CyberWire Daily - The court draws a privacy line.
Episode Date: June 30, 2026The Supreme Court limits geofence warrants. DHS moves to expand CISA. The State Department offers $10 million for Russian hackers. A legal theory could reshape EU-U.S. data sharing. Plus, cyberattacks... hit D.C. housing, Oracle and SimpleHelp flaws face active exploitation, malware lingers on Japanese military networks, and stolen Apple supplier data surfaces online. John Cannava, CIO at Ping Identity, discusses how identity threats don't go on holiday. The Secret Service dial down the risk on BYOD. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by John Cannava, CIO at Ping Identity, as he discusses how identity threats don't go on holiday: how attackers take advantage of these high-traffic moments to blend in with normal user behavior, and what needs to change to better protect fans of major events like this summer's World Cup, and identity threats in travel at large. Selected Reading Supreme Court says police need a warrant to obtain Google location data (Washington Post) DHS Eyes 600 New Cybersecurity Hires, New Director for CISA (BankInfo Security) US posts $10 million reward over Russian cyber campaign targeting Signal, WhatsApp (The Record) US Supreme Court just blew up EU-US Data Transfers (NOYB) DC Housing Authority hit by cyberattack, website down (WJLA) Exploitation of Recent Oracle E-Business Suite Vulnerability Begins (SecurityWeek) USB drives carrying China-linked malware infected Japanese military networks for nearly a year (Bitdefender) A forged login key unlocks SimpleHelp servers, and a new stealer is raiding cloud and AI credentials (SURIQ) Apple iPhone 18 Pro supplier list, parts and photos exposed in Tata data leak (Reuters) Even the Secret Service won't use company-issued phones (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
This episode is supported by Black Hat USA.
If you follow the research, you know a lot of it breaks on Black Hat stages.
Hundreds of peer-reviewed briefings, more than 100 hands-on trainings,
and the largest business hall in Black Hat's history.
Six days to learn the skills you'll need tomorrow.
August 1st to the 6th.
Use code Cyberwire for $200 off your briefings path,
at blackhat.com.
We'll see you in Vegas.
The Supreme Court limits geofence warrants.
DHS moves to expand Sisa.
The State Department offers $10 million for Russian hackers.
A legal theory could reshape EU-US data sharing,
plus cyber attacks hit D.C. housing,
Oracle and simple help flaws face active exploitation.
Malware lingers on Japanese military networks
and stolen Apple supplier data surfaces online.
Our guest is John Canova, CIO at Ping Identity, discussing how identity threats don't go on holiday.
And the Secret Service dial down the risk on B-YOD.
It's Tuesday, June 30th, 2026.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
It's great to have you with us.
In a landmark 6-3 decision, the U.S. Supreme Court ruled that police,
generally must obtain a warrant before accessing a person's detailed Google location history,
strengthening constitutional protections for digital privacy.
Writing for the majority, Justice Kagan said,
people have a reasonable expectation of privacy in the location data generated by their
smartphones, even when that information is stored by a third-party company like Google.
The court stopped short of deciding whether Geofense warrants are themselves constitutional,
sending that question back to a lower court. The case stemmed from a 2019 Virginia bank robbery
investigation in which police used a geofence warrant to identify suspect O'kella Chatri.
Technology companies and privacy advocates praised the ruling, arguing that broad location requests
can sweep up innocent people, while law enforcement maintained the data is an essential investigative tool.
Homeland Security Secretary Mark Wayne Mullen told Congress that the cybersecurity and infrastructure
security agency's biggest challenge is not funding but staffing.
He said SISA is operating at roughly half-strength and needs to hire about 600 experienced
cybersecurity professionals to restore its role as the nation's primary cyber defense agency.
Mullen said President Trump has already met with a candidate to lead,
SISA, and estimated it will take about a year to rebuild the agency once new leadership is in place.
The agency has experienced significant turnover, with roughly one-third of its workforce departing
during Trump's second term, and its election security efforts largely dismantled.
Mullen warned that growing cyber threats from China, North Korea, Russia, and Iran
require stronger public-private partnerships, arguing that Sisa is essential to court
national cyber defense and cannot rely on private industry alone.
The U.S. State Department is offering up to $10 million for information leading to members of two
Russia-linked hacking groups accused of targeting signal and WhatsApp accounts belonging to government
officials, journalists, and other high-profile individuals. According to the FBI,
the groups use social engineering to steal verification codes, pins, and backup recovery keys,
allowing them to access encrypted message histories and even regain account access after victims create new accounts.
The campaign is tied to Russian intelligence services and has targeted victims across Ukraine, Europe, and the United States.
A recent U.S. Supreme Court ruling embracing the unitary executive theory could upend the legal foundation of EU-U.S. data transfers.
In Trump v. Wilcox, referred to by privacy advocates as the slaughter decision, the court held that the president generally has the authority to remove leaders of independent executive agencies, calling into question the independence of the Federal Trade Commission.
Privacy Group Noib argues that this undermines the EU-US data privacy framework, which relies heavily on the FTC as an independent privacy regulator.
The group says the ruling also weakens other transfer mechanisms, such as standard contractual clauses, that depend on independent U.S. oversight.
While the current framework remains in force unless the European Commission repeals it or European courts invalidate it,
Noeb has urged the Commission to withdraw the agreement and plans to challenge it before the EU's highest court.
The D.C. Housing Authority has confirmed it was hit by a cyber attack that compromised its systems,
leaving staff unable to access files and knocking its website offline. The incident has also disrupted
constituent services, with officials unable to process requests while recovery efforts continue.
It's not yet known whether any personal information was exposed. The district's office of the chief
technology officer said it is providing technical guidance to DCHA, which operates its own technology
infrastructure, as the agency and its incident response team investigate the breach.
Threat actors have begun actively exploiting a critical Oracle e-business suite vulnerability
just weeks after Oracle released a patch. The flaw, which carries a CVSS score of 9.8,
allows unauthenticated attackers to remotely take over Oracle payments.
Threat intelligence firm, diffused, detected the first exploitation attempts against its EBS honeypots over the weekend,
despite no public proof-of-concept exploit being available.
Organizations are urged to apply Oracle's May security update immediately,
as Oracle Enterprise products remain frequent targets for cybercriminals and ransomware groups.
leaked documents reveal that Japan's ground self-defense force
unknowingly used counterfeit malware-infected USB drives
on sensitive military networks for nearly a year.
The drives reportedly introduced during 2024 earthquake relief efforts
outside normal procurement channels were connected to more than 50 computers,
including systems handling classified troop movement data.
Investigators linked the malware to a previously identified
identified Chinese hacking operation, although Japan's defense ministry said the malware only
self-replicated and showed no signs of data theft. The incident raises concerns about supply
chain security and the risks of bypassing standard procurement procedures during emergencies,
particularly as similar counterfeit USB drives remain widely available through online retailers.
A critical authentication bypass flaw in Simple Help Remote Support Software is being actively
exploited to compromise managed service providers and their customers.
The vulnerability with a maximum CVSS score of 10 allows attackers to impersonate privileged
technicians without authentication by exploiting improper validation of open ID connect login tokens.
Researchers observed attackers using the flaw to deploy a new core.
cross-platform malware called Jin Steeler, which targets cloud credentials, developer secrets,
GitHub and SSH keys, cryptocurrency wallets, and AI coding assistant tokens. SISA has added the bug
to its known exploited vulnerabilities catalog, urging organizations to immediately patch
affected simple help servers, investigate for signs of compromise, and rotate any potentially
exposed credentials.
Following up on a story from last week,
sensitive files stolen from Apple's Indian supplier Tata Electronics
have reportedly been published by a ransomware group,
exposing supplier lists, component information,
and photos of unreleased iPhone 18 Pro models.
The leak could reveal closely guarded details
about Apple's global manufacturing network,
potentially benefiting competitors,
counterfeiters, and other suppliers.
Tata has become one of Apple's most important manufacturing partners outside China
as the company expands production in India.
The incident comes as Apple faces rising hardware costs
and is expected to increase iPhone prices.
Separately, Apple announced it will release security updates more quickly
rather than waiting for major iOS releases,
saying advances in AI-assisted hacking have shortened the window
between vulnerability disclosure and active exploitation.
Coming up after the break, my conversation with John Canova from Ping Identity.
We're discussing how identity threats don't go on holiday.
And the Secret Service dial down the risk of B-YOD.
Stay with us.
John Canova is CIO at Ping Identity.
We recently got together to discuss how identity threats don't go on holiday.
Yes, certainly it creates challenges for cybersecurity programs in that it's really a perfect storm in that user behavior changes rather significantly.
You see everything from surges in volumes of activity that seem abnormal to changes in the geolocation of your user base.
And so what were signals that you could really rely on now become patterns of standard behavior for the same non-malicious user base.
Are there specific things that you see around an event like the World Cup?
Yeah, we see a lot of opportunism with attackers, quite honestly, unfortunately,
in that they understand the dynamics that have changed in terms of user volumes and changes in geography.
And so they like to hide within the crowd.
And so we see a lot of activity around credential stuffing, fraudulent registrations, etc.,
that make it really difficult for organizations.
that are trying to host these large-scale events.
What about the folks themselves who are attending an event?
I'm thinking they're in a different mindset.
They're away from home.
They may be a place they haven't been before.
They're excited.
They're in a heightened emotional state.
All of those things can contribute to perhaps being a little more vulnerable.
Absolutely.
And I think, moreover, they're interacting with websites that they're not.
generally used to. I think consumers need to be on alert in these cases and ensure that they're
double-checking the websites and the emails that they're interacting with as they purchase tickets
or they look for travel and accommodations. Certainly attackers are out there looking to take
advantage of these opportunities. If I'm a security professional looking after the folks in my
organization and I have people I know are traveling to a big event like this.
Is there anything I need to be careful of or put in place to account for that?
Yeah, I think, you know, first off, understanding behavior and an identity level within your
cybersecurity program is super important. And being able to understand that there are going to be
patterns that maybe you relied on previously that you can't rely on going forward. And so,
making sure that your cybersecurity team and your product team to the extent you have a website
or an app are really thinking about maybe there are different types of signals we want to key on
for this event. So doing some pattern mapping around maybe current state versus 2B state and
understanding what those gaps are going to be. And in addition to that is really thinking about
when it comes to identity, they are not only focused on the login.
experience, that you're thinking through the continuous adaptive sort of solutions that give you more
insight throughout the session with your customers. Can we dig into that? What sort of things are you
talking about here? Yeah, sure. So, you know, traditional identity access management solutions,
you know, really are focused on that that login experience, that entry point. What they don't
necessarily give you control over is throughout that session, you know, what are different behaviors? Everything
from the device posture to the way the user is interacting with your website, bot detection
along those sorts of lines really helps put you in a position where you can take action
throughout that session rather than assuming that once they're in the front door, they must
be a good actor and not a bad actor.
How much has AI changed this equation here?
It strikes me that I think this is the first World Cup that we've had since
the LLMs came online.
Significantly, I think, you know, there's an unprecedented increase in scale, speed,
and the adaptability of the attacks that we're seeing.
So, you know, historically, the time it took to move an attack from, say, a reconnaissance stage
to an exploitation stage, that might be days or hours or days.
And we're seeing it in seconds and minutes now.
So it's, you know, the level of.
of speed is certainly an issue.
And so you absolutely can't have, you know,
rules-based approach that isn't adaptive to those changes.
I think on top of it, we're seeing just much higher volumes.
I think the, you know, attacks being agentic make it cheaper
and more accessible for a broader audience to participate in,
unfortunately.
And then the last thing I'd say is the bot behavior is getting harder to identify.
attackers are getting better and better at having bots simulate what ordinarily would look like general user behavior.
You know, John, I think any of us who have traveled for work have had that experience where you get where you're going, you get settled into your hotel room, you decide you're going to knock out a few work things before you maybe go grab a bite to eat and you go to log in and the system says, hold on there.
you're not where we expect you to be.
Slow down, right?
And we catch ourselves and say,
okay, this is good for security.
I understand I need to jump through these hoops.
But the point of my question is,
how do you make sure that you put these things in place
without becoming such a speed bump for your users
that they come to resent it?
Yeah, it is a challenge.
I mean, it's something that we think about daily,
even internally here at Ping,
is what is the best balance
between security and user friction.
And so what we try to do is we try to find the third way,
which is, you know, what is the step-up authentication
that challenge that we put in front of users
that doesn't create a significant hurdle for them
as a legitimate user to complete that transaction?
So examples would be, you know, things we're accustomed to,
an MFA with maybe a number matching capability,
potentially, you know, internal systems.
You might look at a facial,
recognition, step up authentication. So, you know, really trying to ensure that when you present
those types of challenges, that they aren't an undue amount of a challenge for that end user. So it's
something that can easily complete and that you're not going to create a number of exceptions that
is, you know, out of line with the security it provides. How much of this is a cultural issue as well,
you know, dealing with people, making sure that they're educated and informed. So again, when
someone's traveling, they know what to expect.
Yeah, that's a big challenge and it's, it's an ongoing challenge that you have.
I think ensuring, you know, whether you're talking about your customers or you're talking
about your employees, that people understand that this is something that protects them and
that, you know, the hurdles you're putting in front of them are really on to their benefit
is something that should be incorporated into the comms plans for your organizations when you're
changing these requirements.
For an example, we require multi-factor authentication for administrators of Ping's products.
And when we rolled that out, we wanted to make it really clear that this was something we're
doing to protect them and that we wanted feedback around how do we struck the right balance
between security and friction.
That's John Canova from Ping Identity.
What happens when AI agents gain access to the same system?
applications, and credentials as your employees.
According to Arvind Nithrkashyip, CTO and co-founder of Rubrik,
that reality is already here.
As AI agents proliferate across enterprise environments,
organizations face a growing challenge.
How do you govern systems that operate at machine speed?
To learn more about AI sprawl, the risk it creates,
and how organizations can prepare,
visit explore.
TheCyberwire.com.
slash rubric to hear the full conversation.
And finally, the U.S. Secret Service has discovered a truth familiar to office workers everywhere.
Nobody wants to carry two phones.
Unfortunately, according to a Department of Homeland Security Inspector General report,
that convenience came at a steep security cost.
Agents routinely relied on personal smartphones during protective missions
because government-issued devices lack the tools they needed,
even though agency policy prohibited it.
Investigators found more than 15,000 work-related calls
involving personal phones during protective operations
and identified employees who regularly used personal devices
on overseas assignments, sometimes even as hotspots for government laptops.
The report also found government-issued phones
lacked modern mobile threat protections until 2025 and were not consistently wiped after foreign
travel, leaving opportunities for foreign adversaries to intercept communications or track sensitive
movements. The watchdog recommended five improvements, including better equipped government devices,
stronger security controls, mandatory training, and stricter enforcement. The Secret Service
agreed with all of the recommendations, proof that sometimes the easy,
The easiest call is admitting your phones need an upgrade.
And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire at n2K.com.
N2K's lead producers, Liz Stokes.
We're mixed by Trey Hester
with original music and sound design by Elliot Peltzman.
Our contributing host is Maria Vermazas,
our executive producer is Jennifer Ibin.
Peter Kilby is our publisher,
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
