Loading summary
A
What's up, everybody? Good morning to you. Today is Wednesday, December 17, 2025. This is episode 1028. We got the. We got the indexing corrected. Thank you for that notification, Simply Cyber Squad members. So we got that sorted out, guys. If you're looking to stay current on the top cyber security news stories of the day, while sprinkling in a little pumpkin spice, a little peppermint candy, you can do that somewhere else. What we do here is we go through the top cyber security news stories of the day and then we go through the headlines. I have 20 plus years of experience. Many members in the community who are right there above my head, who are live in chat right now, have extensive experience. We all have different backgrounds, we all have different areas of expertise, and nobody in cyber security is an expert pretty much at everything. So I got to tell you, you are in the right place. We're going to go beyond the headlines. We're going to give you additional value and insight. And whether you're looking to break in or you're looking to get promoted or go do your own thing, the knowledge and experiences and relationships, I might add, that you get here at Simply Cyber's Daily Cyber Threat Brief is going to deliver so much value, you're going to be like, no, Moss, no Moss. But it's just going to. We're just keep spooning that value in, like lowkey. No, it's not that. All right, we're off running. Let's go. All right. Hello, friends. We are good on a Wednesday morning reminder. It is Wednesday, which means only one thing worldwide Wednesday, which means before we get into the news, we like to stretch our arms a little bit, touch our toes and then just demonstrate like absolute bosses, how unbelievably international, diverse and, you know, inclusive the Simply Cyber community is. So we'll demonstrate that live on stream. But if you're a regular, you already know that. But if you don't know that, you might be a first timer. So if you're a first timer, if some friend who's, by the way, a really good friend told you about the Simply Cyber Daily Cyber Threat Briefer, you stumbled across it in your feeds. Welcome to the party, pal. Let us know it's your first time with a hashtag first timer in chat. You just get your thumbs up on your mobile, hashtag first timer. We'll take it from there. Special sound effects, special emote, special recognition. Do you know why? Because sometimes, like, say you moved, like when you were in high school, and you, like, walk into the new school Especially if it was like, the 80s where it's like, oh, my God, look at this newbie. Oh, right. Nobody likes that feeling. F that. What we like to do is make you feel welcome. You walk in, it's like, yo, what's up, dude? Nice shoes. Get over here. Let's hang out. So if you're here for the first time, drop it on the chat. Hashtag, first timer. Now, whether it's your first time, your long time. Loaded Lux. Loaded Lux has stepped into the light. What's up, Loaded Lux. Welcome to the party, pal. That is our John McLean. That is our John McLean sound effect. And whether you think it's a Christmas movie or not, it doesn't matter. The welcome to the party, pal is perfect. There we go. Loaded Lux. I hope you enjoy the experience. Loaded Lux. Because it's going to be a banger today, guys. Hey. Loaded Lux and others. Let me tell you something that might melt your mind. Every single episode of the Daily Cyber Threat Brief is worth half a cpe. But what, Jerry? What? What are you talking about? Well, here's the deal. You know, for. For lack of a better word, like the fact I'm wearing a hoodie and I'm. I'm screaming at a mic and I got retro Synthwave for days behind me, I'm still qualified as a, you know, expert instructor, right? Whatever that means. Doesn't matter, though. If you get audited for your CP's, you can point to me and be like, look at this guy. Like, he's doing this thing. So this is an instructor LED webinar, Even though that is lame af. And you can get half a CPE for it. So just say what's up? In chat. Grab a screenshot. Dreaded hoser. Grab a screenshot. Space tacos. Grab a screenshot. Eluzer, Grab a screenshot. It's easy as that. Get your cpes. File the screenshot away on a folder on your desktop. Once a year, count the number of files and divide by two. It is easy as that. All right, so we've got our first timers taken care of. We've got our. Oh, I want you to know I don't research or prep for any of these shows, okay? Anybody got time for that? Ain't nobody got time for that, by the way. I don't know. I feel like that would be such, like, a disingenuous experience if I was like, oh, I'm gonna research all this crap and then, like, look like I came up with it on the fly. Like, fraud. No. So what I What I do is I see them with you live at the moment. I don't know what I'm gonna get. I have no idea what I'm gonna say. But I love cyber security. I'm passionate about service. And we've, you know, 10, 28 episodes, and one podcast of the year award from Sans says that we're doing something right. I got a cup of coffee going right now. Lemon, ginger. So we're feeling all right here. Haven't had coffee in four days, oddly. Don't miss it. Even though I, like, love coffee. All right, guys, I do want to say what's up? I've been talking to a lot of people lately. I know there's many of us in chat right now. The people who are not speaking in chat, sometimes they're lurkers, and that's okay. But I gotta tell you also, did you know that multiple people have told me, including one person yesterday, that they turn it on as part of, like, it's like the morning news for them, and they turn it on in the kitchen, and, like, them and their family are getting ready. There's people who turn it on as they're driving to drop the kids off at school. Like, we. And by the way, if you're. If that. If that explains you and the way that you consume the Daily Cyber Threat Brief, I love it. I'm so glad that you found a way with your, you know, responsibilities and your situation to make the Daily Cyber Threat Brief part of your day. It is important to me to deliver value in whatever way is best accessible to you. So, yeah, I love it. And shout out to all those who are listening right now with the fam. All right, guys, let's do some ad reads, shall we? Starting with Delete Me reminder. Delete Me will not be returning in 2026, so if you want to get the sweet discount, now is the time. Delete Me makes it easy, quick, and safe to remove your personal data online. At a time when surveillance and data breaches are common enough to make everyone vulnerable, data brokers make a profit off your data. Your data is a commodity. Anyone on the web can buy your private details, and this can lead to identity theft, phishing attempts, and harassment. But now you can protect your privacy with Deleteme. As someone with an active online presence, privacy is really important to me. I love my kids and my wife and my dogs, and I like to protect. You know, I like to protect them. Like, whether I'm providing for them, like, by, you know, providing support or love or whatever. I'd like to protect them from a security perspective, too. So having some random show up at my house and be like, ah, I don't like your hot takes, Jerry. I'm like, okay, so by having my, you know, personal data scrubbed, that helps manage that risk. Take control of your data. Keep your private life private. By signing up for Delete me now at a special discount for our listeners. Get 20 off your delete me plan when you go to JoinDeleteMe.com simply cyber and use promo code Simply Cyber checkout. The only way to get 20 off is go to JoinDeleteMe.com/cyber and enter code Simply Cyber checkout. That's JoinDeleteMe.com cyber code Simply Cyber. Of course, the links are in the description below. Yeah, I don't. I wouldn't go full John Wick mode, but pretty close. All right, I also want to say shout out to anti siphon training, guys. Anti siphon training, providing high quality, cutting edge education for everyone. And I want to call your attention to this January 19th through January 20th, second training, four hours, 11 to 3. So you can get your work done in the morning. Take this training. It's like an extended lunch and then finish up at the end of the day. Right? It's as simple as that. And this active defense and cyber deception course, I've taken it. It's phenomenal. I could tell you if I took it again, I'd get more value from it. It's definitely not like one of those one and done cute little courses where you're like, oh, here's some tools. Yay. Like, it's very heady. There's a lot of thought around ethics and moral. Active defense is basically messing with attackers in your environment. Cyber deception is like honey tokens and, you know, honey pots and stuff like that. So John's very good at that. He's taught this class many times, so it's really dialed in. You get a VM with all the tools. It's a good one. If you're interested, check it out. Like I said, I have a video on the channel. Reviewing it, and I wasn't paid to review it. I literally just did it because I love the class so much. And I was like, yeah, I got to tell people about this thing. This is awesome. All right, let's hear from Threat Locker. And then when we come back, get the disco ball out because we're going around the world, people, and it's gonna be awesome. I want to give some love to the daily cyber threat brief sponsor, Threat Locker. Do zero day Exploits and supply chain attacks keep you up at night. Don't worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right guys, it's Wednesday right before the news. That means only one thing. You can hear it. We go around the world every single day of the week has a special segment. We usually usually do it at the mid roll but we do Wednesdays first. This community is amazing. A lot of people, I gotta tell you, a lot of people have approached me and said what you've done with simply Cyber and what your community is, is unbelievable. And I'm like, yeah, I know, it's freaking awesome. They're amazing people. Imagine that. Just be put kindness out in the world and try to help people and it'll attract other people of similar ilk. So let's see where we are because this isn't a us thing, this is a worldwide thing. I'm going to set the timer to 2 minutes 22 seconds. You tell me what country you're in, I'll mark it and we'll see if we can go around the world. Australia. I hope you stayed up late. Let's go. Where you at? Where you at? All right, Eluz. Bringing the US online with Pennsylvania. Boom. Penns in the house. Here we go. Let's go, let's go. New York City. Big apple in the house. Space tacos. All right, come on now. New Mexico's in the house. I love it. Big Texas. All right, we're going across the pond. Faced oils. Bringing Ireland online. The up. We got Niagara Falls. Canada online. Denver's in the house. Love myself some Denver. Niagara, the U. S. Robert Hendrickson being vague. I like it. North Florida. Flat Rock, Illinois. Yes. Ken Prior. Orlando Warren. Michigan's in the house. South Africa. We have Africa, the continent online. Phoenix. Hot sea. Spicy. Kenya. Kenya's in the house. Africa. Bringing it on. Where we at? Chile. Who said that? Melissa or Mel. Past flora. Getting South America online. Let's go. Circleville, Ohio. Yes, sir. Justin. Texas. Ethiopia. Dude. East coast. Africa. Bringing the heat. Love it. Warm. Minnesota. Steve Young. Yeah, right. Asia's online with India. Thank you. Sara Gupta. Salt Lake City, Utah. Just found out they had a hockey team last night because the Bruins played them out like, oh my God, Togo. Togo's in the house. Did not know. Togo, Mississippi. L I, S S I S, S I B, B I. Bangladesh is in the house. Good to see you Bangladesh this morning. All right, come on, let's go, let's go. All right. Earth. That's kind of a big catch all. Oh my God. Togo. Denmark. Mod chat's out of control right now. Where's Denmark? Oh, Denmark's up here. All right, Denmark. Jamaica, Kenya, Chile, Lond. Dude, the map is being weird today with the clicks. All right, all right. Jamaica. Okay, so where are we going? Dc. Did we get an Australian? Austin, Texas. I was just in Austin. Love it. All right, all right. Let's take a Philadelphia City of brotherly shove. I like it. I saw Ghana. Let's go ahead and get Ghana on the map. Looks like Africa came correct this morning. All right, there is a 20 second delay, so I'm going to give it just a minute. Oi, oi, oi. All right, so North America, South America, Africa for sure. Europe, Asia, representing. And Australia. You know, we can't be too mad. It is nighttime there, you know, got to get their sleep. Usually we have to get the West Coast Perth team engaged. So we didn't quite do it, but I hope that you guys can see just how amazing this community is. But do me a favor, we do have work to do. So sit back, relax, and let's let the cool sounds of the hot news wash over us all in an awesome wave. See you guys at the mid roll.
B
From the CISO series, it's cyber security headlines. These are the cybersecurity headlines for Wednesday, December 17, 2025. I'm Sarah Lane. Rogue NuGet package steals data. Researchers from Socket security have uncovered a malicious NuGet package that impersonates the popular net library tracer FOTI to steal cryptocurrency wallet data. The typo squatted Package Tracer Fodi NL log sat in the NuGet repository for around 66 years using name tricks and hidden code to exfiltrate Stratus wallet files and passwords to attacker controlled servers in Russia, Venezuela's pd.
A
All right, so I mean we've seen these techniques before of basically poisoning supply chain code repositories like PyPy, NPM, GitHub. And I'm not familiar with NuGet package, although I'm not even a sweets guy. But like for some reason nougat Sounds delicious. For some reason, I don't know why, but they used typo squatting, which is like a classic technique where it doesn't fool anyone. Like, and. Excuse me, it doesn't fool anyone. It. Tracer40 is the actual one, and then tracer40.n log. Like, if you saw this in your code repository, you'd be like, okay, like, yeah, I'm familiar with tracer Frodi. I guess there's some logging, you know, support file or something. So it was so good that it just sat there for six years, nobody noticed. Let's see, it's been downloaded at least 2, 000 times. It's too bad. Like, I mean, I. I shouldn't say it's too bad. What's wild to me is that this thing's been there six years, 2,000 people downloaded it. It steals crypto wallet. So like, presumably up to 2,000 people got their thing stolen. Unless it's like, it's, you know, if you make a software that does fintech stuff and then all of those customers get robbed, you would just, I don't know, man. To me, you would think that something like this, if it was effective, would, like, a pattern would have emerged, like, oh, everybody that uses this wallet or everybody that uses this tech seems to be getting robbed. Like, what's the commonality here? You think that would come up within the last six years? Especially? Because, I mean, we're kind of past the crypto winter. Like, do you guys remember in like 2021, 2022, like Covid, people were like, going back crazy. It was like NFTs were a thing. People were spending dumb money. Like, you think this would have got pulled up, but yeah, look at this code repository. Look, first one, second one, third one, all legit, fourth one, illegitimate. You would never think twice about it. It's got, you know, 2,000 downloads. It looks like the other ones. From a threat actor perspective, this is a phenomenal bit of hiding in plain sight. Let's see. All right, so there is one IP address that's being used for, like, I guess, exfil of the wallet stuff. So they can kind of shut that down easily. I don't know. So for anyone that's here right now, right, Like, I didn't work in fintech, I don't do crypto. So, like, this story is interesting to me, but I don't do anything with it. So if you work in fintech, maybe you want to check if you're running this tracer for N log fody N log thing Realistically, the value here for you as a cyber professional is that this is supply chain attack. If you've had a tough time talking with your Dev team, your DevOps team, your engineers about, oh, I would absolutely recognize a malicious package, right? Hold on one second, I'm gonna, like, like this, like, hold on, like, hold on one second. Right, so if you're, if you're not watching on stream, I'm bringing up the actually meme. Like, actually, I would absolutely recognize a malicious, you know, code library, Jerry, actually, and it's like, okay, okay, okay. Well, now instead of describing it, you can literally show them this screenshot and I, I would recommend hiding the, the thing on the right where it says legitimate packages and malicious packages and say, hey, which one of these. I, I can tell you one of these is malicious. Which one? And they're not going to be able to tell you because they don't friggin know. Right? And it just might, I mean, be delicate with it because anyone that's like, actually, you don't want to like, approach directly, you want to come at them from the side, but you can use this as an opportunity to demonstrate visually, which might have a different impact than just you saying things.
B
VSA suffers attack. Reuters reports that Venezuela's state oil company, pdvsa was hit by a ransomware attack that knocked out administrative systems, forcing workers offline and suspending oil cargo loadings, though production and refining were unaffected. This comes amid escalating tensions with the U.S. both PDVSA and the Venezuelan government blamed the U.S. for the attack, with more than 11 million barrels stranded on vessels.
A
All right, so this is not simply political. Elliot Matice, you can catch his show. So if, okay, so Venezuela suffered a cyber attack. They're. They're calling America as the attacker. They probably are doing it more from based on world events and less on ttps. I don't think of Venezuela as like having like an amazing. Maybe they do, but I don't think of them as having like an amazing military cyber capability where they could do attribution of a threat actor as advanced as the United States. And yes, I'll use the term threat actor, speaking of the United States, because like, you know, a threat, you know, is, is like subjective, right? Like, if you're helping me, you're not a threat. If you're hurting me, you are a threat. So. But we have to kind of talk about these all in generic terms. So they got hit with ransomware. Hold on, dude, come on. They got hit with ransomware and they're blaming the U.S. get off your boat. Like, come on. Like. Okay, so it is possible. I think these are called false flag operations, where a nation state pretended to be a ransomware threat actor group and hit this company in order to move forward on more geopolitical issues of what's going on in that region. But I don't know, guys. Listen, I. I'm not the. I'm not the oldest. I mean, I'm not the oldest one here. I'm old. I'm old, okay? I've seen a lot of things, right? Here's my thing on this. If you were. If you had the full. Like, based on historical context, the United States isn't going to attack in this capacity with ransomware. They would. They would be much more like. Like, surgical and sophisticated and like, I don't know, like, based on everything I know, I'm not thinking that this is the United States. I think this is a ransomware threat actor. Who sees a, you know, company that they got access to, somebody at PDVSA fell for some type of click fix attack. They got creds, and then they went off and running. Let me see, like, PDVSA annual revenue. Like, dude, like, that'd be like, the United States. Like, stuxnet was a ransomware. Like, what are you doing? No, dude. Okay, so pdvsa, the Venezuelan oil company. Oh, my God. Listen, I donated to Wikipedia last night, and now I'm getting, like, like, bamboozled by them for more money. Like, that's. That's why it's always, like, tricky when you donate. Like, as soon as you donate, it's like. It's like throwing. Well, whatever. I don't want to talk about it. Dude, this. This. This freaking article's useless. All right? $48 billion in 2016. All right, so I guess here's the deal. They're a multi billion dollar company. That's what you need to know. They're a multi billion dollar company. If I was a threat actor, and I've been looking at threat actors since 2017, so eight years worth of threat actor intel. You know what they like? Fat pockets. Great cash, homie. If you have $48 billion in annual revenue, you probably can carve off a $200,000 pie slice and give it to me to get out of your hair. All right, so whatever.
B
Fortinet flaws exploited. Attackers are actively exploiting two critical Fortinet authentication bypass vulnerabilities that we talked to you about last week, shortly after Fortinet released patches. The flaws affect multiple Fortinet products. When Forticloud SSO is enabled and allow attackers to gain unauthenticated admin access via forged SAML assertions. Researchers at cybersecurity company Arctic Wolf observed attackers downloading system configuration files, exposing network details and credentials. Fortinet says patch immediately or disable forticloud SSO until systems are upgraded.
A
Poor Fortinet. Poor Fortinet. Poor Fortinet. So this one's particularly funny because it was the patched version that had a new vulnerability discovered in it. We've said it before. I could tell you, like, Fortinet's never going to sponsor Simply Cyber because we just dunk on them all the time. But it's like, hey, it's like Elliot said it. It's Wednesday. Everybody get ready for your Fortinet story. All right, here's the deal. If you're running Forta Cloud sso, specifically Forta Cloud single sign on. Basically, you use Forta Cloud to handle authentication into SaaS applications, using, I would assume, like, your AD credentials. Then disable it. Okay, disable it. That's as simple as that. And by the way, it doesn't come enabled by default, so, like, somebody would had to have turned it on. Yeah, Real Bilbo is a big Fortinet champion Fortinet ambassador. So I will say that. Check this out. When patches come out, especially with AI now you can reverse the patch and see what it fixed, which will allow you to quickly identify where to go attack again. I'm going to go to EPSS. Look, actually, you know what I'm going to do? DJ Bac is coming to us live from seat 4C. He's getting his James McQuiggin at 35,000ft on. So we're going to use his EPSS tool right now. All right, here we go. All right, so looking at this one, this is, you know, I'll drop a link to this tool that DJ B wrote. This is a free tool anyone can use. It has a CVSS score of 98, which is very high, but it has a 500ths of 1% likelihood that you would be exploited in the next 30 days. There are two vulnerabilities listed, though. So let's go ahead and look at the second one as well, just to make sure. Right. Can't just do one call it a day and go get some beers. You have to. You got to do the work, which is why. Oh, it's actually. Hold on. What the heck? Hold on one second. 575-9. 71859. Okay, here we go. Oh, it is Snappy. So same thing, five hundredths of a percent. So when you see to me EPSS score 500 of 1% it means oh my God, it means yes, you got to patch this. Okay, so obviously ah, you gotta patch it or disable forticloud sso. You shouldn't mess around because this is an Internet facing assets that controls authentication to cloud services that hold all your data. But based on the EPSS score, you shouldn't burn all your political capital getting this sorted out. You can, I mean I wouldn't wait too long, right? I would do it during normal patch cycles if you can. It is going to be the holidays and things are going to be slow. So if you can jam it in place and get it in place quicker, that would be a good idea. But Fortinet. Yeah, and DJ B sec said Fortinet is like those like six foot basketball hoops like teenagers can dunk on them. Like it's just everybody's just like Dump.
B
Cloud Windows Agent Flawless the latest researchers at XM Cyber disclosed a critical local privilege escalation flaw in the JumpCloud remote assist for Windows agent that allows low privileged users to gain system level access or trigger denial of service attacks. The bug affects versions prior to 031.7.0 and stems from unsafe file operations during uninstallation where a system level process interacts with user writable temp directories. JumpCloud has released a patch.
A
All right, I'm confused. Is JumpCloud like a Microsoft tool or is JumpCloud like a business? Oh, it's a cloud based identity and device management platform. All right, so here's the deal. If you're running jumpcloud, listen, you'd have to ask your IT people. If you don't know, I would ask your IT people, maybe your help. Desktop people, field engineers. Hey, what are you guys doing? Honestly, you should know the answer to this. This should not be the reason you're finding out. But, but I'm not gonna throw shade at you. This is a perfect opportunity to get those answers. Listen, in any organization of like reasonable size, you're gonna have people in the field, sales people out there, you know, physicians on the floor, medical devices. You're going to have VIPs like running around, jet setting and all that other stuff, right? So not everybody is inside like a windowless brick building in Fort Meade, you know, Maryland. Okay, so because of that, when my aunt Dorothea is at home, especially post Covid, right, my Aunt Dorothea's at home and she gets like PC load letter and can't access her computer. I'm being playful. Also, if you get the PC load letter, reference, drink it or help, you call help desk and they say, oh yeah, let me, let me get in there, let me like, let me take a look. Because if you've ever asked, like, listen, we just had Thanksgiving. If you've ever called like one of your parents or they called you and they're like, hey, I'm having some computer problems, can you help me? Sure, dad, what do you got? And he's like, well, you know, the, the, the thing that I click on isn't clicking. You're like, oh my God. What? Like click the start button in the corner. I don't see start. Is it on the keyboard? No, it's on, it's. Are you running Windows? I don't know. I have a window in the office. Oh my God, bro, Dad, I will fly to you because it will take less time than it is to get this conversation completed. So obviously because of these challenges, my dad was legit like that. I installed log me in on it so I could do this. But these enterprise grade solutions, JumpCloud is one of them. There's a bunch. Any dust TeamView or whatever allows you to remote in, but it does expose all those endpoints if the, if the remote access solution gets compromised. Threat actors use licensed corporate remote management solutions all the time because they're very good at what they do. So this one right here. Exactly. Where's the any key? This one, like this one right here allows you to do denial of service attacks like whatever, okay? But you can do privilege escalation, which is gross. Okay? Privilege escalation is where you get like my aunt Dorothea's account and then all of a sudden you turn into the Somali guy and Captain Roberts or whatever. The Captain Roberts, where he's like, I'm the captain now. You get NT authority system privileges and then it's game over. At least for that endpoint, you own it. Then you can, you know, dump all the things and maybe find an admin account or whatever. So if you're running jumpcloud, if you. Listen, first of all, if you don't know if you're running JumpCloud, this is a great opportunity to just have a nice conversation. Nice, please. You get more kind. You get more with honey than vinegar. Have a nice conversation with your IT counterparts and your help desk and just ask them, hey, how are we doing remote access to support our end users? That's the question. Don't even, don't even go further than that. Just allow them to answer that question. And then if it is JumpCloud, then, you know, you got a problem here. Let's see. Because it is. We've been using DJ B6 tool here. We'll go ahead and check the actual vulnerability and see. Actually, we'll check the actual vulnerability here and see what we got. So this vulnerability doesn't even have a CVSS score. And you have 200ths of 1% of a chance of experiencing an exploit. Hold on, let me show you guys. 200ths of a chance of experiencing an exploit in the next 30 days, which means you can be casual. Okay? I know people think that cyber security people are all serious all the time. Listen, if we were all serious all the time, we. We wouldn't make it, okay? We have to be cynical and snarky and humorous because what we deal with is real and frustrating and it. And it's never ending. Okay, so this right here, you can casually go to your IT counterparts and ask them what's up and not like worry that it's going to turn into a dumpster fire. Because according to EPSS score, I mean, if you. Honestly, if you do get hit with this, you should probably go a lottery ticket because you got a good chance.
B
Foreign thanks to our sponsor, Adaptive Security. This episode is brought to you by Adaptive Security, the first cyber security company backed by OpenAI. Picture a new hire who interviews well, except they're synthetic AI, video AI voice AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality. The attack surface is Trust itself. Adaptive fights back with realistic deep fake simulations and training that actually sticks. Learn more@adaptivesecurity.com.
A
All right, real quick. Just want to take a hot minute break and say thank you. Thank you for being here. First timers, I hope you're enjoying the show. I know it's a lot. There's a lot going on. It's high energy. It's all about good times and it's community Alpha Sierra. I know, I know. Still working on the licensing. Hey, but guys, I got to tell you, I want to say thank you to be. Thank you for being here. I genuinely appreciate it. Woke up this morning still not feeling 100% and you know, grab some tea, drug myself out here. And I'm up and fully functional right now. It's like you guys are the secret sauce that makes me go. So definitely appreciate you. I want to say thank you to the stream sponsors for enabling me to bring this show to you. If you didn't know any sponsor that I take on. I like approve or would use or did use or do use their product. It's not just like how much money can you give me? It's much more around integrity Threat Locker. I definitely believe in their product flare which is not a sponsor this week but I, I love their stuff. Anti siphon of course John Strand and the team over there delete me. Even though they're moving on, I've enjoyed using their product and Barricade Cyber Solutions guys, Barricade Cyber Solutions digital forensics incident response firm. But they also give back to the community. Wait a minute. Fleet is posting the third giving 10 gifted subs. Thank you. Fleet is posting the third. So if you're one of those 10 people who picked up a squad membership like John V. Hey John, it's been a minute man. I was thinking about you the other day. I hope everything's well in your world. You can give Fleetus Post in the third a little. Thank you very much. I'm gonna throw some some Oprah emotes and Fleetus tagging. Listen, Barricade Cyber Solutions has been doing this Fortify365 series which is definitely just giving full value back to the community. Look at this series, dude. Every two weeks coming in hot with education around Microsoft 365. Guys, if you want to work in corporate America and you're like trying to break into cyber and such, pick one of the cloud services like aws, Microsoft, Google. I would recommend, if it was my kid, I would tell them, dude, get good at Microsoft 365. So many businesses use IT services. It ends up like you, you, you use teams because you're not going to pay for Zoom because you already pay for teams. CFO wants to do that. So anyways, this webinar series is great if you take advantage of it. Thank you. Live. I'm live amlyv. I appreciate it. I hope you say your name right. December 17th today. Oh my gosh, today 1pm to 2pm look at your calendar. Open it up right now if you don't know what. If you have nothing going on today, may I recommend this webinar series? Unfortunately, I can't. The URL is like super long. I can't literally put it in chat. But I will drop a link to. There you go. There's a link to the landing page. Just find it. It is session nine compliance setting. We're talking enabling the unified Audit Log. Talking about classification, labeling, managing data sensitivity, retention requirements. Like I know these are things that like SAUCY oh my God. Bore. But you know what, they're important. And the best thing is with these settings, you set them once and they're set up for life. Right? I mean occasionally you go tweak them, but like getting a good configuration is super valuable. So definitely go check that out. Webinars.barricade cyber.com okay, yeah, so let's keep going because we did worldwide Wednesday. Around the. Around the horn. I also want to tell you guys really quickly, I'm going to mention this at the end, but for our Thursdays and any special streams, we have this new thing that we're rolling out. I'm drop a link in here. Hold on. I'm putting a link here. It says go here. Okay. This is luma.com/cyber luma l u m a.com luma.com/simber om live or live for short. Okay, Live. Dude, one of the problems is no one's been able to like remember that we have streams and stuff. This tool right here will put a calendar invite on your calendar if you want it. So go there. We've got Firesides tomorrow with Ben Wilkins talking about the million dollar cyber pistachio heist. I'm not joking. It's a real thing. And then quarterly all hands call on Friday right before I throw a ninja smoke bomb and disappear for two weeks. All right, let's keep cooking.
B
Amazon warns of Sandworm shifted tactics. Amazon Threat Intelligence warns that the Russia linked hacking group known as Sandworm is in an ongoing campaign against western critical infrastructure, especially energy companies. Instead of exploiting software vulnerabilities, the group now primarily targets poorly configured network edge devices hosted on AWS to gain and maintain access. Amazon says it has notified affected customers remediated compromised systems and that the activity reflects customer misconfigurations rather than flaws in AWS itself.
A
All right, so this is a big one, all right? But I'm going to tell you, I'm gonna give you some value. Okay? So first of all, if you're. This is around Amazon aws, not. This isn't going to affect, you know, your holiday shopping deliveries. Okay? Amazon Threat Intelligence has been reporting on Sandworm, which by the way, I just recently found out. I don't know if anyone's got thoughts on this. I just recently learned or I read a theory that Sandworm isn't a direct Russian government entity. But it's like, it's like, you know, like, I don't know, like former, like, like form, not nsa. But just imagine like people who used to be really good in the government and they like spun off and they have their own little like, super team for hire. Like that. I heard that. So, I mean, whatever. I'm not familiar with Amazon threat intelligence, but I bet it's dynamite considering all they have. Researchers said malicious infrastructure used by the attackers overlaps with operations linked to Sandworm. Okay, okay. So the threat actors are using AWS for their malicious infrastructure, which is wild. They're attacking energy sector, including electric utility service providers, etc. The one thing that I found interesting, I want to share with you in a second. I'm just trying to give you any insights. So if you work in energy. Here's the thing. If you work in energy, this is interesting because Sandworm's obviously targeting energy, but I don't know if this means that you have to be in aws. Yeah, it says attacks typically begin with a. The hell? Sorry, Sorry. Attacks typically begin with a compromised customer network edge device hosted on aws, followed by attempts to capture data traversing the network in a bid to steal creds and reuse those creds against the victim organization, service and infrastructure. So basically, if you are have AWS as part of your kind of infrastructure and you work in energy, they're targeting edge devices, right? That could be networking devices, EC2 instances. What, whatever. Okay. They're targeting those. And if they can take them over, then they basically do like a sniffer attack. They like sniff the traffic, which sounds so funny to say, but it just. It is what it is. You sniff traffic until they can steal creds, which, by the way, is wild because that would mean unencrypted traffic, which is a separate issue altogether. The thing that. The thing that is causing this is because when the devices on the edge are set up by the customers, they're improperly configured. And that's the key thing I wanted to tell you in this story. Okay, listen, when a threat actor pops a box in your network, right? Or a threat actor gets a foothold or whatever, it's not. It's not like infinite. It's not a magic trick, okay? They can either steal credentials and log in as a user, they can do a technical exploitation, right? You know, exploit some vulnerability in the code and get it to run arbitrary code. And then do a C2, I mean, not a C2, do a second stage payload, and then, you know, detonate and then allow a backdoor for persistence, right? The really fancy hacker one. And then there's misconfigurations, right? You leave an S3 bucket open to the Internet, you leave a default account enabled, like these are the three things. Like that's it, those are the three things, right? Now some of these things can be human error. You can trick a human into giving the creds or you can steal it or whatever. Like so the way you get exploit those three things are there, but that's it, those are the three things. So what's interesting is Sandworm used to do the cool technical exploitation stuff, right? The Secret Squirrel stuff, and now they're just targeting misconfigurations. So basically what they're saying here is that people are hanging stuff off the edge of the network facing the Internet and it's just grossly misconfigured. Imagine if you will, okay, like the equivalent of this is like building a bank. All right, you build a bank, a nice square bank and you have the vault in the back and everything's great, but you like forget to build the back wall of the bank, right? So from the street it looks good, right? Walk around the sides, it looks good. The back isn't there because you didn't configure it. I know that's like a silly, ridiculous example, but it makes, it makes the point. So here is the tldr. Okay, there's two things you got to know about this. This is GRC stuff, vulnerability management stuff. Number one, when you deploy technology, make sure that there is some type of configuration standard and that you're validating that you have configured the damn thing to that standard before you put it in production. You can vulnerability scan it, you can config scan it. There's lots of opportunities there also during the course of operations of that tool. So it's in place for three, four, five years. People are going to tinker with it, people are going to touch it. Sometimes you apply a patch and it, it changes the setting. Make sure that you're regularly checking these things as part of your vulnerability management program. It's not just about missing patches, it's also about misconfigurations, especially on Internet facing assets which have a high likelihood of being touched by someone far, far away.
B
Dragon hides in European networks Researchers from Checkpoint report that a China linked espionage group known as Ink Dragon has expanded operations into European government networks, compromising misconfigured Microsoft IIS and SharePoint servers to steal credentials and and establish long term access. The group uses victim infrastructure as covert relay nodes and updated its final draft backdoor to blend in with Microsoft cloud activity, including hiding command traffic in email drafts. A separate China linked group, Rude Panda, was Also found to be accessing some of the same networks.
A
Yeah, DJ BSEK suggests that for that last story, set up quarterly audits. Make it a quarterly thing, right? At least you can limit the exposure window. China's Ink Dragon hides in European networks. Guys, this. This last story I just talked about was Sandworm targeting misconfigurations. Instead of zero days, this one. Misconfiguration servers are in, zero days are out. Listen, remember this, okay? Please. For the most part, minus some threat actor groups that are younger, that are quite prolific right now. For the most part, threat actors, whether they're nation state sponsored or they're financially motivated, they don't care how cool their hack is. They don't care. What they care about is achieving their mission. Do I get in and steal the data? Do I get in and steal the money? Yes or no? No one is like, well, you know, it's cool that you got $2 million, but, like, did you do it in elite way? It's like, no. No one's asking that. So, like, literally, for the longest time, humans were the weakest link and they started attacking them. And now, you know, zero days, which were never easy, but now zero days are out and misconfigurations are in because people are just deploying stuff all over the place. I once had a senior, very senior admin, like, work with me on a. A project. And I was like, all right, we need some servers up in Azure. He's like, yeah, yeah, no problem. This guy cut corners all the time. He's like, yeah, yeah, no problem. He's like. He's like, we're good here. I'm gonna go like, play basketball for, like, three hours. Like, three hour lunch. Play basketball. Like, all right. Come to find out, like, he deployed them all with public IP addresses with, like, you know, data on them that should not be publicly accessible. And I'm like, dude, you. Do you even know that these have public IP addresses? He's like, no. I'm like, what are you doing? Why? Can I work with somebody else, please? So Ink Dragon is going further. This is kind of cool. From a threat actor perspective, this is kind of cool. They're actually using victim infrastructure as part of their C2 relay infrastructure so they can hide, which makes a lot of sense because if you look at, like, I don't know, the traffic's coming from Google or the traffic's coming from Barclays, you're not like, oh, that, that must be a threat actor, right? So they relay it through there. They're looking for misconfigured IIS servers, SharePoint servers. They're getting access to the environments and then moving laterally through them. Let's see. Yeah, once they get in. This is a classic iterative cyber kill chain. You take your first asset down, you get into the environment and then you use the credentials you can steal from that first asset to try to log into other things and then rinse and repeat. It's simple as that. Low noise spreads through the infrastructure. Same creds. Yep. If you have a crappy like, you know, everybody has a domain admin game over. You should definitely not allow. People shouldn't be using domain admins except for domain schema changes. But unfortunately Kevin likes to use domain admin because it, you know, he doesn't want to have to deal with like, you know, escalating privileges to do certain things. But yeah, he probably did use WordPress. Yeah, that guy. I got some stories. Catch me, Catch me, Catch me at Wild west or simply cybercon. I'll tell you more stories about that dude. Let's see. All right, so I guess what I'm seeing here is that there's nothing really. I wouldn't if it were me. Okay, so like if I was, you know, in like, if I'm taking action on this news report, what I'm going to do is yes, they're targeting misconfigured IIS and SharePoint servers. If you're running IIS or SharePoint, sure, give it a shot. But all this story in the last story do is reiterate to me that if I don't have a vulnerability management program, this needs to be increased as a priority. Because at least on the Internet, facing asset side, getting visibility into misconfigurations is huge. If you've ever stuck a honeypot out on the Internet, it gets probed within like 20 minutes pretty heavily. So if you got anything that's misconfigured on the network, Shodan's going to find it. Shodan enumerates the Internet and gives you versioning and you know, version number and tech stack sometimes. So like don't think that you're not going to get discovered. Like anyone that's such like a. By the way, that's like such a 2000s mindset. People used to be like, oh God, like who's going to find us? We're nothing. We're just like a small publishing company in Mount Pleasant, South Carolina. Who's going to care about us? It's like, it doesn't matter, dude. You're on the Internet with like A vulnerable version of, you know, Microsoft Server 2008. Like, what do you, like, what do you expect to happen? All right, so anyways, that's what I would do, like.
B
Malware builds off Google Play apps. Mobile security firm Iverify reports a new Android malware as a service called Sellic that lets cybercriminals create trojanized versions of legitimate Google Play apps. It is being sold on underground forums for $150 per month or $900 lifetime. And lets attackers wrap malware inside real apps while preserving their normal functionality, helping infections stay hidden longer and potentially evade play. Protect capabilities include screen streaming, file theft, credential harvesting via app overlays, hidden browser access using stored cookies, and encrypted command and control communications.
A
Wow, this looks pretty interesting. Give me a second here. This is like malware paint by numbers. So, All right, so, all right, so here's the deal. This is interesting. Okay, let's use the graphic here for the stream. Listen, this is interesting. Android, you know, it's, it's a little more, it gives you more configuration opportunities, but also introduces a little bit more risk exposure from malware. Now someone has created this very sophisticated cool tool and I say cool because it is cool that allows you to take legitimate apps and, and basically inject malware Trojan in them that you can do screenshots, you can jump on their phone and like get a live feed of their phone. You can get on their phone and launch a hidden browser using their stored credentials, go into their bank account or whatever, go into their email, do things. Right? So very damaging right? Now obviously a victim has to install this. It is possible for a malware loaded app to get put into the Apple Play, the Google Play Store. But remember, they're taking legitimate apps and then wrapping it with Trojans. So they can't say it's like Candy Crush, right? They can't upload. They can't upload to the Google Play Store Candy Crush and overwrite Candy Crush with the malware one, because Candy Crush owns the, the right to upload new versions, right? So what they would have to do is either upload some random app like Candy Crush 3, right? But it's just really Candy Crush with the malware laden in it and try to trick people into doing that. Or more likely what they're doing is getting people to like side load or install it from like weird websites. Like I would imagine some type of like paid app. Like, oh, hey, like hey, here's a, you know, Adobe Rush or whatever. Like it has a, Here's a cracked version of it that you can install fully functional when you download it is fully functional. So you think you've gotten away scot free with ripping off Adobe and you don't have to pay the licensing fee and all the while you're absolutely infected at that point. So you know, I'm not gonna, I'm not gonna argue with anyone that wants to download from dubious sites or whatever, but I will tell you, I, I educate end users and family all the time. Just like this is how criminals get you. So I mean it's like basically like listen, if you walk down a city street, you'll be okay. There is a chance that bad happens. But if you go down a dark alley, you're not guaranteed to get mugged and beaten, but your chances go up, right? Because that's more likely where a mugging and a beating is going to happen and is a dark alley. So it's the same thing, right? Like you go to Google Play store, it's like walking down the street like yes, you may or may not get hit, but like just make good choices. But if you go to some like google play.ru. wicked shady website.com, right? What like you're walking down a dark alley. I agree with DJ B too. He said at this point in time, why would anyone be side loading apps? I feel like, I feel like we've gotten away from that. Like the, the, the app stores are pretty robust at this point and people have kind of gotten over the whole like, you know, jailbreaking or anything like.
B
That air of gift card draining. The U. S. Treasury is warning consumers about a surge in holiday cyber scams, highlighting business impersonation, fake charities and gift card draining as the most common threats. Scammers earn take care Marquette AI voice cloning and cryptocurrency to make fraud more convincing and harder to trace. With losses from online shopping scams nearing hundreds of millions of dollars, the treasury urges consumers to verify charities and transactions, use secure payment methods, strengthen account security and report fraud quickly. Are you subscribed to this?
A
Yeah. So criminals are using AI like big shocker. Like everybody's using AI. All right, so they're using AI to impersonate trusted individuals. Treasury department is letting us know about business impersonation. Okay, Okay, so basically if people are wanting to give to charities, if people are wanting to give to charities, I mean, unfortunately, this is really not for, in my opinion, business. This is much more for like individuals you may want. This is a great opportunity to like build some goodwill and develop rapport with your workforce. Share this with them. Dude, it's the holidays. This is absolutely vile. Like, I feel like everybody can get on the same page that this is vile. So then if you're educating people on. On this situation, they're like, oh, hey, good on you, man. Thanks for letting me know. And also, I. I'm on the same side as you. This is deplorable, right? So basically, threat actors are pretending to be charities or pretending to be, you know, some type of foundation that takes money and does something with it. And essentially they're just take the money and run with it, right? It's like gift card draining. Now. This is new for me. Scammers steal card numbers from store racks and then drain the balance right off the card right after the card is activated. 70% of consumers looking to purchase gifts. Wow. Jesus Christ. That's a lot of work, dude. So they literally. So you got a guy at Walmart with a notebook just, like, furiously writing down the. The numbers on the back of the cards. It seems kind of. I mean, I guess here's my thing, like, not to say nothing for nothing, but, like, so you're gonna. Maybe you could, like, write a couple down. But, like, if you're gonna write down the entire rack, what are we up to? And then, like, what are you going to get? Like, you're going to have to constantly check the cards to see if they've been activated. And then maybe you get 25, 50 bucks, 100 bucks. Like, I don't know. This seems like a very, like, you know, Cletus, you know, like, just. I don't know. This doesn't. Like, when we. I feel like, dude, this is episode 1028. Like, I feel like we're talking about deep faking North Koreans for, like, $25 million. And, you know, Venezuela's oil company getting ransomware, right? And then it's like, oh, and don't be. Be on the lookout for, like, you know, this. This, like, local thug who's stealing 25 gift cards. You know, I'm not saying I want someone to steal my 25 gift card. And if my son got a gift card for Christmas and then he went to use it to buy Roblox and a Robux and he couldn't. He would be devastated, and I would, you know, I'd be upset, too. But, like. All right, all right. So Rob Cooper is upgrading the attack by just taking photos. Smart. Rob. This is why I'm not a threat actor. I'm such a dude. I'm such a. I'm Such a work harder, not smarter person. I. I'm like, I'm this idiot who's got like a, a three ring binder notebook, maybe a Trapper Keeper. And I'm like just sitting Indian style, furiously. They're like, sir, what are you doing? Like, please leave. I'm like, I'm just evaluating him. I'll be right out. All right, let's keep going here. Hold on. Someone call Nick Barker. It's 9am on the dot and we have finished the show. This is episode 1028 of Simply Cyber's Daily Cyber Threat Brief. Thank you for starting your day with me or ending your day, depending on where you are in the world. And thank you for spending it with the Simply Cyber community. I definitely enjoy and appreciate all of you. It's great times. Remember, if you go to luma.com/cyber luma.com/cyber. You can see the upcoming events and get a calendar invite on. We've got a great fireside tomorrow night. We're going to be talking to multi million dollar pistachio heist which was all cyber security. Insane. Insane. When I talked to this guy at Simply Cybercon, he told me and I'm like, oh my God. Wow. You got to come on and talk about this. And then of course, Friday state Of simply CyberCon 1pm or noon. All right, I'm Jerry from Simply Cyber. Thank you, Pocket Pixie. Don't go anywhere because I am your Jawjacking liaison for the next 30 minutes. I'm Jerry from Simply Cyber. Until next time, stay secure. See ya. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some Jawjacking. What's up, everybody? Welcome to the party. I am your host, Jerry Guy. Coming in hot on the heels of the Simply Cyber Daily Cyber Threat Brief hosted by that say with me, nerd, Dr. Gerald Dozier. Oh, vulnerability management's important. Okay. All right, nerd, chill, chill, chill. All right, here we go. We got it cooking on the stream. My glasses are getting fogged here. Hold on. We got a wrecking ball. Okay, hold on, hold on. Wrecking ball takes priority. Sauron Gupta. Phil Stafford. She says after four or he says, I'm not sure. After four rounds of interviews, I got that job. GRC engineer, start in February. I want to thank all of you for your guidance. Heck yeah. So good. If you're a squad member Open that emote tray. I think it's the third row down for me. And there's a rocky mall emote. There we go. Love it, love it, love it. All right, guys, this is Jaw Jack, and I'm your host. We kick it for, you know, 30 minutes or so. People message me directly. I don't. With all due respect, I. I'm not saying this to sound like a. A big deal, but, like, I just don't have time to respond one on one. Because if I do it for you and I don't do it for the next person, well, what am I? What, what. What signal am I sending to the next person? Like, you're important and they're not. So the way that I have reconciled it is jawjacking. 30 minute AMA. First question. What's the most hands off or frictionless way I can get a website? I just never can stay interested enough to do it myself. I mean, honestly, depends what your website goal is, but. Card. Let me hold on one second. Card. Ca. We use this card company. Who asked that question? Silence, poet. Silence poet. Oh, my God. Card company. This might be like literally the easiest way to get a website like simply Cybercon is this website right here is on card. Co. So go check that out. Could also go to WordPress. Not stand up a WordPress, but like use WordPress. That's another easy way. And if you want to go way back. Geocities. All right, all right. So if you have a question, put a Q in it at the front so I know it's for me to answer. Pocket Pixie saying excellent channel. All right, all right. I like it. Thank you. All right. I say frictionless because it's literally like click and point and click. All right, Looking at chat. So. Oh, that's interesting. DJ B. See, I'm so old now. DJ B is saying you can use Claude code to write a website that's 100% true. Still have to host it, though. What are the red flags to look for in a potential employee? Employer. So, and please drop your own. Your own in chat. If you have red flags, say red flag. And then what it is. I mean, for me personally, I, you know, I should have. Okay, so I have a red flag that I saw and I still took the job because I needed it. But like, I interviewed for a job one time and the guy who interviewed me was going to be my boss and he was such an a hole. And I was like, dude. And he's like, he asked me this question. This is the one that sticks with me. He Was like, really big into, like, being in control. He's like, all right, let's say you're on the phone because it was like a database administrator position, and you were basically interfacing with, like, engineers in the field. I won't get into it, all of it, but, like, engineers in the field, in the back end, data people. And, like, if there was a problem with it, with the app, they would call you and you'd be on the phone with them. So the question was, you're on the call, working through an issue, very serious issue, with a client who's very upset, and the CEO of the company, of our company walks in and says, jerry, I need you in my office right now. And then turns and walks away. What do you do? I'm like, okay, like, I'll answer the question, but in my mind, I'm like, that is the most asinine question you could possibly ask. Like, first of all, why is the CEO going to ask me to come in their office? I. I'm like a rank and file. Second of all, like, the way I answered it was like, I'd get off the phone and go to the CEO because, like, obviously the CEO knows I'm on the phone with a client and has made the decision that what he needs me in the office for is more important. So that's what I would do. But just that, that. That behavior persists. I worked there for, like, two months, so if you can identify toxic people, I would definitely. That's a red flag for me. Yeah. If you. So. Oh, wow, we got some great red flags here. Keith Sloan says when they want to make you the IT guy, cyber guy, help desk guy. Yeah, we don't need a CISO here. Yeah, I think, you know, if they can't really answer questions like, what's the direction? Where do you see this program in the next 18 months? Like, if they're just kind of like flying by the sea of their pants. Unless they're bringing you in to do that. That. I've had that case before where, like, they're like, we don't know or do anything. That's why we want to hire you. So. Good question. And it's a fun topic to share. If you have any red flags, holler at it. I'm trying to think of any other red flags. I don't know. I. I also think red flags, like, when you're dealing with, like, the HR piece of it, and they get, like, squirrely about, like, anything, like compensation or weird stuff, you're like, what are we Talking about here. All right. Bruising hacks with a question. Is registration open for the next PBC cohort? So I can recommend it for anyone standing out with a YouTube Twitch channel? No, it's not. And bruising hacks. I'm not going to do the PBCC in the full four days. I'm gonna do one day, four hours. And it will be set up. It's going to be. The registration will be set up. That's something we're working on. It'll be four hours. I'm going to cut the course down a little bit, and then basically I'm going to offer the opportunity for the students in that four hour workshop to get access to the. The full 16 hours of content. I just. With a lot of things going on right now, Ryan, I can't. I can't carve out 16 hours. Like, basically four full days with the c. It all will be back up and running and we got some stuff going on at the house. So. How long would you say to take DSA for cyber security? I don't know what that is. Dsa, See what that is? Digital signature algorithm. I don't know what your question is. So, Pocket Pixie, please clarify and I will answer your question. All right? Oh, yeah, unlimited PTO is kind of gross, too. All right. Is running WordPress a red flag? No, WordPress is fine if it's managed correctly. Red flag from Mara Levy. When the boss starts talking about how other people on the team are inept. Yeah, talking trash about other people. That's a bad look. All right, so we're caught up on. On questions right now. Oh, no, we got another one coming in hot right here. As a desktop technician, newly assigned security responsibilities for my team. Which key areas should I prioritize? And is there a recommended order for attacking these? Thanks. As a deck desktop technician, newly assigned. Well, I mean, it depends on what you want to do. I mean, obviously, since you're touching desktops, I would think that making sure that they're properly configured, deployed, you know, that's an easy one that completely aligns with you when you say that you're responsible. Security responsibilities. I guess I would need to understand, like, the scope of, like, what that means. Like, are you, like, like, are you given security responsibilities around your role as a desktop technician? Are you given security responsibilities of managing cyber for just the desktop team? Like, I. I don't fully understand what you're. I mean, I, I can answer your question. I just don't understand your situation here. But, I mean, mfa, all the Things for starters, Tony, Jack, they have unlimited pto, and he loves it. I mean, the thing is, you got to take it, right? All right, any recommendations of videos for learning Splunk Fundamentals for Sock? Well, I will tell you that Splunk actually does offer a lot of free training. I think Spluck. I think literally. I literally think Splunk Fundamentals is a free training. Give me a second, because here, you gotta remember, Splunk makes all their money from. Splunk makes all their money from basically data storage. So the more people who. Who know how to use Splunk are, the more people who are going to be like, oh, like, we should get a sim. Like, let's use Splunk. I know how to use it. Which is good for business, right? So right here, I'm gonna drop a link in chat. Who asked this question? John. John, there's a link to it. This is all. This is like. This is all free fundamental Splunk training. Like, literally. In my opinion, this is the best answer to your question. All right. Kathy says if you have a great boss element of po, PTO can be a great thing. Five days of sick when you have kids is not near enough time. I agree. All right. Not a Michelle Conch. Oh, wait. Michelle Khan shared something cool. CWSC certified web security expert from Hackvisor is free at the moment. Oh, my gosh. Okay. I signed up. Free resources. Okay, hold on one second. That's cool. Hold on. This is like. We should get a. We should get like, a sound effect in an emote that comes on the stream or like a GIF that comes on the stream for like. Like, breaking news. Web security expert exam Free. Right? See if we can solve this together. Oh, my gosh. Yeah. Okay, so I don't know about you guys, but free. Let me check with the judges. Judges? I'm getting nods from all the judges. Yeah, free is something that we like. CWSE exam and maybe training free. Thanks. Michelle Khan. Michelle Khan. Not just the real life Liam Neeson from Taken, but also a great person to share value to the community. All right. Silence. Poet. A little off topic, but what do you think of some companies deciding to stop selling consumers? Ram. Yeah. I mean, unfortunately, this is the downside of capitalism. You know what I mean? Like, businesses are driven by money, and if they can get paid 10, it's the same thing that when I talk about threat actors targeting, you know, whales versus, like, picking peanuts through elephant poop, it's like, why wouldn't they? Like, especially, like, if you own stock in that company and you're like, you guys can make more money for me by selling here, then do it. Like, you know, so I do think that it sucks, honestly, but, like, we're not going to get away from, like, businesses need computers. You know what I mean? Like, computers are ubiquitous. So, you know, the ones that still sell RAM to consumers will just increase their market share. That's it. Did you watch the Knicks beat the spurs last night? Nah, I don't really watch pro basketball. How could you interview Georgia Weidman? Who's Georgia Weidman? Let's see. If I can find Georgia Weidman on. Here we go. She's got the no Starch press book. That's cool. I mean, I can certainly reach out to her. Seems like a really cool person. Can certainly reach out to her. See what's out here. Let me. Let me connect with her. Jerry from Simply Cyber. Be cool to have you on my podcast to. My podcast, if you're interested. Thanks. There we go. All right, so I. I've. I've submitted a request. Taekwon Gong. I'll let you know how it goes. All. All right. Continuing to look at Chad here. Oh, Michelle. Con. Gif. All right, we're gonna have. I got. I should be taking notes here. We need the. Actually, Jeff, we need a couple of them. Stop it, Kishan. Infosec 128 gigs of Ram 500k. Oh. All right, guys, we're at 9:17. Let me get the little chiron going. That's why it looks different. All right. Drinking some tea. He's gone cold. How's everybody doing? I. I made my menu for. For Christmas. Like, not like three days of cooking and food. I'm excited. I'm excited. Pick one interview. Krebs are Easterly to have a beer with Jen. Easterly. Brian Krebs is good and interesting, but like, I don't know, like they would both be fun, I guess. I just think. I know. I. I just prefer to get Jen's thoughts on things. You know what I mean? Like, like, no disrespect to Brian. He's good. But DJ B Sec coming in from 40, 000ft. What's Christmas look like at the Ozier house? We do it at our house with the. The kids. So we have our own tradition family wise. We were supposed to have some family visit us this year, but there's been an issue so that. That's not happening. But I will tell you, we always wake up families dressed in matching pajamas. We do a little, little photo shoot with the dogs. On the staircase. Kind of the same thing every year so we can show it, you know, over the years. And then it's just. I set up a French toast casserole the night before so I can just pop it in the oven. And we put on Christmas music. We make the TV a YouTube screensaver with a fireplace, and we just dig in, have some fun. It's super chill. I love it. Yeah. So nothing too crazy. So that's Christmas. What about you guys? Got any traditions? I am looking forward to it. I do it always crack. It always is interesting to me that by like, 4:00 clock on Christmas day, like, Christmas is over. Like, the vibe of it. I feel like Christmas Eve night and Christmas day is like the Christmas experience. Been watching some Christmas movies. I don't know. Christmas Chronicle with Kurt Russell. It's been around a few years. It's a good. It's a good newer one. One. Straw hat Sex says I was doing attacking SMTP challenge. It involved using O365 spray from GitHub. I tried it to use. It didn't work. Any alternatives? I don't have a SMTP spray tool suggestion. Ask Tyler Ramsby. Tyler might have one. Oh, Always have tamales for Christmas. That's nice. French toast casserole recipe. I can. I can provide it. It's not. It's not anything, like, crazy or special. It's just like, you know, the. The French toast liquid bath, right? The eggs and the milk and vanilla spices and everything, and then just ripped up chala bread. You just poured over top of it, let it soak in, put in the fridge overnight, and then in the morning, throw it at like 100 miles an hour into the oven like a boss. That's how Jerry guy does it. Egg splatter everywhere. No regrets. I'm joking. I'm joking. The thing is, in years past, I've made the mistake of trying to make, like, a fancy breakfast on Christmas day, and then I'm like, not part of Christmas day day because I'm, like, in the kitchen. Liv, what is black cake? Is black cake a thing or you just mean a black cake, like a German chocolate cake or something? Yeah, I'm curious about black cake. Too foreign. So if you're just jumping in here, we're doing AMA for cyber security questions. Career, you know, industry, like, whatever. Jamaican tradition. Rum cake. All right, we're gonna pull it up. We're gonna. We're gonna research this right now. Jamaican black cake. Okay. I'm not even a sweets guy. And that looks good. That looks Like a kind of a dense fudge brownie thing. Okay, well, thank you for sharing that with us, Liv. Oh my God. Sunshine. A hundred family members. It's like a politician at like a meet and greet. Elliot's family does cinnamon rolls out the package. This year we're going to just set our platters of goodies and don't have to cook meals. Yeah, Kyle. Kyle with the saxophone. Very nice. Yeah, no, it's good. You know, it's a kind of an obscure, obscure thing that like, it's not a Christmas tradition, but it's like, it's like a recipe that's been like passed down in my family. These things called sausage balls. And it's basically like you take sausage meat and you like, you know, pull it all out of the casing so it's like, it's like loose shredded sausage meat. And then you put like a bunch of like biscuit, like pre made biscuit stuff. I think this is it. Or you make the biscuit mix or whatever and then a bunch of cheese and you just kind of like all roll it together so it's just like one big thing and then you cut it so it's like strips. And then you just roll the strips up so they're like these balls. And then you bake them. Like each one's probably like 600 calories. But that didn't stop me from eating like a dozen of them when I was a kid. The question is really, I mean, the question is, what's your New Year's Eve plan? Right? You guys got any New Year's Eve traditions? We do. We do one. We've done it the last couple years. It's been fun. New New Year's Eve is we get the TV up and running, we have a bunch of like mini games and I buy like, like this year I'll buy 26 $1 scratch tickets. Or I, I don't even think they sell $1 scratch tickets anymore because last year I couldn't get them. But I'll buy 13 $2 ones. And then we do mini games and like when you win you get a scratch ticket. And then we let the kids, like basically all of us, but it's mostly the kids. Kids, you get to pick like whatever appetizers you want. So like, like sausage balls would be good, but mozzarella sticks, chicken fingers, Samoas, P, like whatever. And then we just make a huge spread of like that and you just like graze for the hours. It's all right. Oh my God. 100 a thousand piece puzzle Mara Levy. That's intense. Oh, yeah. I'm not saying New Year's Eve, like, watch the ball drop. Like, I'm in bed by 10. Like, let's. Let's be real. What we end up doing is putting the. I think it's like London. You can watch the London ball drop and it's like 8:30 or something. Or 9. And then you're like, oh, like, there we go. We celebrated. Very chill. Very chill Jawjacking today, guys. Oh, Elliot Mattes. Yes. Welcome to old. I'll get you your Advil. Everybody gets issued a bottle. Excuse me. 9:26. If you have any questions, definitely drop them in chat. I mean, we're having a good. A good hangout. Right. Obviously, we're hanging out. But if. If you do have questions, I. I do want to provide answers or get you access to the resources you need. DJ Vsec says I watch the Australian ball drop and go to bed at 4:00pm yes. Eat dinner at 2. Oh, the. The life. Thank you guys. Appreciate that. I will tell you kind of a funny story. I was a different person, obviously, in college, but I went to Boston. Boston harbor does like a. Fireworks over the harbor. And, you know, tons of people go out. We had, you know, backpacks full of beers. I was also, I'm just realizing now, not 21 in this story, but we're on the. We're on the, like, the war front there, watching this. We're all hanging out, having root beer. And, you know, these, like, these horn sound makers, they're not like vava zulas, but they're like, like those sound things. My. My. One of my closest friends. Girlfriend had one of those things standing behind me, and she was. She was. And I. I just, like, had enough, and I turned around. I'm like, hey, can I try that? And she said, yeah, here. And I took it and I just threw it in the harbor and then went back to, like, hanging out. She was upset, but I, like, I literally had. I was at the end, Like, I was at the end of my rope with that thing. And I. No one said any. Even my buddy didn't say anything because, like, everybody, I think, collectively agreed that it was ultra annoying. And she didn't do it just a few times. She did it for like five minutes and it was like, all right, out of here again today. I would probably turn around and ask her if she could just, like, do less of that, but it was a different time. All right, here are the questions coming in. Tips on current openings for, like, junior analysts or something. Relationship Building kitchen infosec. I know it's. It's not easy. It's not like a quick fix or anything like that. But you find out about opportunities when you have relationships are better than connections. If you can. You know, there could be opportunities that are not listed as junior analysts, but, like, you know, it's like I t job, but then it has, like, some cyber elements to it. So you could do that maybe. All right, Kyle. Kyle wants to know if anyone's bracing for Florida government budget cuts. I didn't know about that. I did not see someone in China made drones that look like flying swords. That sounds pretty good. I did. Speaking of swords, I did see that Giza from the Wu Tang is doing a concert pretty soon. That's kind of cool. It. Yeah. Savage and hysterical. It was. Chid says. Hey, bro, once I complete your GRC course, will I be able to do risk assessments and create policies for businesses? Yeah, I show you how to do both of those things. Can you use a Flipper zero wallet when war driving? Can you use a flipper zero when war driving? So really quick. War driving is where you drive around and you just have, like, basically a network interface card looking at available SSIDs and network and you're documenting them. I don't know if a flipper zero. Oh, yeah, that's right. That's right. I was like, I don't think it has that capability, but you have to. The answer is yes. Who. Who asked that? Soul shine. The answer is yes. Right? Here's the flipper zero. Right? But you need. And I don't know if the newer Flipper Zeros do this, but you actually need this part. This is the wireless card that goes with it. And then you can see on the top of the Flipper zero, bro. On the top it has the pins, right? So you can, like, basically do that. And this is, like, really flimsy. Like, if this were to hit, it would break all the pins. So I think Dorota, the woman in red, I think she actually has some type of, like, 3D printed, like, not harness, but, like, people have, like, 3D printed ones that, like, will hold this in a much more secure way. So the answer is yes. You just have to also have the WI fi board. Thank you for asking. I've been waiting years to be able to pull those out and show them just that occasion. All right. S cool.07 had to get out of here. Oh, we're at time. All right. We are at time, guys. Thank you very much for all of you hanging out. It was good times. I'm Jerry from Simply Cyber. Have a wonderful day. Remember, we'll be back tomorrow at 8:00am Eastern Time to run it back again and keep on going. Episode 1029 tomorrow. Safe travels, DJ, B Sec and guys, have a wonderful Wednesday. I'll see you tomorrow. Until next time, stay secure.
Podcast: Daily Cyber Threat Brief
Host: Gerald Auger, Ph.D. (Simply Cyber Media Group)
Date: December 17, 2025
In this energetic and community-driven episode, Dr. Gerald Auger brings listeners the top cybersecurity news stories relevant to industry insiders, cybersecurity professionals, and those aspiring to enter the field. The episode stands out for its real-time reaction to news, practical insights, and lively engagement with the global Simply Cyber community. The main focus is on current cyber threats, supply chain security incidents, infrastructure vulnerabilities, notable malware developments, and seasonal consumer threats—with actionable takeaways throughout.
[13:36]
"From a threat actor perspective, this is a phenomenal bit of hiding in plain sight." — Gerald [15:52]
[18:34]
"If you have $48 billion in annual revenue, you probably can carve off a $200,000 pie slice and give it to me to get out of your hair." — Gerald [21:10]
[22:51]
"Fortinet is like those 6-foot basketball hoops—like teenagers can dunk on them." — Gerald, quoting DJ B Sec [27:00]
[27:13]
"You get more with honey than vinegar. Have a nice conversation with your IT counterparts..." — Gerald [29:19]
[38:40]
"Sandworm used to do the cool technical exploitation stuff... now they're just targeting misconfigurations." — Gerald [39:56]
[44:58]
"Misconfigured servers are in, zero days are out." — Gerald [45:47]
[50:56]
"This is like malware paint by numbers." — Gerald [51:47]
[55:33]
"So you got a guy at Walmart with a notebook just, like, furiously writing down the... numbers on the back of the cards?" — Gerald [56:18]
On Community:
"This community is amazing. Imagine that. Just put kindness out in the world and it'll attract other people of similar ilk." — Gerald [08:45]
On Vulnerability Management:
"If you don't have a vulnerability management program, this needs to be increased as a priority... misconfigurations are huge." — Gerald [46:55]
On Supply Chain Attacks:
"Use this as an opportunity to visually demonstrate that even seasoned DevOps folks can’t always spot a bad library. No one can pick out the fake with certainty." — Gerald [16:33]
On the Human Element:
"If we were all serious all the time, we wouldn't make it—cynical and snarky humor gets us through." — Gerald [31:39]
"Remember, if we work together and support each other, that's how we move this industry forward. Stay secure, stay informed, and keep leveling up. I'll see you tomorrow." — Gerald [57:54]
For a deeper dive into today’s stories and tailored career guidance, tune in live daily at 8 AM Eastern via simplycyber.io/streams or catch the replays on your schedule.