Cyber Security Headlines Week in Review: Pentagon’s Chinese Engineers, Gemini’s email phish, 20-year-old railroad flaw persists
7 snips
Jul 18, 2025 Cyrus Tibbs, CISO at PennyMac, sheds light on pressing cybersecurity issues. The discussion kicks off with a deep dive into the breach of the National Guard by Salt Typhoon. Tibbs elaborates on the precarious balance of security in the face of foreign outsourcing and the rise of AI-driven phishing. He points out a glaring 20-year flaw in railroad security communications, stressing the urgency for action. The podcast also tackles innovative hacker tactics, like embedding malware in DNS entries, urging for more robust protections from providers.
AI Snips
Chapters
Transcript
Episode notes
Asset Inventory Crucial for Security
- Old vulnerabilities in network devices remain a big threat due to lack of proper asset inventory management.
- Organizations must maintain dynamic inventories and continuously manage vulnerabilities to prevent long undetected breaches.
Risks of Foreign Engineers
- Allowing foreign engineers from adversarial jurisdictions in critical systems increases insider threat risk.
- Organizations should tightly control access and validate work of offshore staff with less legal recourse.
Guardrails for AI Risks
- Treat AI tools like junior employees and implement guardrails to control risks from AI-generated social engineering attacks.
- Focus on access, endpoint, and data controls downstream rather than relying solely on AI detection of phishing attacks.