Here’s a digestible weekend summary of CyberHub Podcast's latest cybersecurity coverage from December 30 to January 2 to catch up on critical news:

🚨 China’s Salt Typhoon Campaign Expands

China’s Salt Typhoon cyberattack campaign has compromised a ninth telecom provider. While AT&T and Verizon confirmed their involvement, they reassured customers that their networks are now secure.

📌 Key Point: The FCC plans to introduce new cybersecurity regulations, but critics argue they’ve failed to enforce existing rules. Growing concerns call for stronger defensive and offensive cyber measures.

Action: Review telecom security protocols and ensure supply chain monitoring.

🏥 Healthcare Cybersecurity Shake-Up

Healthcare breaches are escalating, with HHS proposing encryption mandates to secure patient data. Recent breaches at Ascension and United Health exposed vulnerabilities in healthcare systems.

📌 Key Point: Weak healthcare security increases fraud and costs for patients.

Action: Adopt industry frameworks like HITRUST and strengthen data encryption practices.

🔐 U.S. Treasury Cybersecurity Incident

A breach at the U.S. Treasury attributed to Chinese attackers highlights the danger of compromised API keys in cloud services.

📌 Key Insight: Non-human identity management is critical to prevent future breaches.

Action: Implement API key rotation and secure cloud services.

🎄 CyberHaven Christmas Breach

Cybersecurity firm CyberHaven suffered a breach over the holidays due to a compromised admin account, distributing malicious Chrome extensions. Jamie Blasco, Founder & CTO at Nudge Security will join the show this week to break this down.

📌 Key Insight: Even security tools can be weaponized by attackers.

Action: Regularly audit admin controls and browser extensions.

💳 E-Commerce Skimming Attack

Mobile accessory retailer Zag fell victim to a skimming attack, compromising customer credit card data through a third-party provider.

📌 Key Insight: Supply chain attacks continue to be a significant threat to online retailers.

Action: Secure third-party apps and monitor for malicious code injections.

⚠️ Critical Vulnerabilities Patched

• Palo Alto Networks: Fixed a denial-of-service vulnerability (CVE-2024-3393).

• Fort Faith Routers: Patched a command injection flaw used for reverse shell attacks.

Action: Apply the latest patches immediately to critical systems.

Leave a comment

🌊 Suspected Russian Sabotage in the Baltic Sea

Finland detained a Russian ship suspected of cutting submarine cables, a move viewed as part of Russia’s economic warfare against NATO nations.

📌 Key Insight: Infrastructure sabotage increases communication latency and security risks.

Action: Monitor geopolitical developments and secure critical infrastructure.

💼 Flagstar Bank Fined

Flagstar Bank was fined $3.5 million by the SEC for misleading breach disclosures after a 2021 cyberattack affecting 1.5 million customers.

📌 Key Insight: Transparent breach communication is vital for trust and compliance.

Action: Develop clear incident response and communication protocols.

🌐 Geopolitics of Cybersecurity in 2025

Expect cyber warfare to escalate this year as Iran, China, and Russia increase attacks on government and civilian targets.

📌 Key Insight: Offensive cybersecurity measures are becoming a priority for U.S. defense.

Action: Strengthen proactive threat detection and prepare contingency plans.

🚀 Closing Thoughts from James Azar

The start of 2025 underscores the growing need for vigilance, collaboration, and innovation in cybersecurity. Key priorities for security professionals this year include identity management, transparency in breach responses, and enhancing cyber resilience in critical sectors.

📌 Action List for Security Teams:

1. Secure non-human identities (API keys).

2. Patch critical vulnerabilities regularly.

3. Transition to secure communication apps like Signal.

4. Advocate for cyber resilience in local infrastructure.

5. Support domestic cybersecurity talent.

For more updates, stay tuned to CyberHub Podcast, show is live daily at 9am est on YouTube, LinkedIN, Facebook and X aka Twitter and ensure you’re ready to tackle 2025’s cybersecurity challenges!