishing via SaaS misconfig, internal spoofing
• 55:36 — Veeam RCE critical patch
• 34:56 — Dad Jokes segment
• 61:19 — “Jawjacking” career and strategy Q&A panel (continues through end)

🎙️ Tone, Community Spirit, and Final Notes

• The show is fiercely practical, laced with honest, sometimes comical industry takes. Community interaction is at the heart — newcomers are welcomed loudly (“Welcome to the party, pal!”), and the show is punctuated with meme references, real-world war stories, and audience Q&A.
• Panelists bring decades of expertise, answering candidly about career hurdles and industry headaches.
• Career Tip™: “You’ll earn the ‘manager’ or ‘officer’ role by being resourceful, showing real impact, and speaking the language of business, not just tech.”

For More

• Daily Live Podcast: 8am Eastern, https://simplycyber.io/streams
• Register for events: https://luma.com/simplycyber (career and skill workshops)
• Community: Join Discord and social links at https://simplycyber.io/socials
• Free CPEs: Each episode earns half a credit—simply attend, chat, and screenshot!

Stay secure. Have a great weekend, and make sure your MFA’s actually on!