Daily Cyber Threat Brief: Ep 1090 (Mar 17’s Top Cyber News NOW!)

Podcast: Daily Cyber Threat Brief
Date: March 17, 2026
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Guest Host (Jawjacking): Eric Taylor
Main Theme: A fast-paced and insightful rundown of the top cybersecurity news most relevant to insiders, GRC professionals, and the wider cyber community—delivered with a balance of expert advice, practical takeaways, and community vibes.

Episode Overview

Today’s episode takes listeners through the most urgent and interesting cybersecurity news from March 17th, 2026, highlighting practical lessons from each story, with a particular focus on recent high-profile incidents, threat trends related to the Iran conflict, advances in social engineering, and patch/update urgencies. The episode also features Tidbits Tuesday (personal insights about the hosts) and an interactive live Q&A (Jawjacking).

Key Discussions & Insights

1. Stryker Medical Cyberattack: Intune Wipes and Scale of Impact

[12:08–22:55]

Story:
Medical device giant Stryker suffered a cyberattack: internal systems were taken down, factories shuttered, and over 200,000 company endpoints were remotely wiped using Microsoft Intune, disrupting digital ordering and forcing manual workarounds.

Key Points:

Attackers compromised admin accounts, leveraging “living off the land” by using legitimate tools (Intune’s remote wipe) for mass disruption.
- "Living off the land is where you use native binaries or native applications...to achieve whatever malicious operations you want..." — Dr. Auger [13:37]
Attribution is suspected toward Iranian-aligned threat group HANDELA, but unconfirmed by Stryker.
Restoring at scale: Even with backups, the logistics of reimaging/re-onboarding potentially 200,000 devices is staggering.
- "...If it takes one minute to restore a machine...with 200,000 endpoints wiped, it would take 200,000 minutes...that's how insane this is?" — Dr. Auger [16:33]
Medical devices untouched: Devices were not affected as they’re not Intune-managed and often run unsupported OSes (e.g., Windows XP).
Possible motives: Links to geopolitics—Stryker’s acquisition of Israeli companies.

Takeaway:
User/administrator credential security and MDM system admin access are critical; organizations must plan for large-scale recovery and regularly test response plans—even to “living off the land” tactics.

2. AI Face Models & Deepfake Scam Factories

[22:55–27:42]

Story:
Wired reports on hundreds of job listings for “AI face models”—real people whose faces and voices are used (via deepfake overlays) in video calls to run romance and crypto scams out of Southeast Asia scam compounds. Some participants are trafficked or coerced.

Key Points:

New twist on “pig butchering” romance scams: AI lets perpetrators convincingly appear as whatever the victim desires.
"They’re just adding AI to people's faces on the FaceTime calls...when I call you, I don't look like a Cambodian, I look like a very attractive—whatever you're into." — Dr. Auger [23:32]
Real models still used “because real models are cheaper at scale right now. Give it six months and it'll change.” — Phil Stafford (community AI expert) [25:40]
Defensive tip: To test for deepfakes in video calls, have suspicious contacts make gestures that current tech can’t reproduce accurately (e.g., wave a hand in front of the face).

Takeaway:
AI is supercharging scam effectiveness and scale. Caution friends/family about dubious gig work abroad and always verify the identity of video callers, especially when money or credentials are at stake.

3. Massive Cybercrime Surge Linked to Iran Conflict

[27:42–33:47]

Story:
Akamai reports a 245% surge in cybercrime since the Iran war began. Major targets: banks, fintech, e-commerce, and gaming. Most attack traffic is routed through proxies (Russia, China), not directly from Iran.

Key Points:

War (and global chaos) breeds opportunity for cybercriminals.
- "War breeds chaos and crime loves chaos...not really surprised [about the surge]." — Dr. Auger [29:36]
Credential harvesting and botnet recon are up, aligning with military and nation-state escalation.
Collateral risks: While the conflict is regional, the entire Internet is the battleground. Non-involved businesses are still at risk (cf. NotPetya aftermath).

Takeaway:
All organizations—globally—must adopt a “shields up” posture during major geopolitical events. Robust detection, credential management, and network segmentation are crucial.

4. Wing FTP Server Vulnerability—Critical Patch Required

[33:47–35:53]

Story:
CISA directs US federal agencies (and recommends others) to immediately patch an actively exploited Wing FTP Server vulnerability—can be chained to achieve RCE (Remote Code Execution). Users include the US Air Force, Sony, Airbus.

Key Points:

Exploit is actively being used.
Dr. Auger expresses surprise at the broad user base.
"If you're using WingFTP, you got to patch it. Ah, you got to patch it." — Dr. Auger [34:24]

Takeaway:
Immediate patching of internet-exposed services is non-negotiable. Security teams must monitor CISA’s KEV catalog for priority vulnerabilities.

5. Luxembourg Overturns Amazon GDPR Fine

[41:49–45:51]

Story:
Luxembourg court overturns Amazon’s record €746 million GDPR fine—on procedural, not substantive grounds. The case will be reconsidered.

Key Points:

"If I had a parking ticket for $858 million and I was able to get it overturned, I would also be pleased with the decision." — Dr. Auger [42:30]
GDPR fines are massive (Meta: €1.2B, Amazon: €746M).
Regulatory enforcement is significant, especially for any company processing EU citizen data.

Takeaway:
Compliance with evolving privacy regulations is business critical. Even technicalities can change outcomes, but risk is ever-present for global tech firms.

6. LiveChat Platform Abused for Sophisticated Phishing

[45:51–50:45]

Story:
Attackers are weaponizing LiveChat’s real-time support feature to phish for Amazon/PayPal credentials, sensitive data, and MFA codes by impersonating customer service in live chats.

Key Points:

Elevates classic phishing with human interaction (“synchronous” attack vs. asynchronous email).
- "This adds a dimension of interactivity and synchronicity that can increase the likelihood of success..." — Dr. Auger [46:28]
New techniques include gaining trust via “order/payment issues” then harvesting MFA codes or pushing “refund” scams.
Actionable advice: Train users to recognize this new variant immediately.
LiveChat’s financial incentives may conflict with proactive security takedown.

Takeaway:
The phishing landscape is evolving—user awareness must evolve too. Real-time scam chats demand immediate, targeted security training.

7. DDoS Attack Makes Parking Free in Russian City

[50:45–53:25]

Story:
Perm, Russia’s parking payment systems were taken offline by a DDoS attack—resulting temporarily in free parking for all.

Key Points:

Likely activist-driven (probably Ukraine-aligned).
Many city IoT/infrastructure systems depend on externally hosted/cloud-connected management—highlighting possible points of failure.
- "To me...this is not devastating...like, free parking is companies..." — Dr. Auger [51:18]

Takeaway:
IoT/infra system resilience is critical, but some disruptions (like free parking) may have minimal impact compared to others (e.g., mass endpoint wipes).

8. UK Companies House Data Exposure through Web App Flaw

[53:25–54:04]

Story:
A web app vulnerability in Companies House (UK) allowed logged-in users to access other companies’ sensitive data—including director info and addresses—by manipulating company numbers.

Key Points:

Classic Insecure Direct Object Reference (IDOR) flaw—still relevant today.
"This is so dumb. You would request the company's data...then you could just press the back button a few times...and then you're in." — Dr. Auger [54:04]
Data involved: sensitive but business (not consumer) focused.
Incident is under review by UK ICO and NCSC.

Takeaway:
Old web app vulnerabilities are still live in critical systems; security reviews and pentesting for IDOR and similar flaws must not be overlooked.

Notable Quotes & Moments

On practical incident math:
“Even if you had 10 people working on it from sun up to sundown and it took one minute to restore, it would take two months. Do you get the scale of this now?” — Dr. Auger [16:33]
On GDPR fines for Big Tech:
“Think about how much money Facebook Meta must be making where they can just eat one and a half billion dollars in fines and be like, 'cost of doing business.'” — Dr. Auger [43:58]
On evolving scams with AI:
“They’re just adding AI to people's faces on the FaceTime calls… That's it. Right? So now when I call you, I look like a very attractive—whatever you're into.” — Dr. Auger [23:32]
On teaching users about live chat phishing:
“This one adds a dimension of interactivity...increases the likelihood of the threat actor’s success—which is why you should be calling this to your end users’ attention.” — Dr. Auger [46:28]

Tidbits Tuesday & Community Vibe

[38:48–41:49]

Gerald shares personal concert history ("Steve Miller Band at 11, Godsmack at Y2K, The Roots six times").
Community shares their first concerts—creating connection and engagement.

Jawjacking (Live Q&A with Eric Taylor)

[59:16–77:45+]

Highlights:

Lighthearted Poll: “Sock, sock, shoe, shoe, or sock, shoe, sock, shoe?” sparked lively debate.
Practical Security Advice for Home Networks:
“After you’ve got your network security in place, start ingesting logs...an ELK stack is a great entry point for seeing what’s really going on.” — Eric Taylor [77:47]
Advice for Cybersecurity Grads:
“Go in knowing you're going to sound goofy, you're going to sound like an idiot and you're going to feel like an imposter. School gives you theory; only real-world experience gives you the rest.” — Eric Taylor [83:23]
On Pen Testing Certs:
“Check what the leading firms you want to work for require—Burp Suite cert is valuable if demand is there, but practical skills trump paper.” — Eric Taylor [86:12]
General encouragement: Embrace learning, ask questions, even with years in the field you’ll face impostor syndrome.

Timestamps for Important Segments

Stryker Intune Wipe Attack & Analysis: [12:08–22:55]
AI Scam Factories: [22:55–27:42]
Cyberattack Surge since Iran Conflict: [27:42–33:47]
Wing FTP Critical Vulnerability Advisory: [33:47–35:53]
Amazon GDPR Fine Overturned: [41:49–45:51]
LiveChat Phishing Campaign: [45:51–50:45]
Perm Parking DDoS / Free Parking: [50:45–53:25]
Companies House UK Data Flaw: [53:25–54:04]
Jawjacking Q&A: [59:16–end]

Final Takeaways

Cyber chaos is accelerating due to global conflict—prepare for increased attack frequency and scale.
Legacy problems (like IDOR) still cause major breaches.
Defensive security must expand to cover new social engineering and AI-enabled threats.
Culture and community matter: Inclusion, kindness, and mutual support are pillars at Simply Cyber.
Never stop learning: Both hosts emphasize continual growth, practical learning, and community sharing.

For daily CPE credit: Grab a screenshot of the live show, use the date/episode title, and file it—up to 120 CPEs per year!

Join the Daily Cyber Threat Brief live every weekday at 8:00AM Eastern—hear the news, get expert analysis, and level up your cyber game with #TeamSC!

Daily Cyber Threat Brief: Ep 1090 (Mar 17’s Top Cyber News NOW!)

Episode Overview

Key Discussions & Insights

1. Stryker Medical Cyberattack: Intune Wipes and Scale of Impact

[12:08–22:55]

Key Points:

Attackers compromised admin accounts, leveraging “living off the land” by using legitimate tools (Intune’s remote wipe) for mass disruption.
- "Living off the land is where you use native binaries or native applications...to achieve whatever malicious operations you want..." — Dr. Auger [13:37]
Attribution is suspected toward Iranian-aligned threat group HANDELA, but unconfirmed by Stryker.
Restoring at scale: Even with backups, the logistics of reimaging/re-onboarding potentially 200,000 devices is staggering.
- "...If it takes one minute to restore a machine...with 200,000 endpoints wiped, it would take 200,000 minutes...that's how insane this is?" — Dr. Auger [16:33]
Medical devices untouched: Devices were not affected as they’re not Intune-managed and often run unsupported OSes (e.g., Windows XP).
Possible motives: Links to geopolitics—Stryker’s acquisition of Israeli companies.

2. AI Face Models & Deepfake Scam Factories

[22:55–27:42]

Key Points:

New twist on “pig butchering” romance scams: AI lets perpetrators convincingly appear as whatever the victim desires.
"They’re just adding AI to people's faces on the FaceTime calls...when I call you, I don't look like a Cambodian, I look like a very attractive—whatever you're into." — Dr. Auger [23:32]
Real models still used “because real models are cheaper at scale right now. Give it six months and it'll change.” — Phil Stafford (community AI expert) [25:40]
Defensive tip: To test for deepfakes in video calls, have suspicious contacts make gestures that current tech can’t reproduce accurately (e.g., wave a hand in front of the face).

3. Massive Cybercrime Surge Linked to Iran Conflict

[27:42–33:47]

Key Points:

War (and global chaos) breeds opportunity for cybercriminals.
- "War breeds chaos and crime loves chaos...not really surprised [about the surge]." — Dr. Auger [29:36]
Credential harvesting and botnet recon are up, aligning with military and nation-state escalation.
Collateral risks: While the conflict is regional, the entire Internet is the battleground. Non-involved businesses are still at risk (cf. NotPetya aftermath).

Takeaway:
All organizations—globally—must adopt a “shields up” posture during major geopolitical events. Robust detection, credential management, and network segmentation are crucial.

4. Wing FTP Server Vulnerability—Critical Patch Required

[33:47–35:53]

Key Points:

Exploit is actively being used.
Dr. Auger expresses surprise at the broad user base.
"If you're using WingFTP, you got to patch it. Ah, you got to patch it." — Dr. Auger [34:24]

Takeaway:
Immediate patching of internet-exposed services is non-negotiable. Security teams must monitor CISA’s KEV catalog for priority vulnerabilities.

5. Luxembourg Overturns Amazon GDPR Fine

[41:49–45:51]

Story:
Luxembourg court overturns Amazon’s record €746 million GDPR fine—on procedural, not substantive grounds. The case will be reconsidered.

Key Points:

"If I had a parking ticket for $858 million and I was able to get it overturned, I would also be pleased with the decision." — Dr. Auger [42:30]
GDPR fines are massive (Meta: €1.2B, Amazon: €746M).
Regulatory enforcement is significant, especially for any company processing EU citizen data.

Takeaway:
Compliance with evolving privacy regulations is business critical. Even technicalities can change outcomes, but risk is ever-present for global tech firms.

6. LiveChat Platform Abused for Sophisticated Phishing

[45:51–50:45]

Story:
Attackers are weaponizing LiveChat’s real-time support feature to phish for Amazon/PayPal credentials, sensitive data, and MFA codes by impersonating customer service in live chats.

Key Points:

Elevates classic phishing with human interaction (“synchronous” attack vs. asynchronous email).
- "This adds a dimension of interactivity and synchronicity that can increase the likelihood of success..." — Dr. Auger [46:28]
New techniques include gaining trust via “order/payment issues” then harvesting MFA codes or pushing “refund” scams.
Actionable advice: Train users to recognize this new variant immediately.
LiveChat’s financial incentives may conflict with proactive security takedown.

Takeaway:
The phishing landscape is evolving—user awareness must evolve too. Real-time scam chats demand immediate, targeted security training.

7. DDoS Attack Makes Parking Free in Russian City

[50:45–53:25]

Story:
Perm, Russia’s parking payment systems were taken offline by a DDoS attack—resulting temporarily in free parking for all.

Key Points:

Likely activist-driven (probably Ukraine-aligned).
Many city IoT/infrastructure systems depend on externally hosted/cloud-connected management—highlighting possible points of failure.
- "To me...this is not devastating...like, free parking is companies..." — Dr. Auger [51:18]

Takeaway:
IoT/infra system resilience is critical, but some disruptions (like free parking) may have minimal impact compared to others (e.g., mass endpoint wipes).

8. UK Companies House Data Exposure through Web App Flaw

[53:25–54:04]

Key Points:

Classic Insecure Direct Object Reference (IDOR) flaw—still relevant today.
"This is so dumb. You would request the company's data...then you could just press the back button a few times...and then you're in." — Dr. Auger [54:04]
Data involved: sensitive but business (not consumer) focused.
Incident is under review by UK ICO and NCSC.

Takeaway:
Old web app vulnerabilities are still live in critical systems; security reviews and pentesting for IDOR and similar flaws must not be overlooked.

Notable Quotes & Moments

On practical incident math:
“Even if you had 10 people working on it from sun up to sundown and it took one minute to restore, it would take two months. Do you get the scale of this now?” — Dr. Auger [16:33]
On GDPR fines for Big Tech:
“Think about how much money Facebook Meta must be making where they can just eat one and a half billion dollars in fines and be like, 'cost of doing business.'” — Dr. Auger [43:58]
On evolving scams with AI:
“They’re just adding AI to people's faces on the FaceTime calls… That's it. Right? So now when I call you, I look like a very attractive—whatever you're into.” — Dr. Auger [23:32]
On teaching users about live chat phishing:
“This one adds a dimension of interactivity...increases the likelihood of the threat actor’s success—which is why you should be calling this to your end users’ attention.” — Dr. Auger [46:28]

Tidbits Tuesday & Community Vibe

[38:48–41:49]

Gerald shares personal concert history ("Steve Miller Band at 11, Godsmack at Y2K, The Roots six times").
Community shares their first concerts—creating connection and engagement.

Jawjacking (Live Q&A with Eric Taylor)

[59:16–77:45+]

Highlights:

Lighthearted Poll: “Sock, sock, shoe, shoe, or sock, shoe, sock, shoe?” sparked lively debate.
Practical Security Advice for Home Networks:
“After you’ve got your network security in place, start ingesting logs...an ELK stack is a great entry point for seeing what’s really going on.” — Eric Taylor [77:47]
Advice for Cybersecurity Grads:
“Go in knowing you're going to sound goofy, you're going to sound like an idiot and you're going to feel like an imposter. School gives you theory; only real-world experience gives you the rest.” — Eric Taylor [83:23]
On Pen Testing Certs:
“Check what the leading firms you want to work for require—Burp Suite cert is valuable if demand is there, but practical skills trump paper.” — Eric Taylor [86:12]
General encouragement: Embrace learning, ask questions, even with years in the field you’ll face impostor syndrome.

Timestamps for Important Segments

Stryker Intune Wipe Attack & Analysis: [12:08–22:55]
AI Scam Factories: [22:55–27:42]
Cyberattack Surge since Iran Conflict: [27:42–33:47]
Wing FTP Critical Vulnerability Advisory: [33:47–35:53]
Amazon GDPR Fine Overturned: [41:49–45:51]
LiveChat Phishing Campaign: [45:51–50:45]
Perm Parking DDoS / Free Parking: [50:45–53:25]
Companies House UK Data Flaw: [53:25–54:04]
Jawjacking Q&A: [59:16–end]

Final Takeaways

Cyber chaos is accelerating due to global conflict—prepare for increased attack frequency and scale.
Legacy problems (like IDOR) still cause major breaches.
Defensive security must expand to cover new social engineering and AI-enabled threats.
Culture and community matter: Inclusion, kindness, and mutual support are pillars at Simply Cyber.
Never stop learning: Both hosts emphasize continual growth, practical learning, and community sharing.

For daily CPE credit: Grab a screenshot of the live show, use the date/episode title, and file it—up to 120 CPEs per year!

Join the Daily Cyber Threat Brief live every weekday at 8:00AM Eastern—hear the news, get expert analysis, and level up your cyber game with #TeamSC!

wavePod

🔴 Mar 17’s Top Cyber News NOW! - Ep 1090

Summary

Daily Cyber Threat Brief: Ep 1090 (Mar 17’s Top Cyber News NOW!)

Episode Overview

Key Discussions & Insights

1. Stryker Medical Cyberattack: Intune Wipes and Scale of Impact

2. AI Face Models & Deepfake Scam Factories

3. Massive Cybercrime Surge Linked to Iran Conflict

4. Wing FTP Server Vulnerability—Critical Patch Required

5. Luxembourg Overturns Amazon GDPR Fine

6. LiveChat Platform Abused for Sophisticated Phishing

7. DDoS Attack Makes Parking Free in Russian City

8. UK Companies House Data Exposure through Web App Flaw

Notable Quotes & Moments

Tidbits Tuesday & Community Vibe

Jawjacking (Live Q&A with Eric Taylor)

Highlights:

Timestamps for Important Segments

Final Takeaways

Summary

Daily Cyber Threat Brief: Ep 1090 (Mar 17’s Top Cyber News NOW!)

Episode Overview

Key Discussions & Insights

1. Stryker Medical Cyberattack: Intune Wipes and Scale of Impact

2. AI Face Models & Deepfake Scam Factories

3. Massive Cybercrime Surge Linked to Iran Conflict

4. Wing FTP Server Vulnerability—Critical Patch Required

5. Luxembourg Overturns Amazon GDPR Fine

6. LiveChat Platform Abused for Sophisticated Phishing

7. DDoS Attack Makes Parking Free in Russian City

8. UK Companies House Data Exposure through Web App Flaw

Notable Quotes & Moments

Tidbits Tuesday & Community Vibe

Jawjacking (Live Q&A with Eric Taylor)

Highlights:

Timestamps for Important Segments

Final Takeaways