Daily Cyber Threat Brief – Ep 1043 (Jan 9, 2026)
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Theme: The stories that matter most to cybersecurity insiders, analysts, and leaders—expert analysis and actionable takeaways on today’s top cyber news.
Episode Overview
Dr. Gerald Auger (“Jerry”) delivers the top cybersecurity news headlines with unfiltered expert insights geared toward practitioners, GRC professionals, and career climbers. The show’s signature mix includes practical advice, community interactions, and a healthy dose of humor—especially on Meme Friday.
This episode covers:
- A critical MFA enforcement update by Microsoft
- Exposures and vulnerabilities in public sector and enterprise tech
- The ongoing risks of AI prompt injection
- Lessons from recent major breaches
- Practical workforce education tips
- Building cyber careers and engaging with the community
Plus, live Q&A and career panel “Jawjacking” with industry experts.
Key Stories & Insights
1. Microsoft to Enforce MFA for 365 Admin Center Logins
[10:24–16:22]
- Summary: Starting Feb 9, 2026, Microsoft will block sign-ins to its Microsoft 365 admin portal from users lacking Multi-Factor Authentication (MFA). This expands on a requirement first introduced in 2025.
- Expert Commentary:
- “You have to be an absolute donkey to not have MFA on the admin portal of your Microsoft 365 instance. Are you kidding me?” —Dr. Gerald Auger [11:28]
- Jerry strongly supports this as overdue and notes Google Workspace already enforces similar measures. Practitioners should preemptively check settings and communicate the upcoming change to IT teams for a smooth transition.
- MFA Method Selection: Be deliberate—don’t simply enable every method. Some (like voice call) are “violently abused by threat actors with great success.” —[16:21]
- Real-world scenario: Physicians responding to repeated MFA calls at 2 AM, attackers break through by triggering alert fatigue. Consider actual risk profiles when choosing authentication methods.
- GRC Takeaway: Organizations should align MFA options with their risk profile and communicate clearly with helpdesk and IT. Avoid “security theatre” by ensuring MFA is truly effective, not just box-ticking.
2. Cisco ISE Security Vulnerability Patched
[18:28–23:04]
- Summary: Cisco patched a vulnerability in its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC). An authenticated admin could extract sensitive information, but no exploitation in the wild has been seen (CVSS 4.9).
- Expert Commentary:
- This is only relevant if attackers already have admin. “When you log into a console with admin privileges, you have access to sensitive information by default. That’s what an admin account is.” —Dr. Gerald Auger [21:15]
- Main concern is if this vulnerability is chained with others (e.g., priv-esc, unauthenticated access). For now, practitioners shouldn’t panic but should patch accordingly.
- Actionable Advice: Stay alert for chained vulnerabilities, but prioritize patching based on likelihood and criticality.
3. Illinois Department of Human Services Exposes 700,000+ Records
[24:00–28:46]
- Summary: Personal (including health) info on over 700,000 Illinois residents was accidentally posted publicly for up to 4 years, due to planning maps created by agency staff.
- Expert Commentary:
- “If the year was 2013, someone would get fired. But it's 2026—someone put an Excel spreadsheet on the internet… sat there for four years.” —Dr. Gerald Auger [24:00]
- Suggests using tools like Shodan Monitor to proactively detect new exposed resources in your org's IP space.
- Advocates developing the habit of OSINTing your own organization: check SharePoint, guest networks, public Wi-Fi—see what outsiders see.
- Expert Tip: “If your security program’s maturity level is 2 or higher, you should have bandwidth to look for misconfigurations proactively.” —[26:37]
- Big Takeaway: Exposure incidents like this are still common. Make proactive discovery (incl. OSINT, Shodan) and regular external footprint reviews part of routine security operations.
4. Microsoft Exchange Online – IMAP Outage
[29:16–30:53]
- Summary: IMAP access to Exchange Online was disrupted by a “code conflict” misconfiguration. No specifics on affected regions.
- Expert Commentary:
- “Cloud’s great—you sleep while Microsoft’s engineers fix things. But you have no power to fix it yourself; you’re at their whim.” —Dr. Gerald Auger [29:42]
- Highlights the double-edged sword of SaaS reliability vs. loss of direct control.
- Light-hearted moment: Mentions “Carl from accounting” as the archetype of accidental risk creator (a running community joke).
5. AI Prompt Injection Risk in ChatGPT
[38:14–43:53]
- Summary: Researchers found new vulnerabilities (e.g., “Shadow Leak,” “Zombie Agent”) in OpenAI’s ChatGPT that allow exfiltration of sensitive info via indirect prompt injections—sometimes triggered just by emailing ChatGPT users. Vendors patch, but attacks keep evolving.
- Expert Commentary:
- “AI models are black boxes… almost nondeterministic. Proliferating AI without governance introduces real risk… and it’s not trivial to solve.” —Dr. Gerald Auger [39:36]
- Advises practitioners to educate users on what NOT to put into public AI tools: “Once you paste data for an AI summary, that data is gone, out of your control, and you have no data governance.”
- GRC Perspective: Formal AI data policies, user education, and considering technical controls (like local models or enterprise-safe platforms) are now critical.
- “If you’re interested in security research and personal branding, AI security research is blistering hot… bug bounties, SEO, everything.” —[41:45]
6. CISA Adds Two Actively Exploited Vulns to KEV Catalog
[44:49–47:22]
- Summary: CISA warns that actively exploited flaws in HPE OneView (CVSS 10.0) and Microsoft PowerPoint (from 2009!) remain a threat. The latter’s exploit persists due to unpatched, unsupported systems still in use.
- Expert Commentary:
- “If you’re running PowerPoint 2009 at your org, reevaluate your life choices... Threat actors have had 16 years to work on this.” —Dr. Gerald Auger [47:10]
- KEV catalog is valuable for real-world risk-based vulnerability triage: “Just because you have a vulnerability doesn’t mean you’re exploited—but KEV means the crime is happening here today.”
- Memorable Quote: “Take the computer from that end user and hand them a Speak & Spell. That’s their new computer!” —[49:18]
- Always prioritize patching actively exploited vulns—even “old” ones.
7. Phishing as a Service: Spoofed Internal Emails via Routing Flaws
[50:49–55:36]
- Summary: Attackers are misusing mail routing and misconfigured DMARC, DKIM, SPF records to send phishing emails that appear to originate internally.
- Expert Commentary:
- End user awareness is essential: “Just because it says @yourdomain.com no longer means it’s safe.” —[52:34]
- Implement DMARC, DKIM, SPF (hard fail), even if it costs a little. It greatly cuts down risk (“less than ten grand… and a single compromise costs way more.”).
- Education advice: Keep awareness messages simple—one idea per lesson for maximal impact.
- “Tell them: if something about an email feels off, call the sender… Just question it.”
8. Veeam Remote Code Execution Flaw in Backup & Replication
[55:36–59:41]
- Summary: Veeam patched a CVSS 9.0 vulnerability in its backup platform that allows Remote Code Execution as the privileged ‘postgres’ user. Affects tape operator roles specifically.
- Expert Commentary:
- “Backups are a critical, enterprise resource—especially with ransomware rampant. Treat Veeam as a ‘priority system’ in your risk inventory. Go patch.” —[57:41]
- Incident Recovery Tip: Know the correct restore order (ERP, directory services, Veeam, etc.), or you risk illogical recovery delays (echoing Land Rover/Jaguar’s drawn-out incident recovery).
Community & Career: Jawjacking Panel [61:19+]
Panelists: Dr. Gerald Auger, Fleetus Post, James McQuiggin, Eric Taylor
Key Topics & Advice:
Using the NIST 800-53 Framework
- “The best way is to download the SP 800-53 publication and read it twice: once to let it wash over you, a second time just the controls catalog… It’s not all meant to be implemented at once.” —[64:18]
First InfoSec Officer in an Org ("Token Cyber Hire") [70:22–78:14]
- You’re an advisor—the business chooses its risk. Present assessments, recommend changes, and align everything to business value.
- “If you build the plan, communicate the risks, and leadership still doesn’t act, at some point you need to be the CEO of you.” —Dr. Gerald Auger [76:05]
- Map critical assets, business continuity (DRBCP), and recovery priorities in business terms, not acronyms.
Conferences and Career Development
- B-sides for grass-roots events, RSA/Black Hat/DEFCON for the big scene, InfoSec-conferences.com and Sessionize.com for up-to-date listings.
- Actively participate on LinkedIn, build rapport by commenting on discussions before cold-messaging for referrals (“Play the long game with networking, not just when you need a job.” —James McQuiggin [108:04])
- The Simply Cyber Skill Stream series (luma.com/simplycyber) offers ongoing workshops, panel shows, and firesides for skills and personal branding.
Guidance for Managers & Career Switchers
- Cybersecurity manager roles require “bilingual” skills—speaking both tech and business, focusing on enabling business outcomes, and people management.
- “You’ll do the job before you get the title. Take projects, get involved, let leadership know you’re interested.” —[102:00]
- For SOC analyst hopefuls: 14 years in help desk? You’re more than ready—experience counts; EC-Council certs are less critical than real capability.
AI in the Workplace: Privacy & Security Concerns [90:32–98:16]
- Concerns over “always-on” AI assistants (glasses, pins, recorders) in corporate or sensitive environments:
- “You’re not walking into a government building wearing that AI pin… If you’re dealing with PHI, R&D, or IP, turn that off.” —Fleetus [90:46-91:47]
- Enforce strong policies and train staff on what is and isn’t allowed to be recorded or summarized by AI.
Notable Quotes & Moments
- “Normalize MFA—if you don’t have it on your admin portal, you’re doing it wrong!” —Dr. Gerald Auger [13:32]
- “If you’re running PowerPoint 2009, hand your user a Speak & Spell.” —[49:18]
- On AI data leaks: “Once in ChatGPT, your spreadsheet is GONE. You have no more say over it.” —[42:49]
- James McQuiggin’s Friday Dad Jokes:
- “Did you hear the joke about immortality? It never gets old.” [35:06]
- “Did you hear about the T. Rex selling guns? He's mostly a small arms dealer.” [36:36]
Timestamps by Segment
| Segment | Time | |----------------------------------------|-------------| | Show opening and community welcome | 00:01–04:03 | | Microsoft MFA enforcement | 10:24–16:22 | | Cisco ISE vulnerability | 18:28–23:04 | | Illinois DHHS data exposure | 24:00–28:46 | | Microsoft Exchange IMAP outage | 29:16–30:53 | | Mid-roll, sponsors, community jokes | 31:45–36:40 | | AI prompt injection (OpenAI) | 38:14–43:53 | | CISA KEV catalog update | 44:49–47:22 | | Phishing/internal spoofing & DMARC | 50:49–55:36 | | Veeam backup RCE vulnerability | 55:36–59:41 | | Jawjacking Q&A panel | 61:19–end |
Tone & Style
- Knowledgeable but approachable—equal parts expert advice and camaraderie.
- Frequent humor and gentle ribbing, especially Fridays (Meme/Dad Joke Day).
- Highly interactive: responds to audience questions, encourages real-world application, promotes community wins.
Final Takeaways
- Practitioners: Stay on top of real, actively exploited threats (KEV catalog); prioritize MFA and patching based on real risk, not just severity scores.
- GRC Pros: Align controls with business needs; educate workforce on changing threat models, especially with AI/data governance.
- Leaders: Foster security awareness, take steps beyond “checkbox” compliance, and empower security teams to drive real risk reduction.
- Everyone: Participate in community skill-building (e.g., Simply Cyber’s programs), keep developing, and bring positive, actionable change to your workplace.
- Career Seekers: Network authentically, build public value, and demonstrate skills—your branding matters as much as your technical acumen.
Connect, learn, and laugh with Simply Cyber each weekday 8am ET— “Let the cool sounds of hot news wash over you.”