President Trump rolls back AI regulations and throws TikTok a lifeline. Attackers pose as Ukraine’s CERT-UA tech support. A critical vulnerability is found in the Brave browser. Sophos observes hacking groups abusing Microsoft 365 services and exploiting default Microsoft Teams settings. Researchers uncover critical flaws in tunneling protocols. A breach exposes personal information of thousands of students and educators. Oracle patches 320 security vulnerabilities. Kaspersky reveals over a dozen vulnerabilities in a Mercedes-Benz infotainment system. Tim Starks from CyberScoop discusses executive orders on cybersecurity and the future of CISA. We preview coming episodes of Threat Vector.  Honesty isn’t always the best policy. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

On our Threat Vector podcast preview today: 

IoT devices are everywhere, with billions deployed globally in industries like healthcare, manufacturing, and critical infrastructure. But this explosion of connectivity brings unprecedented security challenges. Host David Moulton speaks with Dr. May Wang, CTO of IoT Security at Palo Alto Networks, about how AI is transforming IoT security. Stay tuned for the full conversation this Thursday. 

CyberWire Guest

Our guest is Tim Starks from CyberScoop discussing executive orders on cybersecurity and the future of CISA. You can read Tim’s article on the recent Biden EO here.  

Selected Reading

Trump revokes Biden executive order on addressing AI risks (Reuters)

TikTok is back up in the US after Trump says he will extend deadline (Bleeping Computer)

Hackers impersonate Ukraine’s CERT to trick people into allowing computer access (The Record) 

Brave Browser Vulnerability Let Malicious Website Mimic as Legitimate One (Cyber Security News) 

Ransomware Groups Abuse Microsoft Services for Initial Access (SecurityWeek)

Tunneling Flaws Put VPNs, CDNs and Routers at Risk Globally (Hackread)

Students, Educators Impacted by PowerSchool Data Breach (SecurityWeek)

Oracle To Address 320 Vulnerabilities in January Patch Update (Infosecurity Magazine)

Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities (SecurityWeek)

Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes (SecurityWeek)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices