Cyber Security Headlines: Tech firms race to integrate AI, FAA needs until 2030 to fix system, Biden addresses children’s online safety

ARMO, Microsoft, Google race to integrate AI into their products

ARMO, creator of open-source Kubernetes security platform Kubescape, announced Tuesday that it has integrated ChatGPT’s AI into its platform. ChatGPT will enable users to quickly secure Kubernetes clusters and CI/CD pipelines by building custom controls based on Open Policy Agent (OPA). 

Also on Tuesday, Microsoft announced a new version of Edge and Bing search engine which features a copilot and chat powered by a next-generation OpenAI language model more powerful than ChatGPT. Microsoft said the new AI features will help optimize the user web search experience.

The news comes as Google launches its own Artificial Intelligence (AI) powered chatbot called Bard to rival ChatGPT. Bard will be used by a group of testers before being rolled out to the public in the coming weeks.

(Dark Reading and BBC and Bleeping Computer)

FAA needs until 2030 to fix its safety system 

On Tuesday, House lawmakers held a hearing on aviation safety to raise questions about the January 11 meltdown of the Federal Aviation Administration’s Notice to Air Missions system, or Notam. Notam produces safety bulletins for pilots flying in the US. While the FAA says it has fixed the root cause of last month’s failure, the system still has other issues. According to numerous sources, the system’s antiquated language and unnecessary info make its bulletins hard for pilots to interpret .Even though congress first ordered the FAA to begin updating Notam back in 2012, acting Administrator Billy Nolen informed lawmakers that fixes won’t  be fully implemented until 2030. 


Biden’s State of the Union addresses children’s online safety and privacy… again

In President Joe Biden’s State of the Union address Tuesday, the president called for bipartisan support to ban targeted advertising toward young people, and protect children’s privacy, health and safety. The president also expressed his support for imposing stronger transparency requirements on tech companies that collect user data. These points are nearly identical to Biden’s comments in his 2022 address, where Biden highlighted the mental health impacts of social media on kids and teens.


Russian pleads guilty to laundering Ryuk ransomware proceeds

On Tuesday, Russian citizen, and former crypto-exchange executive, Denis Mihaqlovic Dubnikov pleaded guilty to laundering money for the notorious Ryuk ransomware group. After victims in the US and worldwide paid Bitcoin ransoms to private wallets, Dubnikov, and 13  co-conspirators divided the payments into smaller amounts which they then transferred to other private wallets. In one case in July 2019, an unnamed US company paid a 250 Bitcoin Ryuk ransom after which Dubnikov accepted 35 Bitcoin in exchange for approximately $400,000. Dubnikov could face up to 20 years in federal prison, three years of supervised release, and a fine of up to $500,000.

(Bleeping Computer)

And now a word from our sponsor, US, yes, CISO Series

“I value Cyber Security Headlines early every morning as it provides me advance notice of what I might need to explore first thing at the start of the day.” That’s active listener David Cross, SVP, CISO of Oracle SaaS Cloud. And for sponsors of Cyber Security Headlines what you get are the ears and eyes of avid security leaders. Sponsorship includes the podcast, our blog, and our daily newsletter. In whatever format our listeners want, Cyber Security Headlines reaches cyber leaders who want to quickly consume daily cyber news. To learn more about pricing and audience, email us at

Researcher breaches Toyota’s supplier portal

A security researcher breached Toyota’s web application (GSPIMS) that allows employees and suppliers to remotely manage the firm’s global supply chain. The researcher, who uses the alias EatonWorks, was able to modify the application’s JavaScript to generate a JSON Web Token (JWT) for password-less login. EatonWorks logged into the system using the tokens in conjunction with email addresses of Toyota employees, which he obtained via searches on Google and LinkedIn. From there, the researcher escalated to system admin privileges enabling him to access classified documents, project schedules, supplier rankings, and data for 14,000 users. EatonWorks responsibly disclosed the issue on November 3, 2022. Toyota fixed the issue later that month but did not compensate the researcher for disclosing the bug.

(Bleeping Computer)

Ex-Coinbase manager pleads guilty in first crypto-related insider trading case

On Tuesday, former Coinbase product manager Ishan Wahi, pleaded guilty to two counts of conspiracy to commit wire fraud in what US prosecutors say is the first insider trading case involving cryptocurrency. Prosecutors said Wahi shared confidential information about forthcoming Coinbase products with his brother Nikhil and their friend Sameer Ramani. Both used that information to make trading decisions ahead of Coinbase’s product announcements. Ishan Wahi was sentenced to between 36 and 47 months in prison while his brother received a prison sentence of 10 months. Ramani is still at large.

(Reuters and Slashdot)

Orgs lack security architecture to support multi-cloud strategy 

A new report from Valtix found that 28% of IT leaders strongly believe multi-cloud is a “bad idea,” citing (1) difficulty to consistently secure such environments (38%), lack of tooling (35%) and (3) lack of multi-cloud reference architectures (32%). Responding organizations also cited several ‘unintentional’ factors that have accelerated their multi-cloud journey, including (1) shadow IT (51%), (2) software vendors (ISVs) (48%), and (3) mergers and acquisitions (47%). While just 57% of IT leaders are sure that multi-cloud security is achievable, 95% admit they’ll still need to embrace it as a “strategic priority” this year.

(Dark Reading)

Germany hires new cybersecurity chief in wake of Russian scandal

Germany’s interior ministry has announced the appointment of its new cybersecurity chief, Claudia Plattner, formerly the director general for information systems at the European Central Bank (ECB). Plattner joins Germany’s Federal Office for Information Security (BSI) in the wake of a scandal that led to the suspension of former president Arne Schönbohm, over his alleged ties to Russian intelligence services. Plattner, who earned multiple master’s degrees in mathematics, will take on the new role on July 1. 

(The Record)

Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.