Now Playing
ShinyHunters Hits NAIC, PQC Federal Mandate & US Breach Costs Peak
Audio is available on Spreaker — see link below.
ShinyHunters breach the National Association of Insurance Commissioners via an Oracle PeopleSoft zero-day, while the White House signs the first binding post-quantum cryptography mandate for federal agencies. Plus: record US breach costs, Mexico's cybersecurity plan, and two critical CISA-flagged device exploits.
Audio is available on Spreaker — see link below.
Federal agencies have seventy-two hours to patch two actively exploited device families. CISA confirmed both Lantronix EDS5000 serial-to-IP converters and Ubiquiti UniFi OS devices are under real-world attack, with the federal patch deadline set for June twenty-sixth.
Separately, the insurance sector's primary regulatory body has been breached. ShinyHunters claimed responsibility for stealing three point one terabytes of data from the National Association of Insurance Commissioners via an Oracle PeopleSoft zero-day.
The White House signed an executive order on June twenty-fifth establishing the first binding federal mandate for post-quantum cryptography migration. Federal agencies must complete the transition to NIST-approved PQC algorithms for key establishment by December thirty-first, twenty-thirty, and for digital signatures by December thirty-first, twenty-thirty-one.
Mexico secured Congressional majority approval for its National Cybersecurity Plan covering twenty-twenty-five through twenty-thirty. The Sheinbaum administration's plan includes a national cyber range by twenty-twenty-seven and a regional Latin America incident response hub by twenty-twenty-eight.
One final data point worth holding onto. Global average data breach costs fell nine percent to four point four four million dollars.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.