Daily Cyber Threat Brief – Ep 1024

Date: December 11, 2025
Host: Jerry (Gerald Auger, Ph.D.) | Co-Host/Jawjacking Host: Daniel Lowry
Podcast: Daily Cyber Threat Brief by Simply Cyber Media Group

Overview

This episode dives into the day’s top 8 cyber news stories for cybersecurity insiders, practitioners, and leaders—providing expert analysis, candid commentary, and practical tips. Host Jerry (“Dr. Gerald Auger”) applies over two decades in GRC cybersecurity, breaking down incidents from executive fallout after breaches, critical vulnerabilities, OT infrastructure threats, record-breaking industry investment, and the evolving TTPs of ransomware actors. Daniel Lowry joins for the lively “Jawjacking” segment with career advice and community Q&A.

Practitioner Guidance & Jerry's Signature Wisdom

Patch rigorously—especially Fortinet and any remote-access tools.
Audit and lock down remote access, especially in OT environments.
MFA is non-negotiable—on every internet-facing and privileged access path.
Vulnerability triage: Not all CVSS 9.x bugs are equal; check EPSS and context for practical exploitability (e.g., Fortinet auth bypass).
Business skills matter: Understanding funding, industry trends, and “where the money is” will take you farther than pure technical skills.
OT vs. IT: Recognize and respect the unique challenges, risks, and bad habits of operational tech environments.
Tabletop realism: Keep your incident simulations politically smart—don’t invent CEO firings that won’t happen.

“Jawjacking” with Daniel Lowry – Career Q&A

[60:06 – end (~90:14)]

A lively, candid Q&A on career growth, job hunting, skill-building, and the state of the industry:

Key Advice:

Network like your job depends on it: The most valuable advantage for breaking into cybersecurity is building relationships—not just technical know-how. “The biggest hurdle is trust—you gotta have an insider who can vouch for you.”
Level up without in-house mentorship:
- Build home labs and simulate business networks.
- Take certifications; train broad and deep.
- Consider development (e.g., building exploit POCs) or freelance for hands-on experience.
- You may need to switch employers for more challenge/mentorship: “I loved my job, but I still jumped to a different org because it was a good career move.”
Soft skills outweigh technical surprises:
- “It was being able to talk to people…Make them feel like you’re on their side because—you are.”
Job application wisdom: Don’t share your previous salary—no good reason for companies to ask, unless (generously) they’re benchmarking.
Choosing a specialization:
- Forensics is more niche, great for law enforcement or CSIRT paths; web security is ubiquitous, a bit crowded but always in demand.

Notable Quotes:

“We’re basically Ferengi at this point, just reading the Rules of Acquisition in the bathroom every morning.” – Daniel [76:16]
“If companies invested in their people, people would return it—but now, to level up, you have to jump.” – Daniel [76:24]
“It’s not about greed, it’s about providing value and being rewarded for it.” – Daniel [78:12]

Memorable Moments & Lighter Touches

Multiple metaphors and pop culture nods (e.g., comparing AD takeovers to “The Last of Us” cordyceps zombies, Ferengi obsessions, the Clop hockey jersey derby).
“If you’re new here, I’m old. Anytime I make an ‘80s/early ‘90s reference, take a drink—but don’t really, or you’ll be pissed drunk by the end of the show.” – Jerry [36:47]
Call-and-response with live chat, welcoming first-timers and frequent (humorous) interruptions for super chats, celebrations, and channel memes.
Dan Reardon’s Meme of the Week received enthusiastic applause from the community.

Actionable Summary by Topic

| Topic | Action or Takeaway | |------------------------------|-----------------------------------------------------------------------------------| | Data Breaches | Cultural/political impact differs by country; Board/CEO shakeups rare after breach| | OT/ICS Security | Audit for remote services, force MFA, patch rigorously, don’t trust “default secure” | | Cyber Startup Funding | Israel/AI are leading—watch industry funding trends for product/career relevance | | Third-party Vendor Risk | Enforce MFA, restrict vendor access, monitor for lateral movement via AD | | Patching & Vulnerabilities | Automate patch cycles, don’t wait for headlines—be proactive | | EDR Abuse & Initial Access | Baseline endpoint behavior; signatures alone won’t stop modern ransomware brokers | | DevSecOps/Hosted Tools | Don’t expose dev tools to internet; disable open registration; monitor for signs of compromise | | User Education | Teach “click fix” (malware via AI/SEO) awareness, restrict unnecessary powers | | Career Growth | Build labs, network relentlessly, consider job switches for mentorship, hone soft skills | | Job Search/Entry Level | Human connections remain the biggest edge in a competitive market | | Choosing Specialization | Forensics offers niche routes; web security is broad and evergreen |

Final Thoughts

Jerry & Daniel’s ethos: Deliver up-to-the-second practical guidance, build inclusive community, and encourage learning with laughter.
Tune in again: Daily at 8 AM ET for more cyber news—and join Jawjacking for on-the-spot answers and camaraderie.

Notable Quotes Table

| Time | Speaker | Quote | |-----------|---------|--------------------------------------------------------------------------------------------------------------| | 10:21 | Jerry | “There is most likely something else going on behind the scenes…almost never does the CEO quit, right, or get fired.” | | 18:29 | Jerry | “If you’re not properly securing those VNC connections, anyone can remote in. … That is gross negligence.” | | 22:55 | Jerry | “It took me a long time to understand why the business matters…Securing at a manufacturing company vs. a hospital—it’s not all the same.” | | 28:40 | Jerry | “How are you not using MFA on your Internet-facing resources?” | | 35:15 | Jerry | “If I were to turn dark side, Clop would be my dream school. This meme is phenomenal.” | | 53:16 | Jerry | “Educate your end users what click fix looks like.” | | 76:16 | Daniel | “We’re basically Ferengi at this point, just reading the Rules of Acquisition in the bathroom every morning.” | | 78:12 | Daniel | “It’s not about greed, it’s about providing value and being rewarded for it.” |

For more practical advice and industry updates, tune in live at simplycyber.io/streams, and join the community conversation.

Daily Cyber Threat Brief – Ep 1024

Date: December 11, 2025
Host: Jerry (Gerald Auger, Ph.D.) | Co-Host/Jawjacking Host: Daniel Lowry
Podcast: Daily Cyber Threat Brief by Simply Cyber Media Group

Overview

Practitioner Guidance & Jerry's Signature Wisdom

Patch rigorously—especially Fortinet and any remote-access tools.
Audit and lock down remote access, especially in OT environments.
MFA is non-negotiable—on every internet-facing and privileged access path.
Vulnerability triage: Not all CVSS 9.x bugs are equal; check EPSS and context for practical exploitability (e.g., Fortinet auth bypass).
Business skills matter: Understanding funding, industry trends, and “where the money is” will take you farther than pure technical skills.
OT vs. IT: Recognize and respect the unique challenges, risks, and bad habits of operational tech environments.
Tabletop realism: Keep your incident simulations politically smart—don’t invent CEO firings that won’t happen.

“Jawjacking” with Daniel Lowry – Career Q&A

[60:06 – end (~90:14)]

A lively, candid Q&A on career growth, job hunting, skill-building, and the state of the industry:

Key Advice:

Network like your job depends on it: The most valuable advantage for breaking into cybersecurity is building relationships—not just technical know-how. “The biggest hurdle is trust—you gotta have an insider who can vouch for you.”
Level up without in-house mentorship:
- Build home labs and simulate business networks.
- Take certifications; train broad and deep.
- Consider development (e.g., building exploit POCs) or freelance for hands-on experience.
- You may need to switch employers for more challenge/mentorship: “I loved my job, but I still jumped to a different org because it was a good career move.”
Soft skills outweigh technical surprises:
- “It was being able to talk to people…Make them feel like you’re on their side because—you are.”
Job application wisdom: Don’t share your previous salary—no good reason for companies to ask, unless (generously) they’re benchmarking.
Choosing a specialization:
- Forensics is more niche, great for law enforcement or CSIRT paths; web security is ubiquitous, a bit crowded but always in demand.

Notable Quotes:

“We’re basically Ferengi at this point, just reading the Rules of Acquisition in the bathroom every morning.” – Daniel [76:16]
“If companies invested in their people, people would return it—but now, to level up, you have to jump.” – Daniel [76:24]
“It’s not about greed, it’s about providing value and being rewarded for it.” – Daniel [78:12]

Memorable Moments & Lighter Touches

Multiple metaphors and pop culture nods (e.g., comparing AD takeovers to “The Last of Us” cordyceps zombies, Ferengi obsessions, the Clop hockey jersey derby).
“If you’re new here, I’m old. Anytime I make an ‘80s/early ‘90s reference, take a drink—but don’t really, or you’ll be pissed drunk by the end of the show.” – Jerry [36:47]
Call-and-response with live chat, welcoming first-timers and frequent (humorous) interruptions for super chats, celebrations, and channel memes.
Dan Reardon’s Meme of the Week received enthusiastic applause from the community.

Actionable Summary by Topic

Final Thoughts

Jerry & Daniel’s ethos: Deliver up-to-the-second practical guidance, build inclusive community, and encourage learning with laughter.
Tune in again: Daily at 8 AM ET for more cyber news—and join Jawjacking for on-the-spot answers and camaraderie.

Notable Quotes Table

For more practical advice and industry updates, tune in live at simplycyber.io/streams, and join the community conversation.

wavePod

🔴 Dec 11’s Top Cyber News NOW! - Ep 1024

Powered by Wave AI

Summary

Daily Cyber Threat Brief – Ep 1024

Overview

Top Stories & Key Insights

1. CEO of Retail Giant Coupang Resigns After Data Breach

2. Pro-Russia Hacktivists Targeting US Critical Infrastructure

3. Record Cyber Funding Flowing into Israeli Startups

4. Aeroflot Breached via Third-Party Vendor

5. Fortinet Patch Round: Critical Auth Bypass on SSO

6. Ransomware Broker (Storm-0249) Abusing EDR Tools

7. Zero-Day in Gogs Git Server—700+ Instances Compromised

8. AI-Powered Malware Delivery (“Click Fix” Attacks)

Meme of the Week

Practitioner Guidance & Jerry's Signature Wisdom

“Jawjacking” with Daniel Lowry – Career Q&A

Memorable Moments & Lighter Touches

Actionable Summary by Topic

Final Thoughts

Summary

Daily Cyber Threat Brief – Ep 1024

Overview

Top Stories & Key Insights

1. CEO of Retail Giant Coupang Resigns After Data Breach

2. Pro-Russia Hacktivists Targeting US Critical Infrastructure

3. Record Cyber Funding Flowing into Israeli Startups

4. Aeroflot Breached via Third-Party Vendor

5. Fortinet Patch Round: Critical Auth Bypass on SSO

6. Ransomware Broker (Storm-0249) Abusing EDR Tools

7. Zero-Day in Gogs Git Server—700+ Instances Compromised

8. AI-Powered Malware Delivery (“Click Fix” Attacks)

Meme of the Week

Practitioner Guidance & Jerry's Signature Wisdom

“Jawjacking” with Daniel Lowry – Career Q&A

Memorable Moments & Lighter Touches

Actionable Summary by Topic

Final Thoughts