Loading summary
A
All right, what's up, everybody? Welcome. Oh, my God. You got to be kidding me with all this noise right now. Good morning, everybody. Welcome to the party. Can we please get some music going? Computer, computer. All right. Hey. Oh. Oh, God. I guess the camera. Good morning, everybody. Welcome to the party. I gotta guarantee you AI is not coming for our jobs, because the amount of, like, nonsense that I'm dealing with here in the Buffer Osier Flow Studio is me. Go ahead and just kind of like, I'm. I'm basically doing like a. A leg lunge right now. Like, I'm putting the vibe out in order to be able to be in frame on this shot right now. Good morning, everybody. Welcome to the party. If you are looking to stay current on the top cyber news stories while also having a host that can do leg lunges, welcome to Simply Cyber's daily Cyber Threat Brief podcast. I'm your host, Dr. Gerald Doer, coming to you live from the Buffer Oer Flow Studio, bringing the heat in more ways than one, apparently. Get comfortable, get ready, because we're going to melt your face with the top cyber news stories of the day. All right. That's the best I could. Like, I'm trying to. I'm trying to move this. There we go. All right. Hey, what's up, everybody? There we go. That's a little bit better. Now you might be like, jerry, move your desk up and down. Did a complete overhaul. Had to tear the Buffer O Flow studio down yesterday to rebuild it so I could get all this working again. And, you know, you kind of working out the kinks in production. All right, guys. Hey, what's up, everyone? Gotta say, super pumped. We're gonna go through eight cyber stories of the day, and I'm gonna break them down. Of course, you get the headlines themselves. That's right. Space tacos. We're gonna break them down. But of course, I love educating, entertaining, and helping people out. So we're gonna go beyond those headlines. We're going to dig deeper. And I, alongside you, the Simply Cyber community, are going to give additional insights, additional lessons learned, things that you would not know unless you sat in the chair, if you will, and lived that life. So get ready for that. I'm super pumped. If today's your first episode, you're like, what? I'm a cyber security professional, and this dude's talking about leg day. Is this it? Like, what are we doing here? Well, guess what? This is simply cyber. It's a little unexpected, and I guarantee you it's not going to be AI because AI wouldn't come up with this programming, but we do have fun. If you're here for the first time, drop a hashtag first timer. Let us know in chat we have a special sound effect, the special emote. There's John McLean from that Christmas classic Die Hard. We love welcoming our first timers and friends into the chat. And for all the long timers, Nick Dixon, Mike Andruzzi, space tacos. WPH Second blue badges all over the place. Killage O Hall, Joss Deck, Sierra Montgomery, a man, Marcus Kyler of the Yeet crew. And of course the mods like DJ B Sec and casually Joseph Justin Gold. Coming to us live from Gridlock. I want to say thank you all so much for being here. I can't. I try to express my appreciation on the regular so it doesn't feel like it's a one off special thing. Like, oh, oh, let me, let me try to make up for like years of, you know, community engagement and just say thank. No, like I want you to know it's legit. So let us know in the chat if it's your first time with a hashtag first timer. Also, whether your first time or your 1000th 102nd time, each episode is worth half a CPU. So say what's up in chat, Grab a screenshot, divide by two. Once a year, count them up and there you go. That is how you get how many cps you can get. So if you do it every day, you show up on the reg, you can get up to 120cpes. Kayla Sturgeon did the math a couple couple years ago. I do want to say thank you to haircut fish, who never lets a good production issue go to waste. You can see here he has captured this. This graphic. I don't know exactly where this will appear, but I'm sure at some point in my life I will see this on a sticker and be like, oh, dear, oh dear. All right. Hey, cyphercon. If you're at cyphercon in mille walke, as Alice Cooper put it, say what's up in chat. I know Michelle Khan. My, my good friend Michelle Khan and also, oh, sent extraordinaire Michelle Khan. By the way, did you guys see. Sorry to blow the mic out. Did you guys see Michelle Khan's newest video? I didn't even know he was doing a YouTube video. His newest video is Incendiary Hot. I know I'm doing the intro to the show, but this thing is too good not to share. I'm gonna put this on your watch. Later list. This is so entertaining and so well done, Michelle Khan. He's only got a thousand subs on YouTube but I'm telling you, this one right here is a gem. Where is it? The mask Magic. This video right here. If you want to know like what is entertaining and what is educational and how awesome Michelle is this right here, check this out. Mark this watch later, okay? Believe me, whether you're a longtime cyber professional, aspiring, whatever, this video is going to add value and entertain the crap out of you, I promise. All right, so we got our CPEs, we got our first timers, we got a little bonus stuff. Every day of the week has a special segment and Thursdays is what's your meme Thursday. Yes, yes. The same man who brought you the anti cast writing sock tickets like an absolute mother trucker. And the same guy who is captured my one eye, my good eye. Dan Reardon. He brings us a custom piping hot fresh meme every Thursday. Sometimes I have to wear oven mitts. It's so hot, so hot right now that Hansel's so hot.
B
Right?
A
So yeah, stay tuned for that at the mid roll. We'll do that now. Before we get into it, let me say shout out to the stream sponsors, those who enable me to bring the show to you in all of its phenomenal glory. That's right, this show, it may look like it's riding low on the hip on a train bound for glory, but let me tell you what we are a professional operation with sponsors that ensure that we can bring you the best show possible. And Flare is one of those sponsors, longtime supporter, a premium partner of Simply Cyber Flare. Cyber Threat Intelligence Platform gives you access to dark web data and nasty cyber criminal telegram channels without having to get mucked up. It's like putting on waiters like you're going to go fishing and you don't want to get pluff mud in your shoes. You, you could put on Cyber Threat Intelligence Platform Flare and you can find exposed credentials from your organization, compromised endpoints from your organization. Get a vibe for the industry, the cyber criminal underground and how they're looking at your industry. There is a plethora, plethora of data and access on the Flare platform and they make the platform incredibly easy to access. That's part of their secret sauce. I'm telling you, go right now to Simply Cyber IO Flare, Simply Cyber IO Flare, which is the URL to go to this page. When you go to this page, you'll have to put in some information to verify your identity. If you can't verify your identity. They don't want you to use the platform because you could be a cyber criminal. And the val, the information is way too valuable in here. So go ahead, sign up. I know several members of the Simply Cyber community have in fact signed up. I'm sure at this point they have access to the platform. You get two week free trial. You probably need 13 days less than a two week free trial to realize the just significant value this platform affords you. If you have a comment in chat about Flare's platform and you've used, you've actually used it, please share your thoughts, honest thoughts. I'm not going to censor anybody in chat and see what you think. Also want to say holler to Anti Siphon training. Those who are long time sponsors, right? John Strand, Jason Blanchard and many others over there have long supported Simply Cyber. We have a shared mission, Black Hills in Simply Cyber around helping people and they have just this amazing catalog of training now if you're interested. This is great, dude. Next week, April 6th through 10th. John Strand. This is John Strand and if you don't know John Strand, like, listen, I'm not even being hyperbolic. If you don't know who John Strand is, first of all, let me introduce you to him. And second of all, be aware that he is a well respected, well known cyber security practitioner as well as leader in our industry. And he always chooses good when given the option. You know, like his is, he's known for saying like we suck at capitalism, right? He's trying to make education accessible to everyone at reasonable prices. Right now you could take a four day, 16 hour trader trading with a guy who used to, you know, like work with a company that would charge $10,000 a student. Okay? You can take his training for a full week for $25. And in fact, if you have financial constraints, you can even take it for $0. Get skilled up. If you're not sure where you're going or what you're doing and you're looking to get some skills, I'm telling you right now, John Strand's sock core skills is the answer to the question. Okay, definitely check that out. In fact, someone yesterday on jawjacking was asking about where to get sock skills. I sent him to Dan Reardon's sock ticket webinar. But this right here, also pretty dope. Thank you to John Strand. Thank you to Anti Siphon training. Of course, Threat Locker with their deny by default application security platform is dominating the space. In fact, we just did Zero Trust world not too long Ago really highlighted how excellent the company is, the people behind it and they recently announced that they're going to be applying Zero Trust architecture application deny by default in the cloud. Major upgrade helping businesses reach where their data and infrastructure is. Let's hear from Threat Locker and then I am going to melt your face. Dan, can I share that in the main chat here? Let me know. I want to give some love to the daily Cyber Threat brief sponsor. Threat Locker do zero day exploits and supply chain attacks. Keep you up at night, worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right, hey, and I just want to share one quick note here. This flare threat intelligence platform, Dan Reardon, AKA the Haircut Fish, this guy right here is a moderator, if you did not know, in the Simply Cyber community. So the guy's just given value all over the place. So this guy right here, Dan Reardon, moderator, he actually said to me in chat just a moment ago I saw a demo. This is Dan Reardon speaking. I saw a demo of Flare at Wild West Hack Infest. Freaking awesome product. I'm telling you guys, I'm not making this crap up. All you have to do is sign up. It's a two week free trial. There's absolutely no strings attached. It's not like this isn't like a solar panel salesman at your door where they're like, there's no free trial. No, no, no. Like this is like legit. You just get in there, taste the platform, see if you like how it's seasoned and then, you know, go from there. All right, all right, now do me a favor everyone. I need you to sit back, sit back, lean back like Fat Joe and relax and just let the cool sounds of the hot news wash over all of us in an awesome wave. I'll see you guys at the mid roll. I gotta, I gotta slow play this because I hadn't set up the podcast yet because I was freaking dealing with physical layer one issues. And layer eight, the rare layer one layer eight issue. It's like a 7, 10 split in bowling. All right, everybody sit back, relax. Cool Sounds hot news. Let's go.
B
From the CISO series, it's cyber security headlines.
C
These are the cyber security headlines for April 2, 2026. I'm Sarah Lane. Apple pushes new iOS patches over dark Sword Apple told Wired it's releasing rare backported security patches for iOS 18 to protect users from the Dark Sword hacking tool, which can silently compromise iPhones via infected websites, marking a shift from its usual policy of requiring updates to the latest os. The move follows widespread exploitation of Dark Sword and similar tools and which researchers say have been used in espionage and cybercrime campaigns, and comes after criticism that millions of users who hadn't upgraded to iOS 26 were left exposed.
A
Okay, FBI, first of all, I think it's pronounced dark S word. That's just a quick. There is a Saturday Night Live Jeopardy skit where a guy who's playing Sean Connery is messing with Will Ferrell's Alex Trebek. And the category is swords. And he says, I'll take s words for 200, Alex. Anyways, okay, so Apple pushes out backport patch. Listen, here's the deal. Sometimes. Well, first of all, here's the action. If you're running some deprecated version of Apple iOS, you're cooking on a Apple 7 or something like that, whatever, that's fine. You're not receiving updates anymore. Be aware that there's an update waiting in your update tray for your iPhone to help back patch preventing this exploit from happening. Now, a couple things to keep in mind. That's right, a couple things to keep in mind. Number one, a lot of people who are running an older phone. Oh my God. Oh my God. I want to punch, I want to punch something like, do you see how I'm framed in the center of the frame? Now that is not okay. That is not. I need to be like, up. Okay, so I guess I'm doing leg lunges and now I'm doing tippy toe things. F. All right, so listen, normally they don't do backwards patching because they want to promote a couple things. One, financially, it would be ridiculous for a company to maintain all versions all the time. So they have something called software development life cycles. I've literally got to hold myself up because of my calves are burning right now because I went running. So they have system life cycles. And they say like Microsoft does this all the time. Hey, starting May 15, Windows 7 will be end of life. Starting June 30, Windows 10 will be end of life. Get ready, get ready, get ready. Okay, buy the newest version. It's It's a, it's a total capitalism, right? Anyways, so. But occasionally something is so bad that they will issue a security patch backwards for these rare instances. Microsoft has done this just a few times for Microsoft Windows vulnerabilities. I. I want to say wanna. LOL. I want to say that when WannaCry was popping off or when the Vault 7 leaks Eternal Blue that SMB share, the Ms. Or CVE 2017. God, what was it? 1011 the SMB share issue with Eternal Blue tool. They back patched like Windows XP and stuff like that. Now I want to point out this, a lot of people like to think that Apple is like the people's champion. Like oh my God, Apple loves privacy. Apple. Oh, just like let it wash over me. Like, just like the meme of things being thrown at a person's face. Just like Apple. Guess what? Apple had to get socially pressured to do this. Apple was not like the first one off the, you know, like when the, when the, the front of the boat dropped at D day. Apple was not the one running off the front of the ship and saving Private Ryan. Apple had to be pushed from behind by a group of users who were upset that they weren't getting they protected from this. Okay, so shout out. If you have people in your organization, I would just let them know, hey, if you're running iPhones, I wouldn't say end of life iPhones because end users aren't going to understand that. What you have to say is, hey, if you're running an older iPhone, be sure to check to see if you have patches available or updates, say updates because Apple put out a very, very important critical update for all Apple iPhone users. Check it out. Now I will say if you're running an iPhone 7 or something, chances are you probably don't even have space on your phone to put this patch. That's a separate issue. But this is not some like, you know, Pegasus spy where you have to be a vip, you know, going, you have. This isn't an attack that attacks people who are on the other side of the velvet rope, you know what I mean? Up in the club, flying on the G6 first class to change the forecast. Not those people. This is attacking everyone and they're using like websites to silently exploit this thing. So tldr, this is cool. You don't see it often. Way to go Apple. Way to succumb to public pressure and hopefully everyone gets patched so this dark sword hacking tool no longer becomes effective.
C
Declares suspected Chinese hack of US surveillance. Major incident The Federal Bureau of Investigation has classified a suspected China linked breach of a sensitive internal surveillance system as a major cyber incident, indicating significant national security risk. Officials say hackers likely accessed law enforcement data, including surveillance records and personally identifiable information, after exploiting a third party ISP vendor. The designation suggests a serious compromise of FBI systems and. And underscores growing sophistication of Chinese cyber operations.
A
All right, really quick. I mean, this is an incredible deep cut, but if you know, you know. And if you're listening on audio, there is a picture of Cash Patel clearly being asked by a question by a senior federal official. And he's. He's got his fingers steepled right above his lip here as he's pondering. But when I see this, just you tell me. Ready? And if you know, you know. And if you don't, I'm sorry, this isn't an inside joke, it's just. I have to say it. Cash Patel is about to say, let's see Paul Allen's card. That is what Cash Patel is sought to say, let's see Paul Allen's card. Okay, so super secret FBI system, which I'm sure is FISMA compliant. Lol. It should be FISMA compliant. I'm sure it's not. Was compromised in large swaths of sensitive data stolen. Okay, swaths. Last time I checked, swaths is not a quantifiable amount. I know. There's like, let's see, megabytes, gigabytes, terabytes. Swaths, petabytes. No, no. I think my child could figure out one of those. Doesn't belong. So swaths isn't measurable. So we don't really understand what, what this. The actual impact is. They say it's a major incident. I'm sure it's major because it's an FBI Federal Bureau of Investigation system. Let's see, what else exactly. Haircut fish. Oh, yes. In fact, again, I guess I'm feeling froggy today. Here we go. Let's see Paul Allen's card. For those listening on audio, I have shown the American Psycho scene from let's see Paul Allen's car. All right. American Psycho, scary movie. But actually I would. I would fight if I worked at Blockbuster. Still, I would file it under comedy. It is a dark comedy. Very dark comedy. All right. You know, if I had to guess, it's China. China. China is the best espionage in the game. They do espionage incredibly well. You could say it's Iran because Iran's been going ham on everybody lately. But you know, this. This isn't what it Is okay, here we go. We got a little FISMA sighting for all the GRC Mafia people. If you're feeling some tingling, it's because we've entered the grc. You know, Twilight Zone thresholds under FISMA are quite high and only a few agencies declare a major cyber incident every year. So yeah, trust me, the FBI did not want to come out with this one. I'm sure. All right, let's see what information we do have. Under FISMA guidelines, an intrusion can meet the major incident threshold if it involves the excel of compromised PII or presents risk to national security, which this definitely did. It says they don't know what triggered the FBI determination. I'm sure it was both. Okay, so they said that hackers were able to break into the agency by leveraging commercial Internet service provider vendor infrastructure. Okay, here's the deal. Do you remember last summer when China went whole hog on telecommunications and isp? This was salt typhoon. If you Google salt typhoon, like salt and pepper, push it, push it real good. That's what, that's what China was doing. They were pushing it real good all up into the ISP's faces and you know, they kind of like got in there and then flitted it away. I, you know, it was never really crystal clear that they got routed out of there. My understanding, not my understanding, but my suspicion is that they would have developed multiple persistence mechanisms. That's one thing that I learned. I think Luke, Luke Johnson had told me and I didn't realize this guys. One thing that you should be aware of up on my toes. One thing you should be aware of is like when real threat actors, real nation state back threat actors get into your environment, they don't just drop one persistence mechanism, they drop several. And they are on different, different like time bands. Right? So maybe they set up a scheduled task that runs once a day. Okay, once a day. But then they might also set up some type of script or something that you know, gets, gets triggered once a month. Or they'll have some quiet listening service that's been like, or, or like some process that's been like, you know, you know, using process Halloween. So it doesn't even show up in like your task manager. It's just like kind of in the, in inside a process memory space and that will reach out like once every six months. Right. So even if you think that you've eliminated all the persistence mechanisms of a threat actor, they could come back and you don't necessarily know unless you like basically wipe out all the hardware or you Reimage all the things which is timely, expensive, etc. So you never really know, unfortunately. And it would seem here that because they have access to those ISPs, and the FBI is using those ISPs, and the FBI, just like any other organization, has relationships with trusted third party vendors to come and go. China is able to ride those rails or whoever. Nation state, insert nation state here. Right. The US could do this to their adversaries as well. All right, all right. What, what does this mean for you? I would say so. Tech run says. Are you talking about a malware arsenal where multiple malware payloads are packaged together? No, I'm not talking about that tech run. What I'm saying is like hold on, let me. When you do the cyber kill chain, okay, like let's say I'm gonna take over tech grunts, computer. Like just, just for the sake of everybody's understanding here, okay. Or I'm gonna, I'm gonna hit like, I'm gonna, I'm gonna, I'm gonna attack like Verizon, right? Just like pick a, pick a company, okay. Like, oh, hold on. Who just got hit? Okay, so anyways, I, I do my recon, right? First stage. Hold on, let me get, get a graphic here. This would be easier. Cyber kill chain. This is cyber kill chain. And the reason, just so everybody knows, the reason I'm spending an extra few minutes on this is because this is foundational understanding of how threat actors operate. And it in like the, the, the tools, the techniques, the processes, the, the threat actor themselves, they all change, but the methodology does not change. Okay, look at this. This is the cyber kill chain. The just ignore like the little silly, you know, children's menu at the restaurant coloring look of it. Step one, recon. Who's the target? Where's the target? Getting people's names, getting IP addresses, getting services, getting version numbers, all the things. Number two is weaponization. Now that you know all the listening services and people, what golf club are you taking out of the golf bag to attack them? Number three is delivery. How are you going to do this? Fire the payload, execute the exploit, send the phishing email, walk over and plug a USB drive, bundle the human and then make them log in it. It doesn't matter. Key logger, info stealer. It doesn't matter. Delivery is when you send the weapon. Now you might think that delivery is exploitation, but sometimes you deliver the payload and the payload doesn't fire. I for one am freaking very grateful that this is separated because I have had an IT administrator with domain admin creds in my environment try to run ransomware. Not on purpose. He thought it was a friggin app to do like an IT audit thing on his own machine. I don't want to get into it. The point is he was double clicking and trying to install the crap out of this thing. And just because of the configuration of his system and, and the brittleness of the malware payload, it wasn't working. It was firing but not being successful. Which thank God is how I found out, because it was firing enough to alert me. And I came to his, what are we doing here? He's I'm just trying to get this to work. I'm like, bro, you're killing me. All right? Actually, you know what happened in that instance? I called him because he was in Maryland. I'm like, hey dude, someone in your office right now is trying to run malware. What's what? Who owns this IP address? He's like, that's me, that's me. I'm like, you are running malware. He's like, oh, bruh. So I know, don't even get me started with the domain admin. Okay, so then exploitation happens. They own your box. They own your box, right? Then the next step is installation. Now, installation, you will see this as persistence or second stage payloads, right? What this means is if, and I want to focus on persistence. If you establish a persistence mechanism, right? Persistence means you can come and go as you please afterwards, right? If I establish a persistence mechanism on your compromised asset, that means I don't have to do step one, two, three, four anymore. I can come back tomorrow, next week, next month, next year. And I don't. You could be patched to the gills. You could have the hottest, newest, most extreme patches, security updates, the hardest of the hard on your machine. And it doesn't freaking matter because I have persistence on your box. I own you. Look at me, look at me. I'm the captain now. That is what persistence is. Now listen, if a person comes in from a security operations perspective, right? The Dan Reardon's of the world, the casually Josephs of the world, and they swoop in like Birdman and land on your box and then they start rooting around in your machine, they're like, ah, schedule, task, what? Deleted. Ha. Registry setting deleted. And then they like announce victory and then they fly away. If you have established multiple persistence mechanisms, yes, some of them get nerfed out and you might have to wait a month, three months, six months or whatever for the next one to fire and reach out from the compromised asset, because you can't reach in, the asset has to reach out. Because guess what? Encrypted Web Traffic Port 443 all day, every day is allowed out of the, out of the organization. And once it reaches in and talks to your C2 command and control, you can reestablish persistence, log in and then spread all of your scheduled task registry settings, all your persistence mechanisms, you can put them back in place. And by the way, you might be like, why have it do 3 months and 6 months? Why not just have all of them do everything every 15 seconds? Because that is a signature and it's called beaconing. And if you're looking for beaconing, you're gonna see, you're gonna see it because humans don't operate. We are like just like me on this show right now. They operate erratically. AI and computers don't. So with a three month, six month beacon or reach out, it is never going to be detected because it is hiding in the noise. And you're gonna have six months of logs before you see the next beacon. And by the way, most people aren't capturing six months of logs. Thank you for, for coming to my TED Talk.
C
Source code stolen in trivialinked breach Cisco was breached after attackers used stolen credentials from the Trivi supply chain attack to access its internal development environment, exfiltrating source code for more than 300 GitHub repositories, including AI related projects and customer data. The attack leveraged a malicious GitHub Actions plugin to steal credentials and AWS keys, enabling unauthorized activity across internal systems. Cisco has contained the incident and is rotating credentials. Researchers link the broader campaign to the Team PCP group targeting developer ecosystems.
B
Merc.
A
All right, so Cisco's using GitHub, a threat actor was able to steal creds from the company's build and dev environment. And this is the Team PCP thing again. Check out Team PCP like Team PCP is. You know, they're coming on the scene, they're hotter than an Artemis 2 launch. You guys watch that yesterday? That was so hot. Although really quick. Catch me at the mid roll. I've got some thoughts about NASA's production, The Cisco attack. The breach has been contained. They have rotated credentials and it's, it's going to be painful to rotate, to rotate these creds because not only are you changing username and user passwords, but you are having to change API keys, which you won't fully know if you got them all out of the way until you, you know, don't run into any more operational issues. 300 GitHub repos were cloned during the incident. Dude, this sucks. I gotta tell you really quickly, I'm actually kind of hap. Not happy. I'm. So I was at rsa. I interviewed a bunch of Cisco people, including DJ Sampath, who is like their VP of product and AI platform. And I might be getting that a little wrong, but for the most part, he's like the number three guy at Cisco. Wicked cool guy, by the way, if you get a chance to meet DJ Senpath, the dude is like, he's our people. He's like. He's like. He's an executive, but he's very much like an engineer, hands dirty kind of guy. And they released this open claw defensive thing called defense claw on GitHub, which I was going to. I'm making a video to show you guys how to use it. So I haven't done it yet. Which is. Which is nice because this may or may not have been involved in that. I. I don't know. I. You know, I don't research or prep for these stories. Right.
B
Ain't nobody got time for that.
A
All right, so the Trivy vulnerability scanner, if you're using that, hopefully you've already fixed it. It does steal creds. It's an info stealer, And they're doing supply chain tax all over the place. Yeah. So here's what I would say. Number one, if you're using the Trivy scanner, you absolutely should already know that this was a problem and you have either updated it or not used it. The Light LLM tool had been compromised. I would just tread lightly because this is a supply chain attack, Meaning, you know, a vendor that you use or product you use may have been impacted, and then the downstream impact. Here's what I would say. Number one, DJ B Sec. I don't necessarily see this in the story about the iOS. It seems more like it's Cisco's, like, other. Like, I don't know if they're keeping the iOS source code in GitHub, but here's the. Listen, I love giving you additional insights because you can read this story yourself again, you know, if you want. Here's what I would say. You should be prepared. It's very painful. Okay? Rotating creds is very painful. It's not something you want to do, but when you have to do it, you have to do it. Okay. And that means, like, let's say that, you know, someone gets into your ad and dumps your creds or whatever. Like you got to reset everybody's password twice in your active directory environment because of cash credentials. If you're in this instance with this, this supply chain attack, if all your API keys get compromised, guess what, you've got to create new ones and then deploy them into your environment. It's going to be very disruptive. It's going to break things. I would, I would recommend, guys, if you have been doing oh my, I can't believe how angry it makes me. I definitely have 80 or I'm on the spectrum. Like it's bothering me so badly that, that I'm not center framed. I can't even focus. You should, as a tabletop exercise, once you've done the ransomware and stuff, you should use this one as an example and say, hey listen team, right? Get the developers and the IT staff in there and say hey listen, all of our CICD pipelines have been compromised, specifically all of the API keys. What would it look like for us to generate new API keys and deploy them? Do we know where all the API keys are? Do we know who has access to login and generate API keys? Do we know who has access to login and update the code for the new API keys? If we're storing them in some type of like central vault or something like that, who has credentials there? Work through that. Because if you have to do this on the quickness and you don't know what's going on, it's going to be problematic. I'm telling you right now. You, you can, you can listen, you can figure this out when it becomes a very real problem for you, but you are going to either be exposing yourself to risk because threat actors are going to have the keys and the, and the creds while you like and be able to use them while you figure it out, or you're going to revoke everything and, and, and like you're not going to be making money straight cash, homie, which the business isn't going to like until you figure out how to, how to fix all the keys and stuff. I'm just telling you this is a great tabletop exercise to work through, not for every organization, but for many.
C
Or hit by cyber attack tied to Light LLM Mercour said it was hit by a supply chain attack tied to the compromised open source project Light LLM, which was linked to that group known as Team pcp. The incident may also connect to claims by extortion group Lapsis, which says it accessed Mercur data with samples showing slack and internal platform Content Mercur says it contained the breach and is investigating with third party forensics. But it's still unclear how data was obtained or how many companies have been affected.
A
All right. It's not clear how it was taken. Compromise, but I mean Lapsus is known for fishing, voice phishing. But this team PCP Light LLM compromise. I, I don't know man. I feel like, I feel like lapsis and scattered spider and stuff. They're like, yeah, we can call these phone numbers and basically get creds, but if this team PCP is just gonna wholesale sell us creds, it eases the process. It's basically glycerin. Glycerin slick, right? Isn't that what KY is? Hold on, is glycerin slick? I think glycerin is slick, right? Glycerin is a clear, odorless and viscous humectant liquid often described as slick. Yeah. So team PCP is really like team Glycerin because they are making it super slick for threat actors to bypass like the, the authentication creds. Grabbing. Okay, hey, I do want to point out someone in chat just said Sean Sailors says wasn't it light LM a week or two ago. It was a week ago. But, but I want to point out Sean Sailors and everybody else, you've got to remember when there is a compromise, right? It does take time for the fallout to be realized, right? Just because, just because, you know. Oh, like I'll give you a perfect example, Sean Saylors and everybody else like when clop ransomware, like when progress software announced that the Move it file transfer software had a massive zero day, or the Oracle, you know, small business server solution, whatever that was called, had a massive zero day. It was like, oh, you got to patch it, you got to patch it, you got to patch it. Right? And then like a month later it came out like, oh my God, we've got all these problems. So it just remember there's always like a, A, a window of exposure because even if the, if it gets announced today that there's a massive problem with, you know, whatever software you want and people are exploiting it today, the businesses who are being exploited, they may not know it right away. Once they do know it, they might be working through incident response and not going public yet, etc. Etc. Another great example of that was the Eternal Blue one that I mentioned earlier in. I think it's ms.0717, right? The, the, the SMB share that led to the WannaCry attack. The Eternal Blue attack. In 2017, Microsoft, the, the, the data breach happened in February. Microsoft released an emergency patch in February. WannaCry happened in March, like a few weeks later. So, I mean, at the time we didn't have AI, so North Korea had to like cobble together a working exploit solution to deploy the ransomware payloads. But my point is, you know, that's what's up. All right, for this instance, this is just another example of a company and what can be realized if you don't. If you don't do what you need to do when there are this. I'm sorry, but real quick, this is why you have to stay current every day. This is why the daily cyber threat brief is a thing. This is what's up, okay? Like, you have to stay current or else you're going to turn into like Mercor here. All right, so supply chain, Attack Light, LLM. If you're running it, make sure you. There's always two things, by the way. If you're running something that could be compromised or it's. There's active exploitation out in the wild, you always got to do two things. One, you got to patch it. Ah, you got to patch it. Number two, you got to look backwards and see if you were exploited during the window of exposure. Right? You can't just patch it and be like, we're good here. What, what time is the food truck get here? You've got to do the whole job. My guy,
C
huge thanks to our sponsor. Threadlocker detection based security assumes you'll catch an attack. In control based security assumes you won't. That mindset shift is driving more organizations to focus on preventative controls, stopping unknown execution and unauthorized privilege elevation instead of relying solely on alerts after the fact. Learn more@threatlocker.com
A
all right, we are way behind time because I've been having myself a day over here. I'm feeling frisky. The French roast is pumping, so let's do this really quickly. I'm gonna just do. We're not going to do the. La la la la la. Okay, let me do this. All right, really quick. I want to say shout out and thank you to the stream sponsors. Threat Locker, Anti Siphon, Flare are our sponsors for the month of April. If you are looking to sponsor, we have one slot available. But only cool people are allowed. I'm joking. We're supportive, inclusive. I'm sure everybody's cool in their own way. Every day of the week has a special segment and Thursdays is what's your memes Thursday. Dan Reardon no one is safe from Dan Reardon. Okay? And I mean that in a very loving, jovial way. He makes a custom meme every week. I do not censor it. I do not, I do not review approve. I, I, I do see it because he sends it in advance. But only once in history have I ever asked Dan why to make another one. And I forget what it was, but it was very edgy. It was borderline, you know, memes gone wild. But this week, I had lunch with. Or, excuse me, I had dinner with John Hammond last Tuesday night, and I, I was talking to you guys about it. John released a video on the Axios breach, like, two hour. You would think that John Hammond was somehow involved with the Axios breach because he released a video, like, moments after it came out. I'm joking. But anyways, John Hammond, if you don't know, I said he's a national treasure. Dan took this as inspiration. So, ladies and gentlemen, your. He spelled John's name wrong, but his. John Hammond, ladies and gentlemen, your meme in the week. John Hammond as a national treasure. Areas, right? This is from the. Oh, and Dan, Dan always, like, bakes himself into the, into the video. I mean, into the meme. There we go. Dan. I love it. I love it, I love it. So anyways, yes, John Hammond, national treasure. Let's go ahead and screen cap that and make John well aware that. Go ahead and tag John on the stream. Love it, love it, love it. All right, let's get back to the news, guys. Quick turnaround today for time's sake.
C
Cambodia extradites alleged cyber scam linchpin Li Jiang, a key figure in a Southeast Asian cyber scam network, has been extradited from Cambodia to China as part of a broader crackdown on fraud operations. Authorities say he helped run infrastructure tied to a multi billion dollar scam ecosystem linked to figures like Chen Xi with Huang Group accused by the U.S. treasury of laundering at least $4 billion and including funds tied to North Korean cybercrime. The move comes as Cambodia intensifies efforts to dismantle scam compounds and financial networks, enabling large scale online fraud. Hasbro says hack may take several weeks to recover.
A
Oh, don't even, like, hold on. So I'm already getting, like, anxious that the next story is about Hasbro. Hasbro owns Wizards of the coast, which owns Magic the Gathering, which Hasbro has been printing money. All right, hey, listen. So this is a huge win. I love it. Hey, you know what, China, you, You may hack into a Verizon in at T&I don't like that. China, you may float a balloon over US soil and that, I don't like that. But China, you're going to arrest one of these leaders of these scammers compounds out of Cambodia? Yes, I sign up for that. Dude, there is a massive. Yeah, John Hammond's at Huntress. Yep. Jenny, Cambodia has been like out of control if you didn't know this. Okay, like I'm gonna. Let me, let me stop and give you like the high level of the story. Law enforcement, international law enforcement. China's doing it right now. But it could have been like the Dutch in the US Joint efforts. It doesn't matter. Cambodia has been running these massive criminal enterprises of scam call centers. Right. A lot of times we think Indian based call centers because that's where all the YouTube scam baiters always kind of highlight and show. But pig butchering romance scams. There are these massive compounds in Cambodia which are holding people against their will. A lot of Vietnamese people and forcing them to do these attacks, by the way, like really quickly. If you think slavery, like, like ended in the 1800s, you're wrong. There is modern day slavery happening right now in 2026. Okay? And one example is what the Cambodian area is doing to lots of people, including Vietnamese. Like, you come, they take your passport, they stick you in a compound, and like you either are in a dormitory or you're in a call center seat. And if you don't make your numbers for the day, they beat the crap out of you. All right? I'm not even joking like this. There's an entire, there's a whole bunch of documentary information. It's like a humanitarian crisis. Okay. So much, in fact, that a lot of different countries are doing things. Thailand, like Cambodia butts up to Thailand. Hold on, let me show you this really quickly. Listen, look at this. Oh my God. Do you see how like Cambodia butts up to Thailand? And for those listening on audio, I'm showing up world map right now. You see how they butt up to each other, right? Thailand, Cambodia, like Thailand, like somewhere on the border they like shut the power down. Like they like legit shut the power grid down, which shut down all the power to the call center. It's kind of a way to like indirectly f with them. So it's real bad. And honestly, like, this is helping, dude. There's, it's, it's, it's, it's really a crisis because it's impacting us, right? Like my, my good friend from college, his parents got taken for five grand, likely it was from one of these call centers. The people who are making the calls don't want to make the calls, but if they don't succeed, they have, I mean, essentially they have a personal interest in wanting to trick you into giving money, not because they're going to get paid, but because they're going to get fed that day. So this guy right here, he a criminal. You know, it's a very organized criminal syndicate and he's one of the people. So I don't know if he'll turn on other people as an informant. But I'm happy to say that this is good for us because there's going to be less people, hopefully. Getting cyber attacked again. Social engineering. I just want to remind everybody, this is attacking like your parents and your grandparents and your sister in law. Like this is. They do attack like businesses, but for the most part, this whole operation is more around individuals. So yes, law enforcement for the win.
C
Hasbro disclosed a cyber attack detected March 28 that forced it to take some systems offline, with recovery expected to take several weeks. The company says core operations like orders and shipping continue under contingency plans, but parts of its website remain down and it's unclear if data was stolen. Hasbro has brought in external cybersecurity experts and is still investigating the scope of the breach.
A
I'll tell you what I mean, just as a quick aside, I wish they had brought me in. I'd work for car, I'd work for cardboard. Okay, Let's see. How did they get hit? They can take orders, ship products, can attack other key operations. So they were not, you know, their business operations were not compromised. Also, I want to just point out, like, don't, don't get confused here, that because it's a toy maker, they're not going to get attacked by cyber criminals. Dude, Hasbro, they might make Transformers. Hasbro might make, you know, Optimus prime do cool things. But it's a 4.7 billion dollar business. Okay, 4.7 billion dollars. Okay. They're printing. They're printing money. I just want to point out really quickly, Magic the Gathering does make up a good chunk of this money. So regardless of they're being a toy company, they're basically a manufacturer, they're manufacturing product. They got hit by threat actor and it looks like it's. Since it says they can still take order, ship product, and basically sell business, I'm guessing that it was a data exhil type ransomware attack. They don't know what kind of cyber. It's not known what specific kind of attack was detected. I'm telling you right now, dude, if I had to bet my entire Magic the Gathering collection, okay, if I had to bet my entire collection, I would say it was a data X fill ransomware threat actor, which we'll find out because whoever the threat actor is will definitely do a leak site drop and try to be leveraging the Hasbro to pay a ransom. Right? All right. I mean, this is regardless. This is a. I hate to say it, and maybe if you're new here or you're new to industry, you might think that this is a big deal and it's a big deal to Hasbro, you know, multi billion dollar company. But this is like, you know, it's Thursday. I. Tomorrow, like, I guarantee you tomorrow morning. Like, like looking into my Madame Cleo crystal ball, tomorrow morning there'll be another company with a ransomware attack. Two weeks from today, I'm gonna go live and there will be a story about a company getting ransomware. Like, this is so normal that it is not newsworthy. So what I would remember remind you is do tabletop exercises, put in the protection controls, and make sure that your recovery controls are pretty solid or at least in place. Both operational, like who knows how to install backups and who knows what order to install the backups, as well as technical. Are we taking backups? Do we have the network segment where lateral movement doesn't. Like, is the blast radius of a ransomware attack not hit our, you know, production facilities. It only attacks like the finance department or something like that. Okay, think through these things. If. Dude, I'm telling you right now, if you're using this cyber security framework, but like you open the fir, your. Your entire system security plan is one page and it's size 50 font and it just says hope. If you have a title page and I open it up and it says hope. Hope is your strategy. You are. You're tap dancing on thin ice.
C
Venom Stealer commoditizes click fix attacks. Researchers at Black Fog report a new malware as a service platform called Venom Stealer that automates click style social engineering attacks, lowering the barrier for cybercriminals. The tool builds a persistent data theft pipeline that continuously harvests credentials, session data and cryptocurrency wallets, using user executed commands to evade detection and silently escalate privileges. It's sold via subscription and is actively updated, highlighting the growing commoditization of advanced attack chains, with defenders urged to restrict scripting tools and monitor outbound traffic.
A
All right, tldr, because we've got two minutes until the show ends. I definitely gave you at least 30 minutes of instructor led webinar. So I don't feel like I'm. I'm shortchanging you guys, but I have lost my mind on a couple stories today. Venom Steward malware as a service. It's commoditized malware, which, which means it's like, not know, super. Like, tomorrow it'll be like flaming donkey malware as a service. And next week it'll be, you know, goldfish, you know, one fish, two fish, red fish, fish, fish. Right? Like it doesn't matter. Just insert name here, commoditize, and it's using Click Fix attacks. Until further notice, Click Fix attacks will continue. Here is the reality that I'll tell everybody. So you can take this with you as you go off into your careers or level up like you're the chatterbobs of the world who are like, just absolutely crushing it and continuing to be bosses. Here's the reality. When a threat actor, you know, whatever, generic threat actor, when they find something that works like Click Fix, there is no reason to adapt or change until it no longer works. Threat actors do not have baseball cards. They don't have cool points. They don't have, you know, end of the year, you know, Threat Actor of the year awards, where it's like, for, you know. And the finalists for most innovative novel attack in 2026 goes to flaming Donkey for the Fousey Wy Bits attack. No, it's all about straight cash, homie. It's all about taking over end points and getting access to information. It's all about actions on objective. What is the mission? What is the main goal of the attack? And until further notice, Click Fix works great. So guess what? I'm gonna hit that easy button over and over and over and over and over and over again until Quick Fix doesn't work. And then I'll mail you a USB drive and tell you it's got nudes on it or something or crypto coins and you'll plug it in and we'll go from there. But until further notice, Click Fix. So please educate your end users all day, every day on Click Fix Attack. Disable the ability to run PowerShell or disable the ability to hit Windows key R or, or just send them a Quick fix attack that does something funny on their web page. On the, on their web page, on their, Like a powershell command that does something stupid just to educate them. Thank you. Yes. When. When I get in mod Chat, when they send me the iflip out meme. It allows me to calm down. All right, thank you.
C
Microsoft warns of WhatsApp delivered VBS malware. Microsoft warned of a campaign using WhatsApp to deliver malicious VBS files that initiate multistage infections on Windows systems. The malware uses renamed legitimate tools, cloud hosted payloads like aws, Tencent, Cloud and Backblaze, and a user account control bypass to gain elevated privileges, install persistent MSI packages, and enable remote access via tools like AnyDesk. Microsoft says the attack combines social engineering with living off the land techniques to evade detection and, and maintain long term control. There's no.
A
All right. I mean, for the sake, it, it sucks because this story is actually important. Hold on one second. This, this has to have a graphic. There it is. I knew it. There it is. All right, so check it out. Just to educate everyone, basically, the threat actor messages you on WhatsApp with a VB script, which if you're running an iPhone and someone sends you a VB script, it's not going to run on your phone. Same with Android, last time I checked. Unless there's some type of, you know, cross platform interoperability thing, VB script runs on Microsoft Windows operating system. Now, if your end users are running WhatsApp fat client on their endpoint or maybe on the browser, I don't know, but they're going to run VBScript. So social engineering, educate your end users. WhatsApp as a delivery medium for malware is a thing, of course. End user awareness training and endpoint detection and response. To catch these things, you know, it's an initial dropper. You can see second stage payloads come on down. This is pretty clever. I would, I would recommend, if you're looking to get a little bit of deeper technical understanding of sophisticated text, this looks good because there is user access control bypass, which is nice. There's VBS malware, which is, you know, a nice little change of pace because it's a lot of Times it's like JavaScript and crap like that, using WhatsApp as the delivery vehicle. This, this one has a little something for everybody. Okay. This is like one of those excursions on a cruise ship that the kids are happy, mom and dad are happy, everybody's high fiving and it comes with a drink ticket. All right, so go check that out. Let's go. Computer play this. Ain't nobody got time for that.
B
Ain't nobody got time for that.
A
All right. I'm Jerry from Simply Cyber. Absolutely had a blistering day of daily cyber threat brief podcasting I am loving life. Thank you all so very much for. For showing up today. I hope you had a great show. First time. Okay, first timers, I hope you come back tomorrow because we do it every day. This is episode 1102, I believe my April 2nd, 2026. Thank you so very much for allowing me to lose my mind. Don't go anywhere because we are going to Jawjacking, which I'm going to be renaming. I've been hinting about this for a minute. I haven't fully figured out the name, but it's gonna. Basically, it's gonna be called, like, cyber Mentorship Sessions. Like, I need the name to be more specific because when you hear Jawjacking, that means nothing to someone who doesn't know what it already is. So we can collectively, we can refer to it as Jawjacking, but I. I believe the name is going to become Cyber Mentorship session or something akin to that. So, anyways, get ready for cyber mentor sessions with simply Cyber Community members. We're mixing it up. We're giving lots of people opportunities to showcase themselves and bring different personalities to the cyber mentor sessions. And today We've got James McQuiggin. At 35, 000ft. This guy is hotter than a stolen pistol. If you're picking up what I'm putting down, so get ready to bring your questions. Put it in chat with a queue. James will answer it. I'm super pumped for you guys. I got to go teach at the Citadel. Until next time, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking.
B
Good morning, everybody. Okay, I don't know where that vibe of Good Morning Vietnam, the movie came from, but I am coming to you here this morning from Millywocke, Milwaukee, Wisconsin. Yeah, I'm here for cyphercon. I got to do my presentation yesterday on deep fakes and went really well. Had a good. Had a good feeling in the room. And oh, there's. There's the. The stream coming in of everybody. That's good. So, yeah, so got to do my presentation, got to hang out with Simply Cyber Community member Josh Mason. And course, can't forget about Michelle Khan. Good morning, Sierra. This is great. I can say hi to everybody, but you all can only reply back in chat. But, yeah, I got to hang out with Michelle. We had lunch yesterday and I Got to see his keynote. Very inspiring. Good, good presentation. He dropped a fair number of dad jokes. Basically kept me in, in, in line. We were bouncing jokes off each other left, right and center. So it was going. It was a lot of fun yesterday. It was good meeting new f. Got to meet Tara and Emily and Elizabeth. So it was good to meet new folks. Always. One of my favorite things of hallway con, of coming to cons is being able to connect with new people, connect with friends and everything else. Connecting with friends. Like here on Simply Cyber, saying hi to Mara and Marcus and. Oh, and Kathy Chambers in chat. Oh, awesome. Love it. So, yes, this is your cyber mentor session. Cms. I don't know. I know Jerry's still working on the name. He's probably shaking his fist now, going, okay, yeah, I don't like the sound of that. But, you know, we'll come up with something. It's all, it's all good. So, yes, if you've got questions, drop them in the chat. You know, we'll see them up here. Be glad to answer them. Yes, Kathy Chambers meeting all the ladies. But, you know, it's, it's, it's always fun to meet new people. Always excited to see more and more groups of, you know, rather than just having the old white guys and, hello, I'm the old white guy. But it's always good to meet the young folks I. Folks that are, you know, trying to break in, folks that are, you know, a couple of years in or looking for, hey, I'm going to implement AI. What should I. What things should I consider or where's, you know, the different attacks that are going to be coming in regarding AI. So I had a great conversation with Keith regarding that. So, yeah, cyber mentorship at speed. Yeah, there you go. That could be saying that could be something there. Should I charge. So, cyber seller Phil, should I charge per. Let's see. Oh, yep, there it is. Let's show this one here. Should I charge per device in my MSSP service? It's a race to the bottom price wise out there serving financial institutions. Wow. Hitting off with the, the good ones right out of the gate. Okay, so her device, you know, I'm gonna, I'm gonna admit, here's something to your cyber. Cyber seller Phil working in msps. I've, I've never had the pleasure. It hasn't been something that's been in my history. But I think, you know, if you're going to, you know, make a bit, have a business model for it, then I'm certainly going to be looking at, you know, do you, depending on the size of the organization, do you just do it based on user, do you base it on the, the systems that you're protecting? So I would say you might even have different price points, you know, for networking equipment versus computers because you know computers are going to need a lot more attention versus servers versus you know, routers and firewalls and switches. So I would say I would be looking at per device because your users are going to have multiple devices that they're going to be accessing. So I would look at per device. Personally, I get it. It's a race to the bottom price that's out there. You want to be able to provide a service. But I think going look, you know, you could even make it, you could spin it and make it so that it's, hey, you know, we'll throw the users in for free. We're going to take care of the, the, the msp. But I think for the users they get the security awareness training. That's what you get them on for that individual charging. So cool. Well thank you very much on that one. Appreciate it. What's the best thing to work on? Oh, here we go. Ian Guidry's coming in. What's the best thing to work on as a student? Cyber wise? As a student.
A
Ah,
B
so a student of the cybersecurity. Yeah, so I think you know, you know, we're an inch deep and a mile wide worth of all kinds of different topics the with regards to what to study. You know, for me when I was a student of the cybers, I was trying everything, I was out there, you know, what can I try next? You know, playing around with VPNs, playing around with firewalls, playing around security awareness, phishing assessments, incident response, trying all the different things. See where my passion lies. But one of the important things is make sure you've got deliverables. Make sure you've got something that you can, you can show for the work that you're creating, you know. Yeah, essays and assignments and things that you might have in school are one things. But if you're creating programs or you're doing network diagrams or you're making your own lab and learning from that document as much as you can to be able to show that in the long run it's just going to depend what you're interested in. If, if it's incident, if it's hardware, if it's software, you know, but always be able to try to showcase and have a deliverable for that. So Cool. Thanks very much there, Ian Guidry. 9464. Let's see. I vote Cool Kids Cyber table, because I was never invited to the Cool Kids. Neither was I, Elliot. I. I was the avian geek. I was that AV nerd in high school. I was never invited to. To those. So you're always invite. You know, us, you know, AV geeks, nerds, we all got to stick together overall. Yeah, we're all cool kids now. Jaw Jack and Fix the Soul to Simply Cyber Name change is a bit overthinking. You know, Marcus, I. I love jaw jacking as well as much as the next guy, but, you know, when. When it comes to people that aren't familiar with us, you know, we are an amazing, amazing community, as you guys know, and we pick it all up on the inside. But I think also, you know, we. We want to be able to reach out to other people. And, you know, if somebody comes along and sees Jawjack, and they're like just a bunch of people sitting around talking cyber, no, thanks. But if it's. If they know that there's an opportunity where there could be mentorship or they could come in and like, ama. Like a cyber. Ama. A comma. That'd be kind of funny. Cama. Ama, Cyber. Ask me anything. Because that's essentially what this is, right? You guys can ask me anything. We try to keep it. We try to keep it with cyber, but, yeah, we want to make sure that we're. We're inclusive for everybody. You know, that's what we're. We want to bring everybody in there. I love it. Marcus, I like your statement a ton. Let's see if. Yeah, a ton of small changes lately. I don't think we're ever going to lose what this soul is about, my friend. A ton of small changes. Neither small tweaks. You know, I think, you know, we always got to be evolving. We've always got to be adapting, and we've got to be able to change and grow. The only constant in life is change. And that is a lesson that I learned from a former CEO when I was at KNOW before, and that was just, you know, that was something that stuck with me. You know, we. We like things comfortable. We like things easy. We like that warm security blanket that gets wrapped around us, like what we have with Simply cyber and jawjacking and everything else. But I think. I think the tweaks are. They're a good thing. I think it's okay. We'll. We'll slowly adjust. Let's see. Question coming in from Lost it. There we go. TY Kwangong9912. I would like to start my business based on providing offensive security to small businesses. Any ideas? Well, if you've got a niche, you know who you want to target. So you've got your audience, that's important. You know what you want to do with your business, that's important too. So now you've got to go find those small businesses, right? So where do small businesses go to meet up? Where do they go? Network chambers of commerce, events, depending on where you are in the world. But find out if there are local meetups for small businesses. Go talk to the small businesses, go talk to the owners. See if there are places where they meet up and you can go have cups of coffee with them or networking events, mentorship type events. That would be my first start is go find the small businesses, where do they hang out? Go have those conversations. It might even be something where you, you know, you go to other locations and. Or go to different businesses and talk to them and have conversations. So. Good question. But for me, go where the audience is, is hanging out. So let's see. AMA seems to be popular. Yeah. Oh, here we go. I always love a good ICS OT question come from Jared. Hey, good to see you again. Jared. What's one skill or expertise that you think a new practitioner should work on to be valuable in this space? Ah, one new one. A new skill. Well, you know, for me, a lot of it, you know, you can be. We can look at this from two ways, right? We can look at it from the technical aspect of icsot or we can look at it from the other skills. For me, I think it just depends on. It depends on where your skill set is. If there's a new skill you need to learn, you know, well, then, you know, you could always be looking at, you know, the SCADA communications. Understanding that if you're already familiar with that aspect of the technology, well, then, you know, now maybe it's like, let's start working on some professional development skills. Let's start looking at, you know, presenting or some other. I hate saying soft skills, but professional development skills. Start looking at different ways, you know, to be able to communicate, management, you know, depending where you are. For me, in the ICS OT space, it's always good just to kind of stay current on the current technologies. Looking at, you know, what's coming out with the different products with PLCs with SCADA, whatever it may be, but just, you know, kind of have an area where you are that you're lacking on that. You know, you want to improve and, and kind of work on that overall. So definitely, you know, be looking at other ICS folks that are out there. I know we have the, the one that's here and I'm blanking on his name. I know someone's going to throw it in chat for me, but I know that, that Jerry always raves about him and he's really good and I've seen him in the ICS space as well. Am I presenting at B sides upcoming time, date, announcement of those in the area? I am not at B side. I'm going to B sides Milwaukee, but I'm not presenting there. The next, the next presentation I've got is I'm doing a webinar today on, on public speaking. That is through a connection of mine, a public speaker. Oh, I think you were asking for everybody, weren't you, Sierra? But anyway, for me I've got a. I know I'm doing a webinar this afternoon. I'm doing a presentation for the Maritime Security Summit in a couple weeks. I'm presenting for Hack CFL on Saturday. You know, for somebody that's unemployed, I am like still going non stop when it comes to the presentations. Yeah, we got to be agile. Yeah. Simply ama. Oh, there we go. Simply simply AMA or simply. Or simply cyber AMA maybe or something like that. Oh, there we go. Okay. You know, Jerry, we got some ideas coming for you, buddy. Question. Seeing a lot of cesa. I'm not even looking at this question. I'm just throwing it up. A lot of CSA k. The known exploit vulnerability alerts coming in about older vulnerabilities being exploited. Must be a Tuesday. What's the day today? Must be a Thursday. Yeah. Being exploited. Sometimes PoC created by AI. Where would you focus on potential future where everything could be exploited? Where would you focus on a potential future where everything could be exploited? Well, I think, you know, leveraging A.I. i know that folks are in cybercriminal organizations are probably thinking that. They're thinking, okay, how do we just get AI to look for other vulnerabilities and then launch the attack? And that's. That concept's been around since 2017 and I have to imagine that they probably are. That is something that they are looking to do. But I think with a lot of the cyber criminal groups that are out there as well, from my experiences, they all have their areas of expertise. Yeah. And you even think about it in their own. Our environment as well. Like with it or cyber. You've got the people that are really good at grc, Gerry Ozer. And then you've got folks that are really good at doing EDR or infrastructure, you know, like FedEx. And then you got folks that are focusing on EDR and XDR and those kind of things. Casually. Joseph. So you know, the same things with these cyber criminal groups is the fact that they've got all their areas of expertise and so they could be out there exploiting all the vulnerabilities all at once. But then, you know, they may get in and go, oh, so we got this glitch happened. Okay, do we know anything really much about it? And so they really focus on their areas of expertise, whether it's industries, whether it's the type of exploits they like to do, whether, you know, against VPN infrastructure, whether against firewalls, or maybe even social engineering overall. So I do see that being a focus. Rename the section, but keep the jawjack. Jawjacking is a subscript to pay homage to the OGs. Oh, there you go. Let's see. Any other, see what other questions we got going here. Getting value. Yes, definitely. Take three seconds. Throw that up there. Throw the like in there. Helps with the algorithms and all that other good stuff. Kathy Chambers. Yeah. Knocked it out of the park with her show last week. Love that one. Definitely shout out to Simply Cyber. Very cool. Thank you very much, Darnell. Looking good. Oh, Mike Holcomb. Yes, thank you very much. Appreciate. Find the find, find the true too. Yes, Mike Holcomb. Definitely somebody. If you follow an OT on ics, if you're not already. I could rave, you know, Bryson Bort, Patrick Miller, Chris Sistrunk. Yeah, there's, there's tons of folks that are out there you can be following. Soft skills cannot be overrated. I completely agree. IO pro techno skills are useless if you can't communicate to leadership, whether you're writing a pen test report or requesting tool budget from the C suite. Of course, nowadays you could have AI help you write it as well, but don't upload any sensitive information. We don't want to be doing that overall. Oh, here we go. I'm partnering with an organization that is targeting cyber pros to provide evidence based mental health wellness programs to provide burnout, stress, et cetera, mitigation. Is there any interest or need? Holy cow, Elliot. Are you kidding me? I could. I know that there are hundreds of people, everybody in this industry, at some point, one time or another have to deal with burnout and that kind of stress. But yes, I would. I know I'd be curious to hear more about it, just to be able to share that without. Share that with a lot of folks that are out there as well. Let's see, do so. I was kind of curious. I was, you know, just like Jerry had with his camera. Me logging in to the restream this morning, got in at quarter to the hour before I started. And my microphone, I couldn't select my microphone in the input. It was kind of crazy. I had to go into settings and fix it there and struggling and restarting and everything else. One of the things I wanted to prep, and you guys can drop your responses here, I wanted to prep a little slot PowerPoint slide because I live in PowerPoint. But I was curious being here at a conference, B sides, DEFCON, Wild West, Hack and Fest, you know, InfoSec, World, ISC2 Congress, whatever conferences you love to go to. I'm really curious from folks. If you are going to a conference, do you look ahead to see what conferences, sorry, what presentations and who's speaking, or do you just show up the day of. Or do you just. Yeah, those two options. Do you plan ahead for your conferences or do you just wing it? I'm really curious to see what everybody else else has to say with regards to that. So when you go to a conference, do you wing it or do you plan ahead? Hope you're doing well. In your long career so far, have you faced burnout? And if what you did do, overcome it, appreciate your time. Lazaro J. Rivera I haven't experienced it as bad as other people, but for me, burnout comes in a lot of different ways. But it's certainly to the sense. For me, a lot of it came down to the fact that I was extremely frustrated every day. I wasn't happy with the work that I was doing. Imposter syndrome. And a lot of it was being able to. You have to be able to step away. You have to have. You have to try to have a good, you know, the work balance, the life balance. I know sometimes folks can't do that, but for me, a lot of it came down to being able to, you know, have to step away. One of the things that I appreciate about Europeans and because I've been there enough and worked with a lot of them over the years, is they work to live. You know, they do their 40 hours a week and then they enjoy their. Their time with friends and family and they're getting away for the weekends. And that for me is. Is key, you know, being with family. Now maybe you. You're not somebody. You're single and you've, you know, you got your friends that you want to hang out with. But a lot of it comes down to being able to try to find that balance. Being able to try to step away and recharge those batteries if you can. I. I know it may not be a. The answer you're looking for. It might be kind of a more of a warm and fuzzy one. But I know for me, a lot of it is trying to, just to try to reset. I mean, we do it all the time. I had browser issues, so I turned, I shut the browser down and reset, started it back up. You've got to be able to kind of do the same thing. Shut yourself down, reboot yourself, give yourself a way to be able to walk away, take a break. Week vacation, two week vacation, whatever it takes. 100. I'm a planner, but I leave room to wiggle if necessary. All right, Find the truth. Like that. With regards, research the conference and look at presenter profiles. All right, like that. Dennis. For me, sometimes I'm looking to see if I know anybody that speaking and if they are, then I want to go see them and watch their presentation and support them. Where am I going? Where I'm going to get my value at the conference? Where am I going to get value? DJ B sec. Where am I going to get a value of my conference? Let's see what else we got here. I'm curious to see what. Got some folks that are planners. Got some folks that are that, you know, kind of wing it. I know for me, with a lot of conferences, I will look to see who's presenting and if I recognize anybody, then, okay, I'm going to go see their presentation. And then after that it's like, okay, is there any particular topic that I'm interested in? Of course, right now all the hot topics are all about AI. So everybody's watching, wanting to go see those. Yesterday I did my, my deep fake one yesterday that went really, really well and got. Got a nice reception. Got, like I said, got some good folks that enjoyed watching it. One of the fun things that I did yesterday was I demoed a new tool that I created for that I worked on by coding over the weekend because I have all my deep fake tools and programs that I use. But I demoed a new one yesterday where it now does a full body avatar, which is pretty wild. Maybe I'll have to show you guys. Maybe next week when I'm back in my studio and I've got a lot more room to be Able to do that. So let's see any other questions that are. That are out there. How are we doing on time? Oh, we've got about five minutes left. Okay, that's cool. See a lot of you research. Various plans tentative with breaks built in for balance. Okay, there we go. Thank you, Sierra. Yeah, I. I like to do research. Sometimes I go to events. If I'm speaking, I won't look ahead. I'll just kind of. Because I gotta. I'm more focused on doing my presentation and, and showing up. And then it's like, oh, okay. Then I get there. I'm like, oh, so and so's here or so and so is here. So that's always. That's always pretty cool. I saw Sherry. Yes. Yes. Phil Perry was showing off full body one. That that service that he had is the same one that I used. When I saw he did that, I reached out, I'm like, hey, using. And he shared it with me. And so I went out and researched the tool, the product and saw that they had an API. And with that API, built it into my tool that I created called Fake Maker. And I use that for all. Doing all my deep fakes with different services and everything else. But yeah, Perry was doing it. I did it yesterday. I deep faked. Me as monster. Who is the guy who organizes this conference and the B sides? Milwaukee. Michael Getzman. And so I did that in front of everybody and then did a live deep. Did another deep fake creating of him raving about how good my talk was. Cool. Ask Simply Cyber Roswell uk Coming over the top there. Ask Simply Cyber. That's a cool one. I like that one. As we try to come up with new ideas, we're. We're grassrootings. Grassrooting. Our new topic for this segment as we do it after the Simply Cyber show every week. Every day. Not every week, but we do this every day. And I've. Which reminds me, I've got a. I've got my dad jokes planned for Jerry tomorrow. Let's see here. I have a. And I was chatting with. With Michelle. We're working on. We're working on a new joke book as well. So that's coming. Yep, there, I've got it. Seeing as it was April Fools yesterday or the other. Yeah, that was yesterday. April Fool's yesterday. The theme tomorrow, sneak peek for you all is on April Fool's jokes. So there you go. Ask. Sounds like ask. Oh, I'm guessing Ask Simply Cyber asc. Ask. Ah, there we go. That could be kind of a Fun way to be able to do it. My professor keeps posting Deep fakes on LinkedIn until his followers caught on. Nice. But Ask Simply Cyber Ask asc. Yeah, that's almost like it. Yeah, that's kind of cool. I like that. That is really neat. Dad jokes for the win. Always. You know I throw them in the presentation yesterday. Yeah, always, always a good time throwing in the dad jokes and chatting it up with everybody. Cool. That's interesting. Your professor kept posting Deep fakes on LinkedIn until his followers caught on. Alrighty, Any last questions? Any last comments? Anybody got any? Well, I was gonna say anybody got any conferences? Anybody going to San Diego besides San Diego this weekend? I know, I was chatting with Josh Mason. He's going, he's heading out there. I know our Wade through logs, our good friend Wade Wells. He's doing B sides San Diego this weekend. I wish I was going. That would have been fun to go. But I've got a presentation on Saturday with Hack cfl. I'm going to be talking about kind of what my experience has been like the last three months from Pink slip to pull requests which deals with leveraging AI and everything else. But yeah, so cool. Alrighty. Well, we are at the bottom of the hour. Hopefully you've all had enjoyed this chat. I'll be back next Thursday. Always excited to be able to chat with all of you and excited you guys welcome, welcome me into all of this and it's a, it's a pleasure and an honor to do this for Jerry and I'm excited to be able to kind of provide any insights and perceptions that I can for all of you. So very cool. Well, I wish you all a happy Thursday. I look forward to chatting with all of you tomorrow when we get the. The dad jokes getting dropped. So for, for me, for Jerry, thanks for stopping by and we will see you guys all tomorrow.
Host: Dr. Gerald Auger, Simply Cyber
Guest Host for Cyber Mentorship Session ("Jawjacking"): James McQuiggan
This episode of the Daily Cyber Threat Brief focuses on the eight most significant cyber stories making headlines as of April 2, 2026. Dr. Gerald Auger leads with his trademark energy, delivering a blend of expert industry insight, practical takeaways, and community engagement aimed at cybersecurity professionals, business leaders, and newcomers alike. The episode includes in-depth breakdowns of major security incidents, trends in threat tactics, actionable advice for practitioners, and a concluding interactive mentorship session.
On Legacy Patching Pressure:
“Apple had to get socially pressured to do this ... Apple was not the one running off the front of the ship and saving Private Ryan.” [16:40]
On Multiple Persistence Mechanisms:
“They [advanced threat actors] are on different time bands ... you might not catch all of them. Even if you think you've eliminated all persistence mechanisms, they could come back.” [23:10]
On Tabletop Exercises:
“Tabletop: what would it look like for us to generate new API keys and deploy them? Do we know where all the keys are?” [34:09]
On Hope as a Security Strategy:
“If you have a title page ... and it just says hope, you’re tap dancing on thin ice.” [53:29]
| Segment | Timestamp | |------------------------------------------|------------| | Start / Community Intro | 00:00 | | Apple Backport Security Patch | 13:28 | | FBI "Major Incident" Breach | 18:59 | | Cisco Source Code Breach (Team PCP) | 31:21 | | Mercour / Light LLM / Lapsus Breach | 38:00 | | Mid-roll & Memes | 43:12 | | Cambodia Scam Ring Extradition | 45:37 | | Hasbro Ransomware Attack | 50:39 | | Venom Stealer Malware-as-a-Service | 54:39 | | WhatsApp VBS Malware | 57:52 | | Cyber Mentor Session (Jawjacking) | 62:28 |
This episode exemplifies why the Simply Cyber Daily Cyber Threat Brief is a go-to for practitioners: news recaps aren’t just headlines—they’re coupled with real-world context, incident response lessons, and a dash of humor. The mentorship/Q&A session reinforces the supportive, inclusive nature of the Simply Cyber community.
“Stay secure. And if hope is your strategy, it’s time to rethink your plan.” — Dr. Gerald Auger [53:29]