From the Skyhigh Studios at Skyhigh Security, I’m Scott Schlee, it’s Wednesday, December 18th, 2024, and these are your cybersecurity headlines.

Headlines this week:

• 
  
• Microsoft’s AI Tool Privacy Concerns
  
• North Korean IT Worker Indictments
  
• Mysterious Drone Sightings
  
• Sanctions on Chinese Hackers
  
• Apple Users Urged to Update Devices
  
• SEC Cybersecurity Enforcement
  
• UK’s Cybersecurity Concerns
  
• Game Freak Data Breach
  
• Geico and Travelers Fined for Data Breaches
  
• Krispy Kreme Cyberattack
  

Thank you again for listening to Skyhigh Cloudcast. This is our last episode of CloudCast for 2024. We sincerely hope you have a wonderful holiday break. We’ll be back in January and hope you will be too. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit skyhighsecurity.com.

Sources:

• 
  
• Wired – Microsoft’s AI Tool Privacy Concerns and Mysterious Drone Sightings
  
• The Times (UK) – North Korean IT Worker Indictments and UK’s Cybersecurity Concerns
  
• Reuters – Sanctions on Chinese Hackers and SEC Cybersecurity Enforcement
  
• New York Post – Apple Users Urged to Update Devices
  
• The Scottish Sun – Game Freak Data Breach
  
• Wall Street Journal (WSJ) – Geico and Travelers Fined for Data Breaches
  
• MarketWatch – Krispy Kreme Cyberattack
  

———–

CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding.

Transcript

From the Skyhigh Studios at Skyhigh Security, I’m Scott Schlee, it’s Wednesday, December 4th, 2024, and these are your cybersecurity headlines.

Microsoft’s AI Tool Privacy Concerns: Microsoft’s AI tool, Recall, has been found capturing sensitive data, including credit card and Social Security numbers, every five seconds. Despite safeguards, this raises significant privacy and security concerns.

North Korean IT Worker Indictments: Fourteen North Koreans have been indicted for posing as IT workers to fund nuclear programs. They infiltrated American and Western IT companies, using sophisticated fake identities and VPNs to mimic legitimate employees. This highlights the geopolitical cyber risks posed by state-sponsored actors.

Mysterious Drone Sightings: Unexplained drone activity in New Jersey and neighboring states has triggered federal investigations into potential security threats. The drones have caused concern among authorities, leading to increased scrutiny and efforts to identify their origin and purpose.

Sanctions on Chinese Hackers: The U.S. has sanctioned Chinese cybersecurity company Sichuan Silence Information Technology for deploying ransomware that posed significant risks to human life. In April 2020, the company used malicious software on over 80,000 firewalls globally, including critical infrastructure, leading to data theft and network disruptions.

Apple Users Urged to Update Devices: Cybersecurity experts are urging Apple users to update their iPhones to iOS 18 to avoid a data-stealing bug capable of bypassing safeguards. Concerns over Apple’s AI program have led to hesitancy in updating, leaving devices vulnerable to attackers who can access sensitive data without user notification.

SEC Cybersecurity Enforcement: The Securities and Exchange Commission (SEC) announced four settled enforcement orders against issuers for materially misleading disclosures following the 2020 SolarWinds cybersecurity incident. These settlements underscore the SEC’s focus on accurate and timely disclosure of cyber incidents.

UK’s Cybersecurity Concerns: Britain is increasingly vulnerable to cyberattacks and complacent about the threats posed by hackers, warns Richard Horne, CEO of the UK’s National Cyber Security Centre (NCSC). Recent cyberattacks have disrupted services at Liverpool hospitals and impacted the grocery and prison transport sectors. The NCSC emphasizes the urgency of closing the gap between threats and cyber-resilience across critical infrastructure and the economy.

Game Freak Data Breach: Game Freak, the developer behind Pokémon, confirmed a security breach that resulted in the leak of employee details and codenames for upcoming 10th generation Pokémon games. The breach also exposed information about the anticipated Nintendo Switch 2 console. This incident is considered one of the largest in gaming history.

Geico and Travelers Fined for Data Breaches: New York State fined auto insurers Geico and Travelers Indemnity a total of $11.3 million due to cybersecurity lapses that led to data breaches affecting 120,000 individuals during the Covid-19 pandemic. The breaches contributed to a larger hacking campaign that exploited personal information for various frauds, including fraudulent unemployment claims.

Krispy Kreme Cyberattack: Krispy Kreme reported an IT systems breach, causing significant impacts on its business operations and a 2% drop in its stock. The cyberattack disrupted online ordering in parts of the U.S., though physical stores remain open. The company is working with cybersecurity experts to investigate and contain the breach.

Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.

.accordion-flush .accordion-item .accordion-button, .accordion-flush .accordion-item .accordion-button.collapsed {

border-radius: 0;

border-top: solid 1px #ededed;

border-bottom: solid 1px #ededed;

background-color: #f8f9fa;

}

.accordion-button:focus {

box-shadow:none;

}

.accordion-body {

border-bottom: solid 1px #ededed;

border-left: solid 1px #ededed;

border-right: solid 1px #ededed;

}

.font-italic {

font-style: italic;

}