🔴 Mar 17's Top Cyber News NOW! - Ep 1090

The March 19, 2026 episode of Simply Cyber’s Daily Cyber Threat Brief highlighted a major cyber‑incident affecting Striker, a medical‑device maker, where an Iranian‑aligned threat group leveraged Microsoft Intune’s mobile‑device‑management (MDM) capabilities to remotely wipe thousands of devices, halting electronic ordering and forcing manual processes for over a week.

Cisco Talos investigators traced the breach to compromised high‑level admin accounts that issued Intune’s remote‑wipe command. The attackers employed “living‑off‑the‑land” techniques, using native Windows binaries that bypass most endpoint detection and response (EDR) tools. With roughly 56,000 employees, the potential restoration effort could require 30‑minute image restores per endpoint, illustrating the massive operational impact of a single MDM compromise.

Host Dr. Gerald Oer emphasized the importance of dark‑web threat intelligence, promoting Flare’s platform that lets organizations query compromised credentials in real time. He also announced the free six‑hour SockSummit virtual conference on March 25, featuring speakers like Ashley Nolles and Wade Wells, and reminded listeners that each episode counts toward CPE credits.

The incident underscores the need for hardened MDM controls, regular backup verification, and advanced threat‑intel feeds to detect credential leaks early. Enterprises should audit admin privileges, implement zero‑trust policies, and invest in training to mitigate similar supply‑chain style attacks.