Loading summary
A
Good morning, everybody. Hopefully everybody can hear me, everybody can see me. I m DJ B. I'm here this morning to fill in for Jerry as he takes a much needed time off. Hopefully everything's coming through good. I got in here and everything was messed up. But today we're going to go through all of the, all the stories on CISO series to go through and find out what's going on over the weekend. So everybody hop in, enjoy the ride, let's have some fun. Let's get started. All right. Watching to make sure everything is working. I, in fact, let me do this. Let me get. I'm all discombobulated this morning. Been a crazy last couple of days. Had a whole bunch of family stuff go on, was out of town, just got back in town. So let's see. Everybody's. Everything sound good? Tomorrow will be a lot better. I should have worked over the weekend and figured out, made sure everything was working, see. All right, I'll go through this real quick. Everybody. We do, we do this every single day. Jerry is out to this week and next week. And this is really loud in my ears. Hold on a second. This is called not doing this for a long time. And then now, now it's really loud. There we go. All right, that's better. All right, everybody can hear me. Let me look at chat. See, everybody can see me. Everybody hears me. Should be good. All right. Anyway, what as I was saying, Jerry is out for the next two weeks. He's going to take some time, recoup. That way he can come back stronger than ever for 2026. I'll be doing the daily Cyber Threat brief today, tomorrow and Wednesday. We will not be here Thursday or Friday. We've got Christmas on Thursday and everybody's going to recoup on Friday. And then Daniel Lowry will take over next week and run through all of the, all the news, all of the cyber incidents or whatever happens over the next over that week. Yeah, the audio is much better now. Okay, everybody can hear me. All right, now, now that we got that squared away. When I came in here, Spotify was not working correctly, so I couldn't get the stuff up. But I think I got that fixed. So let's go ahead. We make sure I got everything on here correctly. Yeah, let's go ahead and jump over actually. Yeah, let's go ahead and jump over. And at the mid roll, I'll do. I'll run through the. Run through the ad reads. Let's go ahead and jump into it. It's already 7:04 we got time. Let's go ahead and jump into the stories lines.
B
These are the cybersecurity headlines for Monday, December 22, 2025. I'm Steve Prentiss. President signs defense bill funding Cyber Command and Pentagon phone security. The $901 billion Pentagon policy bill named the 2026 National Defense Authorization act, was signed on Thursday night with bipartisan support in both the House and the Senate. It authorizes unprecedented spending levels for national security programs and, and effectively preserves the dual hat leadership structure of U.S. cyber Command and the National Security Agency. In addition to funding for Cyber Command, the bill also, quote, requires the Defense secretary to ensure DoD senior leaders are provided with mobile phones with enhanced cybersecurity protections, including data encryption. End quote.
A
All right, not much here to see. Sounds like the DOD got its funding. They put allocated millions for Cyber Command, mandating the Pentagon use phone security. This kind of like you think. You mean the Pentagon isn't using phone security right now? Like, this doesn't make any sense to me. You would think that their phones were already encrypted, that they already had this stuff put in place especially for hire. People within the government we've seen multiple times over the last couple of years, state elected officials or federal elected officials, not just within the United States, but around the world, getting hit with. Getting hit with their phones, going through and getting popped using Pegasus or something along those lines. So to me, this makes. Makes all the sense in the world to make sure that we are mandating this. But then again, this should have already been in place, which I'm assuming, of course, I'm going to assume. I would assume this is already in place. And now they're just putting it on, putting pen to paper, saying, hey, this is what. What we need to make sure is happening. If there's anything else, there's not much meat to this story other than, hey, they signed a bill and put in. Put in funding for everything. I don't think there's much in here. Let's see. The bill serves as an extra layer of protection for keeping the leadership arrangement, which is debated in Cyber Command, for. There's not a lot here. I mean, they passed the bill, they funded the DoD. The DoD put money into the, into the bank for security. Like, not, Not a lot here. Yeah, money, money, money. The Pentagon has been under regulations for phone security for decades. It happens. That's Elliot Matisse. Yeah, to me, it's just the. The story in itself, all it is, is, hey, they got funded. Like, not a big deal. Let's go Ahead and move over to the next one. Not much cyber here other than, hey, let's make sure that our phones are encrypted so if something happens to them and they get popped that nobody can read what's on there.
B
Iranian apt resurfaces with new malware. Threat hunters at safe breach are warning of new activity from an Iranian threat actor known as infi. Infy, also known as Prince of Persia. This nearly five years after it was observed targeting victims in Sweden, the Netherlands and Turkey.
A
What is this? We have President Iranian ATP. Why is this talking about Russian Amazon warns a Russian sandworm shift. That's not correct. Do they have the wrong stuff up here? All right, hold on. Oh, it's gonna be one of those. Morning. Okay, hold on a second. So this is December 22nd, which is. Today is December 22nd. We have the Iranian. Why do we have Amazon in here? What happened to. What is going on here? Okay, I guess here's. Here's the Iranian story. Oh, this is. Way to go, ciso. Way to go. All right, let's see if we can't back up a little bit.
B
Described as, quote, still active, irrelevant and dangerous. New activity provided with mobile phones with enhanced.
A
All right, I'm backing it up so we can listen to the story.
B
Including data encryption.
A
Yes. We're have to figure out what stories are what.
B
Iranian apt resurfaces with new malware. Threat hunters at safe breach are warning of new activity from an Iranian threat actor known as infi, also known as Prince of Persia. This nearly five years after it was observed targeting victims in Sweden, the Netherlands and Turkey. Described as still active, relevant and dangerous. Infi is one of the oldest apt actors in existence, dating back to December 2004. More publicity shy than its Iranian compatriots, Charming Kitten, Muddy Water and Oil Rig. The INFI attacks generally involve a downloader and victim profiler named Foudre, which is French for lightning. Paired with a data extraction tool called Tonair to extract data from high value machines, Foudre is distributed via phishing emails, often with a poisoned Microsoft Excel file as the delivery vehicle. Further details about the extents of this campaign are available through a link in the show notes to this episode.
A
All right. Yeah, I saw. Somebody said you already had that up. Yeah, apparently so. If everybody doesn't know. CISO series puts all their stuff up, but they go through and put every story that there. That is supposed to be in sequential order so you can open them all up and it looks like they've mixed up some stuff because it also Says Rich Stroffolino did this. Which it's not actually Rich that did it, it's actually Steve. Looks like they kind of are all over the place this morning. So we'll listen to the story and we'll try and find the one that's on there. That said, we've got the Iranian infi apt. Let me scroll back up here. So they have discerned that new activity from an older group has come or is back in place. So scale of Prince of Persia activity is more significant than we originally anticipated. I saw something in here about palo alto. Maybe it's 42. Yeah, there it is. Infi is one of the oldest advanced persistent threat actors in existence with evidence of early activity dating all the way back to 2004. Man. According to a report released by Palo Alto 42 in May 2016. It was also authored by Barr along with other researchers. So I believe. Let's see where, where was it in here? They were targeting specific European countries, looks like. Okay, they're targeting Iran, Iraq, Turkey, India and Canada as well as some in Europe using updated versions of. I'm not, I'm not French, I'm not going to say that. Correct. Anyway, Bondaire and Tonair, they say thunder, lightning. See the Latest detection was September 2025. So look here it is big thing. If you're in one of these countries, which we have individuals all around the world in here. If you're in one of these countries and you are a blue teamer, you want to make sure that you are looking into this. Monitoring your email, your email servers. The attack chain comes from a mic, a macro laced Microsoft Excel file. So as of now or as of a while ago, Microsoft turned off macros automatically. So if somebody opens up an email and it has a macro in it, it's not going to run or it should not run, it should be turned off. Macros should not run by default. When you open up an Excel file number two, that's one number two. There are, I think they said something about indicators of compromise. So There is a C2 and maybe we can. Maybe we'll do that when we, when we jawjack is go through and see if we can find IOCs for this. If we have the IOCs, we can put that in place, put that in our email, in our email server or threat hunt for those and make sure the other thing, what we deal with every single day, user training. We have to train and make sure that our users understand what's coming in. Hey, if you're getting an Excel file from somebody you've never heard of or don't know, you shouldn't be opening it up, and you sure as hell shouldn't click on Enable macros if the Excel file's coming in and you didn't know who it was coming from to begin with. So user training in here is the biggest one, making sure that they understand or they. They know what a phishing email looks like that they know at the top, even though that it says it's coming from DJ B sec, that email next to it isn't his real email address. It's, you know, something else. And it has some european.com on the end of it or.eu and it makes no sense as to why you're getting that. That's the bigger issue here is user training. Make sure your users understand phishing messages and what phishing messages entail when it comes to having Excel files or any other type of attachment. Let's see, they have a C2 domain. I don't think they put anything in here, did they? Oh, wait. The latest version of Tener, on the other hand, includes a mechanism of contact to tell. Oh, Just kind of running through real quick. Yeah, they don't have any IOCs in here. I mean, it's something we can look at. Okay, Wait, the request format is. So there you go. There's a little bit of an IOC. The request format is an HTTPs domain name key, domain name, year, date of year. Sig so if we have time, we'll check that out. We'll see if we can figure out what some of those IOCs are that we can look for.
B
Massive Android Botnet Kim Wolf launches DDoS attack according.
A
Okay, so Kim Wolf, let's see, where's this at in here? DDOS attack Former cyber no hackers Senate Share.
B
To XLAB this new Android botnet linked to the Isuru botnet has infected more than 1.8 million devices in order to launch more than 1.7 billion DDoS attack commands and boost its command and control domain. Kimwolf primarily targets TV boxes and uses DNS over TLS to hide communication and authenticates its command and control servers with elliptic curved digital signatures. Although the botnet uses code from the Isuru family, its operators have redesigned it to evade detection.
A
Let's see if we can find. Pull up my trusty stuff in here. Okay, Kim Wolf, This is crazy. We're all over the place this morning. What's crazy is I know that they had the correct one up. Did it update? Did it update? Oh, there it goes. Okay. What in the world? Iranian. There's a new malware method. Okay, here we go. Security affairs. There we go. Now we've got them all. Oh, What is going on? I'm all over the place this morning. Wait. All right. Oh, man. Well, that's no good. All right, so massive Android bot Kim Wolf infects million strikes with the DDoS. Let's see, what do they hit? 1.2 million. 1.8 million. So Kim Wolf, Android botnet has infected 1.8 million devices, launching massive DDoS attack, boosting its CNC domain. And look at that nice little big chunk. Came off of the newly discovered Android botnet linked to Surrey bot that has infected over 1.8 million devices and issued more than 1.7 billion. Let's see. October 14th or October 24th. XLab received a botnet sample from C2 domain. So here's our C2 domain. Within a week, its popularity soared. So we have this. So you know what, we can, we can put a block on that specific domain, even surpassing Google and Cloudflare's global rankings. Let's see if there's anything. Version. All right. Oh, here we go. Researchers observed infected devices in 220 countries and regions globally. The top 15, Brazil, India, USA, Argentina. So if you're in one of these countries, you're in the top 15. Look out for this. It doesn't necessarily, I mean, says it's infected. I don't know if there's a way to actually research and find out if you have affected devices other than the fact that it's something's beaconing out to, to a domain that you don't know of or haven't heard of. So right here, what I'd say is make sure that we, that we're putting in our firewalls or putting in our rules. Anything that's coming to this or going to this, maybe put alerts in place. That way you get an alert. Do you actually see that that's coming, coming across your, that's coming across the, the line for you? It does say that these are primarily targeted TV boxes. So I don't think this is necessarily going to affect devices within our networks, within our enterprise networks, that is, these are going to be mainly homes, home devices, your Comcast, Xfinity, Cox Communications, those type of boxes that are apparently becoming more and more of a, more and more of a platform for these types of attacks to come from. I keep seeing more and more of this about TV boxes and of course we all see the wireless routers and so forth. TP links and things. This may be. This may be something for you to run on your home network. So a lot of people ask about labs and how we can get in to do cybersecurity and things like that. This would actually be a great opportunity in your home network to see if your TV box is actually doing that. We got 1.8 billion devices out there that have got Android or something on there that these TV boxes are running on, which I'm assuming maybe we're talking more like fire sticks or something like that. Look at your home network and see if you've got stuff going out your home network. If you have the capability on your home network, you could run Wireshark and see if. Check it, Check for things going through specific domains. Get rid of that one.
B
All right, next, Microsoft Teams suffers a brief outage. Thousands of users in the US and Europe reported problems sending messages through the platform on Friday. The issue affected all teams clients, including the Windows app and mobile apps. The outage, however, was brief and was resolved within the hour.
A
All right, brief outage resolved within the hour. But everybody here, as a practitioner, as an IT person, as a security person, knows that, I don't know, can we say 50%, maybe more than 50% of enterprises are running Microsoft Teams when it comes to this. Tickets are going to go crazy. They're going to blow up your help desk. Everybody's going to be screaming and yelling like, I can't, I can't connect to anything. I can't see anything. I can't talk to anybody. I'm trying to get, you know, XYZ to respond to me for an hour. And unfortunately, we have, we as practitioners, as companies, corporations, we have succumbed to everything being SaaS operated. So everything is operated outside our premises and we don't control it. So unfortunately, what we get to do is we get to look at upper management, we get to look at the managers and go, there's really nothing I can do about this. 0. We have paid money to have this service and this service isn't working right now. And I have no control over this. Luckily, it was only down for an hour. Sounds like maybe Carl or somebody push something, mess something up. And they were able to roll back pretty quickly. It did affect everything. And when I say everything, we've got our Windows application, our Microsoft application, we have the application that's on our mobile phones. So it's not that it affected those specific applications. What it did is it affected the communications. I'm assuming you know what happens when you assume. But I'm going to assume that something routing or something happened because it only affected a specific portion. Where is it? They said in Europe the outage started and it's affecting users in all regions including United States and Europe. Oh, was it okay? I thought they just said Europe. So it did affect everybody, But it was for an hour and if everybody doesn't know most people while back everything was all about the five nines. Right. So as 99.999 does your uptime now we're looking more like three nines and I believe both Google and Microsoft are a three nine, not a five nine. So when it came to on prem stuff, everybody was trying to get five nines and be up as much as possible. Now that everybody's moving to these SaaS products, you're diminishing how long those things are going to be up. So you're giving up, quote unquote, you're giving up two nines to make sure that you're in the cloud and that you're more secure and these things like that. So it's a give and take. This is just one of those, one of those issues where we're relying on a product and this specific product had an outage. It doesn't necessarily what the outage was and maybe we'll get a reason why. But as of now it looks like it was just out for an hour.
B
Huge thanks to our sponsor ThreatLocker. Want real zero trust training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4 through 6 in Orlando plus a live CISO series episode on March 6 and get 200 off with the code ZTW CISO26@ZTW.com.
A
All right, let me go ahead. Since we're at the mid roll, let me go ahead and run this real quick and we'll come back and we'll, we'll blow out the copyrights. Since I'm the one here and nobody's gonna watch anyway, we'll blow out the copyright. So let me find this, let me run this for Jerry and we'll be right back.
C
Want to give Some love to fortify 365 the Microsoft 365 configuration solutions from Barricade Cyber Solutions. Barricade Cyber brings you all the knowledge in the incident response form but they are also quite adept at helping you configure and set those protection controls for your M365 instance. Go to fortify365.com today to talk to Eric Taylor and the team over at Barricade Cyber and make sure that you are taking full advantage of all the configurable security controls that you have in your M365 instance. Fortify365.com today. Also want to give some love and some shouts to Anti Siphon Training.
A
Holla holla.
C
Hollow Anti Siphon Training the group that is disrupting the traditional cyber security training industry by offering high quality cutting edge education at a discounted rate. For so many people out there their rates are insane. Some of their courses free or pay what you can. It's amazing. Go to AntiSiphone Training.com today, check their upcoming live training, their on demand training, government and military discounts. I mean it's absolutely crazy. I love it. Maybe not government and military discounts. I made a mistake. They've just aligned their training to the NIST. Nice framework. Also pretty awesome. Thank you anti siphon training.com and of course as always we've got Threat Locker kicking it. We'll hear from them and then back to the news. I want to give some love to the daily Cyber Threat brief sponsor Threat Locker do zero day exploits and supply chain attacks keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCyber.
A
I got the COVID not the, not the original but all right everybody, we are at the mid roll. It's been a couple minutes, kind of stretching out. I literally jumped out of bed, came up here, everything was screwed up, messed up. I'll make sure that it's good for tomorrow and I may, I may try and tweak some things on my obs to see if we can't have more of a like a Christmas feel type thing for the next couple of days if I have some time. Did that sound weird for anybody else? Like on that, on that, on that read that Jerry was doing. Because the read it sounded all cracked up. I, I'm wondering if it was a bad video like the video that he put out was bad or something because it sounded crazy. It's all bouncing around once. Sure. What's going on with it? All right. I hope everybody had a great weekend. Hopefully more of us are off this week than not. And hopefully when you actually go back, your inbox isn't full of 10,000 emails that you have to respond to. Hopefully everybody gets a nice calming week hanging out with the family. If you're traveling, good luck. I don't know if everybody knows, but last week, Wednesday, Thursday, I was traveling. I was actually in Jerry's neck of the woods and it was crazy. It surprised me how many people and how many kids were already out there traveling on Wednesday. But airports were okay. But man, there was an issue out in, in Charleston on Thursday and it took like five hours for me to even get from where I was at to where I was going to the airport. It was crazy, crazy stuff. All right, it's 7:30. Let's go ahead. There's, honestly, there's not that many stories today, which I'm assuming there's not going to be that many stories this week. There's only six. So there's three in the front half, three on the back half. Let's go ahead and let's go ahead and run through these stories and be done with it. And then we go into Jawjack and we can talk about anything you guys want once we get there. Think about questions. If you have any questions, personal, private, whatever, we'll get through them. We'll answer them. All right, let's go ahead and jump back over to our to our headlines.
B
Former cyber incident responders plead guilty to ransomware spree as quoted in cyberscoop. Former cybersecurity professionals Ryan Clifford Goldberg and Kevin Tyler Martin pleaded guilty Thursday to participating in a series of ransomware attacks in 2023 while they were employed at cybersecurity companies tasked with helping organizations respond to ransomware attacks. Goldberg, who was a manager of incident response at Signia, and Martin, a ransomware negotiator at Digital Mint at the time, collaborated with an unnamed co conspirator to attack victim computer and networks and use ALF V, also known as Black Cat ransomware to extort payments. End quote. Each pleaded guilty to conspiracy to interfere with interstate commerce by extortion. Victims of the attacks included a medical company based in Florida, a pharmaceutical company based in Maryland, a California doctor's office, an engineering company based in California, and a drone manufacturer in Virginia. This according to the indictment.
A
All right, this one we've already, everybody's already heard of this one already. I want to say a couple months.
B
Ago, let's see if the Department of Justice indict.
A
Okay. That was the end of that. Okay. We all heard about this a month or two ago. These guys, professional cyber security people. I mean, this. This is kind of. This is disgusting to me. They work at a cybersecurity firm, and they're tasked with making sure that people are secure and helping them. And what they did is they went out there and they got ransomware. Was it a cure? I don't remember which one they actually said in here, but they went out and got ransomware and ransomware companies and extorted them for money when they're supposed to be the good guys. That's. That's like Superman and Batman, you know, in the upside down world, going crazy and tearing everything up like this. This is why. This is why we can't have good things. This is why we can't have nice things. Like, what in the world is going on here? Goldberg and Martin are each ordered to forfeit 342,000. Yeah. Well, how much did they make? 342,000. I swear. They said something about they ransomwared for millions. The Alfie and Blackout was notorious ransomware. Yeah. They used alf v. To get in there. Oh, there it was. $22 million. And you're gonna have them, oh, you need to give us back $342,000. Like, what? The group behind the ransomware strain also claimed responsibility for last year's attack on United Healthcare Group. I mean, I don't know, man. Excuse my French, but this pisses me off. Like, we're. You're supposed to be the good guys. You're supposed to be helping people out, and your side job is basically like, are you not getting paid good enough? You should be getting paid good enough for what you're doing. As it is, this. This, to me, is despicable. That's what this is. The prosecutors in Martin and Coaster received nearly 1.3 million ransom payments from the medical company in 23, but did not successfully extort a financial payment to other victims. Okay, so they only got 1.3 million. They pleaded guilty conspiracy, effectively reducing their maximum penalty from 50 years and 50 years to 20. So they took off 30 years because they said, yeah, we did it. I believe this could be another story, but I thought there was one. I thought this had to do with, like, somebody died. They were part of one of the ransom groups that actually somebody died from. From the hospital. That could be a different story. There's so many. There's so many of these, but pharmaceutical company based In Maryland and California, Doctor's office engineering company in California. Just. This isn't a cyber security story in, in the ways of actual being cybersecurity. This is a somebody that's in the industry taking, Taking full advantage of what they know and how they know it and what they have, and going out and using that to extort money is what it is. And it's ridiculous because now it puts us all in a bad light of, are they. Are they doing what they're supposed to be doing? Look, now I'm kind of getting on soapbox here. We as IT professionals, as security professionals, we have the keys to the kingdom. In many of these, in many of these corporations, we have the keys to the kingdom because we need to know how everything's working, what's running. If you're part of the infrastructure, you're going to know how all the firewalls are going, all the. What the servers are doing, what users are doing. You have a ton of information at your hands that you deal with daily and you're entrusted with that and stuff like, this is what gives us a bad name. This is what makes upper management stories like, this is what makes upper management and managers go, can we trust this person over here with all this information? Do we, do we really believe that they are not going through our emails and reading them all day long and trying to understand what the company's doing? Or if somebody's being bad, can we really trust them to not go read emails or go read documents that are in a confidential area that they, even though they have access to, they shouldn't necessarily be reading? Like, there's a lot of responsibility on us as practitioners to make sure that we do the right thing. And when we don't do the right thing, it gives everybody a bad name moving forward. So, yeah, this, this one ticks me off.
B
It's 54 over ATM jackpotting ring. The indictments follow a nationwide ATM jackpotting scheme that stole millions through malware. The crimes are linked to a cybercrime group, Trend Aragua, and the charges include fraud, money laundering, and material to a terrorist organization. ATM jackpotting involves infecting an ATM with malware, usually by opening its cabinet, connecting a device, or replacing the hard drive with one that is loaded with malicious software that sends unauthorized commands to the cash dispenser, causing the machine to jackpot and release all available money. End quote. If convicted, some defendants face sentences ranging from 20 to 335 years in prison.
A
All right, this is an interesting story. They explained it but if you, if you didn't understand what they said or basically jackpotting, think about sitting in front of a, a penny slot. You put your penny in, you pull the handle down or press the button, whatever, depending on where you're at. If you're in the 80s, you're pulling handles now you're just pressing buttons. But basically you hit a jackpot. And here comes all the money. Cling, cling, cling, cling all the way up. That's what this is. But it's with an ATM. And these ATMs hold thousands and thousands of dollars. In fact, the scheme says that they sold millions. Basically what they do is they infect the atm. So all they got to do is press a couple buttons or do a specific key stroke on the atm and it spits out all the money. Because if you don't know, inside those ATMs, there's basically safes inside those ATMs that have all the monies, all the, all the monies, all the money. So 20s, tens, fives, whatever is in there, and they'll spit those out. So installing this malware on there allows them to get all of that money out. This is kind of crazy. And it looks like this was done by, it says, a cybercrime group, Trende Aragua, which that group has been in the news all over the place, not just for cybercrime, but other things here in the United States. Not sure how you stop this. I'm sitting here trying to go through my mind to how you would stop this. They're breaking in, they're changing out parts. Other than the fact that you maybe put, put an alert, like, I don't know if everybody knows that when you open up a computer's like when you open up a Dell machine, right? It has that alert on there that the, the case has been opened or something like that. If they have something like that on the ATMs that would maybe send a message to somebody monitoring or monitoring system or security group, send a message, then you would know. You could look at the camera and see that somebody's messing with it, something like that. But more than likely you're not going to get there in time to stop anything. It does look like they did have, up top, they do have pictures of them. So they did at least get their face. You got faces? Oh, yeah. You see right here where they're messing with it looks like. And look at that table of cash. Once again, this isn't really, not really a cyber story. This is more of a. I mean, this is More of a security story in the sense of like physical security, because what they're doing is during physically compromising the ATM and changing out the hard drive to put in the malware that then allows them to get the money out. So in 2025, Nebraska charged 67 alleged members with the crimes ranging from bank fraud. And they got a lot of people. So they, I mean, they found them, they got them, but all that money is. And I think they said they. That they charged them with terroristic. Yeah, there it is. Terroristic activities because they were sending the money back out to groups that I guess are slated as terroristic groups. Oh, funny. Devastating financial crimes came back to terrorism groups in Venezuela. I'm not going to get political with this. There's just so much going on in the world today when it comes to politics and everything else that, yeah, not a. Not necessarily a cybersecurity, but it is definitely security when it comes to physical security. And that is something that's on your CISSP test. If you're taking that, you're going to deal with all types of security. It's not just computer or cybersecurity, it's security in general.
B
NIST tried to take down NTP servers after blackout caused atomic clock drift. Jeffrey Sherman, a NIST supervisory physicist who maintains the institute's atomic clocks, acknowledged in a mailing list post that he tried to disable backup generators powering some of its network time protocol infrastructure after a power outage in Boulder, Colorado led to errors. The power failure was due to intense, stormy weather. NIST uses its atomic clocks to provide a network time protocol service, which much of the computing world relies on to synchronize events. Sherman wasn't able to simply turn the main system off and back on again due to backup generators that automatically kick in to keep the servers running during the outage. NIST advised users to refer to the organization's other sources of time information. Remember to join us later today.
A
All right, that's it. This one kind of had me laughing. So if you don't know what NTP is, is network time protocol. It's protocol that we use your computers use to make sure that the time on your machine is kept up to date. You can use that. What is it? NTP or pool.nt pool.ntp.com or. And then you got pool one, pool two. There's a whole bunch of different ones out there. Basically, it's a network time protocol that's in place to synchronize clocks across the world. Everybody uses that on their machine. Unless you are one that just wants to do it manually. Everybody uses this protocol to pull down time from these specific servers that are in sync across the world. It sounds like they had a bad storm and maybe because of the storm, which I don't understand this, because this kind of falls back on disaster recovery, business continuity type of thing, right? So if you listen to this story, a staffer tried to disable backup generators powering the network time protocol infrastructure. This outage should have never led to errors. I, I want to know what errors it led to, right? Because if, if you guys don't know, I'll kind of explain real quick. When it comes to electricity, the electricity, the power goes off. And usually, usually in these big data centers or where these servers would be, you're going to have a battery backup that keeps, that keeps continuous power going to these. So stuff wouldn't have turned off, stuff wouldn't have changed. There should be zero interruption to power, right? So during the amount of time that it takes for the power to go out, the electricity to be sending to the data center, and then when that gets cut off, the time that it takes for that to go out and the generators to kick on and start providing power is where you have your batteries in place in between those to keep everything up and running, right? There's a whole bunch of calculations to make sure that you have enough power, enough kilowatts and so forth within your batteries to make sure that your data center has enough power in itself to stay up during, you know, let's say 10 minute period, 10, 15 minutes. I could have done the whole kids thing, done the six, seven minutes, say 10 to 15 minutes. Within that 10 to 15 minute window, the power, the generator should turn back on, it should start powering everything. Everything should be good. I am sitting here going, where in the world did these errors come from? Or how did they get errors during this time? Because there should have never been a disruption in power or anything. So what errors led to this? What happens? The funny thing is, is apparently they had a power outage because they had a bad storm. They started having issues with the servers for whatever reason. And the person in here was trying to shut off the power to the generators to reboot the machines. To me, this makes no sense now. I'm not a, I'm not at this building. I don't know how this building works, but it doesn't make any sense as to why you're going to shut the generators off. You shut the generators off, you shut everything down, and then you got to bring it all back up. But they were saying that it created an issue with the clocks and they were out of sync. So I don't know. This, this again, not a security problem. Not a security. Well, I guess you can relate it to security, right? This isn't necessarily a security issue, but it does become an issue when it comes to having the right time within these specific. Within your specific servers or within your specific application and so forth. If they're using these clocks and all of a sudden they're off. So I could see kind of how this flips over to being a, an issue or maybe a security issue because of time clocks or the clocks being in the. Having the wrong time. But I'm gonna assume that when we're talking that they had like they weren't off by hours, they were probably off by seconds or milliseconds. I will attempt to disable them to avoid disseminating incorrect time. Does it say in here, let's see a local utility blame the outage of strong winds. Okay. At the time of writing, Less than 4.8. Okay. So it was 4 microseconds. Like I don't know if that's going to cause issues with anybody's stuff out there. Four microseconds. But the sound advice. Anyway, hey, you know what is what it is. They, they lost power apparently because of losing power. They had some type of issue somewhere. And to me it's just kind of funny that they're like shut it all down. They wanted to restart everything. Restarting it wouldn't have fixed it. Kind of, kind of interesting. Anyway, That is the news for today. Like I said, we didn't have much. I think we had like, Let me see, 1, 2, 3, 4. We had seven stories this morning. I don't expect there to be that many stories this week. Like we're not gonna. I doubt we're gonna have a day where just blowing it out of everything with tons and tons of stories. That said, if you're here for the news, we're done. But what we will do is we'll switch over and I'm early. I, I usually am early. It's 7:50. Didn't have a lot to talk about. They're really wasn't that much security ish stories here today. We're gonna roll over to Jawjacking where it's gonna be a 30 minute AMA. You can ask anything, we can talk about anything. I actually have a subject to talk about. I want to see if everybody else is kind of on this same, same train that I'm on right now. And. And who's excited for something coming up? Let me get this ready. But if you were here for the news. And that's it. We are done for the day. We will switch over to Jawjacking. We will be here tomorrow at 7 o', clock, 7am Central Time, 8am Eastern Time for the news tomorrow. If you are done for the day or if you're done with the news for today and that's all you got, then we'll see you tomorrow. Till then, we're gonna head over to Jawjacket.
C
Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking.
A
All right, now we get to the fun part. We get to the parts where I get to actually sit here, listen to your or read your questions, answer questions, find out what's going on in your life, see if we can help you out. Let me see here. Got chat up. Let me see if I can find something that's some decent music. I'll do some stream beats. See down at the bottom, do some. Oh, this kind of. This kind of sounds like I was gonna talk about. All right, so I'm gonna. I'm gonna come out of the gate real hot because I want to know who is following, who's following this and who is excited for this. Who watches Stranger Things and it was ready for like my kids are screaming and yelling. They're ready for it to be Christmas at seven o' clock here. Everybody's wanting Stranger Things on right now. We've become huge fans of Stranger Things. Went through and watched the whole thing. We watched when it first came out. We watched the first season. Amazing. And then it kind of fell off and we didn't really watch this. I think we started the second season and didn't watch. But then we went back through and watched the whole thing again and man, we're. We're already ready for strange things to come out. So wondering who. Who out there. Who in our simply cyber community is just as excited as I am to find out what in the world is gonna happen. All these it. And I mean, I'm. I'm sitting here watching Tick Tocks and all these other things about the theories of what can happen or what's gonna happen. Code Brew. Yeah, you feel. So see, we did the same thing. We fell off after season two. Right. Go back and watch it now. Go back and watch it and go through. Man, it got so good. When. When you find a good show, start watching it. And then you get. I'm. What I don't like is that I think they're gonna drop one a week or. Or something like that. Because the last one that they're gonna drop is gonna be on New Year's Day, which is the. Which is going to be January 1st. Just so they could say that as a 2026. It went into 2026, which is crazy to me. Yeah, we all want. Sounds like a lot of people fell off after season two it. Which I'm glad I went back and watched it. I think my kids were like, oh, Stranger Things. The. The last thing is coming out. I'm like, man, that's still on. And then my wife and I and my daughter went and sat there and watched it. My son was watching it. I mean, so we're all. Now we're all just sitting here waiting. And what's funny is you see all these different memes of Stranger Things and people saying, was it Christmasy? You know, it's showing the video of Christmas Eve of, you know, somebody running and it says Christmas or Christmas Day at 7 o', clock, leaving the. Leaving the family's house to make it back to my couch for Stranger Things. Pretty funny. All right, we've got a question. It looks like it's right up my alley. Do you have any experience as a network engineer in an environment that uses industrial control systems? If so, are your recommendations for what are your recommendations for security? So, yes, the answer to this is yes and no. I worked in oil and gas for like seven or eight years. I remember how long it was, but I worked in a plan environment. Now, my experience with the plant environment is a little bit different than what we hear about ISC and OT stuff. So when it came to the IT infrastructure, the networking switches, routers and so forth, all. All of the IT infrastructure, I was part of that. When it came to the OT infrastructure that was completely separate and it was actually run by. They had specified or specific engineers in the plant that ran that stuff. So it was basically two separate networks. And we didn't touch their stuff and they didn't touch our stuff. Now, they did pull us in if they had issues with specific IT things to help them, you know, figure things out. But when it came to the OT side, they were the experts when it came to the OT side, and they did all that. When it comes to securing. When you say securing the environment, that environment should be 100% separate from the IT environment, number one. Number two, it should not touch anything that can hit the Internet. Your HID devices, all of those things should be completely separate. Now, saying that and knowing how things work on the inside, it doesn't always work that way. Right? Because guess who needs computers on the IT side? Your operators, the people that are sitting in the plant that are doing that. So they need to have connectivity to that side. Right. Sometimes there's a little bit of a leak over, but for 99.9999 of that stuff, it should not be touching. If you want it to be secure, and you want to know that it's secure as possible, it cannot touch the side that touches the Internet. And if for some crazy reason it has to, then you've got to have multiple safeguards in place. So you're gonna put firewalls, you're gonna vlan. You're gonna. You're gonna make it hard as hell to get from one side to the other. You can make it possible to get from one side to the other, but it would be hard as hell to get from one side to the other. Because what you don't want is somebody getting into your IT environment and being able to laterally move over into your OT environment. That would screw stuff up big time. Is Stranger Things like the X Men? No, not at all. I wouldn't say it is Stranger Things is. I don't want to say anything about Stranger Things, because if you haven't watched it, I say go watch it. It's a best way to describe it. And those are watching. Will know is. And I am not a Magic of the Gathering or a DND person at all. But that's basically. The story starts with dnd, and it's kind of. It's kids playing dnd, and the story goes out from there. It's. It's very interesting how the Duffer brothers did all of this. It's a great show. Yeah. Binge. Watch that. Oh, Tech Grunt. I think you and me both, man. I think everybody. I think everybody out there is trying to figure out what. What is. How's Max gonna fit into this? How's Max gonna fit into this? Is all right. Is it good to have GRC skills when you're starting a consultant business? Depends on what your consulting business is. If you're just doing network topology and computer stuff. Not really. If you're doing a cyber security consulting business, then 100%. 100%. You should have some type of GRC in there. You need to have some understanding of governance, risk and compliance, depending on what you're doing for as the consultant. Right. If you're going in and you're. You're going to explain to people why they should be doing a specific. Or having specific security protocols in place, then yes, you need to have an understanding of that. 100. You do. Yeah. I did it get. It did get dark, but that was a. That's when it started getting really good. Yes. There are some ICS guys that have done talks on this channel. Not only that have talks, but they actually have. In fact, let me, Let me pull this up. They actually have stuff you can go and watch. There should be playlists in here. There you go. Current state of. Oh, so Jerry talked to Rob Lee. That was three years ago. But you see simply, simply, Simply ice. What happened? Oh, there we go. I don't know what happened. My mic, like, went away. You see Simply Cyber or simply cis. Cis. Simply ICS Cyber. So they have, There are. They're actually videos in here that have that on there. So. Yeah, you can go watch those. That's pretty funny. Strangely, there will be no Friday panel. There will be no Friday show this week. No. So, yeah, with Cobra Kai, they did that. They're not doing that with Stranger Things. From what I understand, this is going to be like a once a week type of thing so they can get them. And if y' all haven't heard, I don't want to, like, spoil anything, but if you haven't heard, I think the last four episodes. So there's four episodes are gonna be coming out. The last episode is like two hours or two and a half hours long. Each episode that's coming out is basically a movie. Yeah. Then that's kind of why I went back to where it was like, just depends on what. What the. This, this right here angular is talking about race conditions and race vulnerabilities, especially when it comes to the NTP server. Yes, I, I get that. I see that. It was just crazy that they were running and screaming and yelling and trying to restart everything over for like, milliseconds. The fact that the, the fact that in the story, the guy's like, hey, let's shut everything down. Well, guess what happens if you shut it all down. Then nobody had. Then NTP is completely down, and now you're trying to re. Reassess of what the. Where the time is. See, management wants to access. Oh, well, So I get what Bruising Hacks is saying there. This is where VPN would come in place and this is where you would have, like I said, behind a firewall, behind a vlan, behind this, behind to that. Like you make it hard to get in. Like I could, I could even see setting up like a VPN that gets you into the, the company network now that VPNs in place, maybe even setting up another VPN internally to get into that to try and like you, you've got to put. This is going to be like security. You're going to have different levels upon levels upon levels when it comes to this. Because when it comes to operational, depending on what you're doing. And I'm sitting here thinking of where I was at and what I was doing because of the things that are out in these plants versus manufacturing. Manufacturing is different. Oil and gas and plants like that are completely different. Especially when it comes to OT stuff because we're talking about highly toxic chemicals and those that don't live. I mean I'm in Houston. So when it comes to plants and fires and explosions, we've seen a lot. I'm sure people remember a couple years back BP blew up. Like when those plants blow up, people die. And if you have the ability, if somebody has the ability to get into it from the outside and just change one thing then now your blow off valve isn't closing or isn't opening in your, your flare is now not burning what it should be burning. And you got back. I mean there so many different things. Like you can even go back to what happened in Florida with the salinity stuff where they dumped the salt in the, in the water. Remember what was going on. Somebody had, they had like remote desktop opened up to the world on the machine. Like what the hell? Then remote desktop in place on a machine at a plant that had the ability to change the salinity of the water that was going to the neighborhoods or whatever it was. I don't remember the full story, but it was, it's like crazy. Luckily they had stuff in place where they saw what happened and they were able to fix it in, you know, quickly. But still. Yeah, people talking about, yeah, it's interesting. So like I said, I am not a D and D person. A match of the Gathering. Like never played any of those games at all. Probably will still never play those games. But it is cool how they take a board game and it's kind of, it seems like they kind of made the, the whole thing about that or not necessarily about that, but it's been incorporated in which is, which is really cool. See now the reason you're not into it is because you haven't watched it. Space talkers. You need to start watching it and you'd be good. So Soul Shine. AI it cloud. I don't like. What's the question? That's not, that's not necessarily a question on what you're asking. Give me a little bit more so we can dive into it. Is Jerry's class the money maker? Not that I know of. Unless you're talking about like taking Jerry's GRC class. Is that gonna. Gonna. Taking any class, taking any boot camp, getting any certification is not going to make you money. It's going to show everybody in the industry that you're pushing, that you're learning, that you're wanting to move and grow, which in turn brings in the money. But it's. It's not going to. That in itself is not going to get you money. Reading through these comments on here. Disney Doom, Kraken. It's on Disney. What's on Disney? Oh, are you talking. Wait, are you talking about, like, Percy or something like that? Or. Like we're going through no vpn? Yeah. In fact, here, let me. VPN open to the world. Let's. Since I brought it up, Is in 2001. Okay, here we go. On Friday, February 2001, a hacker initiated an attack on the Florida water treatment. Sodium hydroxide. That's what it was. So from 100 parts per million to 1100 and 1 or 11100 parts per million. The attack occurred about 15 miles. Yeah. So see, this was. This is one of those that came to. It was big when it happened. It was real big because it's like, oh, the ICS got, you know, how did they get into the ICS system? Then come to find out it's because they had team viewer, or I think it was Team Viewer. They had something on that was open and they were able to get into. Into it. So somebody was able to break in and change it. Luckily, they found it in time that it didn't necessarily cause too much issues, but that once again brought OT back to the forefront of why do we have OT systems on the Internet? Why are we, why are we allowing things like this to happen? People? It's not something that we should be doing. I don't know what no VPN is. We got a question of no vpn. Let's see. They dropped a trailer for it on Netflix. Shows Max and Hollywood. Yeah, We could sit here and talk about this all the time. Space tacos. Come on, man, you can do it. Be one of the Cool kids. Hey, this is a, a great like angular. This is, this is spot on. And it's not even that like we, we're still like that. We're still building stuff and it's not necessarily worrying about vulnerabilities. We're doing that with applications. Everybody's going out and vibe coding applications and just throwing stuff out there. And yes, you can have Claude, you can have chat GPT, you can have these AI instances create your application and have it run through NIST and have it run through CIS and make sure that it's SOC2 compliant and go through all this stuff. But that doesn't mean that it's not going to have any vulnerabilities at all in it. There's no such thing as not being vulnerable. Something will, something's going to happen. And I think Jerry talked about this last week. There was a story last week where he's talking about, you know, you, you yourself, your application can be as secure as possible, but if you're pulling in libraries from somewhere else, guess what, that library may be fine today, but maybe somebody pushes something to that library and you update the library. Now the library is vulnerable and you don't even know that it's vulnerable. And three years down the line you haven't updated that library because you've just been using it. And now all of a sudden that vulnerability hits and you don't even remember that that's part of your application. That's where you have to have SBoM, right? You have to have software bill of materials in place to know, hey, you know this, this library has now got this vulnerability. Do we even use this library anymore? Like React to Shell. Do we even use React? Is this something that we need to be worried about? Yes. No, That was a follow up question. Was that the VPN stuff? Stuff? Are you asking what a VPN is? Let me know Soul Shine, like give me a little bit more. Going through a whole bunch of different things on here. I'm not sure what it is you're, you're asking as a followup to what I said, the vpn. You're asking what a VPN is or why we would put a VPN in place. Oh. Yeah, I don't think it was art. I think I said rdp, but I think it was Team Viewer that they had in place and somebody got into the Team Viewer, which look, Team Viewer is amazing. It's great. But Team Viewer has things on there, has security in place on it. You can put passwords on there. You can also put two Factor authentication on there and only allow specific people to connect to it. That's. There are ways to lock this stuff down, make all these tools work, but you should also be locking them down so when they. They become less vulnerable. Nothing is ever zero vulnerability. But I said this multiple times before. This is like. You drive your car to the mall. Who else going to the mall? Does anybody know what a mall is? Now, these days, you're driving your car to the mall. You park in the parking lot with a whole bunch of cars. But when you get out, you leave your windows down, your doors opening, your keys in. There's a whole bunch of vulnerabilities there, right? What do you do? You get in. When you park your car, you roll your windows up shut. You know, put your T tops on. T tops. One of the 80s. Put your T tops on. You put your target top on. Whatever. You put your top up in the car, you lock it up, turn your alarm on. You put a. What is it? What was that? Steering wheel club. You put a boot on there. Like, you do everything you can to make sure that when a thief comes, that they look at your car and they go, holy crap, I don't want to deal with that. I'm gonna move on to the next one, because the next one I can break the window and then get in. Where? If I break the window on this car now I got to take the stupid club off. Now I gotta unboot it. Now I gotta do this. That doesn't mean that they can't do that. They could. If they want to spend the time to do it, they can do anything. You just make it harder for them. But realize if you make it harder for the adversary, sometimes we're making it harder for our employees. And that's where the yin and yang come, right? That's where. How much security do we put in place versus how much do we actually have in place that allows them to continue to do their job without being. Without having issues throughout the day? Peer pressure doesn't work. We'll see about that. And this. This right here is a thousand percent. Compliance is not security. And we have already talked about this. I know. Within the last couple of weeks, Jerry's brought up the. The image of the gate. Like, there's a gate on the walkway, but there's no fence next to the gate. So. Oh, yeah, you're compliant because you have a gate in the walkway. But I could just walk right around it, right? Just because you're compliant doesn't mean you're secure. Doesn't mean that you're doing everything perfect, Right, Saying, hey, I've got MFA in place. But your MFA is just text messaging. It's better than nothing. And it makes you quote, unquote compliant, but it's not a. It's not necessarily secure. And nowadays we're getting to the point to where MFA through like applications, through like Google Authenticator or Microsoft Authenticator is becoming one of those that they can bypass. With all the token stuff that we've got out there now, it's becoming more along the lines of we got to get past keys in place, we need facial recognition. Like, we're going to get to the point. This is, this is my hot take. I think we're going to get to the point where to do anything, you're going to have to have your face scanned. You're going to have to have something in place that 100% says that it's you. Because just having a phone that says it's me doesn't necessarily see. If I was a threat actor, I'd be introducing. Well, so as a. You're not necessarily introducing the vulnerabilities. You're finding the vulnerabilities that are in the older protocols. So you're, you're searching through those protocols because as a threat actor, you're not updating those protocols to create the vulnerabilities. Now what you can do is find those and then pull them down and find out. Find vulnerabilities in there, quote, unquote, pen tested or something along those lines. I like how twin gate. I can make biometric identifications a requirement for my devices. Oh, let me look at that twin gate. Let me see this. It's time to ditch your vpn. How twin gate works. Put this. I'm. Put this on screen. Zero. Trust some money to look at this. Looks pretty cool. Foreign. What do we got here? We got a long question. Since it's the holiday shopping season, how many people have to deal with porch pirates? How have you taken steps to prevent their shenanigans? Fake package glitter bomb. Oh, man, if I, if I could build a glitter bomb, I would. But in. I'm gonna like knock on all wood where I'm at. We have not had porch pirates. My seagulls all over the place. To me it's crazy because they're sitting there monitoring what's going on, what's being sent to you. All right, we are at 8:18. We got about 10 minutes left. Unless we don't have any other questions, which I know we did finish early. My boomstick boy. This is my boomstick. Let's see. Yeah. Now that's funny. They just put it at the end of the driveway, which is two miles down the road. Elliot Matisse must be. He lives out in the middle of the country where nobody can see him. The only way to get into his house is by helicopter over the top of his moat. He's trying to figure out why his packages aren't showing up on his door. Pocket. Pixies in the house. Good morning. The. The first time I saw this, like, when that guy got ticked off and he finally built that. That's hilarious. Was hilarious. Some of them are getting a little crazy now, though, what they're putting in there. Let's see. What does it say? I have a storm door on the regular door. Since I work from home, I keep the door open. Oh, for the dogs. So one thing I did see which was interesting, and some of you may have this, some not. You have the. Like, the little boxes you can put in your. Put at your front door and basically bolt them down so they can put those packages in. And then only you have a key to open the. Open it to get the packages out and so forth. I saw a video of a FedEx person coming up with a package and literally just chunking it out the front door. I think it was a postal service came in, actually walked up and dropped it by the front door. But this guy had this massive. Almost like a Rubbermaid or something that basically all of the packages should fit in this thing. And it locks when they put it. What, Put the package in there, but none of them were doing it. And then the UPS guy comes up and he's like, what in the world is going on? Why are we not. And he grabs the FedEx package. He's like, fedex, you can be better. You can. You can be. You can be better when it comes to. To this. And put this stuff in. And he takes all the packages. The UPS guy takes all the packages, puts them in there to make sure that nothing gets stolen. That is going above and beyond. Let's see what we got here. Yeah, Some of these packages, they. They're awesome when they, like, throw glitter everywhere, blah, blah, blah. But I've seen some that explode like ex. Basically a color bomb. But it's a big. It's big enough to blow up the whole box, which, like, if somebody's hand was on there, like, it could do some damage. All right, here we go, William. What do we got here? I've been interning at a small medium siiz. MSP I feel like every day I do more and more for them and would like to stay another semester. I'm asking a Pay change from 16 to 18. Is it realistic? I mean, we say you're doing more and more. If they're giving you more jobs to do, I don't see why you couldn't stay or why you couldn't ask for a raise. I don't know what the business is like. You'd have to know more as employees. Everybody wants to make more money at the end of the end. Of course, everybody at the end of the year always goes, I need my bonus, I want my raise, I want all of this. But what a lot of us don't realize and don't on the business side is that you have to take a lot. The, the business itself has to take a lot into consideration. Right. Hopefully everybody in here knows the most expensive thing for a business is the employee. Right? The employees are what cost the business the most when it comes to payments or, you know, your salary, your benefits and so forth. That's what cost the business the most. Number one right now, when we're seeing a lot of people struggling to get jobs in this industry and being able to work and so forth, can you go ask for a raise? You can. I'm not saying don't I. 100. I mean, if, if you feel like you deserve it, then yeah, you have the. Have the discussion be like, hey, look, I've been doing more and more and more. I've been given more responsibilities. Shouldn't I get a little bit more on the side there? Like, give me, give me a couple bucks. It's not unreasonable to ask for that now. Doesn't mean that you should expect it. You need to weigh the good and the bad with this one. Right? Because if you're an intern there and you want to stay there and they like you, the experience that you may get and the things that you're doing may be worth more to you now than that $2 in. In my opinion. So that doesn't mean don't go ask for it. No. What's the saying you do? You boo. Just sit back for a minute and think about, you know, am I getting the experience that I'm getting? Is it actually worth more than $2 an hour right now? Because once that internship is over, and that may be one of the things is maybe when the intern internship's over, you're hired on directly there. Maybe that's a. If you like this msp, maybe that's something you Talk to them about of like, hey, once this internship is over, is there a possibility that I can continue. Continue on here as an employee, not just an intern? That's a good question. I like it. I'm reading through here. Seems like we're still talking about packages and blowing stuff up. Well, I'm in Houston. Yeah. So what's that have to do with anything? Super soakers. Pirates aren't known for their brightness. Well, that's. I think the. So with this. Pirates aren't known for their brightness. I wouldn't steal anything if I were so to me, the fact that it happened once where this stuff blew up. Right. And the glitter bomb went all over proves the innovation that we have as individuals and ways we can go about it. And you would think to the thief. You know what? I think the thief is looking at this, like, hey, this box could be worth $800. Or it might be a glitter bomb. Which one am I going to deal with? Like, if it's a glitter bomb, I will move to the next house. I think they look at it like that because they're in. In all reality, there's no repercussions. Although I don't know if y' all seen. They've apparently. So the engineer that's been doing this, he had the first glitter bomb, and I don't know what version he's on. It's like version 4 or something like that, but he's actually hooking up cell phones to them now that send back the information. Right. So it's like it's recording what's going on and sends the information and then lets you. Lets him know where the. Where it's at. That's how he's getting all the videos. Pretty interesting. Smart dude. What's your favorite to a tool that you own? Not sure what that. What that's asking. 2A. 2FA. Give me a little bit more on that. What's a 2A tool. I think about three minutes left, and then I'm gonna go have some fun. Go do some. I might try and do some shopping today. We'll see. Everybody's getting a kick out of porch pirates. So let's. Let's discuss. Or let's. Let's review here Real, real quick here. Second Amendment. Oh, what's my favorite second amendment tool that I own? My brain. I'm in Texas. So when it comes to second amendment, you can figure that one out yourself. The mug wand. So we've talked about stranger things. We've talked about glitter bombs. We've answered a Couple of questions. We had some good questions. I answered a couple of questions. Tomorrow, does everybody want me to like, I. I think I might build out my. My set to actually show like be Christmassy instead of like the red and blue. Have my Christmas stuff on there. I may do that later today. Been alone, depending on how things happen. We'll see. Hey, you know what, Marcus? It's not just a first amendment tool. It's also a second amendment tool. If he. If you know how to use it. It's not just speech, man. Not just speech. Oh, now that Marcusia is here. So how about those lions yesterday? All right, guys, it's 8:30. I'm gonna bug out. I will see everybody tomorrow. Hopefully we've got some more. Hopefully got better topics to talk about when it comes to cyber security. And you know what? I think I will go through my feed and make sure that we've got some stuff in here because it does look like they kind of picked and choose which look over the weekend. It's usually like that. There's not a lot of stuff on there. I just wanted to throw that on out there. But yeah, I'll make sure we've got true cyber stories tomorrow, not just stuff. If CISO doesn't come through with. With some of the bigger ones that I foresee as being bigger, then we'll make sure that we've got some in here that we can talk about and discuss. But let's see, where's my stuff for now though, I'm gonna bug out. I'm gonna go hang out with the family, do some stuff. I've got the week off. Try to relax, recuperate, refresh. Hopefully everybody else does the same and I will see you guys tomorrow. Until then, everybody see where. Make sure I got the right outro. I'm gonna start hitting outros and it's gonna be like. That's an intro. That's it. All right, we'll do this one. All right, Everybody, that was December 22nd. Today was December 22nd, 2025. That was the daily cyber threat brief for today with some jawjacking in place. Had some fun doing it. I will see you guys tomorrow, 8:00am Eastern, 7:00pm Central Time, where time doesn't stand still. And I'll see you guys tomorrow. Everybody stay safe, stay secure. Bye.
C
Hey, everybody. I hope you enjoyed that content. Keep the cyber security train going by connecting with the other Simply Cyber community resources. We have the Discord server that's lively and always keeps the conversation going. You can connect with me directly on LinkedIn and also every single weekday morning on the Simply Cyber channel, we're doing live daily cyber threat briefings 8:00am Eastern time, as well as Thursday at 4:30pm we're doing live stream interviews with industry experts and we produce videos that we push out every Wednesday morning. I'm Jerry from Simply Cyber. I hope you enjoyed the content and we'll see you in the next one.
Date: December 22, 2025
Host: DJ B (filling in for Dr. Gerald Auger)
Produced by: Simply Cyber Media Group
This episode delivers the top cybersecurity news stories relevant to industry practitioners, analysts, and leaders. DJ B covers major incidents and trends from over the weekend, offers technical insight and practical recommendations, and encourages community engagement with a light, personable touch.
[03:36–06:53]
Summary:
The $901B National Defense Authorization Act (NDAA) is signed, preserving the leadership structure for U.S. Cyber Command and NSA, with explicit allocations for Cyber Command’s growth and Pentagon mobile security, including encrypted phones for senior DOD officials.
Commentary:
“You would think…their phones were already encrypted…especially for higher people within the government.” – DJ B [04:30]
[06:53–14:38]
Technical Details:
Key Insights:
Quotes:
"User training in here is the biggest one...that they know what a phishing email looks like." – DJ B [11:53]
[14:38–20:44]
Details:
Advice & Perspective:
Quote:
“...a great opportunity in your home network to see if your TV box is actually doing that.” – DJ B [18:47]
[20:44–24:11]
Event:
Business Insight:
Quote:
“Tickets are going to go crazy...We have succumbed to everything being SaaS operated. … There’s really nothing I can do about this.” – DJ B [21:09]
[30:15–36:26]
Incident:
Commentary:
Quotes:
“This is disgusting to me. They work at a cybersecurity firm…What they did is…extorted [victims] for money when they’re supposed to be the good guys.” – DJ B [31:22]
“This is what gives us a bad name.” – DJ B [33:54]
[36:26–41:12]
Incident:
Security Implications:
Quote:
“This isn’t really a cybersecurity story…This is more of a security story in the sense of…physical security.” – DJ B [37:14]
[41:12–42:06]
Details:
Analysis:
Quote:
“This, again, not a security problem…But it does become an issue when it comes to having the right time within your specific servers…” – DJ B [42:06]
[49:37–End]
Topics:
Quotes:
"If you want it [an OT network] to be secure, and you want to know that it's secure as possible, it cannot touch the side that touches the Internet." – DJ B [49:37]
"Compliance is not security. You have a gate in the walkway, but I could just walk right around it." – DJ B [Jawjack, time not precise]
For those who missed it, the daily news rundown covers what matters, adds context, and keeps it real. The community AMA (Jawjacking) continues after the news—great for questions, career advice, and a dash of Stranger Things fandom.
Listen to the next episode live at 8 AM Eastern, or catch up at simplycyber.io/streams.