Video Episode: https://youtu.be/_DKTFyP1bOM In today’s episode, we discuss Microsoft’s recent cybersecurity initiatives, including the appointment of deputy CISOs and the launch of the Cybersecurity Governance Council as part of their Secure Future Initiative to enhance internal security measures and reduce risks. We also explore the implications of ‘never expire’ passwords in cybersecurity, highlighting the potential risks while considering the practicality of password policies. Additionally, we cover critical vulnerabilities found in Microchip’s software affecting IoT devices and Discord’s introduction of the new DAVE protocol for secure audio and video communication. Article URLs: 1. https://www.cybersecuritydive.com/news/microsoft-deputy-cisos-security/727763/ 2. https://thehackernews.com/2024/09/why-never-expire-passwords-can-be-risky.html 3. https://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.html 4. https://thehackernews.com/2024/09/discord-introduces-dave-protocol-for.html Timestamps 00:00 – Introduction 01:07 – Microsoft Removes Inactive Accounts 02:48 – IoT RCE Vulnerability 04:53 – Discord’s DAVE end-to-end Encryption 06:00 – Should all passwords expire? 1. What are today’s top cybersecurity news stories? 2. What security changes is Microsoft implementing in its internal practices? 3. How is Microsoft addressing its internal security culture? 4. What vulnerabilities were recently disclosed for Microchip’s Advanced Software Framework? 5. Why might ‘never expire’ passwords pose a risk in organizations? 6. What is Discord’s new DAVE protocol and how does it enhance security? 7. How is Microsoft restructuring its cybersecurity governance? 8. What impact did the federal Cyber Safety Review Board report have on Microsoft? 9. What recent vulnerabilities affect IoT devices and what are their risks? 10. How is Microsoft training its staff to improve security practices? Microsoft, deputy CISOs, security breach, email theft, passwords, cybersecurity, expiration, IT help desk, Microchip, IoT, vulnerability, remote code execution, DAVE protocol, end-to-end encryption, audio calls, video calls, —