Happy New Year! This is our first episode of 2025, and I want to start by wishing all my listeners a happy, healthy, and successful year ahead.

In this week’s episode - Week 2 of 2025 - we’ll dive into the most critical updates in the world of cybersecurity and geopolitics. Here’s a sneak peek at what’s coming up:

• Volt and Salt Typhoon: Chinese state-sponsored hackers targeting critical U.S. infrastructure.
• Gravy Analytics Breach: Hackers threaten to expose sensitive location data and personal movements.
• AI Spear Phishing Study: A chilling revelation—AI now matches human experts in creating deceptive phishing campaigns.
• UK Ministry of Defence: Stronger cybersecurity demands for its supply chain in response to escalating threats.
• Geopolitical Cyber Warfare: A cyber clash between the Philippines and China over territorial disputes.

From state-sponsored hackers embedding themselves in U.S. networks to the alarming rise of AI-driven cyber threats, this episode has it all. Let’s dive in, starting with the evolving cyber warfare landscape involving Volt and Salt Typhoon.

Welcome to Risk and Resilience and you're tuned into the weekly update where I bring you the latest and most crucial developments in cybersecurity and technology.   

This week I will be covering   

• Interbank Data Breach: Extortion Attempt and Customer Data Leak 

• CrowdStrike Outage: Impact, Response, and Lessons for Operational Resilience 

• Delta Air Lines Seeks Damages from CrowdStrike and Microsoft After Costly Outage 

• Ledger Fined €750,000 by French Data Protection Authority for Data Breaches 

• Russian "Doppelganger" Campaign Exploits Domain Registrars to Spread Disinformation 

• RedLine and Meta: Disruption of Two Major Infostealer Operations 

• Senator Warner Calls for Action from Domain Registrars to Combat Foreign Influence Campaign 

If you liked this week's update, then do share this with your friends and colleagues. 

Welcome to Risk and Resilience and you're tuned into the weekly update where I bring you the latest and most crucial developments in cybersecurity and technology.  

This week I will be covering  

• Internet Archive Suffers Major Security Breach, Affecting 31 Million Accounts
• Google Launches Global Signal Exchange to Combat Online Scams and Fraud
• Critical Security Flaws Discovered in Fortinet Products, CISA Issues Warning
• Palo Alto Networks Discloses Multiple Vulnerabilities in Expedition Software
• Cisco Patches Critical Command Execution Flaw in Nexus Dashboard Fabric Controller
• Microsoft's October Patch Tuesday Addresses 118 Vulnerabilities, Including Five Zero-Days
• UK Financial Sector Conducts SIMEX 24 Simulation Exercise to Test Resilience
• MoneyGram Confirms Cyberattack, Customer Data Compromised
• MITRE Launches AI Incident Sharing Initiative to Enhance AI System Security
• UK Government Announces Upcoming Cyber Security and Resilience Bill to Strengthen National Defenses

If you liked this week's update then do share this with your friends and colleagues.

Welcome to Risk and Resilience and you're tuned into the weekly update where I bring you the latest and most crucial developments in cybersecurity and technology.   This week I will be covering  

• China-linked threat actors compromised some U.S. internet service providers  

• Kaspersky deleted its anti-malware software from customers' computers across the United States 

• Google says several major US companies have unknowingly hired North Korean IT workers. 

• US to ban connected vehicle tech from China, Russia due to national security risks. 

• DOJ, FBI need better metrics for tracking ransomware disruption efforts, audit finds 

• NIST Scraps Passwords Complexity and Mandatory Changes in New Guidelines 

• In a recent survey, it found that ore than a third  of employees share sensitive work information with AI tools without their employer’s permission. 

If you liked this weeks update then do share this with your friends and colleagues.

Risk and Resilience Week 38 Podcast: This week I cover the following in my podcast.

• Meta's AI training: Using public Facebook/Instagram posts since 2007
• Microsoft's Patch Tuesday: 79 updates, 4 zero-day fixes
• Fortinet breach: 440GB data leaked, affecting 0.3% of customers
• TfL cyber attack: Passenger data compromised, 17-year-old arrested
• UK data centers now critical infrastructure: Boosting protection and investment
• Apple drops NSO Group lawsuit: Protecting threat intelligence
• Indonesian crypto exchange Indodax: $22 million theft
• California regulates deepfakes in election ads: Combating misinformation

Key Headlines:

1. Russian Military Cyber Actors Targeting Critical Infrastructure – FBI, CISA, NSA, and international partners release a critical advisory on Russian cyber threats to US and global infrastructure.
2. Massive IT Crime Damages – IT crimes cause a staggering 91 billion rubles in damage over just seven months.
3. Election Security Concerns – Intelligence officials warn of increasing foreign influence efforts leading up to Election Day.
4. WordPress Sites at Risk – A vulnerability in the LiteSpeed Cache Plugin puts millions of WordPress sites in jeopardy.
5. Singapore's Stance on Deepfakes – Proposed ban on deepfakes during elections as part of efforts to maintain electoral integrity.
6. CISA's New Cyber Reporting Portal – A new platform to streamline and improve cyber incident reporting.
7. NATO's Focus on Undersea Infrastructure – Reinforcing resilience and security for critical undersea infrastructure.

In this week's episode, we dive into the latest cybersecurity landscape, focusing on a newly released advisory about Russian military cyber actors targeting global critical infrastructure. We unpack the financial damage caused by IT crimes reaching into the billions and discuss the escalating foreign influence threats as we approach Election Day. Additionally, we explore a newly discovered vulnerability affecting millions of WordPress sites and Singapore's proactive stance on banning deepfakes during elections. To wrap up, we examine CISA's launch of a new cyber reporting portal and NATO's strategies to protect vital undersea infrastructure. Tune in for an in-depth breakdown of these critical updates!