Welcome to our first Monday show of the year on the CyberHub Podcast! Thank you for tuning in this morning. We've got a packed lineup of stories for you, ranging from tragic community losses to geopolitical cyber threats, ransomware attacks, and updates on regulations.

Grab your coffee, and let's dive in!

Tribute to Amit Yoran: A Cybersecurity Pioneer Lost Too Soon

We begin today with tragic news. Amit Yoran, a trailblazer in the cybersecurity community and CEO of Tenable, passed away unexpectedly after a battle with cancer. His contributions to the cybersecurity industry are immeasurable. I had the honor of meeting Amit six years ago, and his warmth and openness left a lasting impression on me and many others.

Amit's career spanned founding Riptech, pioneering sensor-based digital defense, leading RSA Security as president, and shaping U.S. cybersecurity policies as the first director of the National Cyber Security Division at the Department of Homeland Security. His advocacy extended beyond technology, emphasizing national security and preparedness. Our community has lost an incredible mind and spirit. May his memory be a blessing.

Chinese Cyber Attacks on U.S. Critical Infrastructure

The big headline over the weekend focused on China's ongoing cyber operations targeting U.S. critical infrastructure. The Wall Street Journal and Bloomberg highlighted these attacks, including breaches of the power grid, ports, and telecom networks.

These cyber activities pose a significant threat to national security, as they target the very systems that underpin the U.S. economy and defense operations. The new Trump administration faces the critical task of reassessing the national cybersecurity doctrine, shifting from a defensive to an offensive stance to counteract the growing Chinese cyber threat.

This includes enhancing collaboration between private sector companies and government agencies, investing in advanced threat detection technologies, and implementing stricter regulations on foreign technology firms operating in the U.S. Additionally, the administration will need to address the vulnerabilities exposed by these attacks through a comprehensive cyber strategy that prioritizes resilience and deterrence to safeguard critical infrastructure from future assaults.

Port of Houston Attack Breakdown:

One notable incident occurred at the Port of Houston in August 2021:

• 9:39 AM: An attacker impersonated an engineer from a port software vendor and uploaded a malicious file.

• 10:15 AM: A cybersecurity vendor flagged the activity, but the port's security team dismissed it as a false alarm.

• 11:18 AM: Attackers accessed sensitive employee credentials.

• 12:00 PM: The compromised server was finally taken offline, ending the attack.

This breach demonstrates the importance of quick responses to cybersecurity threats and highlights how burnout can impact real-time threat detection.

Guam Under Siege:

Guam's critical infrastructure, particularly its telecom networks and power utilities, has been a target of Chinese cyber operations. Given Guam's strategic importance for U.S. military deployments in the Pacific, these attacks are a significant concern.

The U.S. Department of Treasury has sanctioned Beijing-based Integrity Technology Group for supporting these cyberattacks. The irony of names like "Integrity" in Chinese cover companies underscores the CCP's psychological warfare tactics.

French IT Giant Atos Targeted by Space Bears Ransomware

French IT company Atos is facing ransomware allegations from the Space Bears group. Although the company claims no evidence of a breach, ransomware gangs are notorious for exaggerating their claims.

Atos had previously been a victim of the Clop ransomware group via the GoAnywhere MFT zero-day exploit. The company's struggle with cybersecurity issues could put it at risk of further attacks.

BeyondTrust Remote Support Breach

BeyondTrust reported a remote support breach affecting a limited number of customers, stemming from a zero-day vulnerability in their Remote Support product.

This zero-day flaw, identified in late 2024, allowed attackers to exploit the API used for remote connections, potentially gaining unauthorized access to sensitive systems. The flaw was particularly dangerous as it could be leveraged by attackers to bypass authentication mechanisms and control systems remotely.

Despite BeyondTrust issuing a patch to address the vulnerability, 8,600 instances remain vulnerable, underscoring the urgency for organizations to apply the update and mitigate the risk of exploitation.

Tenable Nessus Agent Update Issue

Tenable customers faced issues with the Nessus vulnerability scanner due to a buggy update. The company released a fix (version 10.8.2), but manual updates are required to resolve the issue. Ensure your organization prioritizes this update to avoid disruptions.

Crypto Wallet Drainer Attacks Surge

Scammers stole $494 million in cryptocurrency last year through wallet drainer attacks. These phishing tools target digital wallets, with the largest single heist amounting to $55.4 million.

Organizations handling crypto assets must strengthen their security measures to protect against wallet drainers, especially as crypto adoption grows.

Apple Settles Siri Privacy Lawsuit

Apple agreed to a $95 million settlement over claims that Siri recorded private conversations without consent and shared them with third-party marketers. The lawsuit highlights ongoing privacy concerns with smart assistants. Class members can receive up to $20 each, while attorneys take a substantial portion of the settlement.

HIPAA Regulations Get Tougher

The healthcare sector should brace for stricter HIPAA regulations in 2025, which aim to address evolving cybersecurity threats and better protect patient data.

The new rules will mandate multi-factor authentication (MFA) for accessing sensitive health information, enforce stricter data encryption protocols to secure data both in transit and at rest, and require comprehensive incident reporting to enhance transparency during breaches. Additionally, healthcare organizations will need to conduct more frequent risk assessments and ensure robust compliance audits to identify vulnerabilities proactively.

These measures come in response to an increase in cyberattacks targeting healthcare systems, making it crucial for organizations to prioritize these updates to safeguard patient privacy and maintain regulatory compliance.

India’s Data Protection Act Draft Released

India has opened public consultations for its Digital Personal Data Protection Act. Key takeaways include:

• Data fiduciary obligations

• Consent withdrawal and rights management

• Data breach notifications

• Cross-border data transfers

Feedback is due by February, so organizations with interests in India should review the draft and submit their input.

Action List for Today:

1. Review and Patch – Ensure your systems are patched, especially BeyondTrust remote support and Tenable Nessus agents.

2. Evaluate Third-Party Risks – Reassess business relationships with Chinese companies in light of ongoing cybersecurity threats.

3. Strengthen Crypto Security – Implement measures to protect against wallet drainer attacks.

4. Prepare for HIPAA Changes – Healthcare organizations should start preparing for stricter compliance rules.

5. Stay Informed – Keep an eye on India’s evolving data protection laws and their impact on global operations.

6. Thank you for joining us this morning.

Make sure to subscribe, follow, and share the CyberHub Podcast.

Stay cyber safe, and we’ll see you live every Monday through Thursday at 9 a.m. Eastern!

Share

✅ Story Links:

https://cyberscoop.com/amit-yoran-tenable-dies/

https://www.wsj.com/tech/cybersecurity/typhoon-china-hackers-military-weapons-97d4ef95?mod=cybersecurity_news_article_pos1

https://www.bloomberg.com/news/features/2025-01-03/chinese-cyber-hackers-terrify-us-intelligence-after-infiltrating-guam?srnd=phx-businessweek&leadSource=uverify%20wall

https://www.securityweek.com/us-sanctions-chinese-firm-linked-to-flax-typhoon-attacks-on-critical-infrastructure/

https://www.securityweek.com/it-giant-atos-responds-to-ransomware-groups-data-theft-claims/

https://www.cybersecuritydive.com/news/Censys-warns-8600-exposed-beyondtrust/736416/

https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/

https://www.bleepingcomputer.com/news/security/cryptocurrency-wallet-drainers-stole-494-million-in-2024/

https://www.bleepingcomputer.com/news/security/apple-offers-95-million-in-siri-privacy-violation-settlement/

https://www.darkreading.com/vulnerabilities-threats/hipaa-security-rules-pull-no-punches

https://thecyberexpress.com/india-releases-draft-data-protection-rules/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.