🔴 Jan 9’s Top Cyber News NOW! - Ep 1043 - Daily Cyber Threat Brief

Transcript

Dr. Gerald Ozer (0:01)

All right, what's up everybody? Good morning. Welcome to the show. Welcome to Simply Cyber's daily Cyber Threat Brief podcast. I AM your host, Dr. Gerald Ozer, coming to you live from the Buffer Osier Flow Studio. This is episode 1043. If you are looking to level up as an absolute boss in the cyber security industry, as a practitioner, staying informed on the current information threat Intelligence agency is going to be incumbent upon you being successful. And that's what we do here every single day at 8am Eastern time. And we're going to do it today alongside you. We're going to go through the top stories. I'm going to go beyond the headlines.

Jerry Guy (0:39)

Giving my expert opinion and analysis based on my 20 plus years of experience.

Dr. Gerald Ozer (0:43)

And the Simply Cyber community right above me is going to be sharing their insights, thoughts and etc on these topics as well as building community and sharing wins together. I hope you stay with us. We're off and running on a beautiful Friday morning. Let's go. All right, everybody, what's up? Yep, we're going to be going through eight stories today. I do not know any of those stories. I don't research or prep for these stories. Honestly, I don't got time for that. Ain't nobody got time for that.

Jerry Guy (1:32)

That's exactly.

Dr. Gerald Ozer (1:33)

Hey, I want to say welcome Back to Chris Greg 9104, first time back.

Jerry Guy (1:37)

In a long time.

Dr. Gerald Ozer (1:38)

Chris, great to have you. Welcome to the party, pal. And for everybody else who might be here for the first time in a long time or the first time ever, allow me to say welcome to the show. I hope you have a great experience. We have a certain style of doing.

Jerry Guy (1:53)

The show, a certain way of approaching cyber security.

Dr. Gerald Ozer (1:56)

A lot of great Simply Cyber Community members in here. Long timers. Sound off though, if you are a first timer, drop a hashtag first timer in chat. We love welcoming our first timers. Basically we just want you to know that you're welcome here. We're trying to as best we can in a digital world, in a virtual environment, you know, make the circle a little bigger, give you a little, you know, come on over here, like make you feel comfortable.

Jerry Guy (2:21)

That's the point of the hashtag first timer.

Summary

Daily Cyber Threat Brief – Ep 1043 (Jan 9, 2026)

Host: Dr. Gerald Auger (Simply Cyber Media Group)
Theme: The stories that matter most to cybersecurity insiders, analysts, and leaders—expert analysis and actionable takeaways on today’s top cyber news.

Episode Overview

Dr. Gerald Auger (“Jerry”) delivers the top cybersecurity news headlines with unfiltered expert insights geared toward practitioners, GRC professionals, and career climbers. The show’s signature mix includes practical advice, community interactions, and a healthy dose of humor—especially on Meme Friday.

This episode covers:

A critical MFA enforcement update by Microsoft
Exposures and vulnerabilities in public sector and enterprise tech
The ongoing risks of AI prompt injection
Lessons from recent major breaches
Practical workforce education tips
Building cyber careers and engaging with the community
Plus, live Q&A and career panel “Jawjacking” with industry experts.

Key Stories & Insights

1. Microsoft to Enforce MFA for 365 Admin Center Logins

[10:24–16:22]

Summary: Starting Feb 9, 2026, Microsoft will block sign-ins to its Microsoft 365 admin portal from users lacking Multi-Factor Authentication (MFA). This expands on a requirement first introduced in 2025.
Expert Commentary:
- “You have to be an absolute donkey to not have MFA on the admin portal of your Microsoft 365 instance. Are you kidding me?” —Dr. Gerald Auger [11:28]
- Jerry strongly supports this as overdue and notes Google Workspace already enforces similar measures. Practitioners should preemptively check settings and communicate the upcoming change to IT teams for a smooth transition.
- MFA Method Selection: Be deliberate—don’t simply enable every method. Some (like voice call) are “violently abused by threat actors with great success.” —[16:21]
- Real-world scenario: Physicians responding to repeated MFA calls at 2 AM, attackers break through by triggering alert fatigue. Consider actual risk profiles when choosing authentication methods.
GRC Takeaway: Organizations should align MFA options with their risk profile and communicate clearly with helpdesk and IT. Avoid “security theatre” by ensuring MFA is truly effective, not just box-ticking.

2. Cisco ISE Security Vulnerability Patched

[18:28–23:04]

Summary: Cisco patched a vulnerability in its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC). An authenticated admin could extract sensitive information, but no exploitation in the wild has been seen (CVSS 4.9).
Expert Commentary:
- This is only relevant if attackers already have admin. “When you log into a console with admin privileges, you have access to sensitive information by default. That’s what an admin account is.” —Dr. Gerald Auger [21:15]
- Main concern is if this vulnerability is chained with others (e.g., priv-esc, unauthenticated access). For now, practitioners shouldn’t panic but should patch accordingly.
Actionable Advice: Stay alert for chained vulnerabilities, but prioritize patching based on likelihood and criticality.

3. Illinois Department of Human Services Exposes 700,000+ Records

[24:00–28:46]

Summary: Personal (including health) info on over 700,000 Illinois residents was accidentally posted publicly for up to 4 years, due to planning maps created by agency staff.
Expert Commentary:
- “If the year was 2013, someone would get fired. But it's 2026—someone put an Excel spreadsheet on the internet… sat there for four years.” —Dr. Gerald Auger [24:00]
- Suggests using tools like Shodan Monitor to proactively detect new exposed resources in your org's IP space.
- Advocates developing the habit of OSINTing your own organization: check SharePoint, guest networks, public Wi-Fi—see what outsiders see.
- Expert Tip: “If your security program’s maturity level is 2 or higher, you should have bandwidth to look for misconfigurations proactively.” —[26:37]
Big Takeaway: Exposure incidents like this are still common. Make proactive discovery (incl. OSINT, Shodan) and regular external footprint reviews part of routine security operations.

4. Microsoft Exchange Online – IMAP Outage

[29:16–30:53]

Summary: IMAP access to Exchange Online was disrupted by a “code conflict” misconfiguration. No specifics on affected regions.
Expert Commentary:
- “Cloud’s great—you sleep while Microsoft’s engineers fix things. But you have no power to fix it yourself; you’re at their whim.” —Dr. Gerald Auger [29:42]
- Highlights the double-edged sword of SaaS reliability vs. loss of direct control.
- Light-hearted moment: Mentions “Carl from accounting” as the archetype of accidental risk creator (a running community joke).

5. AI Prompt Injection Risk in ChatGPT

[38:14–43:53]

Summary: Researchers found new vulnerabilities (e.g., “Shadow Leak,” “Zombie Agent”) in OpenAI’s ChatGPT that allow exfiltration of sensitive info via indirect prompt injections—sometimes triggered just by emailing ChatGPT users. Vendors patch, but attacks keep evolving.
Expert Commentary:
- “AI models are black boxes… almost nondeterministic. Proliferating AI without governance introduces real risk… and it’s not trivial to solve.” —Dr. Gerald Auger [39:36]
- Advises practitioners to educate users on what NOT to put into public AI tools: “Once you paste data for an AI summary, that data is gone, out of your control, and you have no data governance.”
- GRC Perspective: Formal AI data policies, user education, and considering technical controls (like local models or enterprise-safe platforms) are now critical.
- “If you’re interested in security research and personal branding, AI security research is blistering hot… bug bounties, SEO, everything.” —[41:45]

6. CISA Adds Two Actively Exploited Vulns to KEV Catalog

[44:49–47:22]

Summary: CISA warns that actively exploited flaws in HPE OneView (CVSS 10.0) and Microsoft PowerPoint (from 2009!) remain a threat. The latter’s exploit persists due to unpatched, unsupported systems still in use.
Expert Commentary:
- “If you’re running PowerPoint 2009 at your org, reevaluate your life choices... Threat actors have had 16 years to work on this.” —Dr. Gerald Auger [47:10]
- KEV catalog is valuable for real-world risk-based vulnerability triage: “Just because you have a vulnerability doesn’t mean you’re exploited—but KEV means the crime is happening here today.”
- Memorable Quote: “Take the computer from that end user and hand them a Speak & Spell. That’s their new computer!” —[49:18]
- Always prioritize patching actively exploited vulns—even “old” ones.

7. Phishing as a Service: Spoofed Internal Emails via Routing Flaws

[50:49–55:36]

Summary: Attackers are misusing mail routing and misconfigured DMARC, DKIM, SPF records to send phishing emails that appear to originate internally.
Expert Commentary:
- End user awareness is essential: “Just because it says @yourdomain.com no longer means it’s safe.” —[52:34]
- Implement DMARC, DKIM, SPF (hard fail), even if it costs a little. It greatly cuts down risk (“less than ten grand… and a single compromise costs way more.”).
- Education advice: Keep awareness messages simple—one idea per lesson for maximal impact.
- “Tell them: if something about an email feels off, call the sender… Just question it.”

8. Veeam Remote Code Execution Flaw in Backup & Replication

[55:36–59:41]

Summary: Veeam patched a CVSS 9.0 vulnerability in its backup platform that allows Remote Code Execution as the privileged ‘postgres’ user. Affects tape operator roles specifically.
Expert Commentary:
- “Backups are a critical, enterprise resource—especially with ransomware rampant. Treat Veeam as a ‘priority system’ in your risk inventory. Go patch.” —[57:41]
- Incident Recovery Tip: Know the correct restore order (ERP, directory services, Veeam, etc.), or you risk illogical recovery delays (echoing Land Rover/Jaguar’s drawn-out incident recovery).

Community & Career: Jawjacking Panel [61:19+]

Panelists: Dr. Gerald Auger, Fleetus Post, James McQuiggin, Eric Taylor

Key Topics & Advice:

Using the NIST 800-53 Framework

“The best way is to download the SP 800-53 publication and read it twice: once to let it wash over you, a second time just the controls catalog… It’s not all meant to be implemented at once.” —[64:18]

First InfoSec Officer in an Org ("Token Cyber Hire") [70:22–78:14]

You’re an advisor—the business chooses its risk. Present assessments, recommend changes, and align everything to business value.
“If you build the plan, communicate the risks, and leadership still doesn’t act, at some point you need to be the CEO of you.” —Dr. Gerald Auger [76:05]
Map critical assets, business continuity (DRBCP), and recovery priorities in business terms, not acronyms.

Conferences and Career Development

B-sides for grass-roots events, RSA/Black Hat/DEFCON for the big scene, InfoSec-conferences.com and Sessionize.com for up-to-date listings.
Actively participate on LinkedIn, build rapport by commenting on discussions before cold-messaging for referrals (“Play the long game with networking, not just when you need a job.” —James McQuiggin [108:04])
The Simply Cyber Skill Stream series (luma.com/simplycyber) offers ongoing workshops, panel shows, and firesides for skills and personal branding.

Guidance for Managers & Career Switchers

Cybersecurity manager roles require “bilingual” skills—speaking both tech and business, focusing on enabling business outcomes, and people management.
“You’ll do the job before you get the title. Take projects, get involved, let leadership know you’re interested.” —[102:00]
For SOC analyst hopefuls: 14 years in help desk? You’re more than ready—experience counts; EC-Council certs are less critical than real capability.

AI in the Workplace: Privacy & Security Concerns [90:32–98:16]

Concerns over “always-on” AI assistants (glasses, pins, recorders) in corporate or sensitive environments:
- “You’re not walking into a government building wearing that AI pin… If you’re dealing with PHI, R&D, or IP, turn that off.” —Fleetus [90:46-91:47]
Enforce strong policies and train staff on what is and isn’t allowed to be recorded or summarized by AI.

Notable Quotes & Moments

“Normalize MFA—if you don’t have it on your admin portal, you’re doing it wrong!” —Dr. Gerald Auger [13:32]
“If you’re running PowerPoint 2009, hand your user a Speak & Spell.” —[49:18]
On AI data leaks: “Once in ChatGPT, your spreadsheet is GONE. You have no more say over it.” —[42:49]
James McQuiggin’s Friday Dad Jokes:
- “Did you hear the joke about immortality? It never gets old.” [35:06]
- “Did you hear about the T. Rex selling guns? He's mostly a small arms dealer.” [36:36]

Timestamps by Segment

| Segment | Time | |----------------------------------------|-------------| | Show opening and community welcome | 00:01–04:03 | | Microsoft MFA enforcement | 10:24–16:22 | | Cisco ISE vulnerability | 18:28–23:04 | | Illinois DHHS data exposure | 24:00–28:46 | | Microsoft Exchange IMAP outage | 29:16–30:53 | | Mid-roll, sponsors, community jokes | 31:45–36:40 | | AI prompt injection (OpenAI) | 38:14–43:53 | | CISA KEV catalog update | 44:49–47:22 | | Phishing/internal spoofing & DMARC | 50:49–55:36 | | Veeam backup RCE vulnerability | 55:36–59:41 | | Jawjacking Q&A panel | 61:19–end |

Tone & Style

Knowledgeable but approachable—equal parts expert advice and camaraderie.
Frequent humor and gentle ribbing, especially Fridays (Meme/Dad Joke Day).
Highly interactive: responds to audience questions, encourages real-world application, promotes community wins.

Final Takeaways

Practitioners: Stay on top of real, actively exploited threats (KEV catalog); prioritize MFA and patching based on real risk, not just severity scores.
GRC Pros: Align controls with business needs; educate workforce on changing threat models, especially with AI/data governance.
Leaders: Foster security awareness, take steps beyond “checkbox” compliance, and empower security teams to drive real risk reduction.
Everyone: Participate in community skill-building (e.g., Simply Cyber’s programs), keep developing, and bring positive, actionable change to your workplace.
Career Seekers: Network authentically, build public value, and demonstrate skills—your branding matters as much as your technical acumen.

Connect, learn, and laugh with Simply Cyber each weekday 8am ET— “Let the cool sounds of hot news wash over you.”