Daily Cyber Threat Brief (Ep. 1093) – Mar 20’s Top Cyber News NOW!
Date: March 23, 2026
Host: Dr. Gerald Auger (“Jerry”), Simply Cyber Media Group
Panelists (Jawjacking segment): Dan Reardon (The Haircut Fish), Robert (“Bowtie Security Guy”), Ben (“DJ BSec”)
Episode Overview
Dr. Gerald Auger brings his signature high-energy style to this Friday episode, delivering the freshest cybersecurity news, analysis, and advice. The episode features the top headlines that matter most to cybersecurity professionals and GRC leaders—with practical takeaways, community questions, and a healthy dose of humor. This episode also includes a lively “Jawjacking” open Q&A panel, offering career advice and technical tips.
Key News Stories, Analysis & Insights
1. Critical Microsoft SharePoint Flaw Now Exploited in Attacks
[11:18]
-
Summary:
A SharePoint vulnerability (patched in Jan 2026) is being actively exploited, allowing remote code execution on unsupported versions (2016, 2019, subscription edition). Legacy versions (2007/2010/2013) remain exposed as they are out of support. -
Analysis (Jerry):
- Urgently patch supported SharePoint servers.
- For legacy, unsupported servers: "Welcome to what you’re doing this weekend: upgrade." — [13:01]
- Cloud migration is worth considering; many SharePoint instances are abandoned and unnecessarily expand the attack surface.
- Technical debt: Upgrades may require hopping through multiple intermediate versions—timely and complex, don’t expect a lunch-hour fix.
- Quote:
“You can't just download Microsoft 2019 and hit upgrade. A lot of times you have to do steps... This is what’s called technical debt, and guess what, eventually you got to pay the bill.” — [16:31]
2. First Protect Unveils "Self-Defending" Endpoint Security Platform
[17:11]
-
Summary:
New startup emerges from stealth with $20M funding; claims runtime behavioral analysis for cyberattack prevention, works in disconnected environments. -
Analysis:
- News feels “almost like an ad,” but notable given the crowded endpoint security market—dominated by CrowdStrike, Microsoft, SentinelOne.
- Market penetration will be tough for newcomers unless their “self-defending” approach significantly outperforms incumbents.
- Industry Lesson: “Endpoint Security is a wicked hard market—must be truly disruptive to compete.”
-
Career Angle: For entrepreneurial listeners, choose your niche wisely.
3. CISA Urges Microsoft Intune Hardening After Stryker Wipe Event
[22:46]
-
Summary:
Stryker Medical breached by Iranian-linked actor (Handela); attackers created a new global admin in Azure, then used Intune’s remote wipe feature to erase 80,000 devices and steal 50TB data. -
Analysis:
- MDM Risks: Centralized device control helps (HIPAA, lost device management), but also becomes a powerful single point of compromise.
- Defense Recommendations:
- Review Microsoft’s guidance for Intune hardening ([link in chat, per episode])
- Implement least privilege (tedious, requires robust processes).
- Enforce phishing-resistant MFA, multi-admin approval for destructive actions.
- Monitor for creation of new global admin accounts—“Alarm bells should be going off.”
- Limit privileged accounts: “Stop giving everyone a global admin account, especially ‘Kevin’ who’s been here 22 years!”
- Quote:
“You don’t need to use a global tenant account to do your day-to-day job, knucklehead.” — [28:47]
-
Business Context: Companies associated with Israeli interests may have an increased threat risk in the current landscape.
4. SALT Security Drops ‘Agentic Security Platform’ for AI Stack
[33:43]
-
Summary:
SALT’s new product aims to secure AI agents and their ability to act via APIs and MCP servers—not just monitoring prompt attacks. -
Analysis:
- Emerging Threat: As AI agents take on more autonomous actions, non-human identity and API security become a critical risk area.
- Wild West: “There’s all sorts [of risks]. This is Wild West. We’re putting guard rails in, but as quickly as we do, people get around them.”
- Industry Forecast: Agentic security solutions are wide open—expect massive vendor activity.
5. Maximum Severity Ubiquiti UniFi Network Flaw: Account Takeover RISK
[42:58]
-
Summary:
Critical zero-day patched in UniFi network app (v10.1.1 and earlier). Allows attacker (no privilege, no user interaction) to take over accounts/network via path traversal. -
Analysis:
- Ubiquiti is widely used among prosumers and smaller MSPs.
- High-impact: “If a threat actor gets into your environment… and can go downstream and get all of your clients, you’re going to have a crappy day. If you’re a smaller MSP, you could lose your clients.”
- Takeaway: Patch immediately and verify deployment.
6. Russian Hackers Use Zimbra Webmail Flaw Against Ukrainian Maritime Agency
[46:02]
-
Summary:
Likely APT28 (Fancy Bear) conducted a targeted XSS attack via Zimbra webmail on Ukraine’s State Hydrographic Service; exploit was embedded directly in the email body, no attachments. -
Analysis:
- Targeted/nation-state attack; risk to average Zimbra users is lower unless you’re also a national adversary.
- Broader point: Browser-based attacks (XSS, injection) remain persistent:
“Don’t just think because it’s the future, these flaws don’t exist. This flaw has been around since forever.” - Reference:
“Sammy Kamkar, 19 years old, hacks MySpace using a cross site scripting vulnerability. 2005. And we have not solved cross-site scripting.” — [52:35]
7. Navia Benefit Solutions: Health Data Breach Impacting 2.7 Million
[53:36]
- Summary:
Third-party healthcare admin hit—SSNs and sensitive data (2.7M individuals) compromised. - Analysis:
- Third-party risk is substantial in U.S. healthcare, due to complexity and multiple handlers.
- Jerry hypes up Maine’s Attorney General as “the best in breach notification” for their proactive disclosure work.
- Practical:
- Healthcare orgs should ensure cyber insurance; be prepared for notification letters if affected.
- “Navia takes your privacy very seriously—here’s your identity theft protection.” — [56:39]
8. Perseus Android Banking Malware—Targets Notes App!
[57:21]
-
Summary:
New “Perseus” family supersedes Cerberus and Phoenix, steals data from Android Notes app (users often store sensitive info there). Active campaigns in Turkey and Italy. -
Analysis:
- Android remains more susceptible due to sideloading/APK risks.
- Advice:
- Only install apps from trusted sources.
- Don’t store sensitive information in insecure apps like Notes.
- Young users and the elderly are especially vulnerable to scams promising “free” content (VPNs, Netflix access, in-game items).
- Ignore prompts to allow “install unknown app”; “Are you sure you want to lick this dirty doorknob and potentially get sick?... It’s the same thing.” — [58:37]
Notable Quotes & Moments
- “This is my vibe: high energy, copyright-strike jams, and spicy takes. My God, I gotta take off a layer.” — [03:01]
- “Show would not be possible in all its shenanigans without the stream sponsors — they’re down with the sickness.” — [05:05]
- “When tech debt comes due, you’re not paying it over lunch with your PF Changs door dashed.” — [15:59]
Timestamps for Important Segments
| Time | Segment | Topic/Key Takeaway | |---------|---------------------------------|-------------------------------------------------------------| | 11:18 | News #1 | Microsoft SharePoint Active Exploit | | 17:11 | News #2 | First Protect Endpoint Security Launch | | 22:46 | News #3 | CISA on Intune Hardening (Stryker Breach) | | 33:43 | News #4 | SALT Security Agentic AI Security Platform | | 38:48 | Mid-roll/Dad Jokes | Dad Joke Segment with James McQuiggin | | 42:58 | News #5 | Ubiquiti UniFi Account Takeover Flaw | | 46:02 | News #6 | Russian (APT28) Zimbra Email Exploit | | 53:36 | News #7 | Navia Healthcare Data Breach | | 57:21 | News #8 | Perseus Android Malware (Notes App) | | 63:22 | Jawjacking Panel | Rapid-fire mentoring: network compromise, raises, IoT, etc. | | 71:52 | Robert Joins Panel | Panelist intros (IR, social engineering expertise) | | 92:45 | Healthcare Awareness Training | Making security stick for clinical end-users | | 96:21 | CMMC Level 2 | Quick-start tips for compliance newbs | | 108:16 | Panelist Plugs/Mentoring | Mentoring advice, networking tips |
Community Q&A (Jawjacking Highlights)
Network Infection Remediation (WolfTamerBrain)
[63:45]
Q: “If my network’s compromised and I’m switching ISP/routers, what do I do before connecting the new router?”
Advice:
- Don’t bother changing ISPs; problem usually with endpoint or router, not provider.
- Factory reset router, use strong passwords, update DNS to reputable providers (Cloudflare, Quad9, Google).
- Deploy honeypots (Thinkst Canary tokens) for detection.
- Isolate IoT, create guest networks, and monitor traffic.
Asking for a Raise
[75:39]
Advice:
- Time requests around performance reviews.
- Present achievements, growth, and metrics.
- Involve your manager as a partner in your career path.
- “If your leader isn’t invested in you, you might need to look elsewhere.” — Robert.
Implementing Mobile Device Policy
[82:09]
- Ensure top-down buy-in, clear communication.
- Decide on “bring your own device” (BYOD) vs. company-owned rollout logistics.
Risks of AI Agents in Home Security
[83:08]
- Isolate/jail agents from internet.
- Ensure strong network segmentation.
- Lowest risk if AI remains local/offline.
Security Awareness for Healthcare Staff
[91:30]
- Deliver micro-learnings during team standups instead of pulling clinicians from care.
- Use signage in high-traffic areas.
- Send concise, single-point emails.
CMMC Level 2 Quickstart
[94:31]
- Go to the CMMC Accreditation Board for guidance.
- Audit your environment against the specified controls.
- Address gaps with detailed action plans.
- Don’t rely on chatbots (GPT) for standards copies—use official sources.
Finding a Mentor
[108:36]
- Networking is key—connect at events, on LinkedIn, community podcasts.
- Be prepared for the realities of the field; the “cyber talent gap” is overhyped.
- “If you’re looking for a mentor, I’m happy to help. But be ready to work and face the real environment.” — Robert
Tone & Community Vibe
- High-energy, irreverent, supportive.
- Mix of real talk, inside jokes, and wisdom from years in the trenches.
- Frequent callbacks to pop culture (Kool-Aid Man, MySpace, The Matrix, “donut diplomacy”).
- Emphasis on inclusivity, networking, and fun.
- Strong peer mentoring spirit—no dumb questions, actionable advice for all levels.
Memorable Moments & Quotes
- On out-of-date SharePoint:
“If you’re running SharePoint 2000 in 2026, welcome to what you’re doing this weekend.” — [13:01] - On least privilege:
“If you give everyone global admin, you’ll get zero help desk calls—but massive risk!” — [26:59] - On legacy XSS bugs:
"This flaw has been around since forever… Sammy Kamkar hacked MySpace with XSS in 2005. That was 21 years ago." — [52:35] - On maximizing security awareness:
"Go to the people, meet them where they are, make it feel special—donut diplomacy works!" — [91:30]
Useful Links & Recommendations
- Microsoft Intune Hardening Guidance: [Link dropped in chat]
- CMMC Accreditation Board: [Official CMMC-AB site]
- Thinkst Canary tokens: [https://canarytokens.org]
- Cloudflare Malware/Adult DNS:
- Malware blocking:
1.1.1.2 - Malware + adult content:
1.1.1.3
(Cloudflare Families)
- Malware blocking:
- BowtieSecurityGuy podcast/mentoring: [bowtiesecurityguy.com]
- DJ BSec’s Third-Party Risk tool: [djbsec.com]
Closing
This episode delivers expert threat landscape insights, elevates industry news beyond headlines, and builds technical/career skills in a welcoming, energized community. From practical guidance on critical vulnerabilities to mentoring advice on negotiating raises, “Daily Cyber Threat Brief” remains a must-listen for any cybersecurity professional passionate about staying ahead and leveling up.