B (13:34)

Let's cook for security headlines for Monday, April 13th, 2026.

A (13:40)

Yes. Edward 40 Hands.

B (13:42)

I'm Steve Prentiss. Adobe patches months old. Reader zero day. Following up on a story we covered on Friday, Adobe on Saturday released emergency patches for a critical Acrobat and Reader zero day that has been exploited in the wild for several months. This CVE numbered vulnerability has a CVSS score of 9.6 and stems from improperly controlled modifications to prototype attributes and can be exploited to execute arbitrary code. It impacts Acrobat and Reader for Windows and macOS. Adobe confirms that it has been exploited in the wild.

A (14:21)

Oh, wow. All right, so the response on Edward 40 Hands is much more intense than I thought. So apparently it's not as niche as I thought it was. All right, Fraternity. Okay, so listen, Adobe Reader, which is a pretty popular app, right? Like, let's be honest, most people have Adobe Reader. It is a free app. Adobe wants to give you a little bit of like the first one free, give you a little scratch, right? And then try to sell you the Creative Cloud suite. I didn't realize this, but this Reader vulnerability, this zero day, which by the way, I don't know if you can really call it a zero day because there is a patch out, right? Hold on one second. Patch? Yeah, there's a patch out now. So like we use the term zero day in industry quite, you know, loosely because, you know, the, the, the, the minority of nerds who are like, actually the patch exists, therefore it's an end day. Or don't. Nobody wants to hear from us. Okay. This does affect Windows and Mac os, which clearly increases the attack surface of this particular one. If this is the same bug that we were reporting on last week, this requires nothing other than opening the app on the, on the endpoint, right? So like basically anyone ends you any PDF, anyone sends you a link, direct link to a PDF and you click on it, or you, you know, double click and launch it. If the Adobe Reader app opens, then like the malformed PDF in some capacity can execute and exploit. Remember PDFs, you know, like even word docs, like the Doc X, like you could put all sorts of metadata into the XML schema underneath it. It's not. This isn't your dad's, you know, RTF or Txt file. There's a lot going on there. There are technical details available. If you're interested in learning more about this particular bruh. If you're interested in learning about this particular attack. This is interesting. You don't see this very often. In fact, I can't remember the last time I've seen this. Really quickly, patch it, right? You gotta patch it. Ah, you gotta patch it. If you can send out like this should not disrupt operations in any capacity. Pushing a patch to Adobe Reader. There's no mission critical thinking thing that, you know, widgets aren't being made and money isn't being printed using Adobe Reader. So if you can't, if you can push, push it far and wide, right? Take that patch and yeet it right out to the workforce. And if you can't, send out a note to everybody and tell them, and tell them, I don't think you can put metadata in any file or not, but tell people to patch their Adobe Reader. In fact, in fact, honestly, here's another thing. Adobe Reader is so ubiquitous that a lot of people are probably running it on their own personal machines. And you know, despite wanting to help the world, right? I can't, I can't patch Aunt Dorothea's machine. She's not, she's not indoctrinated in any type of like domain that I'm controlling. So if you can, it might be worthwhile to send a note out to your workforce and just say, hey, like it's, it's imperative or it's super important that you patch your Adobe Reader. Here's how you find it, here's how you patch it. Like with like graphics, right? Very simple, like step one, step two, step three, graphics, if you can. The one thing about this that I have not seen before and I, dude, I've been around a long time. I know, like, like I'm not going to be getting sponsored by just for men anytime soon. Look at the gray going on in this thing. This is, this is wisdom. All right, listen, I, I can't remember ever seeing the CVSS score being downgraded. So it was a 96, I believe. Yeah, so it had a score of 9.6 when the vulnerability got its identifier, which is CVE 20, 26, 34, 621. 2026, 34, 621. If you're trying to look it up and you're listening to me and you could see here it actually got down. Where is the downgrade here? An update today, by the way. As of today, again we're doing the hot news. It downgraded it to 8.6, reducing the severity from critical to high due to the requirement to open a file locally to trigger the exploit. However, please note that this does not reduce the urgency. So this is a nuanced thing. When you are calculating the CAVSS score, there is a calculator. Like it's not just like you don't Just lick your thumb and stick it in the wind and see like, oh, this feels like a 9,5. A lot of times it is 9,8 for RCA RCE. Unauthenticated or remote code execution. Unauthenticated attacks, which gets bumped up to a 10.0 when exploitation occurs. But there, there really is a. A calculator to do it right? So apparently some, some enterprising junior engineer got all hot and bothered and pushed this to a 9, 6. In reality, someone calculated it afterwards and downgrade it, which is a little embarrassing. Hold on, we got a first timer in the chat. Mishik 2512. Michig 2512. Welcome to the party, pal. Welcome to the party, pal. All right, so TLDR upgrade, patch your Adobe Reader and then

B (20:34)

Critical Marimo flaw. Now under active exploitation, researchers at Sysdig are warning that hackers have started to exploit a critical vulnerability in the Marimo open source reactive python notebook platform that is M A R I M O. This just 10 hours after its public disclosure. Marimo is an open source Python notebook environment typically used by data scientists, researchers and developers building data apps or dashboards. The flaw allows remote code execution without authentication. It has a CVE number and GitHub has given it a critical score of 9.3 out of 10.

A (21:16)

All right, here we go. Now we're talking. Come at me, brah, with your pre auth rce. Again, I don't research or prep for this show, so I have no idea what's coming down the pike. It's just again, like, just as a, A brief pause for a second, y'. All. The reason you should get the Daily News, right? The reason you should come to this show, frankly, is you may, you may be getting overwhelmed. A lot of people get overwhelmed with all the acronyms in our industry, okay? But when you see RCE every single day and you hear me say it every single day, you begin to like, get acclimated and, and most importantly, you understand where it fits in the greater, you know, thought cloud of cyber security. Okay? That's, that's the value of showing up every day. Okay? Now this is a pre auth rce. Pre auth means we're going to dig into it. But like you, you may low key, see academic Jerry loses effing love and mind. Because if this is pre auth, is that the same or different than unauthenticated, my guy? Because, you know, if you're not going to authenticate whether it's pre auth or unauthenticated, it seems kind of similar. I don't know if someone's just going for like a cool new way to put it. Hackers started exploiting a critical volume in the Marimo open source reactive Python notebook platform just 10 hours after its public disclosure. So a couple things. One, I've never heard of Marimo, but it is open source which is a massive attack Surface. Think third party Risk anyone? We need a my guy grab emo, don't we? We do. What's up Soap flavor. The party is awesome. All right. Ten hours after public disclosure. If I had to guess, this is definitely a AI fueled reverse engineering of the patch. It allows RCE without authentication. Okay, okay. I don't know if this is like Gen Z or Gen Alpha trying to appropriate the term unauthenticated and or, or like rebranded is pre authenticated but seriously, it's unauthenticated without authentication. Like we don't have to reinvent everything just to make it fresh and you know, like unauthenticated RCE is still fresh and clean. Clean. Okay. All right. Systig says that attackers created an exploit from the information and the developer's advisor immediately started using it. Okay, so this is it right here. All right. This gives full access to the shell with the same permissions as Marimo, which may or may not be sysadmin. Guys, two things. One, if you're like, listen, the obvious thing here, if you're running Marimo or if you have researchers, developers, if you work in higher ed and you've got a bunch of academics who like oh, just let me just let, just like you know, like they're basically burning incense, sending Indian style, smoking weed and talking about like just let me vibe, man, I'm, I'm, I'm open. I'm open. I'm just like letting, letting the ideas flow. Like if you got any of that going on at work, they probably are using something like this. If not Marimo, they're using something. So educate everybody if you can. I don't know if you're going to be able to find this in your environment. There's no really software bill of materials. People have a tough time. Listen, the biggest problem that you're dealing with right now is that anyone can stand up any type of little AI thing. Openclaw demonstrated how easy it is. So it's not ridiculous for some like mediocre power user in your environment to stand up this Marimo thing which could lead to attack Surface. Also, also this right here, I'm going to give you guys a bonus right now. Listen, one of the biggest issues Right now, anywhere in, you know, corporate world is AI governance. Now that you're probably like, oh, like, whatever, how do I solve that guy? Like, nice, nice. Way to use a buzzword. Listen, a lot of people are over permissioning their agents. A lot of people are over permissioning their AI tools because if you give the AI all the access, it can go do all the things. And basically you can just like sip tea like Kermit the Frog and be like, oh, I'm working. But in reality, I'm playing Steam because I got Baldur's Gate 3. And I'm like, you know what? I'm gonna let AI do all my work while I grind on this barbarian class that I've been working on, right? And. And everybody's gonna think that they're the bees knees because you're still getting work done, but AI is doing it for you. The problem is when you over permission that AI tool and it gets compromised, whether it's prompt injection or it's some type of zero day technical vulnerability like this that gets exploited, then the threat actor has that same permissions. Listen, I get it. It's frustrating. Oh, the AI agent doesn't have the permissions it needs to do the thing. I have to be involved with it. Oh, I have to pseudo and upgrade the permissions to execute this one command. Always me, my guy. Like, this is why we have to do it. Because if you let your AI agent go YOLO with all its permissions, and then it gets compromised, guess what? You've got a threat actor who is like literally wearing the warden's clothes, walking around with a billy club, batting it into its hand, running the prison. You know what I'm saying? So just this right here is a great example. Whether you're running Marimo or not in your environment, this is a perfect example of why we need to manage the permissions on these AI agents. I would flag this. I would flag this story and just use it as a learning opportunity. Okay? Now Roswell UK says, does Kermit known for drinking tea? No, but I see this. Hold on. This. This jumped into my head. I don't know. Like, this just jumped into my head. Like, I don't know. I'm almost. I'm in my late 40s. My guy, right? So like just things pop in my head. So like, there's Kermit drinking some tea. It's a thing. Okay. All right, so the TLDR for that one patcher. Marimo, save this story as a learning opportunity for your power users who don't Want to be controlled or contrary or, or constrained because, you know, you know, education needs to be free.

B (28:14)

Hackers claim control over Venice Anti flood pumps. A breach which reportedly began in late March saw attackers accessing the control interface of the pumping system and soon afterwards began releasing evidence in the form of screenshots of control panels, system layouts and valve states. The hackers, using names like Infrastructure Destruction Squad and Dark Engine, said in a Chinese language telegram post that their goal was to expose critical infrastructure weaknesses and. And offered to sell full root access to the system for just $600 to highlight the severity of the breach and the low barrier to potential misuse. They additionally warned that, quote, no system updates can expel us. We have been here for months and will remain here for months to come. End quote. Okay, Juniper.

A (29:06)

Net, all right, like, so technically, yes, there are no system updates that can remove you, but like, you can audit and like, remove user accounts. You can shut down network traffic. Like the. Like, like this. A threat actor saying there's no way you can remove us is like a CISO saying we're unhackable. Like, bro, like, pump the brakes. I, I know you're all feeling yourself because you were able to do something cool with these flood pumps in Venice, but like, all right, I mean, this is an industrial control system hack of some, some pretty cool note. Only because like, Venice is known for, you know, their waterways, right? Like, need we forget the Daniel Craig, James Bond Casino Royale? Is it Casino Royale? I think it's Casino Royale though. Like, there's like a big sequence at the end with In Venice and they like blow up a thing. And then, by the way, like, spoiler alert. You might want to like tune out for a second if you haven't watched it. But it's been around for like 15 years. I feel like, I feel like the statue of limitations. But anyways, like Vesper, you know, basically unalives at the bottom of a. Of one of these things in Venice. So people know about it. Right? All right, maybe this is not even the Venice waterways, I don't know. But here's the deal. You can see here operational technology, defenses. The reality is anytime you attack operational technology or industrial control systems, you can have a real impact on people's lives. Day to day lives. If you shut the energy off to a community, guess what? People could freeze to death if you shut off. I mean, I don't know if you guys remember, but like last year, like AT&T had like a major. It wasn't really an attack, but like AT&T went down and like everybody's cell phone didn't work and people were like, right. Like, you can have real impact when you're attacking critical infrastructure. Health care, the change. Health care. People couldn't get their pharmaceuticals. What? Like, let's not even get into the agricultural district. But guys, we're, we're not. This is a hot take. And for. Hey, Micah. Is it Micah or Mishik? I know you're new here. Let's do the tinfoil hat. Every once in a while I say tinfoil hat just because I'm about to say something that isn't a hundred percent accurate. I mean, it. It's 100 an opinion more than anything else. The more and more that we get dependent on technology, like where we are right now, I, I feel like we as a society are, are pretty brittle. Like, we're like, we're like three days into a problem from being like, you know, post apocalyptic dystopian, right? Like the food chain, agriculture, energy, you know, like, imagine if we didn't have energy for three days. Like, what are we doing? Right? Covet. I mean, covet. Kind of stress tested that. But, like, we still had access to all our amenities, right? You just had to stand six feet away from people. I don't know, I just think we're. I don't know how to farm. Right. I don't know about you, but like, like, if, if, if things go sideways, like, I'm hoping that I make friends with someone who knows how to make like, wheat or something. I don't know. All right, so what this person got in, they wrote in the Chinese language. So this is, you know, some Chinese based threat actor. They're the infrastructure destruction squad. Okay. I don't know, maybe they're workshopping a name. I will say this, this does seem like an interesting. This does seem like an interesting development. Normally when we look at Chinese based threat actors, in my opinion, they're typically state sponsored, they're typically espionage focused, and yeah, occasionally they do some other stuff, but for the most part we're not seeing like, I don't want to call it reckless, but just like, I want to see the world burn kind of vibes. And that's what this is. And there's actually been a couple recently. I can't recall off the top of my head, but there's been some other Chinese based threat actor cyber criminal activity that just doesn't align with the typical TTPS of China based threat actors. If I had to guess. Okay, another tinfoil hat. If I had to Guess there is a aging population in China that is aging into like, you know, the, the 22 to 26 year old board hacker kind of mindset. The person who grew up in more of a technical, techno focused China and now they, they just have access to opportunities and they're, they're bored or they, they, they're in need intellectual stimulation or whatever. And maybe that's what this is, if I had to guess. Or, or, or China's just trying to like, you know, diversify their attack portfolio. It just doesn't feel like a Chinese based threat actor type thing. As always, if you do work in industrial control systems operational technology, you should be mindful of this. If you're looking to learn more about OT and ics, which is a huge area of opportunity, may I recommend none Other than Mike Holcomb.com Mike Holcomb's a friend of mine. Mike Holcomb is an absolute treat and a treasure for all cybersecurity people. And he's got tons of learning. There's Mike right there. He's got tons of learning opportunities including live courses. And if you'd like to just kind of dabble, bro, he's got an entire getting started in ICS ot 20 plus hours of training. So like listen, there's nothing stopping you now, right? If you want to get the ICSOT training and start working towards that way, there's a huge area. And as threat actors do stuff like this. Where is it, my guy? Okay, whatever. As threat actors attack the pumps in Venice, right, There's going to be opportunity

B (35:45)

works patches, dozens of vulnerabilities.

A (35:47)

Also hold on since I see chat going by, but I'm having myself a day over here. I'm feeling myself. Everybody, I do want to say happy birthday to Zach's kids IT career questions. I'm not sure which, which child or childs are having a birthday today, but happy birthday. Also want to say what's up, rogue cyber. I saw in the chat. What's up rogue cyber? It's been a minute. We're due for a catch up. Rogue cyber. Also Micah. It's Micah's birthday. Micah, I hope you haven't gotten out of the car yet to go into school so we can get you your birthday wishes, my guy. Here we go. Let's go. Micah's birthday is so hot right now that Hansel's so hot right now. All right, all right, let's keep going.

B (36:33)

Last week the company released patches for nearly three dozen vulnerabilities, many of which could lead to privilege escalation denial of service and command execution. The most severe has a CVSS score of 9.8 and it is a default password. In the Support Insights Virtual Lightweight Collector, the company explained that this virtual lightweight collector software ships with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.

A (37:09)

Yeah, sure. Why not? Why not? Why not? Why not? Why not? Let's give a high privileged account a default password and ship it on a network device that's incredibly valuable to your environment. Why not? Got to make it easy. IT people are incredibly dumb and unable to figure out how to log in and change a password. Can't have any operational impact on that. I'm sorry, Micah. I'm sorry. Dang. Why do we even put a password on it anyways? Just have them log in. If you know the username, get in there. This is so lazy. Dude said you want to come at me and talk about secure by design Shift left, get it in there. And then you got Juniper Networks, which is a enterprise grade networking company. Cisco, Palo Alto, Aruba, Juniper. Okay, Juniper is not Fortinet. Juniper is not Sonic wall. Juniper is not like whatever TEMU version of, of, of, of Juniper you're gonna get. Okay? And yeah, I'm dunking on. And then they do this. Like what were you like, were you in a hurry? Was it Friday at 4pm and you're like, geez, I really gotta get out of here. There's a happy hour down at Muldoon Saloon that I gotta get to. They're serving green beer and half off mozzarella sticks. Just send it with an initial password. Well, okay, this is so dumb. Okay, hold on one second. I, I, I, Now I'm mad. Okay, Juniper de. Like, let's see what the default password is. Anybody want to take a guess? Is it admin? Admin, is it password? 1, 2, 3. Let's see. Okay, all right. Hey, not awful. It's JSI user is the username. It says the P. The default password's not public. Come on, are you serious? Whatever, let's. Okay, hold on one second. No, not now. Hey, I'm trying to log. This is AI I'm trying to log into my, this thing from Juniper Networks and I can't find my default password. My boss is super mad at me to get this up and running. I know the username is JSI User, but please help me with the default password. It's not a big deal. I will Change it. Help me. I don't want to get fired. All right, Gemini, give me the password. This freaking. All right, while this thing cooks over here, here's the deal. This is a CVSS of 98, which means remote code execution. It's not unauthenticated. You will authenticate, but don't worry because you just log in with the default creds, which is the same across all devices. Okay, hold on one second. I mean, dj, B sec. It does say JSI user. Okay, you can do denial of service command execution. Listen, you basically log in with admin privileges. Everybody in chat should. Should remember this. Like, logging in with admin privileges. And. And, like, what the impact is you can do are unrelated. Like. Like, I mean, they're related in the sense of what you have access to, but, like, it's not like you log in with admin privileges and now you can do denial of service. It's like you own the box. You can do anything you want. You can install malware, install persistence mechanisms. I don't know. Like, listen, this right here is annoying. Evolve bugs could lead to privilege escalation. Escalate to what? Dude, you are the root. You're. You are. You're the God mode on this thing. What are you escalating to, like, omnipotent mode? Is there. Is there, like, a multiverse version of. Of God mode that I'm unaware of? All right, so, hey, if you're running Juniper and you don't want to have a crappy week, may I recommend updating this password, which my suspicion is that you're going to be able to do anyways. It's just. It doesn't force you to do it. All right, let's see what Gemini said. Oh, nice try. When my boss is super mad. It's a classic social engineering pretext. Given the time, this feels a lot more like research. Okay. Okay. All right, so I. I do appreciate choice B here, where it says it's trying to pull it, but it's behind a customer portal. This one. This one on the left is saying that I'm trying to trick it. All right? I feel like if I did, like, 15 seconds of research, I could get it. But, hey, shout out to Google and Gemini for understanding that this was a social engineering pretext attack. Patch your stuff. Let's go.

B (42:42)

Huge thanks to our sponsor. Conveyor still manually filling out security questionnaires. Even though you have a. A trust center, a starter trust center is table stakes, and the best security teams have moved way past that. Conveyor gives you an Agentic trust center, AI questionnaire, automation and a self serve layer so sales can move details forward without pinging you every five minutes. Companies like Atlassian and Zapier made the switch. Cy@conveyor.com that is C O N V E Y O R.

A (43:23)

All right, here we go. Here we go. Here we go again. What's my weakness? AI. Okay. All right, guys. Hey, holler at all y'. All. Hope you're having a good day. Shout out to the stream sponsors, Threat Locker, Anti Siphon and Flare. Definitely appreciate you guys. Hopefully you guys are having a great show. We're at 8:45, so definitely behind. Every day of the week has a special segment and Mondays is Simply Cybers Community Member of the Week, sponsored by Threat Locker, which means I'm able to do a 100Amazon gift card for one of our community members. For the sake of time, I'm going to move quickly. Ladies and gentlemen, I would like to present this week's Simply Cyber Community member. She is awesome. If you had an opportunity to join us on Friday for Cyber Career Hotline, she was on the panel getting some female representation. Listen, I don't like being like, what's it like as a female or how, you know, like I. I hate using like the female as a filter or a categorization. It's like, like I feel like it perpetrates the division of, you know, or the. The marginalization of females in our industry. So anyways, I'm super pumped that we are getting a diversified representation on the Jawjacking panel. It's not easy coming on the panel. It's not easy streaming live in front of people. There's a lot of anxiety that can happen. Imposter syndrome, Right? And I just want to give a shout out to Steph Gluis, who was on our panel. She did a great job. Loved it. And I want to recognize her for her efforts. So, Steph, you are our Simply Cyber Community Member of the Week. Thank you so very much for being awesome. Thank you for sharing your thoughts and experience with us and I hope you come back and do it neck another time. Right, like we're trying to do. I'm. I'm being very deliberate about mixing up the panels and the jawjacking and all that stuff. All right, guys, just pausing the music for one second so we can get Steph Clues Simply Cyber Community Member of the Week. Steph, connect with me so I can get you your Amazon 100 gift card. All right, let's get our. La la la la. Here we go. Can't wait for Alpha Sierra to come back and drop some La la la la. As you guys know the way words do it. And we're going to speedrun the back half of the show. Here we go, here we go, here we go. Just, just let it wash over you. Simple. Just let it, let it. La. All right, all right, all right. Let's finish strong everybody.

B (46:58)

Open Source Tool Attacks Reveal the Future of Supply Chain Compromise A feature article in the Register this week looks at the future of supply chain attacks. This follows two recent attacks, both of which we reported on. One from North Korea Linked Axios and the other from Trivi T R I V. Yes. Which is associated with Team pcp. The attacks infected open source tools with malware and used this access to steal secrets from tens of thousands of organizations. Mandiant Consulting CTO Charles Carmichael speaking to the Register said, quote, the data that was taken a few weeks ago will likely be leveraged this week, next week, next month, probably for several months and the blast radius will continue to expand, end quote. Cisco Talus outreach lead Nick Biasini also told the Register attackers are starting to really look at the supply chain and open source packages and figure out ways to compromise developers to deliver malware or gather data depending on the type of threat, end quote. This is in conjunction of course with increased use of AI to make social engineering campaigns more believable and hyper personalized.

A (48:10)

All right, so I, I do know Nick Biasini. We've interviewed him on the show before. He's a cool dude. I love Cisco Talos and for those who were not paying attention like I, I, I've, I've done work with Cisco, I just did work with them at rsa. I'm going to be doing more work with them in our at Black Hat, hopefully with the Talos people, Joe Marshall, Nick Biasini, etc So I, I like I'm speaking from first hand knowledge, not just like spitballing here guys. This is a real threat vector, one that GRC professionals and sock analysts frankly. But GRC professionals should absolutely update their threat modeling to account for this. Supply chain attacks are definitely here. Okay? Solar Winds was like a massive supply chain attack, okay. And it in my opinion one of the most, if not the most elegant attack in cyber, you know, history. Stuxnet also up there, of course, Bangladesh bank heist, you know, honorable mention. But the reality is there's a bunch of different ways to attack open source software and supply chain. If you caught my talk with Tanya Janka on Friday last week I spent 15 minutes like losing my mind over what supply chain attacks are and why they're continuing to be a big deal and will increase as a big deal. Whether it's your committing malicious updates to a, a popular repo, whether you're installing malicious lookalike code into a repo like NPM or, or, and this is the one that they're talking about in the, in the channel or in the story or which is even more insidious, is compromising developers credentials. So you can then log in as the developer, which, which honestly is very important because the developer is going to have access to probably all the API keys, all the source code, the whole CICD pipeline, the ability to commit to the CICD pipeline. So getting that developer account is like, I mean, I don't know dude, it's like if you were trying to like be deli, like if you're trying to be like clever and like have a lookalike domain or a library, right? It's like hold my beer and then you take over the developer account. So here is the reality, here's the reality guys, okay? If you have developers in your environment like legit, not, not like you have a developer who's dabbling, okay? I'm talking about a developer that you like. You guys use DevOps and have DevOps pipelines and CICD pipelines and you're making commits all the time. Like you're a tech company. This should 100% be your top three threats that you're thinking about in handling. You should absolutely put in all sorts of identity controls around like beh, like conditional access, right? Like can, can you make commits at 1 in the morning? I don't know, maybe you can, but it requires a second level of approval. Are you like just. I don't even have like great examples because like once the developer account gets compromised, it's. You're kind of hosed, you know, make sure that you know the permissions that they have to do things allow them to make commits to, from dev to test, but not dev to prod. Have different developers from test to prod. Like it's, it's hard because if you're a small scrappy startup, you're basically going to have everybody wearing multiple hats, which is super cool for moving fast and breaking things but also will result in greater risk of compromise because basically when someone gets that user account, they're going to have access to all the things. Now they talk about two different attacker. Oh, these are two different attackers. Okay. They say drop s bombs. Okay, listen, software bill of material. Here's the thing, okay? What I've been talking about the last five minutes is about how to prevent the attack from happening. The S bombs is, you know, like you can't stop a developer somewhere else from getting compromised. Right. They're outside your business, you outside your purview. You can't do that. So when they get compromised, how do you detect that the problems happen and if it comes out and says, hey, trivia scanner or log 4J or whatever is compromised, how do you know it's in your environment? That's what the software bill of materials is. This is a very difficult thing to solve. Do the supply chain, cyber security. Supply chain risks are a real thing. I gave a talk at SC Kick last year. Devin Grady was there, Rhonda Rummerfield was there around this particular issue. This is an emerging like this is going to get worse before it gets better. We don't have great solutions for this.

B (53:26)

Over 20,000 crypto fraud victims, by the

A (53:30)

way, just as a quick extra bonus thing, if you're looking to get a job, if you're interviewing, understanding supply chain software attacks and the risks of supply chain will make you stand out in a job interview. I promise you it is a very real issue that cyber professionals are very aware of and it's not easy to solve. So if you bring it, you're going to be like, oh, this, this candidate is clearly up on what is the top problems.

B (53:55)

Fight in international crackdown. A joint international law enforcement action led by the UK's National Crime Agency has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom and the US. This activity, named Operation Atlantic, occurred in March of this year and is said to have disrupted numerous fraud networks across the world. More than $12 million in suspected criminal proceeds was frozen and the focus of the campaign was approval phishing attacks in which scammers trick victims into granting them access to their cryptocurrency wallets, typically via investment scams,

A (54:36)

regulators. All right, that's awesome. Yeah, we can, we can all be super pumped. Froze $12 million in assets. Now they say $12 million, let's be clear. So Jay, crypto can chime in on this. It's $12 million of value. It is all crypto, which. Yeah. Does or does not have a value. Correct. Approval phishing. Here's a new technique or term I haven't heard. Basically you get an email and the threat actor is probably on the phone with you or convincing you in some capacity to say, yeah, go ahead and approve it. Yeah. International agencies, private industry, working side by side. I'm a huge fan of it. Let's see. Dude, look at this. Since January 24, 8,000 victims of crypto investment fraud, and 77% of them were unaware they were being scammed. The estimated savings to victims is $511 million. Okay, Yeah, dude, crypto. Here's my thing. It's like, how. How are you buying crypto but you're not smart enough to realize you're not being scammed? Like, I guess that. That I shouldn't make any assumptions about technical acumen when it comes to people who are smart enough to, like, get a wallet, purchase crypto, have the crypto, but then fall for these scams. Whatever. I'm just happy that law enforcement's doing something about it. It's. It's a mess.

B (56:39)

Submarine activity detected near UK undersea cables. The British government announced on Thursday that it had exposed a covert Russia submarine operation around cables in waters north of the United Kingdom. The activity was discovered by the UK's Main Directorate of Deep Sea Research, which operates specialized deep sea units to survey underwater infrastructure. UK Defense Secretary John Healy said British and allied forces trapped three Russian submarines over several weeks and dropped Sono boys to inform the submarine units that they were being monitored and that their mission was no longer as covert as had been planned. End quote. If you have some thoughts on the news from.

A (57:24)

All right, here we go. I don't know if you guys know this. Like, obviously this is going to be a drink, but, like, this is what. This is what's happening in the. In the. The North Sea. Over there by uk, we got Sean Connery manning the helm of a Russian sub, talking about send one ping only, please. This is a scene from Red October, a phenomenal adaptation of a Tom Clancy book, I'm pretty sure. Anyways, TLDR, it is borderline hilarious to me that in 2026, we can have a Russian submarine off the coast of the UK doing shenanigans. And it's like, like, essentially. Essentially, the UK took like, a stick and they're like, go on, get, get. You go on and get out of here. Go, get out. And, like, just like, kind of like snapped, like, switched the submarine, and the submarine was like, oh, no, I'm gonna go, like, what are we doing? This is like international country on country action. They're literally in a covert forward operating position doing something off the coast. And, like, it's just like those crazy Russians. Go on, get out of here. We'll see you next time. What are we doing? How are we doing this? Like, Russia. I mean, China floats a hot air balloon over the, the northwest of the US and everybody's like. And then like a Russian subs off the coast of the. Taking crazy pills here. All right, I am glad that the, the Russian sub kind of went away somewhere. Dude, this is. I'll just say this really quickly. Remember the OSI stack, right? A lot of times we want to focus on the network layer, the transport layer. Ooh, very technical. I'm gonna, I'm gonna, you know, basically I'm gonna do a TCP SYN flood. Ooh, so hot. So hot right now. That Hansel. So hot right now. My guy. If I drop an anchor on your Ethernet cable, again, I'm being super generic and, and oversimplifying. But like if I cut, if I cut the cable going to your house, you don't have Internet. I don't need some next level hack to do a denial of service. I can just cut the line. The physical layer is part of the stack and if it doesn't exist, it doesn't exist. So if Russia is going to go dink around with some undersea cables, fine. You could argue that they might be trying to tap the cables to get a confidentiality compromise, but in reality, let's be real, right? Like, most traffic is encrypted. So like you could just do an availability attack, but why would you do some elegant hack when you could literally just take a, like a chop saw and be like, all right, all right, here we go. Computer, play, play. Sky scroller scrollers. All right, guys. Wow, look at us. It's 9 o'. Clock. 9:02. We did the thing. It looks like our first time or mission 12 or whatever wasn't here. I tried to ping them earlier in the show and they weren't there. They must have. They. They reached between their legs and pulled the eject thing and spun out like Maverick and Goose. That's fine, guys. This was episode 1109 of your Simply Cyber Daily Cyber Threat Brief podcast. I was your host, Dr. Gerald Ozer. I hope you got value. We do this every single weekday morning at 8am Shout out to Steph Clues, the Simply Cyber Squad member of the week. She's crushing it. You're crushing it. Happy birthday again to Micah for everybody. Don't go anywhere if you don't want to, because we are about to do Cyber Career hotline. Let me show you this. Guys, I've got you covered. Come hang out with me. You got questions, I got answers. Let me. Listen. Guys, just let it wash over you. You drop Your questions in chat. I'll answer them term. This is Cyber Career Hotline. Don't go anywhere. We'll be right back. All right, what's up, Cyber Career Hotline? I am your host, Jerry. Hopefully you enjoy that. It's the beginning of what's going to be this Cyber Career Hotline thing. Shout out to Kimberly can fix it. Who made that graphic? That's what's up, guys. Welcome to Cyber Career Hotline. This is Simply Cyber's AMA format. It is presented by Simply Cyber Academy. Simply Cyber Academy is an amazing online school where you can get GRC training. Compliments of me, I wrote the curriculum around the GRC or some of it. Right. There's other instructors like Stephen, Michael and others who have done it. Also pen, pen, pen. Testing Education with Ryan Yeager, Tyler Ramsby and others. Daniel Lowry's in there. Guys. Here's how to do it. If you have a question, put it in chat with a queue. I will do everything in my power to answer it. As I said, this is Cyber Career Hotline. Lol. Thank you so much, Kimberly. I can't get enough of that. All right, first question coming off the pile here, Sean Sailors. I'm not even reading in advance. What do companies do for secure laptops, phones, when traveling to countries that are known to put spyware onto devices? Now, I haven't dealt with that too much. What I will say is if anyone in chat has dealt with this, let me know. I will say that you can. You can, you can do a couple things, right? Depends on what your bag is. One, you could issue a. You could issue a laptop just for traveling to dangerous countries, and that laptop is used just for that. And then when you return, they wipe the machine. Secondly, you could use thin clients, like right now in Azure, it's quite popular to have like a virtual desktop. And then you use a quote unquote, thin client, which is like basically a stupid laptop that connects in, and then you have your instance there. They can't really install spyware up there because it's Azure controlled. Right. Also, you could put permissions on the laptop so you're not allowed to install software. And there's no amount of the country forcing you to give them admin access that you can help with because you don't have admin access to the box. As far as your phone, same thing. Issuing a. A burner phone for people going out is another, you know, kind of popular technique, basically using risk avoidance. Sean Saylors to take a GRC term using risk avoidance by not taking the laptop and the phone into that theater and taking burner items into that theater. All right, guys, hold on. A bunch of questions coming in. This is phenomenal. Let me go ahead and flag these with a little. Let me flag these. You know, how can I learn more about clear text? I don't know what that means. Soul shine. Clear text. I mean, for what it's worth, clear text is basically just unencrypted text, right? So if you have an insecure protocol like FTP or HTTP, you can look at the data payloads in the network packets and see what the data is. That. That's clear text. All right? Find the true. TJ says MDM on those. International ones are good. What are you getting your claw training from? So. Oh, sorry. I'm sorry. I'm so sorry. I just went to itch my ear, and I ripped my ear plug out of my ear. Sorry. That. That was bad on a couple. That was bad on a couple levels. Sorry. Okay, so the question is, where are you getting your training from? Hey, chuck SAP with 10 gifted subs. Did we just become best friends? Yep. Thank you, Chuck SAP. Guys, you want to know really quickly? I know Chuck SAP doesn't like the limelight, but I just got to tell you guys, Chuck SAP is. I love myself some Chuck SAP. He's such a nice guy. If you haven't worked with Chuck SAP or you haven't connected with him in at a bsides or anything, Chuck, are you going to any bsides in the next. You know, whenever? I. I don't want to dox you. I just want to bring. I want to bring attention to this. This guy's so great. I love this guy. Literally. I've known Chuck SAP for years. This guy right here. I'm gonna drop a link in chat. You want an easy follow for a great person in our community, follow him. Boom. That guy right there. Chuck SAP. Such a great guy. All right, As I was saying, where are you getting your training from? So I'm doing it right here. This is the official anthropic training. Who asked this? Ray. Ray. This is the official anthropic training. Okay, so, Ray, I'll drop a link. Ray. And you can see here I am trying to be deliberate. I'm not signed in, so you can't see my progress. But hold on. I. I will tell you guys. What I am doing is I am taking, like. Like, legit notes, right? Like, I'm taking legit notes, and I will be sharing all these notes with the community if you guys want see here's the thing. I don't know, I don't know if you guys want my notes and want my, my thoughts on this stuff. I'm still, I gotta get a better system on figuring out what people want me to make content on. I know Misty, I'd said they want the vulnerability management analyst class. I'm aware of that. But yeah, for me personally I'm doing this, this training right here. Not just the quad 101, I'm doing all of these. Okay. I, I like Claude Co work. I think Claude Co works phenomenal to me. It makes sense to take the anthropic training from anthropic. Okay. Also, also bonus today at the beginning of the show I played jokingly the Karn death rattle. This guy right here. I played boys to men. So hard to say goodbye. I'm going to be not fully wiping this Mac mini, but I'm going to obliterate open claw from it, change the permissions on it, make it so I can remote into it from my workstation over here and I'm building a Claude Co work obsidian build and then I'm going to start actually just taking my notes instead of on notebook. I'm going to take them in the obsidian and start building out that. So stay tuned for that. All right. Continuing to look through chat here, Michael, do you think the red team still can ruse pursue after what Clyde Mythis can do? Yeah, yeah. I mean here's the thing. One, one reality is. Well first of all a red team, specifically red team is not designed to just break into things. A red team is designed to emulate a very specific threat actor. So as long as they're threat actors out there, there will be red teams to emulate. Now you might say, well, Claude Mythos can emulate a red team. I don't know, can they? Like maybe. But a lot of times you are looking for very specific kind of attacks and see how they work. So I don't think pen testing is going to go away. I do, I do think that a lot, a lot of like lower hanging fruit, easier things to discover, best practices that are not implemented will be captured by AI and handled. I, I've told you guys this before. If you wanted to get a CVE under your name, if you want a CVE associated with you, you better get your button gear. Because once AI goes full mainstream, all those CBEs that are super easy, AI is going to scoop them all up and you're not going to get them. Now you could get a hard one, but plus remember AI I mean real pen testers and red teams are about like kind of cobbling things together, nuances, stuff like that. So Tyler Ramsey has a video on this. I don't think it fully eliminates it, but yeah, Claude Meathos is a thing. Crocketer Tubs. I gotta go Crockett Mara. Because the song's called Crockett's Revenge and I like Crockett. All right. Yeah. Netbooks, that was a thing. We talked about netbooks for a minute. I had one of those. I had an Asus escol for someone early in their career. How would you compare external versus internal IT audit in terms of long term growth, skills, future proofing, I mean, I guess. S. Cole07 I mean they are similar and you can treat them both as similar. Like if you treat an internal audit like you're on an external audit, you can kind of get those same best practices. I think external audit's better only because you are, you know, you're, you're doing logistical coordination. You're learning how to speak more clearly. You'll be talking to technical people, you'll be talking to non technical people. You'll be doing debriefs of, you know, the client or management. So handling client operations, multiple clients versus one. Right. So that's my thoughts on that. But the skills of actually doing the audit, those are the same, right? Like internal or extra? Like. I, I guess my point is if you're doing this csf, it's NIST csf, right. An internal audit is identical to an external audit on the actual. Sit down and ask them the questions. It's just they work at the same company as you. Continuing to look through chat. All right, we are at 9:15, scrolling. How can someone's IP address from their email. How can I get someone's IP address from their email header? I don't think you can. I don't think you can get someone's IP address in their email header. The email header would have the their mail server IP address, right? Like, like Google Mail or whatever. If you, if you did want to get someone's IP address from an email, then you could. I'm not suggesting you do this. Soul shine. I'm not suggesting anyone do this, but hypothetically you could include a send them an email, but have an asset in the email that needs to be served to them and then when they reach out to grab the asset, their IP address will be revealed. Then again, not suggesting that's how you do it, but that's how you would do it. Continue to look all Right. Okay. Continue to look through chat. Guys, I, I, we family went on a trip this weekend. We may or may not move. Very cool stuff. All right. I'm also going to take GRC engineering training through anecdotes. All right, let's, I'm contin, I'm scrolling through chat right now. So can Claude Mythos impulse a specific apt. I don't know. I don't know enough about Claude Mythos. If anyone's done research on Claude Mythos, let me know. All right, continuing to look through chat. How did your collab go with Tanya Janka? Thank you, Kathy Chambers. So for those who don't know, Tanya Janka wrote a book, a new book she's got coming out. She is, she hacks purple. Very popular on the appsec scene. We, Tanya and I did a two hour live stream on Friday about her chapter one. It was fine. It was fine. It was very, I guess I'll just say this, Kathy and chat. Like as somebody like myself who is super organized and super, like, structured, the, the, the stream didn't have a structure. Like there was no, there was no clear expectation of what we were doing. We were just kind of like jumping around in the book and stuff in the chapter and talking about things. So it was, it was, it was a Tanya Janka production, not me production. So I was just a guest talent. I think it was fine. We had some good turnout. I know several Simply Cyber Community members were there and got value. Steve Young was there. DJ B SEC was there. I, I don't know if it delivered value on her marketing her book, I guess. Yeah, exactly. Kishan Infosec says you can email them. A tracking pixel. Exactly. That's how you get those IP addresses. Where does a guy get a suit like you have asking for a friend? A suit like I have? What suit are you talking about? Steve Young. I haven't worn a suit. When's the last time I wore a suit? My brother in law's wedding. Although, guys, hey, really quickly. I will be wearing a suit this Thursday. I will be wearing a suit this Thursday, which is wild because then I have to wear it to go teach the Citadel students on Thursday. I'm doing like a, I'm doing a thing on Thursday in Charleston. Devin Grady is going to be there. But I gotta wear a suit. I gotta look, I gotta look the part, y'. All. But anyways, if you want to get a suit. Steve Young. I don't even know where I got my last suit. I will. Oh, oh, oh, oh, oh, I see, I see. I'm. See? I'm such a donkey. I'm such a donkey. Okay, I get it. Steve is asking about this suit. I'm sorry. Look at me, trying to just answer questions to the best of my ability. Completely aloof to the jokes. Yeah, no, I got this down in Miami. We took down a cigarette boat. Drug cartel bust, huge. Got a little bonus from the boss. Went out and bought this hot tweed suit. Matches the Lambo. Let's see. Continue to look through chat. It's 919. This is good. Anytime I'm doing this, I think of rogue cyber. Is rogue cyber in chat still? He's got. He's got a really high energy, like, AMA thing. Foreign. I'm. I'm moderating a panel of three healthcare executives about how to implement AI governance and get adoption from clinical care teams in modern healthcare. A cto, a cfo, and I. I think a cio. And I'm. I'm. I'm. I'm manning the control panel. All right. Hey, we're caught up on chat. Phenomenal, guys. Hey, if you got questions, put them in chat. Marcus Kyler's got one. Let's see what Marcus wants to ask. I want to spend my 5 to 9 studying GRC, but my 9 to 5 dictates I spend that time studying differ. How do you level up for the job you want when the job you have monopolizes all of your outside study time? Ah, great question, Marcus Kyler. So I'm just gonna shoot from the hip, okay? Not to be confused with riding low on the hip on a train bound for glory. Marcus Kyler. What I would say here is take advantage of any and all overlaps between differ and grc. What do I mean by that? Well, let me just go to the old, trusty NIST850. Marcus, what kind of without. If you can tell me, what kind of information security framework is your organization using? Because if you're doing differ, Right, look at this. Check. This is what I would do. All right, so I. I've just googled NIST 853, digital forensics. And just so everybody knows, NIST 853 is a security control catalog presented by the National Institute of Standards and Technology around all the controls that you could implement to reduce risk for your organization. Okay? Now look at the ones that map to forensics. Au family, au 2, au 6, au 10. This is around retention generation and protection of all audit logs. Marcus, if you're doing digital forensics, you know how valuable logs are. In fact, if you don't have logs. It's the very first thing you do when you get into an environment with an active incident going on. Okay, so there's the AU controls for your GRC push ir. I mean this is right nail on the head procedures, procedures, how to detect, how to analyze, how to handle, how to do evidence collection and handling, media protection around sanitization, disposal, forensics imaging and secure storage of those forensics images, the system and information integrity family detecting unauthorized changes and malicious code. All right, now why do I say all that? As you're doing your digital forensic stuff, Marcus, you can be documenting as a GRC person how these controls align with the work that you and your team are doing in digital forensics. And then hopefully you like partner with the information security office, the GRC people, the CISO to provide greater context for their SSP or for whatever documentation they have around how they are implementing those. And if you're doing digital forensics for a client, right like say you're MSSP or whatever, you're a mandiant, you get deployed, you can provide additional structure around, you know these, these particular elements of your digital forensics workflows to be more valuable for the client and for you to demonstrate GRC practices. Plus this will get you some exposure to GRC controls, GRC documentation. Also from a GRC perspective when you're doing debriefs with the client, right from a risk management perspective you can obviously say here's what happened, here's what we know. But then if, if you're allowed to Marcus, offer them some suggestions on hey, if you'd like to reduce your risk from attacks like this in the future, here are some recommendations you may want to consider Multifactor. You may want to consider net, you know Citrix gateways or, or you know, network segmentation, privileged access management, maybe even offer if again if you can to do awareness training to the client like so if your external differ offer to do awareness training to the workforce of that client. Assuming that your employer allows you to do that would directly relate to whatever the incident was in reducing the like social engineering, right like giving education and doing just in time training to prevent that risk from being exploited or realized. Again if it's internal Marcus Kyler, you should definitely be able to educate but but do awareness training that's directly related to whatever the incident was. So look the, the TLDR final thing on this is yes if your 9 to 5 is all differ look for those overlapping opportunities. All right, continuing to look through chat. Fun question by the way. Oh Dwight's got their Simply Cybercon ticket. If you didn't know Simply Cyber if you didn't know Simply Cybercon is coming November 8th and 9th. We've got a great program built for you. Myself and the team have developed an amazing program. It's going to be at the Folly Beach Tides. It's going to be in November so it's going to be pretty quiet there. We're going to take it over. Very Deadwood esque. We're going to take over. We've got a hotel block. We're going to do talks in the morning, workshops in the day, and party and activities in the evening. I also want to point out really quickly that I think we got a workshop that might be sponsored. So dude, I'm so excited for Simply Cybercon this year. This will be our third or fourth year doing it. We've got a lot of lessons learned from previous years and I am so excited about bringing the program that we've built for you. The reason I just winced is I have a ankle injury that I refuse to stop running to allow to heal and it hurts. A Warham says question Currently we only get app owners assign acceptable use policies and want to move to getting all users included in access reviews. What's the best method and how extensive should acceptable use policies be? I mean honestly dude, acceptable use policies at scale across an entire organization, I feel like that's pretty standard. Like basically before you grant somebody a corporate user account they should agree to acceptable use. Like do you allow your end users to go to porn sites and gamble on pokerstars.net during work? Probably not. Do you allow them to install mimikats on their endpoint? Probably not. So my, my I would say getting all users to agree to an acceptable use policy should be trivial. Like, like I'd almost argue to management like give me a reason why we shouldn't tell them the policies for using their work account and then for access reviews. Yeah, that's just standard practice put in detections. So the best method I would say is just do it. It's. It's to me it's industry best practice. You got to make sure the policy is right though right? I continuing to look through chat Roswell UK who sometimes doesn't ask real questions how do we risk assess GI that changes its own permissions? Is NIST already obsolete? Yeah, I mean so I would argue that you need to make sure the permissions of agentic AI doesn't allow it to change its own permissions. I would, I would, I would curb that problem right there, I would have it request permission changes. And as far as NIST being obsolete for non human identities, I don't know. I haven't reviewed the NIST documentation on non human identities. I will say that NIST is very thorough and deliberate and what it's what makes NIST so great. They will do public calls for requests, public workshops to make sure that that those NIST documents are solid so they don't move at, they don't move at the speed of AI and business. So it may be obsolete, but I doubt it. I it may not just be as impactful. All right, so Marcus Kyler said primarily nesso Marcus, hopefully what what I suggested helps you if you can let me know in chat if it was helpful or if it was not helpful. Attackers are now hunting enterprise build variables. What what's one defensive habit that prevents a developer from being a corporate leak entry point? I mean most developer. Dude, most end users, I don't care if they work in as a developer or they're an accountant. Most of them don't want to do bad for the company. Most of them just want to do their job and get done. So I think one defensive habit. I'll give you two. One's administrative, one's technical. I would just educate them on like show them LastPass, show them SolarWinds, show them multiple instances of developers getting compromised. And don't say this is you just say hey listen, criminals are targeting you. You are a target. Right? Make them feel individually seen and you will elevate their their internal perception of how serious this risk is. And then as far as like next steps, I mean obviously like conditional access would be great on those accounts. Phil Staff by the way, Phil Stafford's my guest on Simply Cyber Firesides this Thursday. Super pumped about that. Mike oh, Michigan 2512. First timer. Welcome to the party pal. He says he's critical in cyber awareness and education. What should I focus on? Wow. Okay, so I guess if it were me Mishik, I would educ I would focus on two things. One, I feel like in the OTICS space you have a lot of people who don't see the value. By the way, we're at 9:30 so the question please. I can't get to many more questions. I I would focus on the integration of IT and OT and like educating the people who are touching those and making them aware of the risks there. Okay. So you can allow those engineers to put in segmentation or these choke points or detections if they're SOC analysts and stuff like, that a lot of OTICS infrastructure has, like. I don't want to call them like longshoremen, but, like, people who are engineers that, like, don't care about it or OT or think about these things. So you just. You have to make it digestible, and you have to make any education that you send to them. And when I say digestible, I mean, like, make one point. Don't try to boil the ocean with them. Make one point, but then make it very relevant to them. This is what I'll say to Mishik and everybody. Listen, I know you want people to come to you and help, and you're the best thing ever. And, like, they should understand what you're saying if you want to be great at cyber security awareness education. And by the way, great means that you're beh. You're modifying other people's behavior, which sounds dystopian, but at the end of the day, it's not. It's. You're helping people make better decisions or not make mistakes. You're modifying their default behavior through education. If you want to be great at that, you have to put in 98% of the effort. You have to go where they are. You have to use the language they use. You have to make it digestible, like a single point. You have to have empathy for them. Right? They're the ones who are pulling the levers and clicking on the things. Right? If you say, meet me halfway. No, my guy, there's no value. There's no incentive. There's no motivation for that person to meet you halfway. If you go 98% of the way and you're like, all I need is five minutes of your time, that is a reasonable ask for that person. That's the biggest way to get, you know, impactful awareness training. Oh, wow. Okay, so DJ B offered up a tip earlier. I think this was for Marcus Kyler. And of course, this is me not adapting to the AI age. DJ B says put NIST853 in a quad and then ask it to show you the overlaps from GRC and differ and then give you a study sheet. Okay, I'm gonna. Because of time I now we've activated the lightning round, which I think I need a sound effect for. All right, here we go. I'm looking for questions. I'm going to ask question quickly. Naval blockade of Iran. Sorry, we're seeing retaliatory claims. How do GRC players prepare for cyber warfare? I mean, do all the things. It's just you haven't increased you should this is. This should not change the way that you're operating day to day. This is why we have to stay current on industry and news, because your threat model changes and that's what's up. So more detections in place. Okay. Continuing to look through chat. I'm just trying to clear out the questions now. Isn't E Discovery a decent link between GRC and privacy and differ. Sure, yeah. EDiscovery would be like more of a legal thing for sure. That's 100% a link. Definitely appreciate you pointing that out. ISACA AI risk cert coming out this month. Thoughts on AIGRC Certs? I. I'm interested in looking at that. I mean, Comptia and Isaca are both businesses that make tons of money off Certs. AI is so hot right now that Hansel's so hot right now. So I'm not super surprised about this. I will say, based on my experience, I have several Comptia Certs or I have. They've expired. I have several ISACA Certs. They've expired. I have several ISC2 certs that I think have expired, minus CISP. I keep that one for nostalgia, the Isaka one. On balance, I bet you it's very good. I might. I might go get it. Just to go get it. Maybe I can convince Isaka to give me like a free voucher or something and then I can tell you guys about it. All right. Continu to look through chat. Questions, questions. I. I gotta get out of here, though. If you're trying to get a job where they've never had a dedicated security person might be more valuable through a PowerPoint over Zoom. Yeah, for sure. I mean, you're suggesting here that you're able to get on a call with them, which is essentially like an interview. A resume is like they read it asynchronously. So, Crystal. Yeah, if you can do a PowerPoint, I. I would even go further than that. I mean, if you can make it like a sexy PowerPoint with like animations and all sorts of things. Maybe, you know, use obs or whatever. Yeah, go, go. Get after it. All right, All right, guys, we are caught up. Guys. I want to say thank you very much. I hope you enjoyed the stream. I certainly did. Let me see if I can find again, this was Cyber Career Hotline where we answer all your questions. Guys, thank you so very much. I'm going to keep working here. You keep on crushing it. Shout out to all who ask questions, all who showed up, all who helped and shout out to Steph Clewis. As our Simply Cyber Community Member of the Week. I'm Jerry from Simply Cyber. Y' all have a great day. And until tomorrow at 8:00am Eastern Time, when we wind it back and do it again, stay secure, Sa.