This week’s Department of Know is hosted by Rich Stroffolino with guests Steve Zalewski, co-host, Defense in Depth, and Nick Espinosa, host, The Deep Dive Radio Show
Missed the live show? Check it out on YouTube
The Department of Know is live every Monday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com
CISA releases new cryptography categories
CISA published an initial list of hardware and software product categories that already support or are transitioning to post-quantum cryptography, developed with NSA under a 2025 executive order. The list is meant to guide procurement as quantum computing threatens current public-key crypto. Categories include cloud services, browsers, messaging, endpoint security, and networking, with PQC used for key establishment and digital signatures. CISA says future purchases in these categories should be PQC-capable to prepare for quantum-era encryption risks. (Infosecurity Magazine)
US cyber chief uploaded sensitive files into public ChatGPT
Politico’s sources say the US’s acting cyber chief, Madhu Gottumukkala, uploaded contracting documents marked “for official use only” into a public version of ChatGPT last summer, triggering automated security alerts inside the Department of Homeland Security. The documents weren’t classified, but the uploads prompted an internal review to determine whether sensitive government material had been exposed. Gottumukkala had received a special exception to use ChatGPT at a time when it was blocked for other DHS employees. DHS hasn’t said what the review concluded. (Politico)
Vibe-coded ‘Sicarii’ ransomware can’t be decrypted
Security researchers at Halcyon and Check Point Research say a new ransomware strain called Sicarii is so poorly built that paying the ransom won’t decrypt victims’ data. The malware generates fresh RSA keys on each execution and discards the private key, leaving no viable recovery path. Sicarii surfaced as a ransomware-as-a-service offering and uses Hebrew symbols and language that Check Point believes may be machine-translated and a false-flag identity. Researchers say the code likely involved AI tooling, and victims are urged not to pay. (Dark Reading)
Judge dismisses Virginia Flock camera case
A federal judge upheld Norfolk, Virginia’s use of 176 Flock automated license plate reader cameras, rejecting claims they amount to unconstitutional warrantless surveillance. The court ruled the network is too sparse to reveal a “whole” picture of someone’s movements, contrasting it with mobile phone tracking and aerial surveillance cases. The Institute for Justice, which brought the suit, plans to appeal as other cities end Flock contracts over privacy concerns. (The Record)
Huge thanks to our sponsor, Strike48
Microsoft to disable NTLM by default in future Windows releases
NTLM (short for New Technology LAN Manager) is a 30-year-old challenge-response authentication protocol that was introduced in 1993 with Windows NT 3.1 and followed on as successor to the LAN Manager (LM) protocol. It has now been superseded by Kerberos, which remains the default protocol for domain-connected devices running Windows 2000 or later. NTLM is still used as a fallback authentication although it uses weak cryptography and has been widely exploited in NTLM relay attacks and by pass-the-hash attacks. The retirement of NTLM, part of Microsoft’s push toward passwordless, phishing-resistant authentication methods, will occur in phases throughout 2026.
Microsoft Teams addition will allow for suspicious calls to be reported
This new feature is intended to be released to Targeted Release customers by mid-March. Its goal is to help users flag suspicious or unwanted calls as potential scams or phishing attempts. Named “Report a Call,” the function will be enabled by default, but can be disabled by admins via a toggle inside the “Calling settings.” When users manually flag a call, some metadata including timestamps, duration, caller ID information, and participant Teams IDs will be shared with both user’s organization and Microsoft. General availability worldwide is expected for late April.
UK leaders warned about absorbing cyberattacks without offensive deterrence
During a UK parliamentary hearing on national security ministers were warned that Britain “risks leaving itself exposed to cyberattacks and hybrid forms of warfare unless it exercises an ability to impose costs on hostile states.” Former national security adviser Lord Sedwill, who is now a member of the Joint Committee on the National Security Strategy, added that “resilience measures alone would not deter adversaries conducting cyber operations, sabotage of critical infrastructure, and disinformation campaigns against the United Kingdom.” His comments echo those made by the former head of the British Army, who previously urged the government to get on the “forward foot” with ransomware instead of just “absorbing the punches.”