Loading summary
Ben (DJ B Sec)
Good morning Everybody. It is December 24, 2025. It is now Christmas Eve. All the kids and all the adults are getting excited for all the gifts for tomorrow. All right, my name is Ben, also known as DJ B Sec. I'm here today to go through the daily cyber threat brief. We've got looks like we got about eight stories to cover this morning. Unfortunately in this industry nothing stops even when it's the holidays. So there are some decent sized stories this morning that cover a lot and I'm not sure they all necessarily relate to cybersecurity but they're, they're big. They're big in their own right. Good morning everybody. Let's see who do we got in here? See we had Carrie in here. I see Marcus Seiler's in here. Legrat's in here. Not sure we're gonna have a big group because it, like I said, today is the start, the quote unquote start of the holiday probably for the end of the week for a lot of people. Most people weren't off all week but it, it's time to, to spend time with the family, have fun, relax de stress before the new year comes and everything starts all over again. All right, let's go ahead, let me go ahead and run the, the ad roll real quick and let's get that out of the way and then we will jump into the stories and then into jail jacket.
Jerry from Simply Cyber
Want to give Some love to fortify 365 the Microsoft 365 configuration solutions from Barricade Cyber Solutions. Barricade Cyber brings you all the knowledge in the incident response form but they are also quite adept at helping you configure and set those protection controls for your M365 instance. Go to fortify365.com today to talk to Eric Taylor and the team over at Barricade Cyber and make sure that you are taking full advantage of all the configurable security controls that you have in your M365 instance. Fortify365.com today also want to give some love and some shouts to Anti Siphon Training. Holla, holla holla. At Anti Siphon Training, the group that is disrupting the traditional cyber security training industry by offering high quality cutting edge education at a discounted rate. For so many people out there their rates are insane. Some of their courses free or pay what you can. It's amazing. Go to ant-intraining.com today. Check their upcoming live training, their on demand training, government and military discounts. I mean it's absolutely crazy. I love it. Maybe not government and military discounts. I made a mistake. They've just aligned their training to the NIST. Nice framework. Also pretty awesome. Thank you. Antisiphontraining.com and of course, as always, we've got Threat Locker kicking it. We'll hear from them and then back to the news. I want to give some love to the daily Cyber Threat Brief sponsor, Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCyber.
Ben (DJ B Sec)
All right, let's jump into it for the first story of today's Daily Cyber Threat Brief brought to you by ciso.
Sarah Lane
From the CISO series, it's cybersecurity headlines. These are the cyber security headlines for Wednesday, December 24, 2025. I'm Sarah Lane. ServiceNow to acquire cybersecurity startup Armis.
Ben (DJ B Sec)
Great. This one's behind a paywall.
Sarah Lane
To acquire cybersecurity company Armis for $7.75 billion, marking the largest acquisition in ServiceNow's history. Armis specializes in cyber exposure management and cybersecurity for IT systems, operational technology, medical devices and other connected assets. Armis's team, roughly around 950 employees, will join ServiceNow after the deal closes. Max sync Stealer adopts.
Ben (DJ B Sec)
Whoa, that was too fast. Slow down. All right, so ServiceNow is going to acquire Armis. Had to go find a different one because apparently they used the Wall Street Journal, which is behind a paywall for a whopping $7.7 billion. I've never used Armis. I'm not sure what ARMIS is. Apparently it's cyber security, Cyber security platform. Let's see here. ServiceNow, the AI control tower. I mean, there's not a big cyber security story here. The big thing is the ServiceNow is going to be acquiring Armis. They're going to acquire them for seven points. I think. 7.7. $7.7 billion. That is a massive. That's a massive payout. Armis is a leader in cyber exposure management and cyber physical security, manage Cyber risk across the full stack surface in IT operation technology, medical service devices or medical devices and other environments for companies, governments and critical infrastructure worldwide. The Accusation will expand ServiceNow's security workflow offering an advanced AI native proactive security, cybersecurity program or cybersecurity and vulnerability response across all connected by that. That's pretty awesome. I'm gonna have to look into ARMIS and see what all it does. It sounds like basically ServiceNow, which ServiceNow is huge, used for like help desks and things like that, ticketing systems and much, much more, but looks like they're going to be acquiring ARMIS and implementing it into their system. So basically all this is saying is look now, now ServiceNow is going to become bigger batter and one of the one of the big boys on the block if it. I mean it already is, but it's become even bigger. Let's see, security continues to be the number one priority for CEOs as organizations and navigate see worldwide end user spending information security projected to 240 billion in 2026. Okay. I mean there's not a lot here other than hey look, this company is going to purchase this company, they're going to become bigger and they're going to give you more options on the platform. Now the platform's going to include AI, security response and so forth in it. Don't see anything crazy in here. Yeah. Okay, let's go ahead and jump over the next song.
Sarah Lane
Quieter installation JAMF Threat Labs identified a reworked Mac Sync stealer variant for macOS that disguises itself as a legitimate Apple signed and notarized Swift app using a quieter largely automated installation process that avoids earlier user interaction tricks. The malware is distributed via a disk image posing as a messaging app. Installer silently downloads and executes an encoded second stage payload in memory, then leaves minimal forensic traces. JAMF reported the developer certificate to Apple, which has since revoked it.
Ben (DJ B Sec)
Wow. Okay, let's, let's dig into this one a little bit. So rework Maxinc Stealer adopts quieter installation process it's basically a click fix. So unlike previous Max Dealer variants that rely on a user interaction via click fix or terminal based tricks, this version arrives in a Swift application that is both code signed holy smokes and notarized by Apple. So this comes across as 100% a legit application with no issues. This kind of follows what we were talking about yesterday with the other application that installs and passes the static code analysis, right? It passes, the code comes through, the analysis is hey, everything looks good. Send it on its way. There's nothing. Nothing to see here. Looks like this is doing the exact same thing. It's from Mac os. Once launched, the application silently retrieves encoded script from a remote server. So it reaches out to a. To a server, which there's gotta. I wonder if we've got any IOCs. If it's reaching out to a server, if it's reached on to a specific one. Despite being signed, the installer still displayed instructions prompting users to right click and open. Tactic commonly used to bypass gatekeep warnings. This is. This is pretty nasty. Detection rates varied. Some. Some samples uploaded to virus total were flagged by only one security engine, while others were identified by up to 13. Most detections classified the files as generic downloaders. Let's see. This one. This one's. I mean, stealing all your information. The malware runs largely in memory. Cleans up temporary files for after execution, leaving minimal traces. I mean, this is good. This one's a. This one's a gotcha. So it doesn't look like they have any IOCs. We need to have some IOCs on this so we can be able to determine. Because if it's coming from a specific area or it's reaching out to one specific IP address or one specific domain name, then you could try and block this for reaching out to that. Downloading the payload. Because the payload does get downloaded in a script right here. So it. It's an encoded script that's done from a remote server. The disk image took. Stood out for as a usual size. Oh. Oh, okay. So there's another thing. So this is a disk image. So this is either. I'm not sure if it's an ISO or a. What is. It ends in a D D. What is a disk image file name? Let me look this up. Disk. I know there's a. I cannot remember off the top of my head what disk image is.image image img. There you go. I don't know why. So you have ISO images and you have.img images or image images. You could make sure it does this. It doesn't say how they get it right. Different delivery methods. So make sure that you're definitely blocking ISO images and IMG files or ISO files and IMG files. In emails, make sure your users understand that they shouldn't be downloading IMG files. I guess this is for Mac. So it's going to be IMG file. Makes sense. It's early in the morning right now trying to get everything together here. So with this, a disk image in itself being 25 megs is tiny because usually those images like an ISO image or an image file are gigs big, right. Or hundreds of megs big. So this, this would end up being something that could be a little sus when it comes to hey, supposed to be image files, only 25 megs. Yeah. As a blue teamer on this one, you make make sure that your users or that you yourself since this is Mac, these are usually going to be your marketing people, your CEOs, your C suite is going to be on max or if that. But most of your clientele or most of your employees are going to be running Windows. So let's make sure we're blocking ISO images. Image files make it a lot easier on us in the end. And if something needs to be installed we should have, we should have guardrails around that so things aren't installed without it's knowledge. All right, next story.
Sarah Lane
SEC sues crypto firms for defrauding investors. The securities and Exchange Commission sued seven crypto related firms accusing each of running WhatsApp based investment clubs that used deep fake videos. Fake professors and AI generated trading tips to defraud retail investors out of more than $14 million. Victims were steered to bogus crypto platforms and and fake security token offerings then blocked from withdrawing funds unless they paid additional fees. With money routed to overseas bank accounts and crypto wallets in Southeast Asia. The SEC is seeking civil penalties as part of a broader U.S. crackdown on large scale scam operations linked to that region.
Ben (DJ B Sec)
All right, regulators founder. It was a clear black night, a clear white moon. Warren G was on the street. This is 100% all about the regulators because this is the SEC regulating what's going on. So multiple cryptocurrency companies were sued by the federal regulators this week for their alleged role in an elaborate investment scam that siphoned more than $14 million from retail investors. So as though, I mean this isn't necessarily a cyber security story on the hole. I did hear some cybersecurity stuff in here that we'll go over real quick. So where is it in here? They did say something about deep fakes. Where's. Let's see if we can find it in here. The platform. See if I can find it deep. Hey, there we go. All right, so the SEC lawyer said in a 29 page complaint that the companies ran investment clubs on WhatsApp or this week all we've talked about is WhatsApp Signal Telegram. For the love of God man, if somebody's sending you something on WhatsApp if you're getting stuff on WhatsApp or Signal or Telegram and you don't know these people, stop clicking, quit going out to it. All right, so it was sent, brought to the users for, with advertisements on social media. Many of the advertisements use deep fake videos. All right, this is becoming more and more prevalent. We had, in the last couple of years, we've, everybody's been talking about this. We've seen who was it, which company was it. There was a company that got hit with a deep fake and they lost like $20 million because they deep faked the CEO or CFO or they deep fake somebody basically saying that they needed to make a payment. And with the deep fake in a teams call, I believe it was, or maybe a zoom call, they were able to deepfake the voice, send it out and deepfake video as well, and get a $20 million payout. So this in itself is where us as practitioners need to move to, right? We need to start explaining. Everybody knows it and everybody's heard now about deepfakes, but we need to start exposing our users to deepfakes and explaining to them and showing them just how good they've gotten. I actually have, where I work, I created a deep fake of our, our CEO and sent that out. And everybody's like, whoa, that's like, that's really good. There are platforms out there now that use deepfake technology for training. So they use the, they'll create a deep fake of your C suite, they'll create a deep fake of your HR department or deepfake of managers. They use voice as well to create deep fakes. So they'll, they'll make calls or they'll send a, basically send an email that will make a call to your individual, to your employees, and those employees will answer the phone and it will sound like the individual on the other side giving them instructions. So we need to start using the technologies that we have that, that are being used against us, used for us to start explaining how this, how this can really tear a hole into, into what we're doing. We're talking $14 million from retail investors here. The companies, which ran groups from January 2024 to January 2025, filled chats with AI investment tips before allegedly asking members to open crypto accounts on trading platforms. I sit here, I don't know, I sit here and I think to myself, who's going out on WhatsApp or Signal or Telegram or any platform and discord and is sitting in these chat rooms and people are giving this advice, just random advice. And they're going, oh yeah, let me go open up a crypto account and start trading on specific platforms that these people are telling me about. You should be doing your own research. You should be making sure that these things aren't fictitious, that they aren't, that they, they don't have a, a bad back end to them. So to say. Trust but verify, man. Trust but verify. That's all I can say in this. Like, I hate to see this for people, but I'm also like, man, what's the saying? If it's too good to be true, it probably is, right? Quick story. My parents actually fell for one of these things. They were out, they were on a social media platform. Somebody sent a message and said, hey, we're, we've got this specific product and it's basically half price. And they're like, holy smokes, that's amazing. And they went and bought it. Luckily they used a credit card or PayPal or something along those lines because they never got their product and they were able to reach back out and say, hey, stop this order, get rid of this. It was fraud. So that's another thing. But we need to, as practitioners in this area, we all need to tell and explain to people what's going on because everybody knows about it, but they don't necessarily understand it the way we might or we do. All right, next story.
Sarah Lane
Nissan customer data stolen and Red Hat raid. Nissan disclosed that around 21,000 customers in Japan had personal data exposed after attackers accessed a Red Hat managed GitLab server used by a former Nissan dealer. The stolen information includes names, addresses, phone numbers and partial email addresses, though no payment data appears to have been taken. Red Hat detected the breach in late September and alerted Nissan in early October. The incident is Nissan's third major breach in three years.
Ben (DJ B Sec)
All right, let's say I remember hearing about Nissan and breach. Is this a different. 1000 Nissan customers learn. Are learning that some of their personal data was leaked, which, I mean, it got hit. You already knew about this. 21,000 customers who purchased a vehicle or had service done at a, at the former Nissan Motor Company were affected. Let's see. I mean, I think this becomes more like a third party problem, right? Because this is a GitLab issue. I'm trying to figure out exactly how this affected Nissan. I understand that they got hit. Okay. Red Hat Consulting managed dedicated GitLab instance. So yeah, it looks like it was a third party. So this is a third may, possibly a third party risk. The IBM owned software Maker previously disclosed that an unauthorized third party had accessed and copied some data from the Red Hat Consulting managed dedicated GitLab instance. So this is one of those risk registers that you have to do as a company in business, right? You're, you're sitting here going, if we bring everything in house and we do it all by ourselves, there's less, we know what's going on when you start using third parties, when you start using those SaaS applications, when you start using things like that. Now you have to take into effect the risk that you have, but the risk, the risk that the other company has, what risk do they have and what risk is being brought towards you? Right, so it sounds like that specific company got hit and when they did, it ended up breaching Nissan and getting, getting information from them on Nissan. Nor Red Hat named a specific criminal group in their statements in early October. The group called Crimson Collective claim that they had broken into Red Hat's private GitLab repositories and exfiltrated 570 gigs of compressed data. That's a lot of data for only 20, 21,000 people. Shortly after, Crimson said it had teamed up with Shiny Hunters. There you go, scattered lapses Hunters. So it looks like it was a full team effort to get all of this. So to say this is an auto manufacturer third party breach or third, third major breach in years. That's the other thing is I think Nissan and I want to say there was somebody else in, in Japan that was, that was attacked. I don't remember who it was. Maybe I'm thinking, maybe what I'm thinking is just Nissan over the last couple years. But. Oh look, two months prior Nissan was hit by Akira. So maybe that was it. Maybe it's, maybe it's just Nissan that I'm thinking of. Third party risk, people, that's, it's a big, it's a big deal. Most of the time third party risk is the last thing that's put in place. When you are putting in a security, security platform or building a, building a security platform inside your company, you're usually, you know, doing what we always talk about first. You're doing mfa, you're training users and letting them know. Third party risk is usually the last part that gets put in place because it is so cumbersome unless you outsource that. Having to go to each of your, you know, figuring out which, which, which companies you're using, which vendors you're using and deciding who you want to send messages to or who you want to send that Big spreadsheet to, to get that risk from. It is. It's a cumbersome thing, right?
Sarah Lane
Huge thanks to our sponsor Threat Locker. Want real Zero Trust Training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environment environments. Join us March 4th through the 6th in Orlando, plus a live CESO series episode on March 6th. Get 200 off with ZTW CISO 26. Find out more at ztw.com all right.
Ben (DJ B Sec)
Let'S take a couple minutes, take a break, Stretch, stretch those legs. Let's listen to some music. I'm gonna go through this chat real quick. I saw a couple of things I saw in here. I want to look in. I saw Justin Gold said something about, Real quick about. There it is said a lot of the trade groups are invite only or paid access for years. At this point. I've joined a few. There's nothing in the space really advertising against it. It's just being a crypto, bro. Yeah, see that's where that's kind of what I was getting at is like who's going into these groups, who's looking through these and who's, who's getting told, oh, hey, this is where we need to, this is where you should be investing your money. I mean you don't know everybody in there. I understand. I mean we all have groups. We've got this group, right? We have simply cyber and we all quote, unquote, trust each other and talk about everything and bring good ideas, bad ideas, whatever it is. And we try to sniff out, you know, the imposters and you're not always going to sniff out every single imposter when it, when it comes to it. But I don't know when it comes to money and spending money and putting money in places, I, I am very cautious. Very cautious. We got anything else on here? Real quick? Yeah, this is another thing. So that was one of the, one of the things that we've got to as just family members being a good family member. Right. Hey, if something, something seems fishy, then you know what we need to do. Give me a call. Let me, let's talk about it. Let me look at some stuff for you. Just like Marcus seiler says here, Dad77 isn't necessarily cyber savvy, but he knows enough to call when something seems off. And that's, that's all we ask, right? That's all we're asking, that's all we tell people is if it seems a little off, then question it. It's the big one. It's too good to be true. Then it probably is. All right, we're close to 7:30. Let's go ahead and hit the, hit the, hit the back end of this and so we can jump into Jawjack and talk. Talk some talk and walk. Some walk, so to say, and get ready for, for a Fun Rest of.
Sarah Lane
N8N. Flaw could allow arbitrary code execution A critical vulnerability in the N8N workflow automation platform could let authenticated attackers execute arbitrary code and fully compromise affected instances. The flaw affects N8N's expression evaluation system and potentially exposes data workflows and underlying systems. With more than 100,000 Internet facing instances potentially vulnerable as of December 22, users are urged to upgrade immediately.
Ben (DJ B Sec)
Holy smokes. All right, if you don't know what N8 is, it is a massive automation AI platform. So looking at this, this is the EPSS score. Looks like. Score's okay, but it does look like it ranks midway through. So it looks like it, it is a. Oh, you know what? I don't have this on. There we go. Now you guys can see. All right, so EPSS score for this. There is a CVE on it and it looks like the score itself is in the. See, let's see, we had 22. Whoop. 22 or 0.22%. EPSS ranking is 44. So it's halfway, halfway up the chain. In, in the ranking, the CVSS score is a 9.9. I guess it's not being, not being used in the wild yet. Oh, in here the issue has been fixed in these versions. Users are strongly advised to upgrade and patch their versions. Okay. So it does allow. It contains an rce, so remote code execution. So for those of you that don't know what N8N is or have never used it or aren't familiar. Nadia is a platform that will connect all of your different types of services, right? So through N8N, you can have chat GPT connected to your Gmail, which does something. If an email comes in, it automates the process. It is an amazing platform. There is a. There's actually a thing that a group that I follow or an individual I follow called Professor Glitch. I don't know if anybody has followed this person, but they're all about N8N and if you go and watch their videos, they break down how to do specific things in it and all the different connectors and so forth. But it is amazing. This is a bad. This right here is bad. When I Think about Nadin and I think about how awesome it could be. I also am, this is one of those where I'm on the fence. I also think about how bad it could be. Right, because this platform basically is connecting all of your services together to create automation. And if somebody got into that automation that you have created, they basically have keys of the kingdom. That's the way I see it. Unless there's somebody out there that can explain it differently to me. But if I'm connecting my gmail account, my ChatGPT account, my Claude account, my, you know, Gemini account, to use all of these different LLMs to connect to my Gmail or connect to this service or that service so I can automate stuff makes my job a lot easier. But man, if somebody got access to that, they have access to go in there and do whatever they want to into, into those accounts as well. So let's kind of run through real quick what's on here. Anything can we saw that on the other side. Workflow automation. Yeah, 400 integrations with AI features. See. Okay, so they observed about 100,000 potential vulnerable instances as of December 22nd. So as a couple of days go, the good thing is, is there is a patch available. Ah, you gotta patch it. So make sure that you, if you are using N8N that you patch it. I, I don't know if they are saying that so Nadin can run in the web or you, I think you can also download and use it locally and I think that's probably what they're saying is make sure that you're running, if you're running a local version of this, that it is updated and patched most of the instances. So if you're in the U.S. germany or France and you're using this, make sure you're, you're patching your stuff. It looks like most of the instances are in the U.S. germany or France. Yeah, this is, this is one of those stories where this, this is something awesome. But man, this could, this could really. Especially if a company's using this to do automation, this could really hurt them real bad. All right.
Sarah Lane
Web rad spread through GitHub exploits Web RAT malware is being distributed via malicious GitHub repositories posing as proof of concept exploits for recently disclosed vulnerabilities including Windows and WordPress flaws. This is according to Kaspersky researchers who found at least 15 repositories using AI generated vulnerability descriptions that to trick users into running a dropper that disables Windows Defender and installs the backdoor which then can steal credentials, crypto wallet data and spy via webcams. All identified repositories have since been taken down. Us.
Ben (DJ B Sec)
What happened? I must have clicked on that. All right, this is a crypto day, apparently. Got a lot of crypto stuff in here. All right, so Webr malware is now being distributed through GitHub repos. They claim to be host proof of concept exploits for recently disclosed vulnerabilities. Awesome. Oh, fantastic. Here we go. So Web Rad can steal credentials from Steam Discord. Was it Steam Discord? And guess what once again, Telegram. As well as some crypto wallets. So Jay Gold better keep his hand on his crypto wallet. Can also spy on victim webcams and capture screenshots. This thing's gross. All right, where is this In Windows since September operators. Where is this at? This a Windows. Let's check out the score real quick. Not too bad. So the CVSS score on this is 8.8. It looks like it. Like we're chaining stuff though. So We've got an 8.8. The EPSS score on that one was low. What about this one? We'll come back to it. So a critical authentication bypass and own ID passwordless login plugin for WordPress. WordPress and its plugins. So everybody thinks WordPress is, you know, crap when it comes to security. WordPress is fine. It's all the plugins that are put in. So people build those plugins and they don't have security on them. And that's what makes WordPress not secure. It just bolting on all these different types of all the different types of plugins which end up screwing everything up. Security research. Kaspersky discovered 15 repos with this. All them providing information about the issue. All alleged exploits. Man. The malware has multiple methods to establish persistence, including Windows Registry modifications and task scheduler. So that's definitely something you want to put in place to make sure that people aren't changing Windows registries. And if a registry gets modified that you get a. You get an alert. See corrupted DLL decodes. I'm trying to see if there's any IOCs in here. Oh, here we go. So run it gets downloaded, Webrap runs and now you've got access to Steel Discord. Steel crypto screen recording. Oh, it's got a keylogger as well. And. And you get remote admin. So this thing's top notch right here. Using fake exploits in GitHub blur unsuspecting users. You know what the moral to this story is? Don't go download something and install it if you don't know what it is. If you're just going out there and pulling stuff like sandbox and stuff, maybe, maybe that's a better moral to the story. Before you download and install something on a production machine or your machine that you're using, maybe do it on a sandboxed machine. So if it blows up and tears everything up that you can just get rid of it and restart it. Evaluates the privileges, disables Windows Defender, and then downloads and executes the webrat from a hard coded URL. Okay, so if they have the hard coded URL, that can be blocked. Did they, did they put that in here anywhere? I didn't see it. Let's see if there's in a note somewhere. We're doing a little deep dive on this one, see if we can find IOCs. They said there's a hard coded. Is it. Was that just a copy of this one? All right, so archive download and repos. Primarily. So here, I'm gonna put this in. I'm gonna put this in chat. Right here is where we can grab this. So if you are a defender, if you're a blue teamer, this is what you want to do. You want to go out. You want to put in. You want to put in that. That hash to make sure you're looking for that specific hash. You want to also look for. I thought I saw the. Did I not see it? Oh, and the hard coded. So the hard coded URL is a Russian site. So if you're blocking all.ru you should be. Should be good. But you can also run. Let me put this in here real quick. There you go. Now y' all have that. This, this is one way to, to help mitigate this issue is to make sure we're blocking this. Also make sure that your users don't have admin privileges on their machines. I mean, that should be first and foremost. You don't have. They shouldn't have the ability to install things on their machines without it knowing. Yeah, here's more. So, Kaspersky. So here's all the different ones. Yeah. So there you go. We've got our ioc, so we can go hunt for those things. We can go find them. We can go make sure that we're blocking them. Good deal. Why didn't they put. I mean, they basically copied and pasted this whole thing. Why didn't they put it in here? Did this get pulled? So this is a 62.7 or 62.8 EPSS score. That's also a 9.8. What was the other one? Elevation of privilege. Let's see what this score is. I think all combined. I guess that would be a thing to do is put a, get a, create a tool that combines them all. Oh, this one's 92%. So as we moved up now the CVSS score here is 7.8 but the EPS score is way higher. We're in the red on this one. So this is one Improper access control Windows remote registry. So that would be a big one. That'd be your their way in.
Sarah Lane
All right, next story disrupts bank account takeover operation. The U.S. justice Department sees the domain web3adspanels.org which officials say was used as a control panel for a bank account takeover operation that stole millions from Americans via fraudulent search ads impersonating major banks. The FBI identified at least 19 victims with attempted losses of around $28 million and confirmed losses of roughly 14.6 million and says the database hosted credentials for thousands of victims. Bank takeover fraud has generated more than $262 million in in reported losses this year.
Ben (DJ B Sec)
Woo. We got another one.
Jerry from Simply Cyber
Regulators.
Ben (DJ B Sec)
So US disrupts multi million dollar bank account takeover operation targeting Americans. Awesome. Glad they disrupted this and saved my bank from giving away my money. So according to investigators, the website web3adpanels.org function as a control panel for criminals to carry out so called bank account takeover fraud allowing them to store and manage stolen banking credentials harvested from victims across the United States. Now this is great that this story is saying hey, they were able to stop this. What were they stopping? Like how did, how did they get like. I understand. Here's their web panel. Fine, great. Cran. Wonderful. But how did people get got. So to say, did it have that in here? I didn't hear that. I was also messing with Mod Chat. The group behind the scheme bought fraudulent. Oh okay, here we go. The group behind the scheme brought fraudulent ads on major search engines including Google and being designed to closely mimic legit sponsored. Oh, that's what they did. So they basically kind of did a little typo squatting or malvertizing. So to say users who clicked on the ads believe they were being directed to their bank. Okay, this is another, this is another teaching moment. Again, like when you click on something that doesn't necessarily mean it's going to be going to where you think it's going. I always tell everybody if I'm going to go to bank of America, guess what I'm going to do? I'm going to type in bank of America as a website. If I'm going to, you know, Chase, I'm typing in chase.com I'm going to the websites. Especially if it's an ad. You don't click on an ad. Don't click on ads. I mean, it's becoming more and more ridiculous how much, how much these things are out there. I didn't say that. Right. It's becoming more ridiculous how many of these things are out there. Investigators said they seized the domain hosted login credentials for thousands of victims and continue to support the fraud here. Here's one thing I would say. I would hope that, and maybe this has already been done, but I would hope that these investigators would contact these banks, let them know, hey, these are the individuals that we see that are on here. Let them know the banks can then do an audit of what's going on with those individuals and notify those individuals of what happened. It's not necessarily the bank's fault. Right? It's going to be. It sounds like it's the actual individual that got. Got tricked into clicking on these things, but at least let the individual know that, hey, this did happen. This. It looks like you were part of this scheme that was going on. This is crazy. The seizure is part of a broader government crackdown. Since January 2025, FBI IC3 has received more than 5,100 complaints tied to these schemes with reported losses of $262 million. Good Lord. That's just, it's amazing to me, like, what the heck, you know, I'm trying to. There we go. Jeez. Once again, this is, this is, to me, this is a trading issue, a, an awareness issue of, hey, these users, when you go out there, when you do a search on Google, you do a search on Bing or whatever, the. Usually the very first link at the top is an ad. It may be an ad for the legit company, right? You may type in Chase and look for Chase and there's an ad for Chase at the very top and it's legit. Don't click on the first one. Go through a couple of them to see if you can't find the one that actually shows Chase.com on there. Even though they may be using Typo Squad or something to make it look like Chase.com. you want to make sure that everything you're clicking on or everything that you're going to is, is what it says it is.
Sarah Lane
Chrome extensions caught stealing credentials. Two malicious Chrome extensions called Phantom Shuttle posed as a network speed test and VPN service while secretly Intercepting traffic and stealing credentials from more than 170 websites. That's according to Socket Security. Researchers found the extensions routed selected traffic through attacker controlled proxies, exfiltrating plain text, emails and passwords, payment data, developer secrets and browsing activity while maintaining a persistent connection to a command and control server. The operation has apparently run four years and likely originated in China from.
Ben (DJ B Sec)
Did I cut that too soon?
Sarah Lane
All of us here?
Ben (DJ B Sec)
Oh, no, we did. All right. Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and they have the same name published by the same developer. They come to the capabilities of intercepting traffic and capture. So this is nothing new here when it comes to adding extensions into browsers. Unless you know 100% that the extension that you're putting in there is foolproof, so to say is clean and clear, which we've already shown that we've got code that can go through static analysis that says it's clean and clear, and it's not unless you're 100% sure on it. Just know that there's a possibility that it could be an info stealer that's stealing information from your machine or from your browsing. Right. Users pay subscription. Wait, you're paying? Hold on a second. Extensions are advertised as a multi location network speed test plugin for developers, for foreign trade personnel. Both of the browsers downloading and writing details. Okay, so they're both called Phantom Shuttle. They had different IDs, so we can see that when they're put in, they've got different IDs. This one had 2000 users and this one only had 180 users. So not a lot of people. Wait, oh, it was published in 2017 and then this one's 2023. Cut it. Users pay subscriptions ranging from 9 yen. I think that's yin to 95 yen. Believing they were purchasing a legitimate VPN service. But both. Wait a second. So it's supposed to be a VPN service. I thought now I'm a little. So a multi location network speed test plugin. If it's a speed test, I'm off here. If it's a speed. If I'm downloading a speed test plugin, why would I be thinking that it's a vpn. So they purchase a legitimate VPN service. Both variants perform identical malicious. They socket. See behind the subscription facade, the extensions execute complete traffic interception through authentication credentials. So yeah, there's a C2. So they said this looks like it's something that was put out by or Came, came from China in some way shape or form involves militia basically. It sounds like there's not that many people that actually have this. I mean good story. I don't think it's going to affect most people. The, the, the crux of this story is to make sure that we're not downloading things that we don't know about. I mean all of these stories this whole week has been one of those things of just don't go out and willy nilly click on it willy nilly 40 years old, 50 years old, sounding crazy. Don't just go out there clicking on things and not knowing what they are. That's the big thing. Once unsuspected users make the payment, they receive a VIP status. Yeah, I bet so. And the extensions Auto Enable Smarty proxy which routes traffic from over 170 target domains through CT or C2 infrastructure. You know what you can also use, instead of using things like this, just use proxy chains like why are you going. There's. There's so many free things out there that gives you this capability. If this is truly something you need just use a proxy chain, just log on. I mean you can use the Tor browser and do that if that's. If this is what you're trying to do. When a website or. Oh, here we go. So it installs a network testing extension. Pay your subscription, you get a vpn. The credentials are then captured with a man in the middle Proxy access to the corporate network is given. Given and now they've got lateral movement into your. Into everything. Amazing. See once users authenticate the proxy server, the extension configures Chrome. Yeah so there you go. So you can stop this quickly. It sounds like the, the plugin itself doesn't actually install some or I mean the plugins installed but it sounds like what it does is creates a proxy auto configuration script. So in the back end in. Let me see if I can show this. We got time so let's pull this up real quick. So in your settings, if you guys don't know about this, there is a proxy chain or proxy. Come on man. No, that's not it. Where's it at in here? We'll find it. Control site settings. I'm not sure where. I don't, I don't actually use this in here. So trying to find where it's at. Maybe it's in this part. Maybe, maybe not. Anyway, there's a way you can add an automated script in here that basically when your machine. It's like a socks proxy. When your machine goes out or it's going to go send traffic out to the Internet. It hits that first. So instead of going to the site directly, it's going to go through that proxy chain or it's going to go through that proxy and then deliver whatever it is that's going there, then get it back. And basically what this plugin is doing is it is creating that proxy script. If I hit this, is it going to open it up? There it goes. It creates a auto configuration proxy script. So find proxy, it adds the port. Those are just examples. So basically it puts in a web link and instead of all your traffic is tunneled to that before you get information back is what it is. Always routes the traffic through the web. It routes hard coded. 170 different domains listed. Domains include developer platforms. Oh wow. Cloud services. I think the. Oh. So the Extension maintains a 60 second heartbeat with the C2 server. So here's another one right here. If you can go threat hunt for this, look for phantom, look for Phantom Shuttle space. If anything is going to Phantom Shuttle space, you probably are infected with this or being sent to a illegitimate site. So if you see Phantom Shuttle dot space, somebody's, somebody's got, got this installed more than likely still, that's crazy.
Sarah Lane
All right, Cyber security headlines. Here is a quick shout out to all those cybersecurity professionals that are going to be on call and working through the holidays. You're appreciated and we hope Santa is extra kind to you this year. Cheers to you. I am Sarah Lane reporting for the CISO series and I'll talk to you tomorrow.
Ben (DJ B Sec)
All right, that is it for the news today. Interesting stories. We'll go through some more and we can talk more about them in depth. If anybody's got any questions about them, we're going to move over. We're about seven minutes early, but we're going to go ahead and move over to Jawjacking. We will have about 30 minutes or so. We'll talk about anything. We can talk about cyber security. If you want to talk about cyber security, we can talk about personal, personal growth. Whatever it is that you want to talk about. That's what we're here for. Chat's here to help answer questions. Chat should also be here to throw out questions, but let's go ahead and do that. If you were just here for the news, we will see you. There is no show tomorrow and there will be no show on Friday. Tomorrow is Christmas here. If, if this is it for you for today, I hope you guys have a very merry Christmas or a Happy holiday or whatever it is you see. Celebrate. Go out and have. Have fun. Have fun with the family. If you're going to be here for Jawjacking, that's going to start up here in just a minute. Until then, we will see you Monday. Daniel Lowry will be on next week to do the daily cyber threat brief. Until then, I'll see you guys. And let's move over to Jaw Jacket. I could find the intro. Here we go.
Jerry from Simply Cyber
Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some jawjacking.
Ben (DJ B Sec)
All right, now we're. Now we're in a good place. Now we can have some fun. Some. There's some interesting. I always. When it comes to. When it comes to the news, even when Jerry's doing it, when all I hear stories about this company, bought that company that. Like this. That's not. I know it's a CISO series and it's supposed to be. It's more tailored towards Season. Supposed to be tailored more towards CISOs. But I mean, there. There are other stories out there that we don't necessarily. Didn't know that ServiceNow was buying this or buying that. That's. It's almost more like a marketing ad. But anyway, that's. That's my take on that. All right, what do we got today? It is the night before Christmas, and all through the house, everybody's running around, even the mice. Let's see, what do we got in chat here? What's this? I see a question in here. So is it true you need Adobe Pro to do redactions called the Adobe license? I don't know what that is. I'm not sure what the. That question's about. Yeah, there's no. Nothing tomorrow. And as far as I know, there's nothing Friday. Hold on just a second. I didn't realize these stories were. Yeah, well, Anita, that's. So that's the whole point. The. It's called the CISO series, so their whole. Their whole series is supposed to be tailored toward CISOs in that sense. So they have the headlines, right? CISO series headlines. They've got a whole. In fact, on their website. I'll pull their website up real quick and show you Their. Their whole site is tailored toward. Supposed to be tailored toward CISOs in that sense. It's called the CISO series. There you go. So they have the cyber Security headlines. They have Cyber Cyber Friday where they talk, they've got security. You should know these are all different things. Defense in depth, how CISO should talk to the business and so forth. The whole series is supposed to be towards CISOs and the cyber security headlines is supposed to give a quick headline to CISOs. But I mean they're, it's relevant for everybody. It's not just CISOs that, that are going to sit here and read this. So, Bearded ruckus, how do you like being in a management position compared to your previous roles and what are things you weren't expecting to be part of your role now? Okay, good question. So the role I've, for me was just a title change. It's still the exact same role that I've been in for the last 15, 20 years. Just a title change within the company. When it comes to my specific role and what I do, I deal with everything, everything under the sun, it, security, so forth, vendors, right, contracts. So all of that stuff. Been doing that for, for years and years and years. So for me it was just a, it was just a title change. Now when it comes to being like boots on the ground versus being management, it's a whole, it's a whole different mindset, right? So boots on the ground, where you're fixing the problems day to day, you're, you're being more reactive than proactive and that's where the mindset has to change. When you move into a management role, there needs to be more proactive and you have to have time to be able to, to be more proactive to, to reach out to other departments to think about what needs to change, how you can help them, how they can save money through technology, different things. So the roles, the role changes in the sense of mindset. I guess that's, that's the best way to describe it. If you have, if you have that mindset of hey, I'm, I'm just going to move into this role and I'm going to make more money and continue, continue to do what I do. It's not going to work, right? You've got to be able to have the mindset of being a proactive person, that that's basically what management becomes, is the proactive. How are we going to grow the business? How is the business going to better for me being in this position versus just a worker that's sitting at the desk and helping everybody out? I guess that's the best way I can describe that as a proactive versus reactive. I guess that's That's a good way of coming up with it. See if there are any other questions that I missed that were above before I go back down. Is the music too loud and not loud enough because I hear it in my ears. I just don't want to. Don't want to be blaring. You got. In fact, let me look and make sure I pull it down so. There. That way it's not so bad. All right. I saw one earlier. Yeah, I think justin gold just answered this one. If you had a chance to take either comptia sec, AI plus or isaca crisc, which one would you take and why? So I haven't actually looked at to see. Hold on a second, let me. Oh, okay. So the certified Risk and Information Systems Control. Here's what I would do. I think Justin Gold probably hit it on. Hit it on the nose with this. The ISACA is probably going to give you more right up front. So being having the ISACA certified Risk Information Security or Information Systems certification is a very good one to have. I don't know. I think sec. The SEC AI plus is brand new, so there might not be a lot of headway around that yet. That doesn't mean that it's not bad and it's probably good just to take if you want to just take it and get the information. But on a resume, if you're looking to pad the resume of hey, this is the cert I have and this is what I've done. I would probably go with ISACA first because it's been around a bit longer. This. That actual certification has been around longer. Seamindoza. Okay. I guess is semen doze. Are you. Are you new to the channel? This is the first time here. Do we have a welcome to the party pal? Even though if you're not new, you got welcome to the party pal. My background so I've been in it for over 20 to 25 years. I started when I was 18 and I'm way older than that now. Last year I got my CISSP. I worked through. Over the last 20 years, I've been in many different industries. So I worked in oil and gas. I've worked in logistics. I've worked as a. I started off as a help desk. Just straight up help desk. Worked on a. Worked with a company or at a company that was 100% help desk all over the place. And I worked for. At the help desk. I worked for the pharmaceutical industry during my time there. But yeah, I've been in the industry for 20, 25 years and kind of worked my way up through being a network engineer. So got all of my Cisco certifications, got ccmp, did not go for a ccie, but got my CCMP and continued to mosey on in about 20. You know, when Covid hit and everybody was at home, I got involved with this group and another group and was basically realizing just how involved in security I already was and didn't realize it, which a lot of you out there probably don't realize just how much, how involved you are with the security side of it. But then last year in 2024, I went and got my CISSP. So that's, that's my little, my little background. There's that one. Let's see what else we got. Oh, this is interesting. So 40 of the, that AI exam is securing AI. So here's, here's an interesting. And I heard this yesterday. I was watching something. Many people just start using quote unquote AI, meaning you're using Chat gbt, you're using Claude, you're using Gemini, but you don't necessarily know how the backside of it works. You don't understand how LLMs work. And that would be, that'd be something good to know, right? Is what, how the LLMs work, why they do what they do. You know, why, why they go off and give you random, random answers sometimes. And that will also help you find the areas within AI that you can secure. Marcus is saying the music is good. See, of course, gracious saying the Comptia is useless. I saw somebody else, FedEx is saying the higher you go, the farther from away from the keyboard you get. Oh, it depends on what company you're in, right? Because you can have a, a high, a high title and being a small company and you're still doing everything. I mean, I know people that are in startup companies, in smaller companies that their title is ciso, right. But they are in, in the mix day to day on everything. They're configuring things, they're putting things together. Their title says that they should be, you know, being that all, all in all, everything up top. But what they're doing on a day to day basis isn't that they're doing the technical grunt of it just like everybody else. Anybody got any other questions? I see the chat has, chat has basically died off. And I know it is Christmas Eve and every guess what everybody's running around getting ready for, for the day, getting ready to either have family over or go over to family. Jerry was a little bit reluctant on doing, doing these Shows this week and next week because we know everybody's, everybody's out. But I told him, hey, look, I'm off. I can fill in for you if you want me to. We can, we can put a show together. We may get 10 people, may get 20 people, we may get 200, who knows? But at least we're still trying to bring value. Oh, man. Bring value in, in one way, shape or form and letting people know because, hey, as everybody knows in here, this is not a, this is not an industry that stops right on a, on a day to day basis. It doesn't stop. You know, I did have a. I saw this earlier. Adult filmmaker. What a name. Wow. Does it do MFA N8N. So N8N in itself, you're going to use API. Oh, you're going to use APIs and connect in connections between everything. Or you should be using APIs to connect things, not using your direct accounts. But you're going to use APIs and so forth. Using N8N to be able to do the information, to be able to automate in one way, shape or form. I'm sure there's MFA in place in one way, shape or form. You should have something like that in there. But if you're using APIs and so forth, you, you'll lock it down in another way. What she said, I don't know. Let's see, Let's see. What? Find the true said, but I'm not sure what it is. Okay. All right, so I just got word that there, Daniel Lowry is going to have a show Friday. So if you, if you're still here, there is going to be a show. Let's see, there's gonna be a show on Friday. Daniel Lowry is going to do the show Friday. So there will be one Friday. We just won't have a show tomorrow. Christmas day. We won't have a show tomorrow. Thank you, Kimberly, for checking in on that. I thought we were gonna be out for today and tomorrow or not today, tomorrow, Thursday and Friday. But Daniel Larry has, is gonna pick the baton up and, and keep running. Right after I trip and fall in my face, the baton goes everywhere. He's gonna pick it up and keep on running. See, The dreaded hoser says Merry Christmas to all. Everybody be safe. Enjoy the day. Yes, have fun. Don't do anything that I wouldn't do. Everybody's wishing everybody Merry Christmas, Happy Holidays. Got tech ninjas. Oh, this is a good one. So, Michael saying, do you still pursue study of any cert slash course? And what is your motivation? To further study. So I'll take the back question, I'll take the last question first. What's my motivation? My motivation is always to learn, right? And in this industry and in this field, that is something we always have to do. Because what, what is good today is not good tomorrow. In this field, things change so fast on a day to day basis. So number one for me, it's always learning something. Right now it's learning. I'm very big into automation. I love automation. I love figuring out a way to automate jobs and make things a lot easier, quicker, more efficient. So one of the things I'm looking at is are Those platforms like N8N make Zapier. Zapier, however you want to say it for automation. Because basically you create your workflow and this is, you know, this is how I do this task. And then you put that in place in there and hit the button and go. And you're, it's good, right? Everything's done. You set your schedules and you're good to go. For me, the second part of this motivation is always to further, further excel, further gain knowledge in different types of technologies. Right now, is there a specific cert or course that I'm looking at? I, I am not looking at a specific cert or course at this time. I went through a lot of it last, last year with cissp, making sure that I got that that was big enough for me. And right now I'm just trying to make sure that I get all my credits in and everything for that. Because it's a big cert. You've got to make sure that you got 40 credits a year, or not 40 credits a year, but 120 credits and within three years. So basically breaks down to 40 credits a year to, to keep that. So that it was a big test to take. It's a, it's a long test and it's not one I want to retake. So that in itself is a, is a motivation to continue to study, to continue to learn of what's going on in the industry, what's up and coming, what are the, what are we seeing when it comes to adversaries and so forth. So there's not a specific cert that I'm pursuing. A lot of the search I look at, I'm like, man, that'd be nice to have. But I'm not sitting here going, oh, I have to have that cert right now. Awesome. I'm off today and I get to catch. Okay, well you know what? Just for that, welcome to the party because you got to, you got to actually catch the live stream. Yeah, that's exactly where you get tech run. We are going to get a post Christmas morning pour. So we will find out if Daniel Lowry shows up with his eyes half opened and a, a monster or if he's like pouring monster and coffee together after spending a day of Christmas with the kids and family and everything. Yeah. Kimberly says come back for, for the tech neck. Oh, okay. Completely. I get I read that wrong. So he's asking if we, if people use MFA with N8 in because you were saying Google accounts so similarly wondered if people were able to use it to do bad stuff to undo the security that they needed. So I mean, you're going to have MFA see if I can read this and get this right. I'm asking if people were using MFA with N8N because you're saying Google accounts are similarly and oh, so Google similarly. If I wondered if people were able to use it to do. I mean, so are people able to use it to do bad things? Yes, people are able to use it to do bad things because it's, it's just, it's a work, it's an automated workflow creator. So you're have your workflow when you're creating that workflow to Autumn for automation. So this platform is just doing the workflow workflow for you. Say that 10 times fast. You're just doing the workflow for you. Are they using mfa? There's MFA in place. I haven't gotten deep enough into it to, to connect all of these things. I know how it works right now I haven't actually used N8N right now because it, it costs and I'm not downloading and putting it in, in local. But I, I, that's one thing I do plan on doing in the next couple of months is getting a, getting an account and trying to mess with some of the things. One of the things I want to automate is the push to my website. So each day I have, I've created my own workflow that automatically goes out, grabs stories that I have chosen well once. I mean, I have to kick all this off mainly, but it grabs stories that I've chosen, takes those stories, throws those into chat GPT, creates a summary of them. When it creates that summary, that summary then is created into a markdown file. And with that markdown file, it also creates a, an audio file, mp4 using Edge AI voice and creates. So basically creates the markdown file and creates the, the MP3 MP4 file. MP3 file. It's MP3 file to go out and dump on my website. In fact, I'll sh. I can show y' all real quick. Let me get rid of this. So on the. On my site, this is one of the things we were looking at, trying to figure out which. The last time I did this on November 27th. But it. My workflow goes out and creates a site that has like. Basically it would be like our backup site, right. Our business continuity site when it comes to cyber stories in the morning. And I can kick this off and do it in about 10 to 15 seconds, as long as I have the stories and it'll create this for it. But if I have this automated, where it automatically does this, I don't have to worry about manually doing it every single day. But it goes and creates this file and then it creates this. This look. So if for whatever reason, CISO had a blip and they weren't able to put stuff out, I could put this out real quick and Jerry could use this as a. As the daily Cyber Threat brief. Right. So the last time I did this was on the 20th of November 27th. But I have all of this in place on. And I use. That's not it, but I have all this in place in my cyber security. I don't remember where it's at. Hold on a second. Let me see if I can find this. Here it is. Headlines. So I have all these in place in here, which. That's really tiny. I know y' all can't necessarily see this because it's small, but I've got in place on here my. My little headline script. So it automatically. Like this right here is the headlines. Wait, that's not it. That's a. There. It's under automation. All right, here we go. All right, so right here, which y' all are all going to be squinting because it's. I know it's small, but right here we've got Get Saved stories, then creates the prompts, creates chat GPT output, and then finalizes the news, automatically creates it. So I have all these in place now it's just a matter of how am I going to automate that. And using something like N8N or make or Zapier is something that Jerry and I talked about a year ago. But that's something that we could put in place. So it's automatic and it goes. And it just gets dumped in there. And if that happened. Right. If we set something up that way, then we would have our own stories that we're going through by looking at it. So. Now this one's. This is pretty funny. That's a joke of the day right there. If Die Hard is a Christmas movie, is Home Alone 2 a hacker movie? Since Kevin McAllister social engineered his way into the hotel, that's 100% yes. He social engineered his way into. Into that hotel, into that suite and racked up a nice big old bill of nice big old bill of. Of ice cream and everything else in that room. Oh that's pretty funny. I would agree with that. I would. I would 100 say that that is a hacker movie. A way to social engineering. Every red teamer should should watch Home Alone 2 and learn how to social engineer like Kevin McAllister did with his video recorder. That always cracks me up. Hi, this is Peter McAllister, the father. I'd like a sweet. I appreciate you parsing which type. Reading through chat here trying to see if there's anything in here to throw. Headlines. It has hardware hacking tool. There's a. I'll tell you that's one of my favorite ones, man. Like Home Alone 2 is my favorite. Oh Neckbeard had a voice changer as a kid. So instead of, instead of naked beard signing his his sheets, he actually called the school with his voice changer to say that my. My kid's out of. My kid's sick today, Man. Isn't that true? He. He is the, the goat of resourcefulness. I mean let me run down the street to my, to my uncle's house that has a hole in it. Oh and it's got bricks and everything else and I can. Let me go ahead and create, create this. What did Joe Pesci call it? His fun house of horrors or something. Oh, Kathy Chambers is in the house. She woke up grace us with her presence. Everybody's. I think everybody is, is in chill mode right now. Everybody's ready for the. I think everybody. I would just say I'm going to throw this out there. Does everybody's day kind of start like everybody's today? If you're celebrating Christmas and, and you're one of those. And you're, you're doing family things a day, does it kind of start around 12 o' clock wherever you're at? I think for me usually Christmas Eve is usually around 12 o' clock when every, when you start hearing everybody Russell going all right, we need to start getting ready to do this and to do that and we got to get out of here in the next couple hours. Everybody make sure you got a shower. Everybody make sure, you're. I don't know what I'm going to wear. And for those of you don't know, I'm, I'm in Texas and I know there's a massive heat wave going on across the US but it's freaking 80 something degrees right now. We talked about this. I think last week Kathy was on and Daniels. I think we did it on Friday. It's 80 degrees and it's gonna be Christmas tomorrow. It's ridiculous. I cannot, I, I hate it. Like I, I cannot stand. You can give me 80 degree weather all year long. I want it to be cold on Christmas Eve and Christmas Day, you know what? And then the rest of every other day can be 100 degrees. I don't care. But give me like 30s and 50s. I say that's cold. I know some of you live to where it's like negative a thousand in South Dakota, but I'm just talking about, you know, like Texas cold. Like give me 30s and 50s where we actually get to wear, you know, things like this and not, not sweat our butt off just because we decided to walk outside for two minutes. The grass says his starts around 3 o' clock today. It's usually, that's usually when we're leaving and going and heading out. Christmas day and noon. Yeah, everybody, Everybody. I think everybody's in the Same boat around 12 o', clock, 4 o' clock around the afternoon is when everything kind of starts really getting going. Wait a second. It's 72 there. I thought you guys were supposed to be that. Y' all were supposed to get hotter today. I mean, it's 72 there right now. It's not gonna be 72 there this afternoon. Right? They're gonna be in the 80s too. Wait, what? Kimberly's gonna have like a Mai Tai and a little Christmas tree in her drink while she's sitting on the beach. That's not Christmas. But see, to me I'm like, that's not Christmas weather. Like we need, it needs to be cold. That, I mean, that said so real quick, we got about five minutes. Real quick. As my kids have grown up, they have had more snow days here. We've had more snow days here in Texas in the last. See, my son's going to be 18 in the last 18 years than we had had my whole life living here. Right. So I grew up. I remember one Christmas where it was cold and we had like, it had rained the night before and we had some ice on the ground. I was like, oh look, it's, it's Ice. My son's first. So when we got married, we. We got married in December. We went down to Jamaica for a honeymoon, and a cold front came through, and it was like 60 degrees in Jamaica during that time. We came back after the honeymoon, and it snowed. So the first. Like, the first Christmas we spent together as a married couple, it snowed. Then we had our son. It snowed that year. It had. I think it snowed five or six times in the last 18 years, which is unheard of here in. In Texas. And when I say snow, I'm not talking about, like, we got a couple of flurries. Like last year, it snowed so bad that we were. There was like two days, two or three days. Nobody left the house. The streets were iced over. We got about four or five inches of snow. I say it snowed so bad, everybody up north is like, oh, five inches. A big, big deal. But, yeah, it snowed. And we had a ton of snow for us. But that happens, like, in February. But that's happened more. More than not in the last 18 years. See, I'm. Yeah. I mean, for me, it's like Christmas. Not gonna say it sucks around here, but when it's 80 degrees, like when you have your kids and they open their gifts in the morning and then they go outside and they're sweating and they're riding their bike, that's just not. I mean, you don't get the whole Ralphie effect, right? You don't get to bundle all up and then go. I remember as a kid, because I got younger brothers, I was playing football in November, December, when it was cooler. And we always loved to throw on our big starter jackets. For those of you that are older and y' all know what I'm talking about, our big starter jackets. And we use those as our football pads because we could slam into each other because those things were so, so full of cotton. They would. But, I mean, he could slam each other and not hurt. Each. Hurt at all. But we would go. You'll play football in the cold. You're not doing that anymore. It's 80 degrees. It's like, we have. We have 80 degrees or we got snow nuts. There you go. I'm coming to see you today, neckbeard. 38 degrees. That's what I want. Yes. There you go, Anita Sailors. That's all I'm asking for. That's all I'm asking for for the month of December. Just give me an Ohio winter for the month of December. So snow equals babies. I don't know about Snow equal babies. Oh, give me a start. So you had my team when I was younger. Still. Still. My team is Notre Dame. I'm a big Notre Dame fan. Notre Dame and Texas, but yeah, starter jackets. Yeah, starter checkers are like bubble wrap. It's like not Ralphie. What's his brother's name? Can't remember his. Ralphie and I can't think of his freaking name. No knock. No nautical jackets? Nah, starter. It was starter jackets. It was all about how you represent your team in a big old bulky jacket, in fact. So I. I got mine when I was 10 or 11 and those jackets are so big that it still fits me today. Anyway. All right, it is 8:30. Oh, I've cut. Oh, Cousins of Notre Dame alum. Awesome. All right, that's gonna be it for me today, you guys. I hope everybody has a safe and happy holidays. Hope everybody ever celebrating Christmas today and tomorrow. Have fun. Have fun with the family. Enjoy it. Enjoy the time off. If you got the time off. If you don't have the time off, hopefully you're getting paid time and a half or. Or holiday pay, making the big bucks in the next couple of days. But for me, that's gonna be it for me today. No show. Again, no show tomorrow. We will have a show on Friday. Daniel Lowery will be here on Friday to have a show to bring you any. Any news that's happened probably over the last two days. If something big pops off, we always know that when it comes to the holiday season, we always end up seeing something big happen. And let's just all knock on wood and hope that that doesn't happen. That everybody gets through today and tomorrow without any big cyber issues or big issues at all. And everybody's able to spend time with the family, have fun and enjoy it. We find this outro. I never have this stuff ready. I like to. I just sit here and talk and then I'm like, oh, crap, I gotta go find how I'm gonna get out of here. Let's see. And we'll go with this one. Well, I don't know which one's right. All right, that's it for me, guys. Everybody have a safe and happy holidays. And I, if, if I'm awake, I may pop in on Friday and into chat and see everybody. Until then, everybody have a great. Have a great day. See you guys.
Jerry from Simply Cyber
Hey everybody. I hope you enjoyed that content. Keep the cyber security train going by connecting with the other Simply Cyber community resources. We have the Discord server that's lively and always keeps the conversation going, you can connect with me directly on LinkedIn. And also every single weekday morning on the Simply Cyber channel, we're doing live daily cyber threat briefings, 8:00am Eastern Time, as well as Thursday at 4:30pm we're doing live stream interviews with industry experts and and we produce videos that we push out every Wednesday morning. I'm Jerry from Simply Cyber. I hope you enjoyed the content and we'll see you in the next one.
On this Christmas Eve edition, Ben (DJ B Sec) walks the community through eight of the day's top cybersecurity news stories. Even during the holidays, cyber threats don’t stop, and today’s episode highlights major corporate acquisitions, new malware variants, social engineering schemes, significant software vulnerabilities, and more. The briefing balances technical analysis with practical, relatable advice for both blue and red teamers, and offers a healthy portion of community interaction, using real-world stories to drive home security awareness and actionable mitigations.
“If something seems off—question it. That’s all we ask.”
Catch the daily live briefings at 8AM ET: Simply Cyber Streams
And join the community discussion for career guidance, hands-on security chat, and always a dose of cybersecurity camaraderie.
Happy Holidays and Stay Secure!