CISO Talk by James Azar
CyberHub Podcast
Iran & Turkey on a Collision Course, Salt Typhoon Fallout Continues, Securing Water Systems, CISA KEV Update
0:00
Current time: 0:00 / Total time: -20:28
-20:28

Iran & Turkey on a Collision Course, Salt Typhoon Fallout Continues, Securing Water Systems, CISA KEV Update

Exploring 2025 Cybersecurity Trends: Global Cyber Warfare, Key Vulnerabilities, and Actionable Insights for Resilience in the New Year.
James Azar
Jan 02, 2025
Share
Transcript

Good morning, Security Gang!

Welcome to the CyberHub Podcast. As we dive into 2025, the pace of cybersecurity threats remains relentless, though reporting has seen a lull over the holidays.

This reflective episode explores the state of global cyber warfare, vulnerabilities in critical software, geopolitical tensions, and actionable steps for organizations to enhance their security.

Grab your coffee—cheers to a new year of resilience and readiness!

Key Stories Covered

The Geopolitics of Cybersecurity in 2025

This year could mark a turning point in how cybersecurity is treated as a global and national priority. With Iran and China facing economic pressures, cyber warfare is expected to escalate, targeting not only governments but also civilian infrastructure.

  • Geopolitical Focus: Iran’s alliances with Russia and China, coupled with its internal instability and reliance on proxies like Hezbollah and Hamas, signal a rise in cyber operations.

  • Actionable Insight: Expect tightened sanctions, escalated conflicts, and an increasing role for offensive cybersecurity measures by the U.S. and allied nations.

The Fallout of Salt Typhoon

CISA continues to urge users to secure mobile communications following the Salt Typhoon breach, linked to Chinese telecom vulnerabilities. The breach exposed critical flaws in SMS security and traditional authentication methods.

  • Recommendations: Transition to end-to-end encrypted messaging apps like Signal and adopt hardware-based FIDO keys for enhanced security.

Vulnerabilities in Key Software and Hardware

  • Palo Alto’s PAN-OS: A critical vulnerability (CVE-2024-3393) requires immediate patching.

  • Dynamics 365 and Power Apps: Addressed vulnerabilities from May could expose data if left unpatched.

  • NPM Registry Exploits: A malicious package targeting Ethereum developers highlights the risks of supply chain attacks in open-source platforms.

  • Takeaway: Regular patch management and vigilance in software sourcing are crucial.

Thanks for reading CISO Talk by James Azar! This post is public so feel free to share it.

Share

U.S. Cyberforce and Cybersecurity Doctrine

Discussions intensify around creating a standalone U.S. Cyberforce as the seventh military branch, separating it from existing structures. A shift from a defensive to an offensive doctrine is deemed critical to counter evolving threats.

  • Policy Context: The incoming Trump administration is expected to prioritize these reforms to strengthen national resilience.

Local Cyber Resilience Efforts

Pennsylvania’s proposed Water Authority Cybersecurity Protection Act aims to bolster defenses for local water utilities. While a positive step, experts argue the focus should shift to cyber resiliency rather than emergency response plans.

  • Broader Implications: Similar frameworks may emerge for other critical infrastructure sectors.

H-1B Visa Debate and Cybersecurity Talent

The H-1B visa program’s future remains contentious, with critics arguing it prioritizes cheap labor over skilled American workers. In cybersecurity, this debate highlights the need to balance talent acquisition with supporting domestic job growth.

Action List for Security Teams

  1. Secure Communications: Transition to Signal or similar encrypted apps and adopt hardware-based authentication methods.

  2. Patch Management: Prioritize updates for Palo Alto PAN-OS, Dynamics 365, and any software used within your supply chain.

  3. Monitor Geopolitical Risks: Stay informed on developments in Iran, China, and other regions influencing global cybersecurity trends.

  4. Evaluate Supply Chain Security: Scrutinize open-source dependencies and implement robust checks for software integrity.

  5. Support Local Infrastructure Security: Advocate for funding and frameworks to enhance cyber resilience in critical sectors like water utilities.

  6. Promote Domestic Talent: Invest in training and hiring local cybersecurity professionals to reduce reliance on foreign labor.

Closing Thoughts
As we embark on 2025, the stakes in cybersecurity have never been higher. From cyber warfare to local infrastructure vulnerabilities, the challenges are daunting but surmountable. Let’s tackle them together with vigilance, collaboration, and innovation.

Thank you for tuning in! Have a great weekend, and most importantly, stay cyber safe. See you Monday, 9 a.m. Eastern.

✅ Story Links:

https://thehackernews.com/2025/01/severe-security-flaws-patched-in.html

https://thecyberexpress.com/pan-os-versions-vulnerability-added-to-cisas/

https://thehackernews.com/2025/01/malicious-obfuscated-npm-package.html

https://www.cybersecuritydive.com/news/pennsylvania-rep-bill-cyber-water/735773/

https://www.wsj.com/economy/jobs/the-visas-dividing-maga-world-help-power-the-u-s-tech-industry-93b77afe?mod=hp_lista_pos3

https://cyberscoop.com/us-telecom-infrastructure-chinese-cyberattack-salt-typhoon-security-strategy/

https://www.cybersecuritydive.com/news/cisa-mobile-security-advice/736048/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

✅ Important Links to Follow:

👉Website:

CISO Talk by James Azar
The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

✅ For Business Inquiries: info@cyberhubpodcast.com

=============================

About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.

Leave a comment

Discussion about this podcast

CISO Talk by James Azar
CyberHub Podcast
Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines and how these stories help keep practitioners sharp and ready.
Listen on
Substack App
RSS Feed
Appears in episode
James Azar
Recent Episodes
US Army Solider Arrested for Snowflake Extortion, Rhode Island Data Leaked, UN Cybercrime Treaty Next Steps, Iran & Russia Sanctions
  James Azar
Chinese Attackers Hack US Treasury Workstations, Cyberhaven supply Chain Campaign, Water Cyber Attacks
  James Azar
Ninth Salt Typhoon Victim Identified, HIPPA Security Rule Update, Cyberhaven Hack, Zagg Credit card Skimming Breach
  James Azar
Japan Airlines Hit by Cyberattack, Cl0p to Name Cleo Victims, General Dynamics Employee Phishing Attack
  James Azar
Mike Walz Wants to go on the offense with China, Rip & Replace Approved with NDAA, Clop Threatens 66 Cleo Attack Victims
  James Azar
NSO Group Found Liable in Whatsapp Case, Sophos Firewall Flaw, Chinese Blame US for Cyber Attack, ICS Patching News
  James Azar
CISA Encourages Encrypted Apps for Messaging, TP-Link Router Ban, Hubspot Phishing Targets Azure Accounts, Salt Typhoon
  James Azar