Published on: January 15, 2025
Podcast (cloudcast): Play in new window | Embed
From the Skyhigh Studios at Skyhigh Security, I’m Scott Schlee, it’s Wednesday, January 15, 2025, and these are your cybersecurity headlines.
Before diving into this week’s headlines, we want to take a moment to acknowledge the devastating wildfires currently impacting California. Our thoughts are with everyone affected, including those who have lost homes, loved ones, or are facing displacement. As always, we encourage listeners to support relief efforts if they’re able. Please visit Charity Navigator for a list of trusted organizations offering support.
Thank you again for listening to Skyhigh Cloudcast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit skyhighsecurity.com.
Sources:
US Treasury Department Breach: US News
China Protests US Sanctions Over Cyber Activities: US News
Bayview Asset Management’s $20 Million Settlement: WSJ
Apple’s $95 Million Siri Privacy Settlement: Vox
AI-Driven Phishing Scams Targeting Email Users: New York Post
Myanmar’s Cybersecurity Law Enforces Internet Censorship: AP News
US Cybersecurity Experts Predict Increased Cyber Attacks Post-Election: The Australian
Quantum Computing’s Impact on Cybersecurity: The Times
Former Officials Recommend Cybersecurity Policies for Next Administration: POLITICO
Project 2025’s Potential Impact on US Election Security: WIRED
———–
CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding.
From the Skyhigh Studios at Skyhigh Security, I’m Scott Schlee, and these are your cybersecurity headlines for the week of January 6th, 2025.
The U.S. Treasury Department reported a significant cyber incident attributed to Chinese state-backed hackers. Attackers remotely accessed employee workstations and unclassified documents, raising concerns about the security of federal systems. The Cybersecurity and Infrastructure Security Agency (CISA) stated there is no indication that other federal agencies were affected.
The U.S. Treasury Department imposed sanctions on Beijing-based Integrity Technology Group for its alleged involvement in hacking incidents targeting U.S. critical infrastructure. China condemned the sanctions, denying the allegations and accusing the U.S. of defamation. This development underscores escalating cyber tensions between the two nations.
Bayview Asset Management agreed to a $20 million settlement following a 2021 data breach that exposed personal information of 5.8 million customers. The firm faced criticism for inadequate cybersecurity measures and lack of cooperation with regulatory investigations. As part of the settlement, Bayview will enhance its cybersecurity protocols and undergo independent assessments.
Apple proposed a $95 million settlement in a class-action lawsuit alleging unlawful surveillance through Siri. The lawsuit followed revelations that Siri had inadvertently recorded private conversations. Affected users between 2014 and 2024 may be eligible for compensation, highlighting ongoing concerns about digital privacy and device eavesdropping.
Cybersecurity experts warned Gmail, Outlook, and Apple Mail users about sophisticated phishing scams utilizing artificial intelligence. These AI-generated emails are highly personalized, making them difficult to distinguish from legitimate correspondence. Users are advised to verify email senders, avoid clicking on suspicious links, and implement two-factor authentication to enhance security.
Myanmar’s military government enacted a new cybersecurity law extending its control over internet usage and information flow. The law targets communication methods like virtual private networks (VPNs) and imposes sanctions on digital platforms that fail to prevent the spread of “disinformation.” Non-compliance can result in fines, suspensions, and imprisonment, raising concerns about freedom of expression and digital rights.
Following Donald Trump’s presidential victory, cybersecurity experts anticipate a surge in cyber attacks from nations like China, Russia, North Korea, and Iran. The use of AI in cyber crimes is expected to escalate, making phishing emails and deepfake campaigns more convincing. Organizations are urged to adopt comprehensive cybersecurity measures to defend against these evolving threats.
A bipartisan group of former federal officials proposed around 40 recommendations for cybersecurity policies for the upcoming administration. The plan emphasizes integrating cyber regulations, addressing workforce gaps, enhancing public-private collaboration, and developing a continuity of the economy plan to prepare for major cyberattacks. The report also highlights the need to standardize cybersecurity for critical infrastructure and address outdated regulations.
Project 2025, developed by the Heritage Foundation, proposes significant reductions and changes to the Cybersecurity and Infrastructure Security Agency (CISA), a move that could jeopardize U.S. election security. The project criticizes CISA, particularly its efforts to combat misinformation, and suggests transferring some of its responsibilities to the military and intelligence community. Experts warn that the proposals could weaken CISA, undermine its critical functions, and create gaps in cybersecurity, leaving the nation vulnerable to misinformation and cyber threats.
The U.S. has initiated efforts for businesses to enhance their cybersecurity systems against potential quantum computer threats. The National Institute of Standards and Technology has approved three algorithms for post-quantum cryptography after eight years of research. Major tech firms like Google and Apple have already started incorporating the new algorithms into their products. While current quantum computers cannot break existing encryption, they might in the future, making immediate action critical.
Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.