Daily Cyber Threat Brief — Episode 1028 Summary

Podcast: Daily Cyber Threat Brief
Host: Gerald Auger, Ph.D. (Simply Cyber Media Group)
Date: December 17, 2025

Episode Overview

In this energetic and community-driven episode, Dr. Gerald Auger brings listeners the top cybersecurity news stories relevant to industry insiders, cybersecurity professionals, and those aspiring to enter the field. The episode stands out for its real-time reaction to news, practical insights, and lively engagement with the global Simply Cyber community. The main focus is on current cyber threats, supply chain security incidents, infrastructure vulnerabilities, notable malware developments, and seasonal consumer threats—with actionable takeaways throughout.

Key Discussion Points & Insights

1. Rogue NuGet Package/Software Supply Chain Attacks

[13:36]

• Summary: Researchers uncovered a malicious NuGet package (a .NET library) that masqueraded as the popular "tracer Fody" library. This supply chain attack targeted cryptocurrency wallet data through typo-squatting.
• Analysis:
  • Longevity: The malicious package went undetected in the NuGet repository for six years and was downloaded 2,000+ times.
  • Technique: Typo-squatting made it nearly indistinguishable from legitimate packages.
  • Value:
    • For Professionals: Perfect illustration to show that even experienced developers can’t always spot supply chain threats—use screenshots of the malicious package for training or awareness.
    • For DevOps/Engineering: Need for vigilant vetting of dependencies and monitoring of code repositories.
• Memorable Quote:

  "From a threat actor perspective, this is a phenomenal bit of hiding in plain sight." — Gerald [15:52]

2. Venezuelan State Oil Company Ransomware Incident

[18:34]

• Summary: Ransomware hit Venezuela’s PDVSA oil company, disrupting administrative operations and halting cargo.
• Attribution & Commentary:
  • Venezuela blamed the U.S., but Jerry notes this is likely political rather than based on evidence.
  • Likelihood: More plausible this was a financially motivated (possibly opportunistic) ransomware group, not a nation-state false-flag.
  • Business Impact: Cited PDVSA’s massive annual revenue ($48B) as the type of target appealing to ransomware actors.
• Memorable Quote:

  "If you have $48 billion in annual revenue, you probably can carve off a $200,000 pie slice and give it to me to get out of your hair." — Gerald [21:10]

3. Fortinet FortiCloud SSO Vulnerabilities

[22:51]

• Summary:
  • Attackers are exploiting critical authentication bypass flaws in Fortinet’s products; new vulnerabilities discovered in the patched version.
  • Exploits allow unauthenticated admin access and the download of sensitive configuration files.
• Actionable Insight:
  • Remediation: Patch immediately or disable FortiCloud SSO. The feature is not enabled by default.
  • Risk Perspective: The actual likelihood of exploitation (per EPSS scores) is low, justifying a scheduled—but not emergency—patch.
  • Broader Lesson: Attackers swiftly reverse-engineer and exploit new patches using AI; heightened urgency needed for internet-facing, authentication-critical services.
• Memorable Quotes:

  "Fortinet is like those 6-foot basketball hoops—like teenagers can dunk on them." — Gerald, quoting DJ B Sec [27:00]

4. JumpCloud Remote Assist Privilege Escalation

[27:13]

• Summary:
  • A local privilege escalation vulnerability was found in JumpCloud’s Windows agent, potentially granting SYSTEM-level access via unsafe file operations during uninstall.
  • Risk: Requires a local attacker but could be used to elevate privileges or cause denial of service.
• Professional Guidance:
  • Verify if JumpCloud is in use by consulting IT/help desk teams; emphasize friendly, collaborative inquiry.
  • Exploitation likelihood is low—can be remediated in normal patch cycles.
• Memorable Quote:

  "You get more with honey than vinegar. Have a nice conversation with your IT counterparts..." — Gerald [29:19]

5. Sandworm Group Targeting AWS Edge Device Misconfigurations

[38:40]

• Summary: Sandworm (Russian-linked APT) is pivoting from exploits to targeting poorly configured network edge devices, especially in the energy sector, via AWS-hosted assets.
• Key Takeaways:
  • New Tactics: Moving away from novel exploits toward opportunistic attacks against configuration errors.
  • Remediation: Organizations must validate configuration standards before deployment and regularly re-audit, especially for any Internet-facing assets.
• Memorable Quote:

  "Sandworm used to do the cool technical exploitation stuff... now they're just targeting misconfigurations." — Gerald [39:56]

  • Strategic Analogy:
    "Building a bank... but forget[ting] to build the back wall." — Gerald [41:42]

6. Ink Dragon (China-linked APT) Compromising European Networks

[44:58]

• Summary:
  • Ink Dragon expanded into European government networks, exploiting misconfigured IIS/SharePoint servers for credential theft and persistent access.
  • The operation included covert C2 communication via hijacked victim infrastructure (e.g., hiding commands in email drafts).
• Lessons:
  • The trend among APTs is now to favor misconfiguration as an attack vector.
  • Regular vulnerability/configuration management and audits remain essential defenses.
• Memorable Quote:

  "Misconfigured servers are in, zero days are out." — Gerald [45:47]

7. "Sellic" Android Malware-as-a-Service

[50:56]

• Summary:
  • 'Sellic' is a new MaaS tool allowing crooks to wrap real Google Play apps with malware, sold for $150/month or $900 for life.
  • Features: screen streaming, credential theft, hidden browser sessions, C2 via encrypted channels.
• Infection Methods: Most likely via side-loaded (non-Play Store), cracked, or maliciously re-packaged apps, not through legitimate store updates.
• Advice:
  • Stick to official app stores; educate users on the dangers of side-loading.
• Memorable Quote:

  "This is like malware paint by numbers." — Gerald [51:47]

8. U.S. Treasury Warns of Holiday Gift Card Draining, Charity Scams

[55:33]

• Summary:
  • Alert about the surge in scams involving business impersonation, fake charities, and gift card draining schemes.
  • Scammers use AI (voice cloning, business simulation) and cryptocurrency to launder funds.
  • Gift card draining: Scammers pre-record numbers, then drain value after purchases.
• Professional Angle:
  • Great opportunity to develop goodwill—share this with employees for holistic security culture, not just technical staff.
  • Personal vigilance during the holidays for all.
• Memorable Quote:

  "So you got a guy at Walmart with a notebook just, like, furiously writing down the... numbers on the back of the cards?" — Gerald [56:18]

Notable Quotes & Memorable Moments

• On Community:

  "This community is amazing. Imagine that. Just put kindness out in the world and it'll attract other people of similar ilk." — Gerald [08:45]

• On Vulnerability Management:

  "If you don't have a vulnerability management program, this needs to be increased as a priority... misconfigurations are huge." — Gerald [46:55]

• On Supply Chain Attacks:

  "Use this as an opportunity to visually demonstrate that even seasoned DevOps folks can’t always spot a bad library. No one can pick out the fake with certainty." — Gerald [16:33]

• On the Human Element:

  "If we were all serious all the time, we wouldn't make it—cynical and snarky humor gets us through." — Gerald [31:39]

Useful Timestamps

• [00:01 – 13:35]
  Community intros, welcome first-timers, “Worldwide Wednesday”, housekeeping
• [13:36]
  Start of top cybersecurity news stories:
  • NuGet supply chain attack
• [18:34]
  Venezuelan oil company ransomware attack
• [22:51]
  Fortinet SSO vulnerabilities
• [27:13]
  JumpCloud privilege escalation flaw
• [38:40]
  Sandworm targeting AWS edge misconfigs
• [44:58]
  Ink Dragon in European government networks
• [50:56]
  "Sellic" Android Malware-as-a-Service
• [55:33]
  US Treasury Holiday scam warning
• [56:18 – End]
  Listener Q&A (Jawjacking), lighter banter & industry career advice

Tone & Style

• Energetic, humorous, and genuinely supportive.
• Encourages approachable, collaborative security, emphasizing relationships and education as much as technical controls.
• Frequent analogies, pop culture references, and direct audience engagement create an inclusive, conversational atmosphere.
• Delivers expert analysis in plain language, with actionable takeaways for both seasoned professionals and newcomers.

Actionable Takeaways for Listeners

• Supply Chain Risks: Demonstrate with visuals how hard it is to distinguish malicious from legitimate dependencies; advocate for strict checks and continuous monitoring.
• Patch Management: Prioritize based on risk (EPSS scores) rather than headline panic; focus on internet-facing and authentication-related vulnerabilities.
• Configuration Management: Strengthen deployment and ongoing auditing of configurations, especially on cloud and edge infrastructure.
• End User Education: Regularly warn about current fraud trends (charity, gift cards, social engineering), especially around holidays.
• Professional Growth: Build inter-departmental relationships; use real news as “teachable moments” to raise organizational awareness.

Closing Encouragement

"Remember, if we work together and support each other, that's how we move this industry forward. Stay secure, stay informed, and keep leveling up. I'll see you tomorrow." — Gerald [57:54]

For a deeper dive into today’s stories and tailored career guidance, tune in live daily at 8 AM Eastern via simplycyber.io/streams or catch the replays on your schedule.