B (12:57)

Before we get into the headlines, just a quick reminder that April is trust month at the CISO series. We've got some fun events lined up in April to talk all about trust in cybersecurity. So head on over to our events page@cisoseries.com for more details from the CISO series.

A (13:13)

It's cybersecurity headlines.

B (13:18)

These are the cybersecurity headlines for Wednesday, April 1, 2026. I'm Rich Dofalino. HTTP client introduces malicious dependency. Axios, a widely used HTTP client library on npm, was hijacked by threat actors to introduce a remote access Trojan into two releases. Google's Threat Intelligence Group chief analyst John Holtquist attributed the attack to the North Korean APT UNC1069. Axios is downloaded roughly 100 million times a week. The attackers are able to Hijack the NPM account of Axios maintainer, change the account, email and and lock them out. Rather than change the Axios code directly, they added a malicious dependency, manually pushing through npm CLI rather than through the project's GitHub Actions pipeline to avoid detection. Researchers at Step Security noted this attack showed significant planning and sophistication with separate payloads ready for Windows, macOS and Linux. Check out the show notes now for details on the affected versions.

A (14:19)

Okay, so because you know, we're awesome here, we covered this story at length as it was breaking yesterday. So if you, if you want to know more about this, this is a massive story and like I said, we covered it yesterday. They have fixed the dependencies. If you just update your NPM or your Axios installations, you should be fine. As far as going forward. You should go threat hunting to see if you've been compromising the in the past. Micah Romine says, you dirty rat. I agree as soon as I saw this in the chat and if you're listening on audio, the title of the story says supply chain blast. Top NPM package Backdoor to drop Dirty rat on dev machines. But I also saw it's like, oh, you dirty rat. You like like a mobster from the 30s, dude. If there's going to be any updates on the story, I want to know how they took over that dude's account. The guy had MFA and he got got. This was a sophisticated attack, okay? This wasn't some geek in the street trying to, you know, steal purses or whatever. This was like, you know, clever. They, they had payloads for Windows, Mac and Linux. Again, please do not get all hot and bothered in the chat about Mac being a version of Linux. Just, you know what I'm saying? Mac, Windows and Linux, they, it had some anti forensics capabilities. Kind of bush league anti forensics capabilities, frankly. Like it, it deleted its logs that it was install it. It deleted the installation files and the logs that it was there, right? So, So you know, not super sophisticated. Like dude, if you. Yeah, I was at Booz Allen for a number of years. Listen, if, if you're going to do like real anti analysis anti forensics, like malware development to make it hard for malware researchers. You do things like you bake in fake fake capabilities. So analysts waste their cycles doing it. I've even seen one piece of malware that was really nice where it was like, imagine a box and then a box inside a box and then they have the actual payload that, that they wanted to detonate. But There was another payload over here that was like something like key logger, right? So like when the analyst found the key logger, they're like, oh, we figured out what this thing does. And in reality there was like an a, a more malicious payload over here. I do want to give an update right now. Coming to you live from our maybe future news developer. We have attribution or at least high, high confidence attribution as of who the threat actor is behind this. And you can see it on the stream. North Korea, like very way to go, Axios. This is like a great, just like bam, size 50 font. And the North Korean hackers are implicated in this supply chain attack. It, it has some level of North Korean vibes. I, I'm going to go ahead this story. Is this story behind a paywall or something? It is. I'm going to say Kim Suki. Can anyone confirm that? I can't read this article because it's basically asking me to sign up for stuff and I'm not down with the sickness. Tldr. It doesn't matter if it was North Korea, China, Russia, U.S. israel, Ethiopia, Cameroon, Brazil, moon people, the moon and nights. It doesn't matter. The attack happened. We're, we're past it. There are IOCs out there and it is what it is. I don't know exactly what North Korea was attempting to accomplish like this. It's not entirely inside their TTPS to do the, you know, a very coordinated, complicated, massive supply chain attack. But you know, hey, this is like a perfect example of like professional development, right? You know how I lean into uncomfortable, do the things to expand yourself professionally. It looks like North Korean threat actor groups are doing that too as they go into supply chain groups. Let's see, do they have the threat actor group name? Damn. The word Kim Suki is not in here. They attribute it to UNC 1069. Unk1069 is financially motivated North Korean Nexus. Okay, so here's the thing. Like North Korea has Lazarus Group, which is like their, you know, big hitter, a team prime time. Like you know, the 1980 Russian hockey team. Like you bring them in for that. This right here, I mean, I suppose you could have had downstream impact on systems that are financial systems running this particular code. But I don't, I don't know. You should have been. Listen, at the end of the day here, here's what I'll tell everybody, okay? At the end of the day, number one, if you work in web app dev or you have people on your team that are in your organization, that develop web apps and you did not hear about this attack yesterday. Number one, that's a problem, okay? And I'm not saying you should attend the daily cyber threat brief every day. No, I'm saying this was a massive, massive attack that had massive impact and massive reach. And if you work in this space and you didn't hear about it, that's a problem. That is a problem with your threat intelligence feeds, number one. Okay? Number two, you should have already taken care of this. If you haven't at least investigated if you were impacted by this, that's a problem with your kind of like your threat hunting slash response capabilities and you should look into that. And I, I'm typically not super judgy. I'm very understanding and accepting. There's a lot of different kind of vibes going on and a lot of different moving parts. But like, this is one of those stories where it's just too big and too wide reaching to not hold people accountable. All right, so giddy up on that. There's a ton of information out there. North Korea, we see you. And by the way, like, way to go to Huntress, who discovered the attack 89 seconds after the attack happened. Boom, baby. That is like. That is next level detection. You want to talk about mean time to detect? 2014, China broke into Athena Healthcare or Anthem, was it Athena? And it took them like three months to discover it. Three, four, five months to discover it. We're talking 89 seconds, my guy. Your malware shall not pass PCP testing

B (21:17)

the open source supply chain. In more bad news for all things open source, researchers at Wiz released a report on the activities of Team pcp. We've covered the group's attacks on the LLM proxy library Light LLM. Last week, Wiz observed the group seeking to quickly validate stolen secrets from supply chain attacks. In the case of its malware injection on Trivi, Team PCP was seen validating stolen data within hours, followed by AWS discovery operations against validated secrets in less than a day. Researchers told Infosecurity magazine that Team PCP has been seen explicitly collaborating with extortion groups like Lapsus and other ransomware organizations, serving as an initial access broker clearinghouse. Yeah, Claude Sors.

A (22:00)

Dude, if you think that threat actors nowadays don't have like hideouts or gang, you know, like the warehouse in Teenage Mutant Ninja Turtles, the original, the 91 movie that, you know, Shredder ran, where they had like a skate park and free pizzas, like, you're mistaken. All these guys kind of jaw in the same. They. They all kind of run in the same circles. They have their dark web forums and stuff where they kind of like, flex on each other. And Team PCP came out of left field like a, you know, meatloaf as a bat out of hell. That's a deep reference. Like, let's say. What was that? 94 paradise by the dashboard Light. You know what I'm talking about? Song was like 25 minutes long. All right, See, Team PCP was just, like, all up in the news. I can't even believe it. Like, there's been so much going on that I'm like, yes. Okay, so Team PCP did the infection of the Trivy scanner and the Light LLM supply chain compromise? All right, here's the deal. This is an evolution in the threat actor landscape, and this is one that I. I would love to talk to flare about, honestly. So big picture this, there's nothing for you to do specifically right now other than be aware of this. Okay? Listen, the threat actor landscape has evolved into specializations. And if you don't get it, it's very similar to what happened into information security or even it. You 20 years ago. Like, you would be responsible for all the things, right? Oh, you're the IT guy. You do the firewalls, the endpoints. They didn't even call it that. You do the, you know, malware, you know, whatever, you wipe machines, you give people phones, all the things, right? And then start getting specialized. Like, you're an endpoint person, you're a mobile person, you're a server person, you're a Linux server person, you're a Windows server person. Okay, same thing on cyber security, right? Hey, cyber person, you do all the cyber things. And then it got specialized. You're offensive, you're defensive, you're firewalls, you're mdm, your grc, your ciso, you do risk, you do third party. Okay, so, like, it got specialized. As we began to mature as an industry, same thing is happening on the threat actor side. They are getting these divisions of focus where initial access brokers are their own capability, and they'd sell the credentials or bundles of credentials to other threat actors who are providing service ransomware as a service, phishing as a service, malware as a service. All these services are being offered up essentially as commoditized services to be able to allow threat actors or criminals to, you know, peace, like, go shopping at freaking Kmart or Walmart and just put things in their. In their bundle. Like, oh, I'm gonna attack a company today. I'M gonna need some credentials, I'm gonna need some. You don't even need the phishing because you already got the creds. But I'm gonna need some credentials, I'm gonna need some malware, I'm gonna need some C2 infrastructure, I'm gonna need someone defense the data or like host the data that I steal or whatever. So I'm gonna put that there. I'm gonna need someone to launder my cryptocurrency that I end up getting. And then I'm gonna self serve checkout because I got less than 10 items. You're picking up what I'm putting down. So that's what's going on now. And this is a, to me this is a massive evolution because now instead of just identity or initial access brokers, this team PCP is demonstrated that with the supply chain attack they can get essentially more initial access is typically creds right to a box or to a machine or to an environment. They're doing supply chain attacks. So instead of like single business or single org or you know, collection of orgs, they're getting upstream where they have access to tons and tons of. It's almost like explosive growth amplification of the access that they can offer, which is in Team PCP's best interest because now they can charge way more money. Great cash, homie, because they have a more desirable product, which is horrible for all of us because now me, Dreamlogic ad tech, Josiah Marshall and hey Harish can spend all the money in the world to protect our organization. And if we have a supply chain partner, like even if it's like a vendor that's providing service to us or it is an open source GitHub repo that somehow is baked into our tech stack, we can't protect from that getting compromised. So this is an evolution, it's one that we're going to have to reconcile with of course, like you know, the fact that we can do defense in depth and you know, have multi factor authentication, conditional access on all the things EDR like Huntress detecting that Axios supply chain attack in 89 seconds is huge. So we do have some defensive capabilities to detect and then respond to and effectively recover. But it's not good. And to me this is, this is an evolutionary step in the whole workflow. Thank you for coming to my TED Talk in this RAW Camera feed here. Okay, code leaked.

B (27:30)

So Layer Labs intern Chofan Chou posted on X that Anthropic seemed to have published a JavaScript source map file for Claude code on its public NPM registry. This source file was quickly archived and spread across GitHub. Anthropic acknowledged the leak, saying it was the result of human error, not malicious activity. The file revealed how Claude code limits context entropy through a three layer memory architecture and provides details on a background daemon mode called Keros. It also gives details on Anthropic's internal model roadmap and current development milestones, and provides a prompt for an undercover mode to stealthily use Claude code for public open source contributions.

A (28:10)

All right, this article's annoying because after like 15 seconds, it gives you, like this pop up. Okay, here we go. All right, so someone at Anthropic made a mistake leaking some Type of map JavaScript source map file that had. Inside information on what's going on. All right. I don't know. I'm not super familiar with Claude's AI harness. Agentic AI harness. I do know that Claude released. Claude released a, like, open Claw killer or whatever. I'll leave this to. I'll leave this to Phil Stafford and John V. But like, basically, I saw it in the news yesterday. Claude, you know, open claws this, like, agent for the masses. And Claude's released one. If, If Claude has one, Anthropic has one, I'm all in. I'll. I'll go ahead and get it. But they were, they leaked some source code. Okay, here's the deal. I don't, For a cyber security professional, I don't think that this has any impact on our day to day. Right? So if your company's using Anthropic, you know, I don't think that this, this is like, oh my God, I better go run and grab my brown pants before it turns, you know, awful in this room. But what I will say is this is a great lesson learned. I'm a huge. Listen, I'm a huge, huge fan. It sucks. It sucks when a company has a problem, right? It sucks when a company has a breach. It sucks when a company has a compromise, an attack, whatever. Okay? But I would, I will always say don't let a. Don't let a. Don't let an incident go to waste, right? So, like, we can learn from other people's mistakes really quick. We got a win in the chat here. Hey, Harish, 20 month and he's sharing his milestone, saying a major win. My CFP got selected and I'm speaking at B sides Birmingham, and I confirmed with them. It's not an April Fool's joke. Oh, my God. First of all, congratulations. Hey, Harish, I'M super happy for you. Speaking at conferences is a wonderful way to progress your career and grow your, grow your network. Okay, so I also have a video on the channel on how to submit a cfp, which is what hey Harish had to do in order to get selected for the B sides Birmingham. So go check that out, Help yourself and hey Harish, have a great talk at B sides Birmingham. So anyways, I want to say don't let a good incident go to waste. This is a perfect example of obviously somebody somewhere doing some debugging, accidentally fat fingered the prod environment instead of the test environment or the dev environment, or they accidentally changed the permissions to make something that would shouldn't have been public. Public. Right. I, you know, you know, I don't know where Claude is. I don't know if they're in AWS or Azure. I don't know if this was like an S3 bucket configuration. I don't know what it was or how it was. But all I'm saying is this is an example where internal data gets accidentally turned public. And dude, the Internet, I don't care. The Internet is undefeated as far as I'm concerned. You could have something public for just a few minutes and like someone will find it and it's like Liam Nielsen, Liam Neeson is on the Internet doing the things. So just be careful about that. Obviously once the, the source code is public, you can't change it. Like it would be ridiculous to kind of, it would be ridiculous to kind of like rewrite all the source code and change your entire, your entire situation. So. Oh, here we go. Robert Hendrickson got the cissp. Way to go. Robert Hendrickson. Big fan. Nice job. All right, anyways, final thing I this source code leak to me doesn't mean if you're using Claude code and you have the FAT app on your desktop, somehow you're at risk and you have to patch or anything. This is just. It was public, now they're making it private. If anything, this is a hit for cl, for anthropics, intellectual property. Because open AI and other businesses could steal that approach and use it for their own competitive advantage.

B (32:47)

Called to secure quantum computing supply chains. We are seeing continuing signs that everyone is getting ready for the advent of quantum computing. The most recent example, the Financial Times reports that a U.S. delegation will push to shore up the security and stability of the quantum computing supply chain at this week's meeting of the Quantum Development Group in London. This will look to secure access to rare earth metals and get ahead of other Material constraints needed for this emerging technology. US Chief Technology Officer Ethan Klein said he hopes to align on policy with European allies on these initiatives. This comes after the US suspended the US UK Technology Prosperity deal back in September, which had previously served as a cooperative research framework for emerging tech like AI and quantum computer.

A (33:33)

All right, hold on. We got a super chat coming in the chat. What do we got here? Hold on one second. Johnny vol. Johnny von Line 1862 with a super Chat. Thanks for the super chat. He says it's a harness for Claude code multi agents. It's illegal to implement their code, so people online just converted it to Python, which is fine to use. All right, there you go. That's what I'm saying, guys. Like competitive advantage. Like people. People will find ways to use it. That's why you got to be careful when you accidentally disclose things publicly. And thanks. Thanks, Johnny. I appreciate the super chat and I appreciate the insights for the community to get more value out of this story. Okay, so really quickly, quantum computing, supply chains, people want to secure all the things. Yeah, quantum computing is coming. I don't know. Here's my thing, guys. I hate to sound maybe, maybe I'm old, maybe I'm just not familiar. I understand quantum computing is coming. I understand that we have post quantum computing, you know, encryption resistant or post quantum computing resistant encryption. I know that Chrome is starting to implement quantum computing resistant algorithms for the TLS connections. I understand these things. I'm not like, I'm not super sweaty about quantum computing because number one, like, I don't know, I hate to. Here's my thing, okay? This is maybe like a personal thing or philosophical thing, but here's my thing, right? I worry about a lot of things, all right? Like that's, that's, that's just how I'm wired, okay? That's why I'm good at risk management, okay? I worry about a lot of things if you walk into a room, okay? Like, are you walking to a bar? Okay, let's just do this. You walk into a bar or you're a kid and you walk into the, the high school cafeteria, right? Whatever it is, you walk into a room, and at one end of the room is a big, grizzled, angry looking, irritable person who's banging their fist on a table, screaming to themselves, looking like a lunatic, okay? And then you look over on the other side and there's someone who's just like sitting there, right? Maybe they have. Maybe they look ironic, right? Maybe they're wearing a fedora and they Have a. A funny mustache. Okay. What? Whatever. Okay, to me, the fedor mustache twirling person is quantum computing, and the big grizzled, like, lunatic screaming to themselves is AI Okay, So I only have so much cycles to spend on anything. So when I walk in that room, to me, the immediate thing that requires focus, attention and management is AI yes, there's a mustache twirling fedora over here, and that's not to be forgotten. But like, I cannot allocate the same level of resources to both of these threats and. And to me, it makes no difference, right? So quantum, we got Super Squad memberships coming in. Thank you very much. A guy named 303. Did we just become best friends? Yeah, and if you're one of the recipients of said squad memberships, thank you very much. It's just, here's my thing. Quantum computing. Yes, it's a thing. Yes. It's coming. You have to be able to cool the thing to near zero Kelvin, which is not easy to do, which means it's going to be accessible only to first world countries who are investing heavily into the ability to have quantum computing, in my opinion. Secondly, everyone can use AI My aunt Dorothea right now, using one powershell command, can install open claw on any computer and have it run all over the place. Do you understand? Like, to me, like, the attack surface, the risk, exposure, the whatever you want to say for AI Is dramatically. It's not even. It's not even apples to apples. So, yes, quantum computing, U. S pressing UK and allies to secure all the things. Honestly, I don't think the US has the. Whatever. The US Pressing anybody on anything right now internationally seems like a bit of a, you know, a tough road, a hoe. Anyways, let's go. Also, hey, guess what? Thank you all so very much. I do want to say,

B (38:08)

oh, thanks to today's episode sponsor, Threat Locker. Least privilege isn't about distrusting users, it's about limiting blast radius. Many attacks succeed because malware inherits excessive permissions. Enforcing least privilege helps ensure that even if something goes wrong, attackers can't easily escalate access or move laterally across the environment. Learn more@threatlocker.com

A (38:35)

all right, here we go. All right, all right. Hey, guys, thank you so very much for being here. Shout out to the Stream sponsors, Thread Locker, Anti siphon and Flare. I do want to say thank you all. Like, if you joined us a little late and the camera looks janky, it's because we had a. We had a hardware failure here at the Buffer Osier Flow studio at the beginning of the show. And you know me, I'm not gonna let something like a camera failure stop this show from running. This is episode 1101. We dude, a camera issue is a speed bump and we're doing about 75 miles an hour down the road when we hit that speed bump. Just like to do and just keep on, keep on keeping. I do want to say it is April 1st, which means I have a whole new clean set of memberships to give away. I get to give 10 away a month. So let's go ahead and do that membership gifting. Let's give five memberships away. Hey, thank you for being here. Thank you for just supporting Simply Cyber. Here is five gifted subs. Chris Patton, Joe Willie Dohe, Red Devils and Yolanda Ross. Welcome to the parties, pal. All right, every single day of the week has a special segment. And Wednesdays is way back. Wednesday, I'm old. Many of us in chat are dj b sec. 44 months. Thanks, dj b sec. I want to say hey, every episode we have some fun. Way back Wednesday. It's basically where we just look back at an old technology and have some fun, make fun of it or can't believe we did it. I'm going, I'm going way back into the crates on this one. For anybody who likes hip hop, okay, I want to bring your attention to this. Okay, ladies and gentlemen, at some point in music history, eight tracks were a thing. Now I, I just want to share in full disclosure. I'm a little. I'm almost too young for this, but I do remember going up into my attic and discovering my dad's eight track collection. He had like six or seven. He had like a Corvette. Where the back of the Corvette you could jam a eight track in and it would play it. I don't know why they had eight track players. Like no one asked for it. We had cassette tapes. This was basically a larger cassette. It was like the size of an Atari video game cartridge and you would jam it into these players. I feel like cassette tapes continue to reign supreme until CDs came on the scene. So, ladies and gentlemen, if you have a Red bone or an Eagles 8 track anywhere in your your history, you're old and welcome to the party. I love it. Welcome to the party, papa. All right, so yeah, feel free to. So BW 5542 is saying 8 track was a pure money play by the music industry to get people to buy the same music over again. There you go. I don't have an April Fool's joke. I don't. But I do want to say thank you all for being here. Oh, man. A lot of people had. A lot of people had the had a tracks. All right, let's get our La la la song Pepperidge Farm remembers eight. La la la. All right, very nice. All right, let's keep continuing on also. Hey, Phil Stafford. I meant to send you an email yesterday. I didn't send you an email. I got interviewed for a podcast yesterday that I told them about you. You would be perfect for them to interview and they want to interview you. So if you can DM me on discord. Sorry to make this a task for you, but like, I meant to do it yesterday and I just saw your name in chat and it reminded me. I'm sorry, but message me and we'll get you connected for that pod. All right, let's keep going.

B (43:17)

Italy finds finance giant for personal data security failures the Italian Data Protection Authority find one of Italy's largest financial firms in tesa San Paulo Spa 31.8 million euros citing serious shortcomings in personal data security due to the inadequacy of the technical and organizational measures adopted. This follows a three year investigation into the firm which discovered employees improperly accessing customer information without triggering internal control systems. While this Access impacted about 3,500 customers, the investigation found that these were often high risk accounts belonging to public figures. The investigation also found that the company sent incomplete breach notifications well after legally required deadlines.

A (44:01)

All right, so a company gets fined 36 million. Chances are they make a lot more than that. Or, or else that would be a ridiculous fine. Let's see here. All right, High risk customers, dude, here's the thing. Like, even if you're, you know, freaking give me a celebrity who's, who's a current celebrity? Ed Sheeran, Is he still relevant? Ed Sheeran or Antoine Walker? Scotty Pippen, Right? Like, like think of like, you know, Roger Federer, right? Like, like think of, you know, people who are, you know, Lizo. Right? Like, just because people are celebrities doesn't mean that they don't, like, live normal lives. Like, they have bank accounts, they have Social Security numbers, they have loans and mortgages and stuff, right? And, and I get it. Like, oh, Roger Federer pays cash for his house, whatever. But you get my point. So when, when you have, like, when you're operating as a human inside of society, it doesn't matter if you're, you know, a construction worker in Norman, Oklahoma, or you're a well known super celebrity, you still have to go through the systems. So in this instance, if you're a high risk VIP person, that doesn't stop someone who works at a company from like instead of typing in Gerald Ozier because that's who you're supposed to be contacting next, they type in Paul Pierce and, and then they find out or Beyonce, like who wouldn't want to know Beyonce's home address, right? For example, this particular financial giant did not have those protections in place. If I had to guess, somebody with power somewhere had their information compromised in some capacity and then they, they responded by having this investigation done. And, and I know that sounds a little Illuminati esque, but I just, that's, that's the, the vibes I get on this. I will tell you. I know for a fact I have, I know someone personally who works at a large financial institution. I'm going to make this super vague. So I don't accidentally dox anyone, but like I know someone who works at a large financial institution and they're, they're kind of a higher up in the institution, which just means I say that. So you understand that they have a lot of visibility over the operations and they have such great internal controls that if an employee accesses a customer record that they should not, they know, they, they almost immediately detect it and then they will terminate the employee. So I. E. If, if you go to a celebrity's personal account to see like their phone number or their home address, or you go to like you know, an ex spouse's account or whatever, they'll detect it right away. So like there are great internal controls to handle this. And apparently this financial giant did not have those things. Again, these financial companies, there are many of them. So you know, low key, like tinfoil hat. I suspect that this was a, like a, a response to someone being like, hey, this is some bull crap. Go investigate them. Let me see if. I'm just seeing. Yeah, see, the regulator launched a probe after following a data breach announced by the bank. The ensuing investigation revealed that an employee accessed the banking information of 3,500 customers in two years without having proper reason to do so. I mean, I don't know, like this person was absolutely abusing their access. You can see here, this employee was accessing well known public figures. So yeah, I don't know if this person was selling that information or whatever, but like I'm telling you right now, I would bet like 50 bucks. Okay, so I'm okay if I lose 50 bucks. I would bet 50 bucks that one of these 3,573 customers whose information was compromised over those two years. One of them's got some juice and reached out and exercised that juice to have this financial institution investigated. And then I guarantee you this employee got wicked fired. $36 million. That's usually a resume generating event.

B (48:49)

Iran revives pay two key as former CISA director Chris Krebs recently characterized, Iran seems to be throwing everything against the wall when it comes to cyber operations. The most recent examples, researchers at Kela's Cyber Intelligence center found evidence that the country revived its state backed ransomware operation PayTechy. This revival saw the group recruiting from Russian illicit forums, a move Kela characterized as outsourcing geopolitical retribution to the global cybercrime talent pool. Part of the strategy for Pay two Key appears to be launching so called pseudo ransomware attacks where the goal is just to leave systems encrypted to cause chaos or install other forms of wiper malware. Pay2Key also serves as initial access broker for other threat actors. Silverfun.

A (49:35)

Okay, all right, here's the deal. This should not come as a surprise. As a student, like obviously, or not a student, as an academic, I'm, I'm fascinated by this. Okay, I said this before. Once the United States, Once the Iranian conflict initiated, or however you want to call it, like that 2:00am Saturday night, you know, attack, we're in a full conflict now. You know, there's an Israel piece to this. I'm not making this political in any capacity, but I've said it before and the evidence continues to bear out. Iran is in an existential threat right now. They see it as an existential threat and they are doing everything within their capacity to defend themselves. And, and you know, kind of defend forward, if you want to use one of those terms in America has invented. Defend forward basically means kind of like proactively attack to prevent an attack in the future. And they're doing everything like we saw the Stryker medical malware wiper. We've seen nation state cyber attacks, we've seen hacktivist backed cyber attacks. And now Iran is basically open for business, right? Like you know, they have their own capacities, but they're hiring effectively mercenaries from Russia. But I'm sure they'll take anyone from anywhere to execute disruptive attacks on us, US and probably US friendly organizations and infrastructure. They said pseudo randomware, effectively it's just a, it's, it's, it's equivalent to a wiper virus. They're just encrypting all the things and there's no Key. So essentially you'll have to rebuild the entire infrastructure. It's. To me, it's no different from an impact as a wiper virus where you have to rebuild everything in the first place. Anyways, so they're increasing their activities. And again, as an academic, again, I hate to be so callous and so objective about it, but I've always been fascinated with how World War iii, effectively, how a multinational geopolitical global conflict would manifest in the age of modern cyber capabilities. That's something I've always been fascinated about. Where we, we've been talking about the theoretical cyber Pearl harbor. And everything's going to be done in the, in the b. You know, the battle space will be in the Internet and it's cyber security, all the things. And in reality, that is not the case. Cyber is just a complimentary capability to kinetic war. Right? I mean, I can wipe your computer and that's frustrating and probably has some deficiencies to your operational capability. But dropping a Tomahawk missile, like that's not going away. You know what I mean? So, so seeing Iran kind of scale out by hiring mercenaries effectively and having an infrastructure for those mercenaries. This pay to key, it's, it's wildly interesting. I will just tell you guys really quickly if, if anything. And this is, this is like, you know, me going beyond the headlines. This is what I think, okay? If you've seen the 1983 movie War Games with Matthew Broderick, it's phenomenal. Essentially, there is this command center in Cheyenne Mountain that the United States military operates from, and it's in a mountain because they can sustain a nuclear weapon attack and continue to do command from this mountain. Okay? That's the whole point of it. And they have these defense condition levels. DEFCON, DEFCON 5 is like, everything's fine. The world is at peace. Everybody's high fiving, but we're still like standing at the gate with the rifle. And then as you go down the defcons, you get more serious, you increase activity, you put more guards on the gate. You, you know, you start talking to friends and allies and like DEFCON 1 is like we're at, we're at war and everything's out of control. Okay. Yes. Shall we play a game? That is Joshua from that movie war games. Also SimP Cyber's AI voice. So basically, what, what, where am I getting with this? Just because you're a publishing company in Mount Pleasant, South Carolina, or you're a cyber security education company in the low country, or you're in Miami doing you know, whatever or you are in Denver working at a healthc care facility. We are all, all of us, US based, international based, Roswell uk. All of us. If you are in a country or you use a company that is like somehow aligned with Western democracy or western philosophy, like, your defensive posture should be increased, your shields should be up. I'm not saying you're going to be attacked, but there's a lot of like Iran is basically putting pool balls in a pillowcase and just swinging it around and you could get hit as collateral damage. There's just more activity going on in the, in the, in the, in the space and I don't want anyone to get hit. Right. So like we've been training for attacks, we've been putting defensive protections in place to, to mitigate the damage of attacks. We, we've been putting detections in place to find out quicker about attacks. You know, like this is what we train for. So I don't want anyone in this community to be impacted by this. But like to say, to stick your head in the sand and say, oh, it'll be fine is ludicrous.

B (55:52)

Spreads rats across Asia. A Chinese cybercrime group that goes by a range of frankly awesome sounding names, including Silver Fox, Swim, Snake, the Great Thief of the Valley and Void Arachne, has been spotted operating a typo squatting campaign. This attempts to spoof trusted software brands like surfshark, Telegram, Zoom and Signal to install a novel Atlas Cross Remote Access Trojan. After visiting a spoof domain, victims are prompted to download a zip archive that installs an autodesk binary, which then launches a shellcode loader for Atlas Cross. Researchers say the coordinated nature of the campaign and the development of a previously unseen Remote Access Trojan show significantly more sophistication from Silver Fox. Dutch Finance Ministry goes, so I mean,

A (56:35)

this is a classic attack technique. Because of time I'm not going to play the saxophone. This is a classic attack technique. They have a typo squatted domain www-surfshark.com it looks, it looks like a real website. You're going to download a VPN or you're going to download an extension, you're going to download whatever. And in reality you're installing malware or you're installing a remote desktop management solution. It could be Trojanized, which means that the Surfshark VPN or the Proton VPN or the Zoom player is still going to work. It's just also going to run the malware and once you run it under your own permissions, you're infected and then you're screwed and then it's going to start doing all the things. Okay, so let me break this down for you so you don't get punched in the mouth by this. Number one, let's follow the kill chain. And if you're listening on stream, I mean if you're listening on audio Nick from Georgia listening on Apple podcast, or if you're listening on Spotify, you're at the gym and you're just listening to me on 2x speed, or you're making some pancakes right now in the kitchen. I'm going to describe the infograph. Okay. It starts with the victim. The victim falls for a socially engineered fake website that looks like a real website using typo squatting for the domain name. So number one, let's educate our end users. Done. Also, if we have access to these fake typo squatted websites, let's put it in the firewall or put it in the DNS. You know, you, if you work at a business, you should absolutely not be using like an ISP DNS. You should be using DNS from something better. And if you're an individual small business, right, you got a sonic wall network device in a, in a, in a slop closet in the hallway because you're managing like a dermatology clinic. Change the DNS resolver to Cloud Flare or Quad Nines or Google. There are free, free, free DNS resolvers that will give you at least a chance to have these domain names not get resolved because they're known as malicious. So right there we, we, we break the chain on step one. Now let's say that, you know, my aunt Dorothea doesn't follow best practices and we don't have, we're using Comcast for our ISP DNS resolution. Okay. All right, so she downloads this app and installs it. Okay, now we got a chance here. How about EDR stopping it? How about Threat Locker denying it by default? How about, I mean those are basically the, the two main ones, right? Right away, that's just the installation. Okay. Then it's going to start reaching out to pull down, Let me see here, really quickly. So the payload you're installing is the remote management solution. So at this point you can see there's C2, you know, like you could catch it at the network layer again, it's going to be running Ultra Viewer as a remote. As a, well, Ultra Viewer is a decoy. They do have a trojanized loader. There's multiple steps along the path to break this. You can also look for in your Windows directory For random file name.exe. that's gross. There's a lot of ways to protect yourself from this. And honestly, guys, threat actor is going to keep doing this because it is effective and it is working. If you're interested as a practitioner in learning about cyber operations, cyber kill chain and how really organized organizations do it, I'm going to drop a link in chat. This. This to me, there's a lot of different ways to do cyber attacks and stuff. This to me is like a nice, simple case study that has enough level of sophistication and technical complexity that it's interesting to understand and then talk through in a job interview. But it's not so nuanced and innovative and novel that like, it's like an obscure example. This is a good one.

B (60:43)

Offline after breach Last week, the Dutch Ministry of Finance disclosed that it suffered a data breach on March 19th. This attack didn't impact systems used for tax collection subsidies or import export regulations, but did expose data on some employees. So far, no threat group is taking credit for the attack. In a statement to legislators, Minister of Finance Ilko Heinen said the ministry was forced to shut down some systems for security reasons. As of March 23, Heinen said about 1600 institutions could not see account balances or use an online portal to apply for loans. Both services are available through conventional banking channels. No word on when these online portals will come back online.

A (61:24)

All right, so way to go. The Dutch website got, you know, impacted. They took it down. It sounds like they're doing, you know, standard stuff, guys. You can't stop all. You cannot eliminate all cyber risk. That's like something that you have to reconcile. You cannot stop. I don't know, I keep saying stop. You can't eliminate all cyber risk. You will always have some cyber risk. So even if the Dutch did everything they could websites down, it looks like they detected it quickly. They're responding. They've got forensics doing things to see what's bad. They're probably going to fix the problem. Ah, you got a Patrick. And much like this, you know, alternative camera I'm using today, they have not had a catastrophic impact to their workflows and processes. Because you can still fill out an application for a loan. You just got to march your butt down to the, to the building downtown. It's inconvenient. But do you want the loan? Come on down, fill out a paper form and let's get it done. Health care institutions do this all the time, dude, like once a month. Real hospitals, real clinical settings, where will run on paper just to make sure that they have what's called downtime procedures effectively in place. Because guess what? If. If the system goes down in a hospital, you can't tell, like, a sick patient. Like, we're trying to reboot it right now. So why don't you just hold on with that heart attack and we'll get to you when we get to you. No, like, you've got to have downtime procedures. It sounds like the Dutch thought through this already. Also, shout out to tabletop exercises. It sounds like the Dutch ministry was on top of that, too, because they gracefully fell over to manual procedures in this instance. So good on them. All right, here we go. All right, everybody. This has been April 1, 2026, episode 1,101 of Simply Cyber's daily Cyber Threat Brief Podcast. I was your host, Dr. Gerald Oer, coming to you live from the Buffer Oer Flow Studio. I hope you got value from this show. If you are a first timer, I hope you come back. Welcome to the party. If you're a long timer, thank you for all the support. As always, I do the best I can and just, you know, pivot, pivot, pivot. We had a bad camera today, but we made it work. I feel like the quality wasn't compromised by that. Don't go anywhere, because we are going to be doing a show called Jawjacking, which I'm. I'll tell you about in a second. I'm going to change the name of Jawjacking, so just emotionally prepare for that. Don't go anywhere. I'll be right back. I'm Jerry from Simply Cyber. If you got to get out of here, have a wonderful Wednesday. And until next time, stay secure. I'm going to answer all your cyber career and industry questions right after this. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking. All right, what's up, everybody? Of course, my camera is all mullocked up here, so can I do this? No. Can I do this? Yes. Okay, so that's it. All right. This is a camera. Can I change the camera? No, bruh. All right, hold on. Just bear with me for just a hot minute, please. I'm trying to freaking. Okay, let's try this. Let's go old school. Oh, my God. Hold on one second, all right? Hold on one second. I'm going to do this. I'm going to close obs. I'm going to unplug and then plug my camera in again. All right, I turned it off and on again. Let's see what happens, Bro. You effing with me, son? All right, hold on. Ah, I'm gonna stab. I'm gonna stab something. Hold on one second. I'm blowing into the USB port on the camera now. Like it's a Nintendo cartridge. Did you ever blow into the Nintendo cartridges? Hey, Fu Manchu says this show rules. All right, come on, give me a camera. I am going to punch a camera. Yeah, I'll make sure it's properly connected. All right, hold on. Give me. Give me a second. I've got a backup backup camera. Give me one second. Absolutely ridiculous. All right, hold on. So I've got a backup backup camera. The problem is that the camera, as a driver perspective in obs, it sees it. So it's, like, holding priority on the. On the resource itself, which is obviously a problem, right? Obviously. All right, hold on one second. Seriously? Yes. See what I mean? Like, it's holding priority. It's holding priority. You know what? I'm sorry. I didn't mean to drop an F bomb. I have a backup backup camera. But for the sake of everybody's sanity and mine, let's just do it this way. I know this is suboptimal. Here we go. All right, we'll just do it this way, everybody. Okay? And then I'll change this graphic to say Jawjacking. Okay, cool. All right. Welcome to Jawjacking. I'm gonna back it up. I'm your host, Jerry Guy. Fu Manchu says he loves it. Thank you. All right, guys, we're gonna do it this way, and that's what's up. So if you have any questions, put them in chat with a queue up front. I'm looking right off camera at the chat here, just because. Because I got the camera. I'll show you my. My setup here, my rig. I know some people always enjoy seeing, like, the behind the scenes. There's the coffee, right? And then the gear. Also, shout out to haircut fish who made me a one of one crusade Run GRC Graphic. I always keep that on my desk. All right, so that's behind the scenes. So you guys can appreciate what the heck's going on here. If you have any questions, put them in chat. I will answer what I can. Here we go. Zach Morrison with a question. Thank you, Zach, for getting us started this morning. Other than grc, are there any other non Technical careers in cyber security. Oh, my God, that's. That hits a little like. That's like a kidney punch, dude. GRC is technical. It's just less technical than like, you know, red teaming or something. So by the way, also, Zach, like, GRC engineering is turning into a thing, I would say in the world of cyber security, I mean, if you wanted to, you could like, see, so this is going to be such a punch in the throat. But the CISO is not technical. You can be a CISO and not be technical. What else? I guess awareness training, you know, kind of managing people. It depends on the size of the organization. Right. Like, if you're at an organization that's so large they might send you out to do like. Like if you're enrolling people in mfa, but not really. I would say GRC is probably the least of all the technical ones. Run grc shirt guardrail. Yeah, you know what? Like Black Hills has the Run GRC logo. Zach Hill told me I should just take it and make it simply cyber. I kind of want to like, run that by Black Hills before I do that. Josiah has a entry level sock interview. And by the way, I'm putting the questions on stream below me so you can see them. He's got an entry level sock interview on Monday. Any tips you can give me? Yeah, dude. Josiah, if I may. If I may be so bold, Josiah, here's a tip. Register for this training, which is in three hours. Okay. And this isn't me just pumping this training. Hold on, let me add. Josiah, this one. Oh, Josiah. Okay, Josiah, I just tagged you in chat and put a link to this. This is a free one hour webinar from Dan Reardon, who is a sock analyst about how to write better tickets. Sure. You're going to be talking in the soc interview probably around, oh, if you got a fish, what would you do? Or what's Miter attack framework and all these other things. I'm telling you right now, if you talk about documenting tickets better. That is not something that you're going to learn in a try hack me room or a let's defend room. No one's talking about this, but this is valuable. That's what I would say. You want to talk about a way to set yourself out as a differentiator Right there. All right, let's keep cooking. Also, say hi to Dan when you're there. Dan's so cool. I love Dan. All right, let's see. Is cc. Is CCSP worth the investment in time or is it just more duplicate applicative of CISSP is ccsp the, the cloud one. Yeah. So I would not. So first of all, I would say CCSP is not duplicative of cissp. So I think that assumption is incorrect right off the rip because CCSP is cloud focused. CISSP is like, you know, mid career industry infosec professional. I would say this number one, Shane, if you can get your employer to pay for it, go get the ccsp. Get your employer to pay for it. Do it if you're gonna pay for it. I would skip it. I would skip it and I would actually go take the training on whatever cloud platform you think would be the biggest bang for your buck. For example, Microsoft Azure or, or Amazon AWS are basically the only two platforms I would spend any time on. Let me fix this, but let me show you. And this is for everybody. But like, look at Microsoft Azure training. The training's free. Excuse me. Browse all Azure training, right? Come on, computer, load up. I don't have time for this crap. Okay, listen, look at all this 1578 results. And almost all of this is free. As far as I know, it's free. Now you'll have to pay to take the certifications, but guess what? As a hiring manager, if you can tell me how to configure intune or you can tell me how intune works, or you can talk about features and tools used for compliance, I don't care if you have the certification. You can speak to these things. So get all the free training. So anyways, Tldr Shane is. I would focus more on tech than like a cloud cert just specifically for cloud because cloud is very vendor specific. All right. Continuing to look through chat. Yeah, I've tried deactivating, reactivating the camera. I didn't try deleting it or not because I didn't want to like lose. I gotta back up. I feel like I'm right on top of the camera. Taekwond says my last performance eval I got not meeting expectations. Should I apply to another role where I can be successful? Yeah, I, I would be applying anyways. I mean, do you like your job? I guess taekwondong, that's the first question. Do you like where you are? If you're not meeting expectations, then either you're not trying at work or you're. You have a miss. There's a misalignment between like what expectations are from your boss and what your perceived expectations are as delivering work or your company is just had to pick someone to like be on the bell curve side of it. But yeah, I would be. I, I, I, I constantly promote be the CEO of you. So, like, you know, if you think the writing's on the wall, you know, get after it. If they, if they said you did not meet expectations and they did not put you on a pip or a personal improvement plan, then, I mean, I guess, like, what, like, what's the outcome of not meeting expectations? Did they just say, you don't get a pay raise, get back to your desk and work? So there's a lot, there's a lot to a taekwondong. I, I would definitely be, like, sniffing around, but I mean, I'd also be like, okay, like, where did I fail to meet expectations and how can we get me there, Right? Like, are you invested in my success or not? Jose Alfredo says he just got connected with Huntress, trying to figure out how I can use it to add value. Oh, yeah, I don't understand what you mean. Like, are you using Huntress EDR at work now, or you just, like, someone introduced you to a person at Huntress? I like Huntress. Of course. I like John Hammond quite a bit. And I like Matt Kylie. They're both over at Huntress. How do I start GRC Engineering. Any suggestions, Kelvin? So, all right, here's a fun fact, everybody. Sorry, I just had an itch on the back of my calf, and without giving you too much information, I need to cut my toenails. I mean, they're not gross claws like a velociraptor, but I do have to cut my toenails. So, like, my big toenail on my left foot is able to scratch the itch on my right calf in a way that is just so satisfying. All right, so getting back to GRC Engineering, somebody. Gosh dang it, who was it somebody in chat yesterday or in a group dm? Give me a second. I'm gonna pull this up. I haven't vetted this GRC Engineering anecdotes training. Okay, so check this out real quick. So there's a company, there's a company called Anecdotes. Their website's anecdote state. AI and I, I have to preface this. Okay, I am doing small a bit of work with Anecdotes. I actually sat with them like, a couple weeks ago and went through their whole platform, and I like it. And if I was going to partner with a company that does GRC stuff, I wanted to fully understand what they're doing, because I'm not going to put my name to something like Phantom. So I wanted to Understand it. So I did. I actually had a blog post come out yesterday on LinkedIn about my thoughts around anecdotes AI. So this is completely not related to that. But what I do want to tell you is the last two weeks of April I've already booked. I'm going to be doing professional development. I have assigned myself training for the last two weeks of April and I'm going to be doing the following. Number one, I'm going to be doing as much of anthropics training as I can so I can get better at AI. If you're interested in information on that, I can share blog posts and stuff. Number two, I want to learn more GRC Engineering and Anecdotes has this free guide on it and my understanding is it's also a bit of training. See, you'll discover how to structure your GRC repo, write terraform configs, set up CICD automation. This is, this is for me. So I'm going to be taking this train. I can't tell you if this training is good or not. I can't tell you if it's good or not. But I'm. I am telling you that I will be taking it. Kelvin. I'm trying at Kelvin in chat and it's not pulling your name up so I just dropped a link to it. All right, let's keep looking through here. Question from Bob Bobart. Do you have any resources or examples of tabletop exercises you have run or would like to run? Black Hills, Back Doors and Breaches is a good one right here. They have cards which are fun. Who asked that question? Bobart. I don't know why people's names aren't coming up. Like I don't know if they've left the chat or whatever. But anyways, if you want to do tabletop exercises you can do them with. You can use this as a tool to help you do these backdoors and breaches. I dropped a link in chat already. Okay, now what kind of exercises or examples? I have done many and I will tell you they're not all created equal. Here's the one thing I would caution you, okay?

B (80:19)

Oh my God.

A (80:21)

Here's the thing to caution you. Number one, a lot of people will attempt to boil the ocean. A lot of people will attempt to do one tabletop exercise here, okay? They'll do one tabletop exercise a year and they'll try to invite every friggin person to it and you end up not doing anything valuable. Yeah, everybody gets some Krispy Kreme, donuts or some pastries. Maybe you get Panera lunch brought in. Everybody has a laugh. Oh, that was a fun off site. And you actually get no value from it. Here is what you need to do. You need to have a focused session with a focused team like IT or the executives or legal or the communications team or the finance team. And then you have to have a very specific, tailored scenario that is relevant to that group and then execute it. For example, like, the easiest one is to start with it. Get like the, you know, the IT team in there, feed them up a bunch of coffee and donuts, and then lay out the scenario. Hey, we got a detection that there is, you know, somebody in the environment has fallen for whatever. Or we got this. We got that word that this Axios NPM hack happened. That is our initial play. What do you do? Right? And just have them start talking. Right? And then you need to add injects like, oh, we would. We don't use that. All right, well, how do you know that, you know, oh, well, nobody uses it at the company. So then you could immediately inject and say, all right, well, we ran. You run a. Like, they, they don't say this, but you say, oh, you know, you get a call from someone in the finance department who says they saw the news about the data or the Axios attack and they wanted to let you know that they actually stood up a web server, you know, internally for the finance team to be able to track metrics or whatever, and they realized that they had their system compromised. Now what do you do? Like, you have to, like, manage it. Okay, but backdoors and breaches can help. Then maybe do the executive team and add things like, oh, hey, like, Channel 5 news just called and they said that they've been contacted by a criminal who says that they have all of our files from our file server and they were asking for a comment. What. What do we do? What's your first reaction? Right, do you. Do you respond to the comment? Do you call the cio? Do you say no comment? Do you call legal counsel? What do you do when. When this happens? What are the thoughts? And the idea isn't to. Gotcha. The idea is to have people think through these things and then identify where there are gaps in processes. Listen, if you have all the people there, they're going to be in their phone not paying attention. Next question. Thank you for the question. All right. All right, Continuing to look through chat, by the way. Thank you, everybody in chat. Luke Canfield needs me to say velociraptor Velociraptor Again, did you see the show the Pit? Oh, I did not see the show the Pit. I don't have a lot of time to watch TV. Unfortunately. I watch more YouTube than TV now, although I do watch live sports. Mark says he had no success finding his way into cyber. Even with experience both in and out of tech, I'm lucky to be able to pay for personalized guidance. Any situation suggestions? I mean, Mark, it's, it's not easy to do this right, and there's no amount of money you can pay to get this, but personal branding and network development, again, I'm not saying personal branding. Like, oh, look at me, I'm Mark, I'm an influencer and I talk about all the things that you should follow. It's much more like you need to kind of like. Like Dennis Keefe is a perfect example to me. Like, Dennis Keefe puts out all sorts of content on osin. Here is an OSINT tool. Here's an example of me using osint. Hey, look, here's a story where OSINT led to discovery. You know, Osin, Osin, osin. So now, like, when I think of osint, I think of Dennis Keefe as an expert in osint. So when opportunities come up that are OSINT related, I contact Dennis Keith. Same thing you, Mark. Like, again, I don't know what it is you want to do, but, like, lean into it. Start establishing yourself publicly, you know, as being associated with whatever it is you want to do. And then that'll help also develop relationships, right? Dude, me and Robert Wetstein, Bowtie Security the other day, we're talking about it. It's like, I call it the side door. It's. It's not fair. It's not fair, but it is the rules that we play by. We don't live in a meritocracy. The person who's the best doesn't get the job all the time. The valedictorian doesn't get the job all the time, right? If 15 people can all do the same job and I know one of them personally and I have the job, I'm going to ask them if they want it. Not because I favor them, but because I don't want to go through all the trouble of discovering where the other 14 people are. If I have a problem now and I can solve it now, I want it now, right? It's my money, JG Wentworth, and I want it now. I mean the same thing again, like, dude, and again, I'm not trying to dunk on you, Mark. I'm, I'm just trying to explain why it's, it's easy to be up here and be like, oh, start a personal brand. Next question. Like, no, I'm trying to explain why and then explain the, the impact of why I've had people call me and ask me to quit my job to go work for them because they know what I can do. Because I've made it abundantly clear, you know, And I know there's a lot of imposter syndrome and fear and you don't get immediate overnight viral success and all that stuff. You have to work at it. But that's what I would say, Mark. Like, increase your chances by increasing your profile and letting people know what you can do. And, and I, I know it's frustrating, dude. I know it's frustrating. I remember when I graduated university and I wanted to get a job and some people know this story. I had to go carry bricks. Like literal bricks. Like you would, you would use a tong and it would have 10 bricks, and each brick weighs five pounds. So I'd be carrying 50 pounds in both hands. Eight, eight, nine, 10 hours a day, just freaking marching bricks, carrying 50 pound bags of cement, mixing cement, doing this thing to bring cement up to the scaffolding, to the mason on the top. I worked my butt, dude. I basically went to the gym for like 10 hours a day for like whatever, like 60 bucks a day or something stupid. But I, I refuse to compromise. I wanted a job in tech. Again, this is 2004, 2003. But anyways, I know it's frustrating, dude. All right, continuing to ask. All right, we're at 8:30. I'm gonna speed run the rest of the questions. UNC Charlotte had an AI master starting this August. Sure. I mean, if, if it's affordable. I don't think getting more educated in AI hurts. I think having a degree in cyber, maybe not the best as far as like differentiating you in industry, but AI Masters, I think that, that right now is pretty hot. I think I would ask Phil Stafford his thoughts on it. All right, continuing to scan for questions. How do you use backdoors and breaches? Very quickly, you basically pick four cards. Like, like an initial attack, lateral movement, an exfil, and one other one. There's like four categories, and then you have to have like a dungeon master kind of explain a scenario, and then you, you have a bunch of tools available to the team, and they choose a tool, then they roll a dice, and they're either successful or they're Not. I will tell you, there are several taekwondong and hey mods. Dan, maybe if you can. Can someone drop a link like Black Hills has done multiple videos on how to use backdoors and breaches. Can someone drop one please? And I'll provide it to the community in Taekwond. Like, like my short two minute answer is fine, but they've done like full 60 minute videos showing you exactly how to use this solution. And again, the solution's free. They'll mail it to you. I just want to share with everybody. I've just as a personal thing, since you're waited this long, I. I've been running a lot more lately and eating a little bit healthier. Maybe having a few less sodas if like no sodas. So we'll see. And by soda I mean beer. How is someone supposed to get. Oh, thank you, Dan. I knew Dan would be quick with it. So check it out. This is Jason Blanchard, AKA Banjo Crash Land, not to be confused with Brandon, which I called him by name. In this live video, he's going to show you how to use back doors and breaches to do tabletop exercises. All right, I'm going to drop a share in chat at Taekwon Gong again. I don't know why people don't show up on the auto thing. Like they left. But yeah, there's a link to use back doors and breaches. Okay. All right, All right, now I'm trying to catch up. No more questions, everybody, please. I just want to make sure I get everybody's questions answered. Coming to you. Oh, we're caught up. Very nice. All right, everybody. Hey, thank you so very much. It was a 80 business continuity episode as we tend to have from time to time. My camera was jacked up. You guys are awesome. Not only because you are awesome in general, but because you are, I would say, understanding and supportive of the deficiencies with today's show. I hope you did enjoy it. As I mentioned, we've got some, some new Jawjack panelists coming. There's some big changes coming to Jawjacking in general. I'm going to change the name of it. I don't know if anyone asked me in chat what that meant, but I'm going to be changing the name of it. We're going to have rotating hosts. I'm. I'm going to be. There's. It's going to be sponsored by Simply Cyber Academy and all these things. So anyways, we're going to formalize it a little bit more, but I will promise you it will continue to deliver the goods. Right. So I'm Jerry from Simply Cyber. Thank you so much for your time. Not just for your time, but thank you for being a engaging, impactful, positive, contributing member to the community. In chat. This chat. Like, dude, I'm up here. I'm just, like, a visual version of one person in chat. The. The. The jokes, the. The. The camaraderie, the. The. The. The share. Jose Alfredo, what's your. Jose Alfredo? Put your question in chat, and I'll answer it before I hang up. I just. I just want you guys to know I like. It is. I. I try to tell you all the time. It. It is not lost on me. I really appreciate you. Thank you for all you do. We're just going to answer Jose Alfredo's question, and then we're gonna boogie out of here. So, Jose, drop it in chat. Oh, hey, Kathy Chambers Media is in the chat. Big fan of Kathy. Hey, Kathy. Hey, dude. I'm addicted to birth beeswax. Like, they have multiple flavors. I'm using the pomegranate one. Don't sleep on this thing. Don't sleep on this one. Jose Alfredo, where's the question? Oh, okay. Don't do that. Don't say you had a question if you didn't have a question. I'm. The whole thing I want to do is help people. All right, guys, I got to get out of here. Thank you so very much. Until next time, stay secure.