Loading summary
Dr. Gerald Ozer
All right. Good morning, everybody. Welcome to the party. Today's Thursday, April 30, 2026. This is simply Cyber's daily cyber threat Brief. I'm your host, Dr. Gerald Ozer, coming to you live from the Buffer Osier Flow Studios. And if you're looking to be entertained and educated on the top cyber news stories of the day and going beyond the headlines to get additional insights and value that you won't get anywhere else while engaging with a like minded, supportive, inclusive community, well, you're in the right place because that's exactly what we do here every single weekday morning, 8am Eastern time. Sit back, relax. We got a great show for you. We're off and running. Yes, that's right. Another day, another dollar making it happen here at the Buffer Osier Flow studio. Good morning, everybody. It's great to see you. We are just pumping along this week and it feels good. Got the coffee flow and got the energy vibes from yesterday spilling over. I hope you're feeling great and I hope each of you are having a wonderful day week now we're gonna go through eight cyber stories of the day. I have not researched or prepped for any of these stories. I even have no idea what the stories are going to be. Why ain't nobody got time for that? Because ain't nobody got time for that. I'm a practitioner, same as you, and, you know, we just don't have time to. How convenient would it be to prep for the show, read all the stories, and then seem like the smartest guy in the room? Oh, this reminds me of this wicked, obscure situation. Let me just see. Oh, I have a tab open right here. No, this is rough, rugged, raw, authentic, and it's real. And I'm, I'm bringing you along. And we're doing it. We're doing the thing, y'. All. And it's going to be all about good times. Now, if you're a Regular Jay Ghoul, N2D says he's dragging. Jay Goul. This one's for you. Coffee cup. Cheers. Trying to send some vibes to you, my man Jose ramos over on LinkedIn. Good morning to you, dude. What's cracking? All right, guys. Hey. Many of you green badges, Dennis Keefe, Osint Master. Many of you green badges and long timers know the routine. But if you're here for the first time, let me tell you, welcome to the party, pal. It is imperative that I make it apparent to you that everyone is included here. If you've got good intentions and a good attitude, Come on in here you are welcome to be here. Welcome to the party pal. I also want to say shout out to all those who are listening on Apple Podcast and Spotify. Thanks for checking the show out on the regular part of your morning commute or your daily routine. Come over to YouTube. The chat is warm, the water is nice, and DJ B Sec does pop up from time to time. Hey DJ B. But if you are here for the first time, hashtag first timer in chat. Drop a hashtag first timer in chat and you will see the squad, the Simply Cyber Squad, just roll over you with what can only be considered a group hug of John McLean from the Christmas classic Die Hard, welcoming you to the party pal. So take that first step into socializing. Drop a hashtag first timer in chat. It is a Thursday, which means it is what your meme Thursday. Every single day of the week here at Simply Cyrus Daily Cyber Threat Brief has a special segment and Thursdays. This man right here, Dan Reardon, AKA the Haircut, Fish sock analyst extraordinaire, crochet master, mentor to many. He also whips up custom memes every Thursday. And this week's is a banger as usual. If you'd like to play the game, we have like a little sub game going on. Sam Crow 7, by the way. Sam Crow 7, Northern California shout out. But I want to say what's up to Sam Crow 7 because she was a first timer earlier this week, I think. Or maybe late last week, but either way she's back for more. Great to have you here, Sam Crow 7. So if you like to play the game. And guess what, the meme of the week has to do with Dan usually makes it something relevant to what happened earlier in the week. This one's kind of an easy one this week because there was a massive incident on Tuesday morning. But stay tuned for the mid roll for the big reveal on that. Every single episode of the Daily Cyber Threat Brief is worth half a cpe. The Continuing Professional education credit. Those are credits if you have a cyber security certification you are required to maintain. The maintenance typically comes in the form of an annual fee.
James McQuiggin
Boo.
Dr. Gerald Ozer
Great cash, homie. And continuing professional education credits. So you stay sharp, right? No one wants someone who has a CIS P that's, you know, been on the moon for 20 years and just came back. Right? They don't know what's going on. So cpes for days. This is an instructor led webinar, effectively, even though it doesn't feel nerdy and starchy and stuffy. Right. I'm not wearing a button down shirt with short sleeves and a tie and a pocket protector up in this mother trucker. Right. So what what we're doing here is I have a PhD.
James McQuiggin
Ooh.
Dr. Gerald Ozer
I work 20 plus years in the industry.
James McQuiggin
Ooh.
Dr. Gerald Ozer
And I'm leading this workshop or this briefing, or this webcast or this webinar or however you need to spin it. It is the delivery of information from my mouth to your ears. Also, just as bonus, like the community right here, full of amazing people, A guy name 303 dropped in Gifted subs up in this mother peace. We got Rick Poduch, Soila Valentino picking up these squad memberships. Thank you very much. Guy named 303. Did we just become best friends? Yep. And you squad members, welcome to the party. Sam Crow said she likes straight cash. On me. I am a Randy Moss fan. Sam Crow. You got it. Straight cash, homie. All right. Hey, speaking of straight cash, homie, this show doesn't happen without the support of the stream sponsors. Right? Am I right? So let's say what's up to them, starting with anti Siphon training. Anti Siphon training is disrupting the traditional cyber security training industry by offering high quality, cutting edge education to everyone regardless of financial position. You can go on their website antisyphontraining.com. check out the course calendar for upcoming content. Did you attend how to Break Free from Cyber Security Burnout yesterday? If you did, let us know in chat how it went with for you. A followup from a couple weeks ago where Patterson Cake did the Unix endpoint webcast Anticast. Now we've got a four hour deep dive workshop. Get your hands on dirty Walk through artifact gathering forensics on Linux and Mac endpoints using Velociraptor, which is a dynamite sec ops tool. If you don't know Velociraptor. Oh boy, that is a game changer. You drop Velociraptor in a sock analyst interview as a tool that you have experience with and you can sign yourself up on the short list. Believe that. Go check it out. Rapid Endpoint Investigations. You can take this training for as little as $25. Oh my. Four hours. Hold on. Four hours? Dude, for 25 bucks? You're joking me. This guy's hourly rate is probably significantly higher than 25 and you're getting him for four. Four hours. Holy crap. Don't sleep on this opportunity. I'm gonna drop a link in the chat below. Too late. Too late will be the cry when Patterson Cake and his Unix Endpoint investigations for Linux and Mac Workshops has passed you by. See what I just did there? Ah, a little bit of a hype man out front of the tent. All right. Also want to say shout out to Flare. Flare Cyber Threat Intelligence Platform bringing the heat. I love Flair as a company. I love the people over there and I think their platform's sick. Listen, Sam Crow 7 up in San Jose, you don't have a pair of mud boots tall enough to go walking around in the dark web and not get some of that filth on your person. Allow Flair to go into the dark web, to go into those forums, to get into the telegram channels with the criminals and capture this information. Bring it back in a nice tidy platform that allows you to query it very quickly. Find users in your environment whose credentials have been compromised. Find if you in your organization is going to be targeted. Find all the chatter, get those credentials reset before bad turns into really bad. With Flare's Cyber Threat Intelligence platform. And right now, because it's simply cyber, you can go get a two week free trial right now of Flare. So there's no re like literally, what's the downside? Oh, I might lose money doing this free trial. No, I might lose time. Yeah, but I mean you have to evaluate these things and this is a game changer. Go to Simply Cyber IO Flare now to check it out. Speaking of another game changer in the environment, Threat Locker, longtime partner to Simply Cyber and really one of the partners that enables me to bring the show to you every day for 1000 plus episodes. Threat lockers application denied by default Security approach is beloved by many enterprise organizations. Fortune 500 companies, they do it in the cloud now as well. Let's hear from Threat Locker and then I'm gonna melt your face. I want to give some love to the daily cyber threat brief sponsor, Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threat locker.com daily cyber. All right, all you cool cats, it's that time of the day, so do me a favor. Whether you're on the left coast getting up early and by the way, shout out to the left coast people. The Sam Crows, the Phil Staffords, the Elliot Matias, the Sunshines, the Sierra Montgomerys, and so many more. Dude, I understand it's 5am there. I know it's dark there. When I'm on the west coast, I do the show at 5am myself. I get it. I appreciate you. Thank you for being here. Now do me a favor, sit back, relax, and just put on that SPF 10,000 on your face because I'm about to let the cool sounds of the hot news wash over all of us in an awesome wave. I'll see you all at the mid
James McQuiggin
roll from the CISO series, it's cybersecurity headlines.
Sarah Lane
These are the cybersecurity headlines for Thursday, April 30, 2026. I'm Sarah Lane. Hackers are arrested for selling Roblox accounts. Ukrainian authorities arrested three individuals for.
Dr. Gerald Ozer
Hold on really quick, I see Nintendude in the chat. Okay, really quickly, I'm sorry to interrupt the first story, but Nintendude, I have been watching chat from like a month plus since RSA waiting for Nintendo in chat. Nintendo normally Spotify listener here live with us today. Nintendo. Welcome to the party, pal. Welcome to the party, pal. Also, you know, coming to RSA's meetup. Long time community member. Love it.
Sarah Lane
Hijacking more than 610,000 Roblox accounts using info stealing malware disguised as game enhancement tools. The attackers harvested credentials, sorted accounts by value, including at least 357 high value profiles and sold them through Russian platforms, generating around $225,000. Police seized devices and cash during raids and the suspects now face up to 15 years in prison as investigators look for additional victims and and accomplices. Micro.
Dr. Gerald Ozer
All right, so first of all, they took $35,000 of cash. The law. Well, hold on, there's so many sound effects to hit here. Regulators. All right, and then they took, they took 35,000 of hard cash from these guys. Straight cash, homie. Straight cash, homie. So listen, Roblox, this is to me, this is really interesting because Roblox, if you don't, if you don't have kids, Roblox is basically one of these platforms that is just blown up as incredibly, incredibly popular like, like millions of users. And the, the weird thing is, or not weird, but like I swear to God, if you went back to like 1983 and told Atari that the most popular games would be content that is made by the users, it would cook people's brains. Roblox is a platform that allows you to make games and then people play the games. And I think if you make a popular game, you get paid too. My, my son is big on Roblox. I know way more about Roblox than I want to. Space Talkos. 35 months, almost 3 years with the squad membership. Thanks Face Tacos. But, but dude, if you won't, if, if you own kids. I can't believe I almost said if you own kids. If you have kids, then you know that like, dude, like Roblox, it's like microtransaction central. Like, oh, can I get this, like cosmetic. Can I get this thing? So it's big money and they make millions and millions of dollars. So anytime, I mean it's, it's basically human nature. Anytime that there is a platform that's generating revenue, there's going to be criminals who are circling around it like guppies on a shark. 600,000 accounts compromised. Now this is, I, I have talked about this multiple times. Listen, my kid's 11. I love my child. His brain is not fully developed. Okay? So you know, if you get like. My kids have been. My kids have received massive amounts of awareness, cyber awareness training. So it's. Maybe my kids are not perfect examples, but when you are a kid, you have, you know, maybe a paper route or. I just aged myself. Nobody has a paper route anymore. I forgot newspapers don't exist. But like when you are a kid, you, you have, you, maybe you mow lawns. I think that's a thing still. Maybe when you're a kid, you're a newsy on the street corner yelling, extra, extra. I'm so old. Jesus, I'm so old. But most kids don't have money, right? So when you see someone on YouTube being like, oh, hey, if you want to get, if you want to get this like cosmetic download this thing or if you want to hack. People talk about my kids always like, this guy's hacking over here. Children will be all over it and chill. Some people, I know some not my house, but some people will basically give their kids credit cards and just allow them to, you know, go ham. Like, oh, like basically it's like an eye nanny. Oh yeah, here. And you want some Robux, go ahead and buy it. You know what I mean? Like, just leave me alone. While me and your mother continue to play pickleball out in the backyard. FedEx 24 months, two years. Blue Badge. Thanks, dude. So anyways, it's a perfect storm you've got. I don't want to Say an idiot user pool or victim pool. But you have immature victims who have access to credit cards. Roswell uk. Not a first timer, but welcome to the party. So I'm not surprised that they're going. I mean this has been the case forever. Dude, people used to rob people's RuneScape accounts, World of Warcraft accounts, Fortnite, all these things. So let's see what they did. The attackers are age 19, 21 and 22. Again, I'm telling you right now from an overall threat landscape, threat profile. This is something GRC people should stick into their, into their calculations and think about bigger picture, macro picture. There is a new generation of skilled. I, I would. I don't want to say anarchist, but skilled, apathetic, you know, citizens of the world coming of age where they're not everything. Cost too much money. Doesn't seem like there's hope. Right. AI Apocalypse, all these other things. So like it's easy to just be, you know, angst and against the machine and do these things that seem like quick wins. Easy money. Now of course these guys are going to go to jail, so served. But how do they do it? I mean basically. Oh yeah, look at this. Look at this graphic. I love it. This dude in his peach colored room. His desk is just a filthy. That's another thing, guys, really quickly. Can I just. If you're listening on podcasts, the Hollywood movies make the threat actors look like they have like a warehouse and they're running cables and they've got all sorts of infrastructure. No real threat actors. This guy's in his mom's like craft room, peach colored walls. His desk is a freaking mess. He's got like old ramen paper wrappers, an empty plant pot. It. It doesn't take much to run these operations, dude, by the way, if this guy had 35 grand cash and $225,000 in like criminal stuff. Like can't you like hire someone to clean your room? Like, I mean, come on, dude, how are you even living like that? All right, so let me like. I'm sorry, final thing I want to talk about is how does the attack perpetrate? It doesn't really say. Hold on. Initial the word initial infection. The scheme involved promoting info stealing malware disguised as a game enhancing tool. Yep. Hey, download this and be able to cheat. A Roblox. Person installs it and immediately gives up their creds. That's it. And then if you have some super rare thing, the per. The. The attacker goes in and just trades it out of your inventory. To theirs and boom, it's over. That's it. Simple, nice and clean. Educate your kids. Please educate your kids. And remember, it's Roblox today, but it might be fubar tomorrow and zing zang zip zap tomorrow the next day, right? It's just the, the, the players change, but the, the scam doesn't. The final thing I want to point out here is another scheme I've saw, very quick one I just wanna, I just wanna point out really quickly. I, I saw one because my kid wanted to fall for it, okay? My kid wanted to fall for it. There is YouTubers, okay? They're like literally live streaming. They're live streaming YouTubers and they say, hey kids, if you want me to go into your account and level your account up, or if you let me go into your account, I'll buy Robux and apply them to your account live on stream. All you have to do is DM me your username and password and like the guy was doing it, right? So like what's. Mara Levy's in chat right now. So Mara Levy DMs me and live on chat, I log out of my live on stream, I log out of my account and I log into Mara Levy's and then I buy like $1,000 worth of Robux and then I'm like, see? And that becomes proof that I'm doing the thing I'm saying I'm doing. And then I do it to someone else. And now you just have hundreds of children firing their credentials directly into DM chats. And the guy, of course he does a couple of them, but at the mo, for the most part, he doesn't even need to infect your machine with malware because you're literally giving them all the creds. I saw that one, thought it was clever, but at the same time, pretty nasty.
Sarah Lane
Soft patch for a zero day falls short. Microsoft and CISA warned that attackers are exploiting a zero click Windows shell flaw created by an incomplete fix for an earlier vulnerability used by Russian state backed group APT28. The bug allows credential theft via forced authentication and exposing. NET NTL MV2 hashes that can be used to access sensitive data and move laterally on networks. Even after Microsoft's February patches blocked the original remote code execution chain. CISA has added the flaw to its known exploited vulnerabilities list with a May 12th remediation deadline. Us.
Dr. Gerald Ozer
All right, so a couple things. Ah, you gotta patch it. All right, so here's the deal. Russian spies exploited a Windows zero Day zero click Windows Flaw, which means it doesn't require any user interaction. Pretty serious. And Microsoft patched it. Now, the patch didn't work, which is what the story is. The story is not about the. The vulnerability but. But it went from like vulnerability to exploited vulnerability. I do want to point out really quick, the CVE here is CVE2026 3202. I'm going to go to DJ B sex EPSs tool, which allows you to drop in a CVE number, which I've done here, and hit get results. This will bring back a EPSS score. EPSS is one way that we can use or one tool that we can use to determine how bad a vulnerability is. And you know, is this like a stop what you're doing and fix it? Is it not a big deal? DJ B Sec your. There's a bug in your platform because it says it's not on the Kev list and it is according to this story, right? It. It's. CESA added it on Tuesday to their Kev list. It says here. So let's look at the scores. It has a CVSS score of 4. 3, which is very low, right? We wouldn't really ever get to patching that unless it was like incidental. But if you look at the EPSS score, which is how likely is this to get exploited in your environment? Which is why I like EPSS over CVSS scores. You could see here you have a 7% chance of getting exploited in the next 30 days. And if it does, this is in the 91 percentile of, of all the hundreds of thousands of vulnerabilities in the EPSS database, this is in the top 92 percentile of how bad is this? Right? So the higher the number, the worse it is. So the question you have to ask yourself, and again, I'm going to age myself. So get your Kool Aid man out is are you feeling lucky, punk? Well, are you? That's a Clint Eastwood dirty hairy reference. Back when action heroes look like they smoked a pack a day and were not very action heroey. So I, I don't know about you. Like, if I had a 7% chance of my environment getting compromised, I'm not super into that. So you might want to patch. Now, what's the bigger story here for everyone who wants me to like for, for you as someone, I, I like to go beyond the headlines and point something out. Guys, we don't live in a video game where, oh, like, you know, this isn't cybersecurity job simulator where it's like, oh, there's a vulnerability. Apply the patch. Ah, you got a patch it patch applied on to the next thing. No, like here's the deal. When there is a nation state threat actor attacking a very serious vulnerability, zero day, zero click, remote code execution, all those things, right? Microsoft takes it upon themselves to rapidly deploy a patch. Now it doesn't happen all the time, but just sometimes the patch doesn't work well or it's not enough or whatever. Think about this for a second. You're at work, click clack, click clack, click clack, right? And then something comes over. Hey, this is an emergency. There's a bug in the Microsoft Windows operating system which by the way is, is like hundreds of thousands of lines of code. There is a bug that is being exploited or vulnerability that's being exploited by Russia. We got to get this thing fixed. So now it turns into a foot race of the developers trying to figure out what is the vulnerability, how is it being exploited, how can it be fixed while not causing bigger problems to the source code. That's a, that's a key thing. And then, then applying it so they don't always get it right. Sometimes like it's human nature, right? Oh, it looks like it's a input sanitation issue. Let's go ahead and put some sanitation checks or sanitization, sanitation sanitization checks on the input before pushing it for processing. And you do that and then you find out it's like a deserialization bug or something like that. So Microsoft rushed to get it in. You can't test all the scenarios and use cases. You can do some of them and once in a while, unfortunately the patch doesn't work or, or it's very easy to circumvent the patch again, right? You see this like, you don't really see it with Microsoft so often, but you will see it with like smaller software vendors or technology vendors where something happens, it makes huge news and then they try to patch it wicked fast and it turns into another problem and it's just like crisis management for that vendor. I can't think of any examples off the top of my head. There were a couple last year that were very, very noteworthy. I just can't think of them off the top of my head. But just know it's, this isn't video game cyber job simulator. Like occasionally the patches aren't enough and it's because they're there. They are, they are struggling with the balance between how fast can we get this thing out and how thoroughly can we test it to make sure it's, you know, holistic and comprehensive and China
Sarah Lane
partner on Dubai scam takedown. A joint US and Chinese law enforcement operation raided nine scam centers in Dubai resulting in 276 arrests tied to cryptocurrency pig butchering schemes that defrauded American victims. Investigators traced the networks using data from meta financial records and blockchain analysis, leading to charges against several organizers accused of running front companies coordinating the scams. This is part of a broader US effort to combat cyber fraud which cost Americans $16 billion last year. Concerns remain over links between Chinese criminal groups and state aligned economic activity. Hackers exploit RCE flaws in Qinglu. Attackers are exploiting two authentication bypass flaws in the Qinglong task schedule.
Dr. Gerald Ozer
Computer. My God, man. All I want you to do is start and stop when I push the start stop button. Like I'm not asking for the world from you computer. All right, so law enforcement, regulators, dude, America's been going hard into the paint on taking down scam enterprises. I love it. Thank you very much. Dude. The victims are individual citizens, dude. Now what's weird about this? Immediately, Immediately. What's weird about this is like US China tag team back again. Whoop, there it is. Like, are you kidding me? Like, I didn't have US China partnering on anything on my bingo card. I don't know if you guys have been paying attention to, you know, the news, but, but okay, some people do have some theories in mod chat on why China was like down with the sickness on taking down this thing. But yeah, guys, guess what? Just because you live in Dubai, it doesn't mean that you're safe. Just because you live in Burma or Cambodia or wherever there are countries that offer bulletproof hosting. Eastern Europe is notorious for Russia protecting the threat actors if they don't attack Russia. Although I do want to point out Revil ransomware gang actually absolutely got bum rushed in Ukraine a couple years ago. Or Russia. Russia did. Although some people think that was like a, a false flag operation in order to distract from the impending invasion into Ukraine like the next day. Sixteen billion dollar enterprise. Guys, I just want to point out when you're dealing with the numbers like 16 billion, this isn't like stealing someone's wallet, taking the cash out and throwing their wallet in a sewer and being like, I'm gonna go to Jimmy John's and go get myself a sub with this. Straight cash, homie. Straight cash, homie. $16 billion requires a lot of infrastructure. You need mules, money laundering, you need, you know, bank accounts. You need you know, operations, obviously, the scammers themselves, managers to manage the scammers. Like people are doing, you know, forecasting, like, oh, look at the Q1's looking pretty good. So this is insane. I love that the Department of Justice has a scam center strike force. Hell yeah. Let's get some of that. This was on November 12, 2025, so about seven month, six months ago. And I'm telling you, dude, they are leaning into taking down these. It's southeast in Southeast Asia call centers, but Dubai is Middle East. But you know what? Sure, let's. Let's take them all down. All I can say is this doesn't necessarily. I, I always want you to think like, what does this mean to me as a cyber practitioner? Because, because at the end of the day, that's what we are here for, right? We're practitioners, we're trying to stay current. All these things, all this me, this is a good one. Okay, so first of all, next time someone, you know, talks about getting compromised or falling for a fish or whatever, at least we have a good story to bring to the table for a change. Most people don't want to talk to us because we're basically, you know, Debbie Downer from snl, you know what I mean? It's like, oh, hey, did you see the Bruins? The Bruins won game five in overtime. Looks like we're going to game six back in Boston. Woo. NHL playoffs. And then some cyber security person's like, do you know that individuals were scammed for $16 billion in 2025? Right. So like, we can at least bring some good stuff to the table about scams centers being taken down. But for the most part, day in and day out, we aren't. This isn't anything that we're going to be dealing with as individual practitioners. These scam centers are targeting individual humans, citizens, not organizations, typically. Now, if you want to build rapport with your workforce, if you want to have some reasons for them to want to listen to you, which by the way, I, I love doing when I build my cyber programs. I love getting my face into the face of the workforce people, because I want them to associate a name, a face, a personality with cyber. So then when happens to them, they feel comfortable calling me or calling my office and being like, hey, like some weird stuff happened. What do you think, dude? Most victims are the first line of defense, right? Especially if it's, you know, not obvious like how the attack sequence goes through or they fall for a click fix. You don't want them to feel shame and try to hide. You want them to notify you asap. So this is a great opportunity to share that thing. Share this story about. Yeah, like we're taking them down, you know. And dude, I'm telling you right now as a for a fact, anyone that has fallen victim to a cyber scam, whether they've ever come out publicly and said it or not, it. It. It's deeply personal. It feels very violating. So when you can share stories like this, it feels great. And it has stickiness for them to
Sarah Lane
achieve remote code execution and deploy crypto miners on exposed servers. The bugs stem from mismatches in routing and authentication logic, allowing unauthorized access to admin endpoints and enabling attackers to inject malicious commands that install high CPU mining processes disguised as legitimate system activity. Exploitation began before disclosure, and while initial patches were incomplete, a later fix addressed the root cause as infection spread across multiple environments.
Dr. Gerald Ozer
I don't know, dude, maybe it's me. Maybe I'm old. I mean, not maybe I'm old, I'm old, but like, here's my thing, okay? Like, I get like the idea of the hipster, okay? I get the hipster. I'm huge in a craft beer. I love Magic the Gathering. I like talking about obscure things, okay? So maybe, maybe I'm a hipster. I just don't have like, you know, what's. What's his friggin name? Pharrell's hat. Okay, I don't have Cam Newton's outfits. All right? But. But like, why. Why are people using Chin Long's open source task scheduling tool? Why? Like, what's wrong with like there. There's like so many other. Anyways, so, yeah, this thing pushes crypto miners onto your development servers and they just straight. Sam Crow 7 says. I'm not old. Sam Crow 7. Thank you. Well, well, well. Allow that someone screen cap that. I feel like I'm Steve Buscemi wearing the rock band shirt holding the skateboard, saying, what's up, my fellow children or kids or whatever. Anyways, if you're running this Qing Long open source scheduling tool, you probably, you know, you probably pwned. So go ahead and. You got a Patrick. Ah, you gotta Patrick. All right. Sneak is the one who did the security research on this one and got 19,000 stars on GitHub. So that sounds really good for them. It's an. It's a rce. They can do authentication bypass, which means it's unauthenticated rce, which is the. The, you know, I guess the, the bell of the ball, right? Like if you were going to hand out, you know, superlatives, right, like your high school senior year and they're giving out superlatives like most likely to succeed, you know, coolest, whatever, most athletic. This right here, you're getting most likely to succeed, unauthenticated rce, definitely winning. As a fun side fact, I did get one senior superlative. I wish I could remember what it was. I'll have to go back and look. But anyways, I got one. I got one. So how do you, how do you check this one? Okay, there's a rogue hidden process name full GC utilizing 85 to 100 of your CPU. Listen, here's my thing. Number one, the burden of crypto mining is the cost of the electricity costs more than what you make in, in the mining coin. But if you have someone else pay for it, it's pure profit. Straight cash, homie. Straight cash, homie. Next thing. Okay, listen, as a cyber professional who has put EDR agents on it, people's machines and developers, machines believe this. This is a straight fact. If there is a process taking 85 to 100 of the compute power on a machine, you know who's going to find out first? The developer. Because they are going to be bull crap and they are going to look at at what the hell is taking all the processor and then they're going to see some weird, you know, process and then it's going to be game over. So just FYI, it looks like it's got a name collision full gc. So it looks innocuous, but dude, they're gonna, they're gonna kill the process and then if it restarts, they're gonna be super mad. So TLDR crypto miners are a thing still. So practitioners be mindful. Crypto miners are a thing. Secondly, if you want to look for it, it's the Qing long open source task scheduling tool. And the final thing I'll point out, and this is a kind of a hot take. Okay, hold on. I got sneeze. I've got that dad sneeze that's like could shatter windows. It's so loud. Listen, question for you. If you had a crypto miner running on an endpoint, but you could still do your job and stuff, does it escalate to a level of priority where you do something about it? I worked in an organization where we had tens of thousands of endpoints and dude, if there was a crypto miner on something, we had so many other problems. That crypto miner did not elevate to a level that required immediate intervention, if any intervention. And I know that sounds wild to just allow it, but when you're dealing with like bigger issues, Crypto miner is not really that big. End user can still do work and all it's costing is power to the business, which, you know what I mean? Like, so I'm just, I'm just being real. Okay? I'm not saying I like compromised endpoints in my environment. I'm just saying when you have, you know, when you've got five problems and crypto miners your least serious problem, you're not going to address it first.
Sarah Lane
Huge thanks to our sponsor, Guard Square. AI is speeding up development. But at what cost? While 96% of teams now use AI tools, 81% report that AI generated code has introduced new vulnerabilities into their mobile apps. In a world with automated threats, you need multi layered polymorphic security to stay ahead of the curve. Learn more@guard square.com all right. Reverse engineering unearths GitHub.
Dr. Gerald Ozer
All right, all right, let's do this. Okay, so you know, every time I play, here's the thing, for those who watch on replay, if you're watching this on replay, I play the don't you forget about me which is awesome, but then I have to go back and trim it out so you miss the mid roll, which no one in the comments has commented that they're pissed they missed the mid roll. So I guess, you know what, if you're watching on replay, I'm gonna play the song. You may notice that part of the show gets cut out. Let me know if that's a problem in the comments. All right, let's do it. Today is a day for my age. Jay Gould called me ancient one, which I feel it's like a little older than I am. Sam Crow said I'm not old. So I don't, I don't know where I stand. But I mean, I know where I stand. I'm standing here. But check it out guys, thanks so much to you for being here. Love, love the community, love the energy. We got 367 of you beautiful people here in chat. One James McQuiggin in the green room. I see you, James. Good to see you guys. Thanks to the stream sponsors thread locker, anti siphon and flare Shout out to slay cert. Jesse Johnson Tech Ricky bringing the live stream action to help you level up your cert every single day of the week has a special segment and Jay Dan Reardon, AKA the Haircut Fish, he's in chat right now. I'm Gonna say, hiya, Dan. Where is he? See, I can't peg him. I don't know. All right. Every day of the week has a special segment and Thursdays is Dan. Dan has whipped up a custom meme. No one has seen it. Just so you know, I do not censor Dan. I do not give Dan any guidance or policy guidelines on what he does it. Over the last four years, Dan has made probably 200 memes and only one did I ever intervene because it was too, too hot for tv. But today's a good one, guys. He ties it into what's going on. Ladies and gentlemen, I present you. And if you don't know, on Tuesday we had the house power washed. There's a door right here to my studio. This door right here. This is not designed to be an airtight, you know, this is not a submersible. So the door has gaps in it and the power washer found all those gaps. And basically the inside of my studio got power washed. I lost my mind on stream. It is available on replay if you want to go back. So Dan took that as inspiration. Ladies and gentlemen, may I present you with your meme of the week. There we go. There we go. And you can see really quick. I'll zoom in. I'll zoom in really quickly there. Dan's got me with that. Zooming back out. Yes, there we go. There we go. So wonderful. Thank you, Dan Reardon. Also, I want to give a shout out to Dan's attention to detail. Look how filthy the house is on the left, how nice it is on the right. Tech grunt 25 months. Thanks tech run. All right, so thank you very much guys. Let's go ahead and run over to the la la la la. You know the deal. Marcus Kyler, lead us off Alpha Sierra here in spirit. Let the la la la la. La. And just for those who are listening on Spotify or watching on replay and didn't see this, I will post the this to the YouTube channel as a community post so you can see this glorious piece of artwork that Dan put together. Let's get back to the news. Computer GitHub bug.
Sarah Lane
GitHub disclosed a high severity flaw that could let attackers with repository push access achieve remote code execution by injecting malicious metadata through unsanitized input. The issue was discovered by wiz using an AI powered reverse engineering tool that analyzed closed source binaries reducing what would have taken months to under 48 hours. GitHub patched cloud instances with no evidence of exploitation, but many on premise enterprise server deployments remained vulnerable.
Dr. Gerald Ozer
All right, so Roswell UK says that we do miss the jokes, memes, community member of the week, et cetera. All right, so maybe I don't know how to handle this. I mean it's six and one half dozen. Either we listen to the song and enjoy it and I cut it out, or we just don't listen to it and I don't know, I don't know how to solve it, guys. It's been kind of an ongoing issue. All right, so let's talk about this number one AI. Shall we play a game? AI brings the heat and it just shows, man. Like yes. All the doom and gloom, all the hype that AI is going to, you know, result in just absolute compromise of all the things. Technology. Yes, but just like anything, man, a handgun can be used to rob a bank or it can be used to protect your home. This AI can be used to find bugs and get them patched. Now, a high severity GitHub bug that could result in really nasty exploitation and compromise was discovered and then patched. It was patched by GitHub already. Remember Microsoft owns GitHub, so there is some straight cash homie straight cash homie behind them. So they have the ability to patch these things. And because it's cloud based, the nice thing is they can patch it and you just get to benefit from it. So I love this. Wiz is cloud security firm that was acquired by Google for like $52 billion or some bananas number out there. So there's additional information in here about how the bug worked itself. The bug has been patched. So this is a postmortem lesson learned. If you're into software exploitation or reverse engineering, this could be an interesting blog post to read, but for the most part it's educational purposes only at this point. Not really. They had no instances known of exploitation. So you don't even have to go threat hunting in your environment unless you have free time, which many of us in cybersecurity do not have free time. So yeah, interesting. The TLDR for me here really is that AI can be used to find bugs. I've said this a few times in the past and I'm going to continue to say it until it's no longer. Until it no longer makes sense. If you are looking to get a CVE on your name, right. If you're looking to, you know, have a CVE published with your name on it, which is. Which is a huge feather in the cap career milestone, I wish I had one. I would love to do that. Now is the time, like the window is closing because AI is going to scoop up all the low hanging fruit and then it's going to be just the hard ones. And it looks like AI is maybe even able to do the hard ones too, so yikes. But you know what? AI can't do a, you can't patch somebody on YouTube live streaming telling kids to give them their Roblox credentials so they can give them free money. I said it yesterday, I'll say it again. You can attack people, process and technology. AI reverse engineering. That's just the technology piece, my guy. People in in process can still be vulnerable.
Sarah Lane
Exchange Online blocks Rogue Cyber Squad member thanks. Microsoft will start blocking TLS 1.0 and 1.1 connections to exchange online for POP3 and IMAP4 starting in July, fully ending support for the deprecated protocols. The move follows years of warnings with most traffic already using TLS 1.2 or higher. Though legacy clients and devices that opted into older endpoints could still face disruptions. The change reflects broader industry efforts to phase out insecure encryption standards. And unsurprisingly, Microsoft is pushing customers towards more modern protocols.
Dr. Gerald Ozer
All right, so this is fine. Here's what I would say. I would give a heads up to your help desk and a heads up to the application team, maybe the, the IT team for sure, right? And just say, hey, this is coming. This is very likely to have zero to very minimal impact to you. One of the coolest things Microsoft does, which is like, you know, it feels like a throwback to yesteryear. This is like 1950s style business operations. But Microsoft is one of the few companies that will communicate years in advance of an upcoming sunset or an upcoming deprecation of technology. So like basically when you think of system, this is an important topic. When you think of system development, life cycle, right? Everybody gets all geeked up about like the new thing or we're going to be deploying this thing or we're going to this new platform or whatever, right? Everybody's got their friggin eyes on the new shiny thing and only nerds like us are looking at the old barnacle ridden dilapidated thing over here that has been running the business for a year or two or three or 10 or 50 or whatever. And we're like hey guys, like what's happening to the old barnacle thing? And people are like shut up Jerry. We're all excited about the new hotness over here. No one wants to look at your old spinster. We're looking at the, the, the new, the New kid on the block over here and it's like my guy. Like that is risk, that is attack, Surface, that is exposure. And everybody's okay. So Microsoft has forever been like, hey guess what y'. All, in two years Windows XP is going end of life in, in 18 months we're going to start, we're going to force everybody to do multi factor authentication. They have given so much heads up and Runway for organizations worldwide to be able to plan accordingly. Now you might be like dude, two years. Who the frig needs? I, I don't even stay in a job two years. Why do I need two years? Well when you get to the higher levels of management and business, when you're a ciso, if that's your dream, that's actually a nightmare. Ask a ciso. Careful what you wish for. Budgets become important. Budgets is how you pay for new product and maintenance and licensing and staff and everything like that. And you know what you don't get? You don't get budget overnight. Budget comes in annual cycles if not more infrequently. So you need a year or two to plan for what's going to be happen. Especially when it comes to Microsoft technologies which are large enterprise grade huge footprints. So anyways, an old Deprecated version of TLS 1.0 is no longer going to be supported starting in July. Most applications, most users, most environments are already using TLS1.2 which means when they cut it off, nothing's going to go away. Like nothing. You'll be fine, everything's going to happen. You'll wake up and it'll be like I don't even, you'll forget that this happened. Okay, the the story is more about system life cycle and being the voice in the room that's like hi, what about the old thing? Okay, the only reason to tell help desk and it is because if you are running some ridiculous silly in house built solution that you know was whipped up for free and was supposed to be temporary but then became part of critical infrastructure, which happens unfortunately more often than you would expect. It could break when they do this and then you're going to have a fire drill because there's no amount of hey Microsoft, can you turn it back on? That's going to happen and then you're going to have a real problem.
Sarah Lane
Flaws found in Electronic Health record platform An AI driven scan of the open EMR platform uncovered 38 previously unknown vulnerabilities including SQL injection, authorization bypass and XSS flaws that could enable database compromise, patient data theft and remote code execution. Security Firm aisle identified the issues in three months and provided fixes, all of which have now been patched. With Open EMR integrating the AI tool into its development workflow, AI is accelerating vulnerability discovery but also increasing pressure on defenders to rapidly triage and remediate risks. Yeah, SAP compromise, bro. Multiple SAP related.
Dr. Gerald Ozer
What is going on? Like start stop should not have like a five second delay. This computer, the computer you are getting rebooted so hard after the stream today. You know what, I'm actually gonna pitch it. It's like, you know what, computer? I'm gonna reboot you, I'm gonna refresh you, put a new set of clothes on you. It's like giving you a shower computer, you're gonna smell great. You're gonna smell like, you know, sp. It'll be faster. All right, so guys, open emr, it's an open source EHR platform, which sounds insane to me. I can't imagine running something as sensitive as this on an open source tool. But, but you know what? When you're a rural healthcare system and you don't have any money, but you have to comply with hipaa, this makes sense. All right, now I want to point out this is yet another story highlighting AI being used to do SC and find bugs. Shall we play a game? I'm here for it, guys. I'm here for it. Listen on like. So here's the quick story. If you're running open ehr, get updated, patch your stuff.
James McQuiggin
Ah, you gotta.
Dr. Gerald Ozer
Patrick. The tool's a little bit more secure because the developers are using AI to close bugs. Yay. Great. The bigger story here is AI is being used for good. Guys, I've said this before. I just give me like 30 seconds on a quick editorial. Put a saddle on AI and ride the lightning because that's all you got. Like, AI is not going anywhere. No one's putting it back in the toothpaste tube. No one's putting it back in the genie lamp. It is here. It can be used to do horrible things. It can be used to do amazingly wonderful, societally impactful things. Let's hope more of the good and less of the bad. But if you choose to stick your head in the sand and be like, oh, no, I want it to be like the way it was before. You're just gonna get steamrolled and left behind. It's gonna be like a digital rapture. And you're gonna be left behind like, oh, my God, what happened? Like, you'll be in a van down by the river with no Internet, you know, what I'm saying. So ride the lightning AI for good. And let's hope all these dark dystopian like let's play this out. Hope those things don't come to fruition. But yeah, AI, work it into your CICD pipelines. DevOps, get that code secure, let's go.
Sarah Lane
The NPM packages were compromised in a supply chain attack that inserted credential stealing malware via malicious pre install scripts. The payload harvested developer credentials, cloud secrets and tokens, exfiltrating them through victim controlled GitHub repositories while also self propagating by poisoning other packages and injecting malicious workflows. The attack exploited gaps in NPM's OIDC trusted publishing and introduced new persistent techniques targeting AI coding tools, with maintainers now releasing clean versions to replace the infected packages.
Dr. Gerald Ozer
Supply chain is a thing, Guy 2026 supply chain attacks. And dude, I just want to point out really quickly, if you're young and you're like, what's SAP? Dude? In the 80s, in the 80s, not only was Cyndi Lauper crushing it and Debbie Gibson and Tiffany were competing for, you know, Teen Beat covers, a lot of Kool Aid man in there. Okay? The idea of having an ERP solution was what all the consultants were pushing. ERP is like the nerve center to your business, the technology stack. And SAP was the king of these things. SAP products are like these large business running infrastructure, financial forecasting, payroll, marketing, CRM, like all the things financial and, and honestly for like companies that are, have really lean margins and a lot of cash flow things going on, like manufacturing businesses having those solutions are very important. But just because it's a super expensive enterprise grade solution does not mean it's not using open source tooling. I've said this before, guys, supply chain, every step you get away from the version that you're looking at, it gets dimmer and darker to understand what is making up that product. Right? And I'll use food as an example. Like SAP is not a farm to table restaurant. Right? Farm. Listen, I know this is gonna sound stupid, but it will make sense, believe me. Farm to table restaurants mean like the steak on your plate. The steak on your plate or the, the, the tofu on your plate or whatever, they can point to the farm and be like the cow was there, then it got, you know, manufactured and now it's on your plate. Okay, but like McDonald's or whatever is not farm to table, right? So like the burger you're about to eat from McDonald's that there's like A step where it was like manufactured and then a step between that where it was other things and then there's like hormones put into the cow and then. You know what I mean? Like again, it's not a perfect example, but there's many, many steps. And you might be able to say it at the restaurant. Farm to table. Where did this steak come from? And they're like, oh, it came from the farm across the street. And you're like, okay, one degree of SEP with, with the burger from McDonald's. You're like, hey, thank you for this Happy Meal. Where did this meat come from? And they're like, right, Like, I don't know, a, a manufacturing plant down the road. So like every step you get away, it gets dimmer to understand where the source was. So enterprise grade solutions like this, they're still running open source packages buried deep into it. Log 4J was a perfect example of how widespread these things can happen. SAP has to fix this. It is not good. You'll notice it's credential stealing Supply chain attack. For your credential stealing attacks, you absolutely have to have multi factor authentication in place. You really, really should have conditional access in place. You should have AC6 leased privilege in place. If you're doing AI agents make sure that you're controlling what they have access to. Make sure you're auditing the things that people are doing, especially with privileged access. Guess what, guys? It's hard. It is not easy. It is hard to do these things. And that's why cyber security is hard and why we get paid pretty well. All right, so anyways, TLDR Supply Chain attack. You absolutely should be mindful. In fact, you should. You could crush this in a job interview if you talk about supply chain attacks. Because it's so hot right now that Hansel's so hot right now. All right, here we go. Computer, you're getting rebooted so hard. Play the music. Guys, you know what I got to tell you right now, Performance reviews are right around the corner. Corner. And this computer is on the chopping block. I'm going to put this computer on a pip. Yeah, you heard me, computer. This microphone is hot. You know what I'm talking about? All right, guys, hey listen. This has been the Daily Cyber Threat Brief podcast. I was your host, Dr. Gerald Ozier. It is Thursday, which means James McQuiggin at 35, 000ft will be doing your cyber career hotline. That's right. Phone lines are open. If you have questions, James has answers. Get ready for the Smooth sounds of James McQuiggin. But I want to say thank you very much. Be well, everybody. Have a great day. And until next time, stay secure. James about to bring you on.
James McQuiggin
I'm James McQuiggin at 35,000ft. This is the cyber career hotline. If you're building a career in cyber security, this show is for you. Let's get into it. Let's get that mic on mute and get hello. Saying hello to everybody out there. Yeah, it's not my typical studio that I usually have. I am coming to you from a private island here in the Bahamas. Now, don't get any thoughts. It's not that private island. It belongs to a cruise line company. And I'm very excited. Now, of course, being out in the middle of the Caribbean Sea, Bahamas, sea, wherever I am, the Internet's not so good. So I'm hoping it holds up. It streams. I'm hoping everybody's getting onto the private island and getting off the wi fi so that I can stream through. I'm sure Jerry's gonna let me know how I look. Oh, he's saying it looks great. Looks smooth.
Dr. Gerald Ozer
Good.
James McQuiggin
That means enough folks have gotten off. So I'm real excited to do this here. You know, in from a cruise ship. You know, Jerry's done it from Black Hat and Wild West Hack and festival. I'm gonna do it from the Bahamas and a cruise ship. So this is pretty cool. A lot of fun. So, yeah, my name is James McQuiggin at 35,000ft. I'm really excited to kind of share my 25 plus years of experience. Everything from incident response to product security, security awareness, human risk behaviors, network security. I've done a lot of it over the years, so real excited to. To kind of share what knowledge I might have for you. Coming to you, you know, again, from here in the Bahamas. So drop your questions in the chat. I'm gonna be looking at them. Let's see. Let's get my chat window open here on the. The side so I can see it. And I was gonna say that island. Yep. Let's see. So anybody got any questions besides where I am? I'll figure out where I am. Hint. Cruising through, you know, the ports. And there was the. There was the logo of the cruise line that I'm on, and you can figure out where I might be. So we need pictures. What was that? We need pictures behind the curtain on Discord. Yeah. Okay. Are you opening some new bank accounts? Somebody asked give what, 6012. Am I opening up some new bank account, not on this island, but if I was, I wouldn't be telling you. Anyway, so there we go. I'm curious, drop in the chat. Have you been on a cruise? Ever been cruising? Ever been. Ever worked from a cruise ship or you know, have you been around? Have you been really interesting places on cruise ships? I know, I really do. I love to cruise. It's a great way to relax. It's a great way to get away. Granted we stay online so you know, hey, can't win them all. But for me, I don't have to drive anywhere, I don't have to cook. It all gets done for me. So I love that. But yeah, definitely drop those questions in here. Coming from Kyle. Kyle, the lead analyst. Got any study tips from the. For the OSC exam? I'm guessing that's the Offensive Security Certification Exam, the oscp. I know I've never taken that one specifically that particular certification, but I know that with like any certification you are going to basically be dealing with a right answer. Two answers that are close and one that's completely wrong. And when taking the exam, you've got to be able to eliminate and identify those. And I know with the Oscar, if it's the oscp, if that's the one we're talking about, you know, there's not only that's fully application, that is assert where you are hands on having to demonstrate your abilities and skills through, you know, going through and, and getting pop. Popping the sessions and infiltrating the different systems. So for me, you know, like I said, never taken it, but definitely from a study standpoint, be able to apply your information that you're learning and in this case with regards to the study tips, you know, be aware of the different questions that you might have there as well. So what's this one like? Is cruising a segue for professional networking? Hey, well here's a, that's, that's a good one there, Jerry. You know, I've done a lot of great professional networking on cruising cruise ships. Ironically, one of the people sitting at the dinner, dinner table every night is a former cyber security guy. He worked for Cisco and AWS for a number of years. He's been retired now about four years. And we were chatting the other night and he was saying that, yep, doesn't miss it. But every now and again he kind of pops in to see what's going on. So we were talking all things AI, securing it agentic and all that stuff. And then yesterday at a trivia event, I met a woman that worked for Apple for 28 years. She was in sales and education. So yeah, a lot of great opportunities network. But CruiseCon, which I have been on several times, that's the one done by Ira Winkler. I've networked with a lot of people like Tim Brown, Kirsten Davies, Kate, Brett Goldman, just a whole slew and of course Ira. But that's always been a lot of fun. Truly enjoy the opportunity to network. What's the WI fi like on the cruise ship? Well, it's enough to stream, it's decent enough. It's not like the network and streaming capability I have at home, but it works. It's enough to get email and I've done some video calls already this week, so it's been pretty good Overall. Let's see, KT shoots 6584. Are there any tips for job interviews or. I applied for a sock. One job.
Dr. Gerald Ozer
Woohoo.
James McQuiggin
All right, way to go. Good luck with that. Tips for job interviews. One of the things that I've done, because I've spent the last number of months doing job interviews, one of the things that I do is I bounce ideas, brainstorm, and I have chat GPT or a large language model. Ask me questions and go through it. There are several books out there that you can, you can get on going through and interviewing. But you know, one of the things that I do is, or what I was doing was uploading the, my resume, my, the job description and then having ChatGPT ask questions. One of the first things to do, and this comes from Robert Wet Stein. And I love this concept is the star principle. So you are, you know, the first question always is tell me about yourself. 90 seconds to 2 minutes tops, where you're giving yourself a situation. Hey, I'm James McQuigan, I'm a, you know, virtual CISO. I've taken organizations from, you know, having no cyber security programs to improving their security posture and in the end taking our, you know, phishing results from the 30s down to less than 5% click rate. You know, give a situation, label a task, have an action, and then provide a result. So get that 90 seconds down, get that down cold that you can give and that would be great. And for a SOC1 position, you know, certainly be aware of the tools if you can demonstrate or have an ability to be able to demonstrate how you've used them. If you got yourself a GitHub where you've got scripts that you may have written or some sort of portfolio. For me, my daughters are both performers and in acting, you've Got to have sizzle reels and essentially, you know, video or being able to demonstrate your capabilities and we need to be able to do the same in cyber security. So depending on what we are area we're going in. So with Sock one it could be do you have any reports that you've written and if you haven't written any reports, go write a couple, take a couple of current events like you hear from Jerry every day and essentially write up your own report and have them posted or post them on LinkedIn or have them in a GitHub but you know, you can go make sure you're, you know, of course, of course familiar with sticks and taxi and all the different terms regulating to cyber threat intelligence, but have something that you can demonstrate your ability as a SOCK one analyst and that will help you a long way. Code, code. Brew wants to go on to know the cruise. Well, that's definitely. I'm an island in the sun. There you go. You got it. Mara. I almost missed my boat going back home. Had to sprint the for the boat. Oh yeah, the pier runners is what I call them. That's always fun when the boat's getting ready to leave. It's like looking out at the pier. It's like, oh, anybody left, you know, that's always a fun time there. Used to work on sailboats but not quite the same thing. Nope, not, not really soap flavored but I love being out on the water. Space Taco's been on three different cruises. Cool. Great cruise is one of the most serene experiences I had. Ross the boss. Not back when there was no Internet in the middle of the ocean. Yep, I, I will attest to that. That was kind of the same way when it came to it. Loved being on the, the water, being away from everything. Didn't have to worry about anything. Now with Internet it's like, well, maybe I can get some work done and still keep in touch. Makes the trivia games that much more exciting as well. VM side coming from Ellipsis, what would you recommend doing to start getting Mythos ready in the healthcare sector? Wow, that's deep. So on the vert vulnerability management, I'm guessing not virtual machine, but starting to get Mythos ready. You know the cloud security alliance, Gaddy Edros, I believe put out a doc a couple weeks ago. Now here's the thing and it was interesting because it was a really well put together report and one of the things that I realized reading it was, was the fact that a lot of what they're recommending is things we should already be doing, you know, in being able to protect organizations, getting the basics, understand what we've got, hardware, software, AI wise, making sure we've got our systems patched, they're up to date. We had the, the new one that dropped regarding the Linux kernel last night. That one came out. So essentially we're seeing, you know, when it comes to Mythos, it's still following our basic cybersecurity hygiene and what we need to be doing anyway with our systems, you know, as soon as a vulnerability is discovered and we know they're being exploited, especially from the kev, the known exploited vulnerability from cisa, we got to make sure that we've got programs in place to be able to go through and get them patched. Especially those Internet facing devices getting them patched asap. So Space Tacos did two on celebrity. Very cool. Any thoughts on the Vimeo hack? Oh, Vimeo got hacked. Seems like a weird company to target. Well, it's kind of. Vimeo was, was the. And it still is. It's still a video platform where you can have video shown. It was like the YouTube competition all the years ago and it was like, well, when YouTube wasn't cool, you went to Vimeo and I know a lot of corporations and organizations used Vimeo. I hadn't seen the Vimeo hack per se. Was it the, was the organization breached or was the, the platform breached? Let me see. Let's have a look at this Vimeo. I'll bring this up on the screen here and show you. Vimeo confirms data breach via third party anadot. Oh, okay. All right. So cost supply chain. So as always it's always supply chain. It's. I think, I think when we, we always talk about, it's always DNS when we're having network issues while now it's always supply chain when we have organizations dealing with hack. So link to Shiny Hunter is not surprised did not compromise video content, payment information or user passwords. Here, let me show you guys what I'm, what I'm looking at as well. Let's see if we can. There we go. Share that. So yeah, looking at that, you know the link to Shiny Group didn't compromise the video content, payment or user information. DMA disabled the affected integrations and launched an investigation. Have a video bridge targeting analytics targeting API connection stealing authentication tokens. Okay. Data exposed primarily technical data, video titles data, some email addresses, data secure video. Okay. So basically getting access to the API. You know, let's see if we can go back to. Oh, let's just Turn me off. Stop. There we go, back again. All right, so, yeah, with regards to Vimeo. So we're looking at that API breach, the credentials. Now, they'll use those credentials to be able to log in, maybe even leverage it to be sending emails, leveraging it to let folks know, hey, we got your password, we got your credentials. We can now steal this kind of information, link it to social engineering. So if you are, you know, depending if you're using Vimeo, certainly rotate those keys on your API or get new ones and, and make sure that you're, you're not going to be suffering any type of breach from there. Ah, osmosis con. Yes, I will be there at the beginning of June. Looking forward to that. I know Dennis Keith's going, so I know we're going to be hanging out together. It's going to be a lot of fun. Love cruises so much that I live leave in one day for one.
Dr. Gerald Ozer
Woohoo.
James McQuiggin
Shimera Gomez. All right, drop me a note. Let me know where you're going, Let me know who you're riding with. Us cruisers, we got to stick together. That'll be a lot of fun. There are a few conferences here at sea. I've got a bunch of dad jokes when it comes to cruising as well. Kind of like one of the things that's really difficult, difficult when you're on a cruise ship is learning Spanish because you always stop at C. So there you go. Oh, here we go. GRC Guardrail. What you doing? I'll be hosting some college kids majoring in computer science at work today. Awesome. Sharing the knowledge. Any advice to share with them if they ask about the job market? Yeah, run. No, let them know it's challenging. Let them know that, you know, the. This is. It is a challenge to get in. Not to scare them, but to hit them with the real, you know, the realization of what's really happening, of what it's really like that's out there. Also have them figure out where they want to go in the job. Job market, there are a lot of, you know, different roles, a lot of different tasks. Jobs that are out there figure out what they want to do. They may not be able to figure it out. They may have to try a bunch of things. I know for me, it took me four or five years before I settled on working on human risk management in that perspective, now branching into CISO work. But a lot of it is, you know, for them is let them know what it's really like out there. Yes, it's challenging, but get A degree, get your shirts, get something that's deliverable, get something that makes you unique and networking. You know, once you get to college, start going out. Wherever your school is that you're going, you're studying, go find the local security chapters. Issa, ISACA, ISE2, whatever meetups they've got, definitely get out there and be checking those, checking those out and networking because you never know who you're going to meet there that's going to get you, you know, a job later on.
Dr. Gerald Ozer
Cool.
James McQuiggin
Everyone loving the dad joke that I dropped. Good. Good seeing the laughs in there. Working my way. Yep. Work Mr. McQuagan on the cruise ship. Yeah, sorry there, Ben. Yeah, you know, hey, I, I can, I, if I can, as long as I've got a good strong Internet connection, I can get the work done. Looking forward to coming out to Ben's event there in out west later on this year. It's going to be a lot of fun. Kyle, Kyle's got another question. Got any tips for getting buy in for multiple department leaders for tabletop exercise? Besides going thou shalt participate in the exercise? One of the things that we, we talk about is making it important for them, figuring out what they care about, what's keeping them up at night, you know, in those department leaders, is it legal, is it hr, is it finance, is it your R D team, your developers, the different business folks when it comes to those different departments, find out what it is that's important, important to them and then target it for them specifically. So if you've got your finance folks, they're going to be considered and they're worried about business email compromise or they're worried about having their, you know, credentials stolen or whatever else. Then you cater the tabletop exercise to include that. So then they understand. Well, look, let's, you know, let's go through this now. That way we understand what everybody's roles are, we might be able to find some things that were missing and we can fix those. Now when there's no problem versus when we're in crisis mode and we're dealing with a breach or an incident or credentials or business email compromise or whatever your exercise is going to be and then we can address them now versus later when a crisis mode's happening and we're all losing our hair and trying to figure things out then. No, let's figure it out now, but figure out what it is that keeps them awake. Figure out what's important to them and cater the table to top exercise around that or include that particular item in there. So then they get engaged and they care and that will go a long way. They may push back on it but you know, if you've got buy in from the top and this is something, everybody's got to participate. You may not want to participate, but trust me, you're going to want to know what to do. We're going to be there to guide you, but you're the ones that are going to be following through on the actions that come out of it as out of the exercise and the results of it it that. And you know, if they like dnd tell them it's a giant cyber security Dungeons and Dragons game, you know, that's always a lot of fun to do it. Let's see. Oh, Kathy Chambers. Hello. Kathy Chambers, good to see you. Looking forward to see you I think next week at Hack spacecon. Just joining and already jealous of James. Well, you know, I, I, I aim to please, I guess but very fortunate, very blessed to you know, get these opportunities to go out on these cruise ships that and playing in the adult arcade and getting offers that way. So. Question coming in from Gibwat 6012. I'm going through SZA study guide and just wasted yesterday installing stacks. What should I be using for threat intel? Just Alien Vault manually. So one of the things that I do with CTI Cyber Threat Intelligence and also wade through location blogs is another great resource as well. But I came across there's several sites out there where some folks do a really good job with threat intel. If you hit me up on LinkedIn, give what I can give you some resources that I've got with regards to cti, some folks give me a couple days because I got to pull it together. There was a website I visited the other day where somebody had a great listing of current threats and then align that with sticks to one that you could download. I, I saw stacks and I was thinking of messing around with it but it seemed really complex. I'm working on an exercise right now for my students really for dealing with sticks and taxi and going through and getting some threat intel and dropping it into the taxi a taxi environment, whether it's with Alien Vault or a standalone. I'd really love to try to leverage yeti, but that's me personally because I can load that locally and be able to bring in the the sticks data that way. So you can try Alien Vault manually but, but hit me up and we'll see if we can't get you some other resources as well. Can't wait for my cruise in 90 days says FedEx. Yeah, I've been away from GRC and Info6 since 2023 and I'm keen to get back. This is coming from AD Kunty. Hopefully I said that. Right. What would be your advice on how to proceed, especially if one is a bit rusty? You know, we, we always think we leave, but we never really do. You know, it always pulls us back in. Just when we thought we were out, GRC pulls us back in. You know, a lot of the times people think, oh, I got to learn everything, I got to do everything. I've got to, you know, just pick up right now. Take what you've learned and just kind of pick up and, and, you know, keep going. What's happened in the last two to three years is kind of what was happening before that, just without the COVID you know, organizations still being breached. We're dealing a lot more with AI now. AI governance is kind of a big area. So if you're getting back in, start picking up on the AI governance stuff, looking at the different standards, the different, you know, whether it's NIST, whether it's ISO, whether it's CSA's got guides, OWASPA's got guides. But start looking at AI governance and looking at how to govern, you know, provide the governance and the compliance for AI software tools, chatbots, large language models, agentic, you know, whatever that may be. But AI is, is the hot one, AI governance. There aren't a lot of tools. A lot of people are coming out saying, oh yeah, we got AI governance tools, yeah. But, you know, definitely get on that, that would be where I'd start looking right away. Also, depending on what industry you're in, will depend on how integrated they are with AI as well. Space Doc was dropping in. A question. If presented the chance, would you live on a cruise ship for one to three years? If I could bring my own Starlink and have my own 200 megabit down connect downstream connection, I think this one I'm running on about 5 to 10 right now. If I could bring my own Starlink and I could have, you know, a decent sized room and my wife and I didn't feel like we're on top of each other. Have like a junior suite or something. I, I think I could, I'd want to make sure my kids are a little more squared away. But the wife and I were talking about it. We, we met a couple that were on a cruise ship for 274 days and they absolutely loved it, you know, but there were, there are some things you Got to think about like medications and you know, and how healthy you are and the fact that you could, you know, you'd be away and missing birthdays and, and anniversaries and parties and whatever. If I was on a cruise ship for one to three years, there's a. Ironically within, I think it's the Royal Caribbean line. There's a guy named Super Mario. He spends 50 weeks on average. 50, you know, 50 weeks a year on a cruise. On a particular cruise ship with Royal Caribbean, he gets off for two weeks every year and that's when he's doing all of his doctor's appointments. But he works from the ship. He's in financials. But yeah, that would certainly be interesting if I could, if I could do it, that'd be great. The kicker would be is if I had to get off the plane and fly somewhere to deal with something, I'd have to be able to get back on the boat as well. KG I have a blog I post on GitHub about my home lab as well as my accomplishments on LinkedIn. Good, great start. Keep that going. Diagrams, you know, writing about what you've experienced, you know, lessons learned. That goes a long way as well. Packing for my cruise with my mom setting. That'll be a lot of fun. Let's see how we doing it? Holy cow, it's 928 already. Dang. Time flies when you're having fun. Let's see. Any other fun questions in here? Why who's this? FedEx is asking me. Why are you looking the most? Oh, what am I looking forward to the most for HSC and hacker space kind of B side Stampa. FedEx has asked me. I'm guessing that means what am I looking forward to the most? Definitely networking. I am definitely looking forward to getting out, meeting folks. I will have stickers with me. I. I'm hoping I. I gotta see if I get him in time. I may have my new apparent security stickers but I'll have my James McQuiggin 35000ft stickers and my I spotted James Quiggin at 35000ft simply cyber tickets. Jesse Johnson says is anyone interested in meeting tech ricky9 denver and then road tripping to Wild west hack and fast in Deadwood? No deer allowed. Well, hopefully not because we know the story. If you know, you know with Jesse Johnson and dealing with deers drive riding on the road. So yeah, if anyone's in the Denver area or wants to fly to Denver and then road trip with tech Ricky and Jesse Johnson, I can assure you any car trip with those two guys is going to be a lot of fun. A lot of great discussions in that car, a lot of great bonding if you get the opportunity I, I would take. I'm already got my ticket. I'm already booked for Wild west, so I'm good there. James Grigan is at sea level. Yes, I am just slightly elevated above sea level, but yep, you can see the island behind me. Not a backdrop that is really out my window here on the cruise ship. Working from the cruise ship is a lot of fun. Kind of still treat it like I'm at home. Except instead of being at home and all the distractions there, it's, you know, all the, all you can eat buffets, the, the, the game shows that go on all the time, the pools that readily available, the bars that are readily available. Yeah, a lot of good stuff. FedEx is looking forward to HallwayCon. Yep, exactly. Let's see, let's see if there's time for, we got time for one more question. I'm looking through seeing if anything. Well I'm, hang on a sec. Let's see. One of the things need to see this afternoon. What is our good friend Mr. Ozier got planned because it's Thursday and I know on Thursdays. Let me see if I can share this screen here. I know on Thursdays this is going to depend on how well our Internet works. But I know that we have the fireside simply cyber. I know that we have the fireside that happens on Thursdays. Trying to bring up the high. There we go.
Dr. Gerald Ozer
Go.
James McQuiggin
Wanted to bring up who we have. Oh, of course. How could I forget? This is not a session folks. You want to miss. Yeah, I got it. You want to miss today. You definitely want to be catching my good friend Robert Wetstein, tech and cyber leader, mentor, podcast host, friend, somebody that's been through it all when it comes to losing your job, getting, trying to get hired, resumes and interviews, what it takes to stand out. Do not miss this afternoon with Mr. Wetstein. Certainly will be worth the hour to join in. Definitely watch it. I, I, I'm hoping I can watch it. I'm, I'm trying to think what have I got planned at 4:30 besides sitting by the pool drinking my ties. But I will definitely be watching. That certainly will be worth your time. So go check it out this afternoon, 4:30 Eastern. Check that out. And, and you, I assure you for all those folks that are looking for work, considering having to look for new work or what's going on or trying to break in. That is definitely going to be the place to watch that. So. All right, I I know I'm past time here right now, but first of all, thank you all for watching here today and and dropping in the questions. Huh? Legrat. I like that one. There you go. Let's see if I can show this up real quick before we end. He's James Wiggin at 36ft or 35ft. Yeah. But it has been been fun. I'm glad this worked. I got really nervous. It wasn't sure if this was going to be pulled off or not. But I one of these days I hope I can bring my Starling link on so then I don't have to worry about the the ship's wi fi. But anyway, everybody, have yourself an awesome day. I've got to go send the jokes over to Jerry for tomorrow for the dad jokes on Fridays. Thank you all for being here today. Thank you all for the questions. It's an honor and a pleasure to do this and and serve you. This community, the simply cyber community, one of my favorite communities that's out there. You guys are all are awesome. Everything that, the work that you're doing, keep doing it. Keep supporting each other. And thanks for stopping by today. Have yourself an awesome Thursday. Have yourself an awesome weekend, and I'll see you all back in my studio next Thursday. Have yourself a good week and thanks for stopping by.
Dr. Gerald Ozer
Sat.
In this energizing and community-driven episode, Dr. Gerald Auger delivers the latest critical cyber threat news for practitioners, analysts, and leaders. Eight major stories are discussed with practical, real-world insights, frequent references to current events and the security landscape, and a dose of humor to keep the conversation lively. The episode also features an engaging Q&A session with special guest James McQuiggin, who dials in from a cruise ship for a unique perspective on cybersecurity careers.
[12:31]
“If you have kids, then you know that Roblox is basically microtransaction central… So anytime that there is a platform generating revenue, there’s going to be criminals who are circling around it like guppies on a shark.” — Dr. Auger [14:06]
[21:32]
“We don’t live in a video game cyber job simulator where it’s… ‘There’s a vulnerability. Apply the patch. You got a patch, on to the next thing.’” — Dr. Auger [22:15]
[28:04]
“$16 billion requires a lot of infrastructure… $16 billion is not just stealing someone’s wallet; this is organized crime at a massive, global scale.” — Dr. Auger [30:25]
[34:35]
“If there is a process taking 85 to 100% of the compute power on a machine, you know who's going to find out first? The developer… they're going to be bull crap…” — Dr. Auger [37:16]
[45:26]
“If you are looking to get a CVE on your name… now is the time. The window is closing because AI is going to scoop up all the low-hanging fruit.” — Dr. Auger [47:36]
[49:33]
“Everybody’s got their friggin’ eyes on the new shiny thing and only nerds like us are looking at the old barnacle-ridden dilapidated thing over here…” — Dr. Auger [51:10]
[54:32]
“AI is not going anywhere. No one’s putting it back in the toothpaste tube... Put a saddle on AI and ride the lightning.” — Dr. Auger [56:45]
[58:08]
“Supply chain attacks… for your credential stealing attacks, you absolutely have to have multi factor authentication in place… Guess what, guys? It’s hard. It is not easy.” — Dr. Auger [59:40]
(Timestamps: [63:46]–[92:59])
Both hosts mix practical advice, technical acumen, and career mentorship in an approachable, sometimes irreverent package. The episode arms practitioners with actionable intelligence (patch priorities, scam trends, AI’s impact) while reinforcing community, professional growth, and a little levity for the journey.
“Stay secure, support each other, and ride the AI lightning—because no one’s putting it back in the lamp.”
For Show Notes & Community Resources:
Visit https://simplycyber.io/streams
Join the conversation and daily show at 8AM ET on YouTube.