InfoSec News 09JAN2026
General
- Disruptive bug in Cisco switches - failed DNS lookups triggering a fatal error and reboot.
- Another Cisco ISE (Identity Services Engine - authenticate access to a network) bug - CVSS4.9. A Proof-of-Concept exists, but no confirmed in-the-wild exploitation yet.
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-jWSbSDKt
- https://nvd.nist.gov/vuln/detail/CVE-2026-20029
- https://www.bleepingcomputer.com/news/security/cisco-warns-of-identity-service-engine-flaw-with-exploit-code/
- https://www.theregister.com/2026/01/08/rcisco_ise_bug_poc/
- Retro news - a brute-forcer targeting exposed FTP, Database and phpMyAdmin. Apparently people are still deploying XAMPP (Linux or Windows, with Apache, MariaDB/MySQL, PHP and Perl) - a two-decade old web stack.
It's guessing usernames and passwords - defaults for the various LAMP/WAM stacks, WordPress, as well as common credentials created by LLMs.
Getting Techy
- Another fun and snarky tear-down from Watchtowr labs, this time a "secure, all-in-one business email and collaboration server".
- Deep-diving into Bluetooth - vulnerabilities in a Bluetooth headset System-on-Chip (SOC). Who would have thought, that wireless, unauthenticated access, with read/write primitives (RAM and flash), would turn out bad?
Geo-Politics
- [IR] Iranian Internet access cut off, as protests continue
At the end of December, protests erupted in several cities in Iran, following a sharp drop in the value of the country’s currency, prompting shortages of goods and dramatic spikes in prices. Some shops in Tehran’s traditional bazaar have been closed for 11 days, according to The New York Times.
Iran’s government has responded by violently cracking down on the protesters.
The Iranian government, which maintains a tight control over the country’s internet access, is behind the internet blackout, according to Rashidi.
- https://techcrunch.com/2026/01/08/internet-collapses-in-iran-amid-protests-over-economic-crisis/
- https://infosec.exchange/@lorenzofb/115861440907706733
- [UK] Communications regulator Ofcom (Office of Communications) is demanding answers from X and xAI over the spate of adult imagery being generated by Grok
We are aware of serious concerns raised about a feature on Grok on X that produces undressed images of people and sexualised images of children.
We have made urgent contact with X and xAI to understand what steps they have taken to comply with their legal duties to protect users in the UK. Based on their response we will undertake a swift assessment to determine whether there are potential compliance issues that warrant investigation.
- https://www.theregister.com/2026/01/08/uk_regulators_swarm_x_after/
- https://x.com/Ofcom/status/2008201578378084550
- [US] Transparency reports without much transparency - NSO group's latest report reveals very little. Not a great start to their new US-backed ownership, and attempts at redemption.
we have seen this before with NSO and other spyware companies over the years where they change names and leadership and publish empty transparency or ethics reports but the abuses continue.
Privacy
- [US] Very short-term win against TV manufacturers profiling their customers' viewing habits - Samsung was under a Temporary Restraining Order from a Texas court, however it "set aside" the next day.
The Court finds that there is good cause to believe that SAMSUNG’s process for enrolling consumers in the ACR data collection program is false, deceptive, or misleading because it does not disclose to consumers how much data is being collected about them, how the data is actually being used,
IT IS HEREBY ORDERED THAT for the duration of this order and any extensions of such order granted by the Court, SAMSUNG and their officers, agents, employees, and others acting in concert or participation with them, shall cease the collection and the use, sale, transfer, disclosure, and sharing of ACR data relating to Texas consumers.
- https://www.bleepingcomputer.com/news/security/texas-court-blocks-samsung-from-tracking-tv-viewing-then-vacates-order/
- https://www.texasattorneygeneral.gov/sites/default/files/images/press/TRO_0.pdf
- [US] California's Privacy Protection Agency (CPPA) actively following their mandate. CPPA fined a data broker that bought and sold information on Californian residents, but wasn't registered as a data broker in California. This registration is also important, as it forms part of the ability for Californian residents to demand their data be deleted from all data brokers, via a single request.
AI
- OpenAI release "ChatGPT Health", a separate section of ChatGPT, for health-related conversations. On the one hand, this segregation may slightly help protect the data ("purpose-built encryption and isolation to keep health conversations protected and compartmentalized”, and OpenAI promise not to train their "foundational" models using this data), on the other hand, they're encouraging users to "Connect your wellness apps and medical records for more personalized responses". So, OpenAI will know even more about you - that should help with their advertising push.
- https://arstechnica.com/ai/2026/01/chatgpt-health-lets-you-connect-medical-records-to-an-ai-that-makes-things-up/
- https://www.bleepingcomputer.com/news/artificial-intelligence/openai-says-chatgpt-wont-use-your-health-information-to-train-its-models/
- https://therecord.media/chatgpt-health-draws-concern-privacy-critics
- Need any more convincing that AI Agents should be running in sandboxes (see yesterday's Getting Techy for a really good review of options)? IBM's coding agent "Bob" easily coerced to perform malicious actions, and bypass "Human in the Loop" controls.
- [US] The drive for AI processing is creating demand for some crazy datacentre builds, this one in Texas. 5,769 acres, 10 million gallons (~38 million litres) of water per day by 2027, 11 gigawatts of power from 4 nuclear power plants.