Daniel Lowry

Well, greetings, everyone. I guess there is to go live. I'm gonna do this, though. And now it's the real deal. Hey there, everyone. Welcome to the Daily Cyber Threat Brief. I will be your host, Daniel Lowry, because Jerry is on vacation and as you can tell, he knows his setup wayla a whole lot better than I do. Way, a lot better. It could be that way. Hope everybody had a great holiday. I just found out that our car was broken into last night. That's awesome stuff. Good news is that the perpetrators took off with no more than just a handful of dollars because my wife keeps, like, a change purse. And that was. That was it. But they, they rummaged through the vehicle pretty good. Those scoundrels. Stealing on Christmas. I mean, come on, man. Any who. Thanks for joining us today. Today is Daily Cyber threat brief episode 1034. We're gonna have a good time. We're going to read some headlines, going to listen to that cyber news, go through it, do our hot takes on that stuff, see what's going on, what happened, what while we were all slumbering, other than my vehicle being pilfered, at least when it comes to cyber security, anyway, that's what we're going to be taking a look at. This is kind of an op ed news read. So if you're, if you're new to the Daily Cyber Threat, we do appreciate you joining us today. Hopefully you get something out of this and you enjoy it. Good news is that you do earn half a CPE credit for every episode you watch. So I think that one of the best ways to keep that on lockdown is to make sure that you do some sort of kind of like commenting in there. It proves you were there. All right. The fact that you did the thing, and I'm seeing some, some great people this morning. I'm so glad to see all the cool folks joining us. Carrie Jason was the first one in chat, if I'm not mistaken. We see Marlon J. 1, 2, 2. Who else we got in here today? Celsium skater, Steve Young in the house. Joe Schmo, Marcus Kyler. All sorts of good folks going on in here today. Thank you, everyone. Sabertooth, Sam. LinkedIn user. It's always good to see you. LinkedIn user. A pleasure as always. Alexa Cohen. Very cool. 80 Penguin. Cool, cool, cool. Good to see everybody here today. You know what we got to do before we get too deep in the weeds is we got to, we got to keep them lights on. Got to pays them bills. I'm gonna go ahead and run the ad read and that is going to be fun stuff for us. Let me throw that in there. Let Jerry handle his business.

Jerry

Want to give some love to fortify 365? The Microsoft 365 configuration solutions from Barricade Cyber Solutions. Barricade Cyber brings you all the knowledge in the incident response form, but they are also quite adept at helping you configure and set those protection controls for your M365 instance. Go to fortify365.com today to talk to Eric Taylor and the team over at Barricade Cyber and make sure that you are taking full advantage of all the configurable security controls that you have in your M365 instance. Fortify365.com today. Also want to give some love and some shouts to Anti Siphon Training on Holla Holla Holla. Anti Siphon Training, the group that is disrupting the traditional cyber security training industry by offering high quality cutting edge education at a discounted rate. For so many people out there, their rates are insane. Some of their courses free or pay what you can. It's amazing. Go to antisiphontraining.com today. Check their upcoming live training, their on demand training, government and military discounts. I mean it's absolutely crazy. I love it. Maybe not government and military discounts. I made a mistake. They've just aligned their training to the NIST. Nice framework. Also pretty awesome. Thank you. Anti siphon training.com and of course as always we've got Threat Locker kicking it. We'll hear from them and then back to the news. I want to give some love to the Daily Cyber Threat Brief sponsor, Threat Locker do zero day exploits and supply chain attacks keep you up at night. Don't worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threat locker.com daily cyber.

Daniel Lowry

You know I don't always listen to ad reads, but when I do I prefer to hear them from Jerry. He does such a great job. Thank you Jer Bear. We appreciate you sir. All right, chat well, you know what time it is today. We're going to go through some of These lovely, lovely articles from the CISO series. We appreciate the CSO series and all the hard work they do. So let's get at it. The first thing we need to do is start off old Mr. I believe it's Steve Prentice today. Let's see if we can make that happen. From the CISO series, it's cybersecurity headlines.

Steve Prentice

These are the cybersecurity headlines for Friday, December 26, 2025. I'm Steve Prentice. Active exploitation of Fortnet VPN bypass utility observed. Fortnet has announced that it has seen recent abuse of a 5 year old security flaw in 40s SSL VPN in the wild under certain configurations. This is in regard to a CVE numbered vulnerability from 2020 with a CVSS score of 5.2, which could allow a user to log in successfully without being prompted for a second factor of authentication if the case as in upper or lowercase of the username was changed. This is due to inconsistent case sensitive matching amongst the local and remote authentication. A certain number of prerequisites need to be satisfied by any threat actors seeking to exploit this vulnerability, but since some have been seen doing so, Fortnet advises customers who are on 40 OS versions 6.0.13, 6, 2.10, 6, 4.77, 0.1 or later to run a set username sensitivity disable command.

Daniel Lowry

All right, well, Fortinet, what you got going on there, son? It doesn't look good for you at all. Look, I've just rolled right into tech neck. I couldn't even help myself. It just, it just, it bursts out of me from time to time. I can't, I can't make it stop. But they definitely got something not good going on. What's interesting is that this is an older CVE, right? It said it was from 2020 right there, right? So CVE 202012812 was a CVS score of 5.2, which isn't that big of a deal. But this is kind of fun that I say fun, I, I mean that very facetiously that you see these kind of older things popping back up. You're like, hey, if this has been around since 2020, how is this still being a problem? Well, all things older, new again, right? That's the fun part about this. So an improper authentication vulnerability, we get that having something to do with the way the case sensitivity works with usernames. So I have a username. In most like Unix Linux systems, case sensitivity is kind of a big deal. Very much cares whether or not you have an Uppercase c or a lowercase c and it treats both of those characters as different because technically that's exactly right. Windows based operating systems typically don't do that very often. They just go I know what you meant, I'm good. But with these operating systems which are probably running some flavor of Linux under the hood when it comes to FORT os, wouldn't be surprised if it was based off of Linux in some way, shape or form. This is causing a little bit of an issue. So if we have a username that was changed, it might be able to bypass your second factor authentication. I did see this yesterday. I was, you know, because you read the news as you do. So I'm not surprised to see this one here. So it says this happens when two factor authentication is enabled in the user local setting and that user authentication type is set to a remote authentication method like ldap. The issue exists because of inconsistent case sensitive matching among the local and remote authentication. So it's getting confused on who is what, where, when and why and how. And therefore it's. This is the fun thing about finding coding errors when you build things. If you don't run, you know, if you don't have a nice little crack team of looking through your CICD pipeline for security issues, it could be possible that it freaks out in a way you unexpect or that you don't expect. Right? And this could be very well it that it just goes hey you know what? I don't need that second factor because you're not the guy looking for or girl that required a second factor. Maybe that's what's going on there. Since this vulnerability has since become under active exploitation in the wild by multiple threat actors with the U. S Government also listing it as one of the many weaknesses that were weaponized in attacks targeting perimeter type devices in 2021. Well, okay, so a fresh advisory on December 24th. Boy, it's just a. It was a bad bad Christmas for a lot of people fortinets over there going bah humbug, I don't like it. Said they notice successfully triggering these 2020 required the following configuration to be present local user entries on the fortigate with 2fa referencing the back back to LDAP the same user needed to be members of the group of the LDAP server. So obviously this takes kind of a perfect storm for things to occur. At least one LDAC group, LDAP group, LDAP group. That's fun. The the two factor users are a member of needs to be configured on fortigate and the group needs to be used in an authentication policy which could include, for example, administrative users, SSL, IPsec, VPN. Okay, yeah, prerequisites are satisfied, then the world opens up below you and you get swallowed up into a cavern where you're never to be seen again. This does seem to have quite a bit of all the right stars in all the right spots, if you know what I mean. The user logs in with J. Smith or J. Smith or J. Smith or J. Smith or anything that is not an exact case match to J. Smith. Well then Fortigate will not match the login against the local user this configuration has caused fortinet. Okay. Boy, this is quite the article. I mean it's an interesting little. Little weird thing that happens though this. I. I'm see so serious for finding something that is worth listening to and not just hey, everything you need to know is in the title of this article. Says after failing to match Fortigate finds a secondary configured group. AUTH group. A lot of details on this one. So if you are running this operating system which is going to be FORTA OS 6.010624 and 6.4.1, you might want to take a look through all this. And the good news is there is stuff that you can do like set username case sensitivity to disable that could be helpful. This is just one of those things where you just wake up one morning and you go are we running hey Billy, we running that 4 to OS 6.0136210647 or 7. 01? Oh, we are. Ah, that's. That's a problem. We're gonna need to get up over here and read this this article. We got a little advisory we're gonna have to. We're actually have to do some work here on day after Christmas because yeah, you want to get that done. And of course this is seems to be a fairly easy fix. Set the username sensitivity to disable. Once you get all this stuff done. It says additional as additional mitigation is worth considering removing a secondary LDAC group. I can. I cannot say it lda. I want to say LDAC group LDAP group as this eliminates the entire line of attacks. It's not no authentication the LDAP group will be possible and the user will fail authentication. Your failure. You fail. Your mother and I are very disappointed in you. However, newly issued guidance does not give any specifics on the nature of the attacks exploiting the flaw nor whether any of those incidents were successful. Okay, well that's interesting. Why not? Wouldn't that be kind of pertinent? Doesn't that seem like need to know info on this? Ah, you got. That's funny. I'll put that up there. You gotta path it. Super funny. Good job. All right, let's see here. Moving on to the next article. What is the next article? Something about Google. Let's do it.

Steve Prentice

Google possibly allowing users to change default Gmail address. A clue to the idea that this may happen was spotted in a new support document located in a telegram group and admittedly written in Hindi, which might hint at some localized testing in India before a full rollout. Up to the present time, Google has allowed users to employ different aliases for emails, but changing the mainmail.com address was not allowed. Google has not yet made any formal announcement on this.

Daniel Lowry

All right, Google, what you doing here? What you got going on today? Google will finally allow you to change your gmail.com address. I mean, I'm just personally, the thought has never crossed my mind to change my Gmail address. I mean, I guess there does seem to be some interesting implications now that I'm thinking about it, but honestly, again, the thought has never crossed my mind that I should change my Gmail address. Maybe it's kind of like getting a new phone number, right? It's like too many people know this. It's time to. It's time to move. Too many people know who I have. It's a liability at this point instead of being an asset. All right, let's see here. So what's going on? What's going on? As spotted in a telegram group, Google says it's already rolling out a feature to let you change your email address, not just for custom. Custom emails. Yeah. Has allowed you to switch between different aliases for your emails, but you couldn't change your@gmail.com address. Google wants to fix this behavior and give you the greater control over your emails. The email address associated with your Google account is the address you used to sign. So the question now becomes like, let's say I change my Gmail address. You know, I go from duncanmcloudmail.com I don't know why Highlander jumped in my head, but it did. Or maybe for the purists out there, Connor McLeod. So I'm Connor McLeod gmail.com and I decide, you know what? No, I'm delicate. McLeod. Now, would. Would Connor McLeod still continue to forward to Duncan McLeod? That would be the question. Because if it does, what's the purpose of changing the Gmail account? Just because you want a Cooler name and that that assumes that that name would be available. You know what I mean? Let's see. The email address associated with your Google account is the address you use to sign into Google Services. Duh. Let's tell me things I don't know. I mean if I've got a Gmail account, you're telling me this stuff. I don't think that this is really like useful information there bleeping computer. I'm pretty sure I figured that part out. If you'd like to change your Google account email address that ends in Gmail to a new email just that ends in gmail.com. okay. You haven't announced this feature officially yet, but it's fair to assume that it's actually rolling out, given the support. Yeah, sometimes you just gotta start fresh, right? Limited rollout. If you have access to future, you'll find it in the Settings page. So there you go. If you want to go see if you've got early access to this, go to Settings and on the Settings page that will include a link to the above support. Okay, but that looks like it's. That's just a support document in Hindi. Gmail alternatives such as Outlook and Proton have always allowed users to switch between different aliases. And now it's Google's turn. Okay, interesting. Yeah, maybe you just need that fresh new start. Change that email address to something else, I guess. You know, super awesome ladies man. 819. It's time to. It's time to put it to bed and get something a little more professional with your. With your Gmail account. That's fun. That's fun. All right, moving on here. What do we got next? What do we got next? This one is from the record. All right, the record.

Steve Prentice

June Aflac attack results back. The data breach that hit the Georgia based insurance giant in June exposed the information of more than 22 million Aflac customers. This according to a statement from the company released last Friday following an investigation of the incident. The attack, which did not involve ransomware according to the company, was stopped relatively quickly, but not before thieves made off with the customer data. This data included, quote, information on insurance claims, health data, Social Security numbers and other personal details of customers, beneficiaries, employees, agents and other individuals in its US business. End quote. The attack was attributed to the Scattered Spider organization.

Daniel Lowry

Oh, Scattered Spider. You a holes. Why do you do these things? All right. More than 22 million Aflac customers. So this happened back in June obviously, right? More than 22 million customers according to new statements from the company. Let's see. Let's get down into the good stuff. It's always a fun day when the SEC is getting involved in your business. You're like. Mr. Burns. Yes, Kathy? SEC's on line one. I'm sorry, say what? Tell them I'm at lunch. I. I don't know that I want to talk to them. They're going to be like, no, we. We need to talk to you about this. This is. That was able to stop a hacker intrusion. Within hours. Some files were stolen by the cyber criminals. Yeah, like 22 million Affleck. Or at least some data from 22 million. Right. Information of more than 22 million Affleck customers. Let's get it right. Let's make sure that we don't oversell this. I don't want Affleck sending me a cease and desist, see you in court letter. They got enough to worry about. They don't need me besmirching their good name. They said it was not affected by ransomware. Good for you. I'm so glad to hear it. The company has become notifying state regulators about the attack and breach notification letters. Standard operating procedure when it comes to the playbook that you pull off the shelf after a data breach is discovered. Officials in Texas said more than 2 million records. I'm sorry. Residents of the state were affected. In total, about 22 million individuals had information stolen. That's not good. Company faced no operational issues, so everything kept moving on as normal. Criminals didn't care. They just wanted to abscond with some data, apparently. What'd they get? What'd they get? Stolen documents contained information on insurance claims, health data, Social Security numbers, and other personal details of customers, beneficiaries, employments. Yeah, blah, blah, blah. So why is that important? Like, what's the big deal about that? The big deal about that is the fact that, like, they can use that information to pull off scams. They can contact your loved ones. They can contact you and go, oh, we're with Affleck and we noticed that you had a claim. Blah, blah, blah, blah, blah. We're going to send you some fishing links. We're going to send you some vishing. We're gonna have all sorts of good times contacting you and having conversations with you and trying to make you believe that you need to click on something or do something you shouldn't, and then, booyah. We have access to your credit. Oh, goodness. Sorry. The chat caught my eye. You chatters out there, you're having a good time. All right. Federal law enforcement was Notified Good. Cybersecurity experts were hired to deal with the incident. What else do we got here? Oh, oh, good. Oh man. Well, I mean, this makes it all better. You're going to get two years of identity protection services. I'll just put that on the pile of all the other identity protection services I get for free. From all the other data breaches. From all the other services. Isn't it fun? Isn't it fun? Just another day in the cyber security world, kids. It doesn't really change. It's just a like insert new like data breach occurred for aflac. Data breach occurred for good year. You know, it's like just pick your, pick your company name and then you can just fill that in. I'm guessing the Hacker News and the Record and bleeping computer basically just have boilerplate articles at this point and they just plug in the names. That's all they have to do. Okay, add a link here. This is the CEO there. And then it's just, that's the dates and then we're done. Cool. Thank you. Article written. My job is easy. I'm being, I'm having fun. Having a little fun. Don't, don't, don't get your, you know, underwear in a wad. All right, so let's see here. Getting the free. Getting the free service. Two years of ID protection. Let's see here. The incident took place in one campaign targeting the insurance industry. Scattered Spider added again. Dun dun dun. A loosely affiliated group of English speaking cyber criminals now gaining access to major companies by posing as IT workers. Erie Insurance, Philadelphia insurance companies and Scania Financial Services each reported cyber attacks at the time. Since the attacks, law enforcement has taken down a leak site used to the group used by the group and two members were arrested and charged in the uk. Take that, Scattered Spider. Enjoy the commissary at your local prison. Justice Department complaint unsealed in Deceptember revealed that a scatter Spider criminal operation, blah blah blah, stored 150 million. Okay, they're horrible people. Yeah, we get it. So what do we learn from this is pay attention to what's going on in your industry. So if I'm in the insurance industry, I'm really wanting to keep an eye on like cyber threat intelligence. And if I see an uptick in activity, I'm gonna go. We really want to put some Washington out. This did say that it was within a few hours, right? Right there. It was able to stop a hacker intrusion within hours. That doesn't even tell us how long it took to detect Stopping intrusions can be difficult. So maybe that's a. Maybe that's a win. Except for the part where they got 22 million, you know, records and now they got to pay for the identity protection services for two years for 22 something million people. Fun. Okay, moving on. We got one more article before the mid roll. What is this one? What is this one? Sisa. Oh, you're back in the game, Sisa. Let's do it.

Steve Prentice

Sisa adds actively exploited Digi Ever NVR vulnerability to Kev. The security flaw in question impacts Digi Ever DS2105Pro network video recorders Digi Ever being spelled Digi V E R An active exploitation has been noted as such it has been added to the known exploited vulnerabilities catalog. The flaw has a CVSS score of 8.8 and quote, relates to a case of command injection that allows post authentication remote code execution, end quote. Of primary concern is the ability of threat actors to deliver botnets such as mirai and Shadow V2. Federal civilian executive branch agencies are expected to apply the mitigations or discontinue use of the product by January 12th of 2026.

Daniel Lowry

Well, all right then. Gotta love a good remote code execution vulnerability first thing in the a.m. well, Cesa, thank you for flagging this. We thank you for adding it to the. Kevin, let's get into this. Did you ever, did you ever. Is that, is that like a weird game that Billy plays with his friends in the woods? Ever? Did you ever, you know, tongue kiss a horse? He's. I'm not saying I did that once, but you know, I get enough natty ice in me I'd do just about anything. Anyway, the U. S. Cyber security and infrastructure seesaw added this. So let's, let's talk. For those of you that are just joining us that's just having a good time and you, you're going, what have I landed into? Why are we talking about men playing weird games in the woods? Let's talk about a remote code execution. That usually just means that there is some vector that allows me to send either code or commands to a application over a network. Usually that's. Hence the term remote. Remote. I'm, I'm not on hands on keyboard on the machine. I'm able to send it information and that information gets interpreted as commands to be run. I should do this or code to be run to be interpreted and go, hey, this is code. I know this. I'm going to do the thing that it says to do. And you're like this is not how you're supposed to work. It's like, I beg to differ. Right? So that's, that's what's going on here. So it's got a decently high CVSS score of 8.8 almost right there in the 9. So that makes me think there's a little thing, a few things that need to be like aligned for all of this to work. Well, let's see here. So it says post authentication. Post authentication. So there, there's probably what's making this not up in the nines is, is that you need to be authenticated. So once you get authenticated into whatever system this is, what is it? Oh, it's digi. Ever. Right. The DS2105 Pro Network video recorders. Excuse me. So once you authenticate to that, probably through some sort of web console or something, there's going to be a spot which it will go, hey, I can throw some code at you. Or here's a command. Yeah, command injection. Bing, bing, right there. So I'm going to give you a command and you're going to go, I can do that, no problem, Bob. And I'm sure I'm not running as rude or anything like that. Let's see here. Contains a missing author authorization vulnerability which could allow for command injection via the time TZ setup cgi. I've seen it a thousand times. It's always the stinking time stuff. So when you're setting up your time zone, this CGI script, it just, it's yolo, whatever input. So you're probably at like a drop down box or something like that. And you're. So you log in, you got your brand new digi Ever. What is this thing again? Something about a, a camera pro. You, you've got your brand new DS2105 Pro Network video recorder. You're like, this thing's amazing. Oh, setup time. Cool. Let me hit that time Setup TZ setup CGI thing and tell it what time it is. Maybe I got a drop down. My time zone is Easter. My time zone is whatever. You click it, you hit submit. What if I with like burp suite, like intercept that and go. No, not time zone. Dog, cat, Etsy password. You know, here's a remote shell, that kind of stuff. Download this malware, do that instead. So here we go. The KEV has this thing. This is the known. I can't remember what Kev stands for @ this point. My brain is going, no, Daniel, you're not fully awake. I'm like, yeah, I know I don't have any monster in me. That's the problem. We'll have to fix that very, very shortly. In just about an hour and a half. Let's see, here comes from the multiple reports from Akamai Fortinet about the exploitation flaw threat actors delivered by botnets like mirai and Shadow V2. And yeah, you don't want your new Digi ever recorder, your 2105 recorder to become a part of some fool's botnet. Sending botnet traffic to botnetty things, doing botnet stuff, living that botnet life. I know I don't. According to TX1 Research, Taloon Yin, the vulnerability alongside an arbitrary file read bug remains unpatched due to. Whoa. What? Ah, see, I love that I've. I've seen this as well. Just because you don't support the thing anymore doesn't mean people aren't using it. You would think that like. Yeah, it's, it's. We don't support it. We're not actively patching the thing as far as like us updating features and things of that nature, but come on. Security. I don't know how old this is. I mean that bug is not that old. Three years at. @ best. Come on. Successful exploitation required. Okay, here we go. Here's how to make this thing happen. Attacker to be logged into the device. Perform a craft request in the absence of a patch. It's advised the users avoid exposing the device to the Internet. Who. Well, where. Where's your sense of adventure? Hacker news. I love connecting everything I own to the Internet. That's how we have fun. CES is also recommending the civilian brands, blah, blah, blah. Yeah, this is great. Okay, cool. Well, that takes us to the old mid roll and. And I. I don't have music, you know, so we don't have to worry about copyright strikes here. Not while Daddy David. I say Danny is on. Anyway. Talking's hard. Let's see this. Thank you to our sponsors. Thanks everybody. I want to check in with the chat while we got this up here. Keep that going, rocking and rolling. Let's see what's going on. We got Pocket Pixies in the house. How are you everyone? I'm doing great, except for the fact that my car got broke into. The good news is they didn't. They didn't make off with much. Just a few dollars. I think that my wife had like a, like a change purse or something in the car and. Yeah, Gary, Jason's. Hey, hey, hey, hey. Yeah, I don't have that music and I was not given authorization to play any music. So there you go. Thank you. Bruising hacks, known exploited vulnerabilities. I knew the known exploited, but the V was like escaping me. My brain just would not work. Let's see here. Who else is going on here? Well, who do we got? We got, thanks to the sponsors, Barricade Cyber Solutions, we got Threat Locker, we got Delete Me, Anti Siphon and Flare. Good, good friends. Oh, and you know what else? Today is Friday. Almost forgot. We got James McQuiggin dad jokes Friday from 35,000ft. James McQuiggin, you funny, funny man. You let me go grab those because he sent those to me this morning. Are you guys ready? Are you ready? Here we go. The dad jokes today from James McQuiggin are, why does Cookie Monster never worry about his browser history? Because he eats the cookies. Wow. Oh, man. Jimmy brother. Okay, anyway, moving on. What do you get when you cross a hula dancer with a boxer Hawaiian punch? It's. It's a rib tickler. Why can you. Well, hold on. Why can we. Why can you what? I'm having trouble reading this one. Why can you. In. We find any training materials on. On YouTube. Why can you not find any training materials on YouTube for being a garbage man. I think that's what he was trying to say. Why can you not find any training materials on YouTube for being a garbage man? Because they pick things up as they go. You see, because when you watch YouTube, you're any. You know, it's just. You don't need training. You're picking it up as. As you go. Does it scarp? Thank you, sir. Thank you, James McQuiggin. Enjoy your seat. 3B or whatever it is. I don't know. I hate flying. I would rather take a beating than get on an airplane because it's basically the same thing. And then. But at least it didn't last for hours when I got a five minute beating. A beat down from whatever. Let's see. You guys are good. You guys are funny. All right, let's get this. Let's let Steve Prentice do their mid roll stuff and then I'll read through some of your chats and we'll get to.

Steve Prentice

More articles. Huge thanks to our sponsor, Threadlocker. Want real zero trust training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4 through 6 in Orlando, plus a live CISO series episode on March 6. And you can get $200 off with the code ZTW CISO26@zTW.com NIST and MITRE to partner up for AI cybersecurity research NIST has announced that it will partner with the Mitre Corporation on a twenty million dollar project to quote, stand up two new research centers for focused on artificial intelligence, including how the technology may impact cybersecurity for US Critical infrastructure, end quote. One of these centers will focus on advanced manufacturing while the second will focus more directly on how industries that provide water, electricity, Internet and other essential services can protect and maintain services in the face of AI enabled threats. The goal of the project will be to drive the development and adoption of AI driven tools including agentic AI solutions and, and reduce risks from reliance on.

Daniel Lowry

Insecure AI. Well, there's AI you know, it's just a, a daily cyber threat for any cyber security discussion just isn't complete without AI coming into the chat. Right? So AI has finally entered the chat. NIST and Miter doing their thing. 20 million in research on AI cyber security. And that's good, right? That is actually a really good thing. This is a good article. I'm, I'm, I, I'm glad that we're hearing that this is the kind of thing that is happening because for better or for worse, AI is where we're at. It's what we do. It is the new hotness. You're not getting away from it at all. So give up the dream. Let's see here. So they're doing a new research center that will bring government industry experts together together to study how AI will impact cybersecurity in critical infrastructure. Now this is a very pointed article, right? It's very specific. It's saying, hey, we're not just looking at AI in general. We're not looking at AI and cybersecurity in general, but we're looking at AI and cybersecurity for critical infrastructure between the government and private sectors. Bringing them all together. Having some workshopping going on here. We're going to tabletop it. I don't need to subscribe, thank you. Let's see, let's, let's learn a little bit about what they're doing. We want to focus on artificial intelligence, of course, including on how it may impact for U S Critical infrastructure, cyber security. See here. Okay. The AI Economic Security center to secure U. S Critical infrastructure for cyber threats will focus more on directly, will focus more directly on. Not more on, that's funny. More directly on how industries that provide water, electricity, Internet and other essential services can protect maintain services in the face of AI enabled threats. I'll say. Okay, so now we're even further niching this down. This isn't just even specifically against just cyber threats in general. This is specific. We're going to use AI to fight AI. Nothing bad will happen I'm sure. According to nist, the centers will drive the development of adoption of AI driven tools and agentic AI solutions. For those of you that are just coming to the table, you're cyber security looks interesting. AgentIC AI just means that I've given AI agency it has the ability to do things on our behalf or on my behalf. It's an agent acting on behalf of. Right. So go out and find X, Y and Z. Use these tools, build the tools, make the tools, do all the tool thing and it can do it for you. AI does my job for me. Interesting. Anyway, the centers will develop the technology evaluation will develop the technology evaluations and advancements that are necessary to effectively protect U. S dominance. An AI innovation. All right, so so far this is just propaganda. I guess that's cool. I mean we want that. I'm a US citizen so it does benefit me that they would make that happen. Any like but let's can we get some information about this Rebranding the Center for AI Standards and Innovation that mirrored the administration's broader shift away from AI safety issues while prioritizing American competition. Okay, this is an interesting thing talking about. Earlier this year the White House overhauled the name and mission of the AI Safety Institute rebranding it the center for AI Standards and Innovation. That mirrored the administration's broader shift away from AI safety issues while prioritizing American competition with China. Next year NIST plans to make another award for the creation of new AI for Resilient Manufacturing Institute. Okay. A five year 70 million dollar federal investment to combine expertise in AI manufacturing supply chain networks and promote resiliency in the manufacturing sector. Okay, can tell me more right? Without just filling words in Cyber Scoop. I mean we kind of got that from this is what is this going to be one of those articles that tells you everything you need to know in the. In the headline. I hate when they do that. Then they fill it full of filler. Acting this director Burkharth Centers will collectly focus on enhancing the ability of U.S. companies. Yeah, but how are you doing that? You can say anything you want. I want to know specifically what's the plan? Stan? We're going to get together and talk about it. Yeah. Okay, cool. You've. You've made A plan to make a plan. I like. I see where you're going there. It's great. Yeah. It's telling me we're going to bring all of Miter to bear greats. How are you going to bring Almighter to bear? I mean, we did get some specifics with that. AI for Resilient Manufacturing Institute. So the creation of a new AI for resilient manufacturing institute. Five year, $70 million federal investment. So they are investing in that. They're going to invest some money. This was in response to their further questions. We will also be able to full. Also leverage the full range of mitre's lab capabilities, such as Federal AI Sandbox. All right, now we're talking. So that's interesting. I'm not familiar with the Federal AI sandbox, so I'm going to want to look into that. More importantly, we will not be doing this alone. Okay. What is the Federal AI Sandbox? Let's go look that up. Federal AI Sandbox. There it is. We'll drive. Next generation artificial intelligence AI enabled applications for federal government powered by Nvidia DGX Super Pod. Okay, that's cool. I have to learn more on that one. Okay, Cyber Scoop, what else you got? This seems to be a long article. Whoa. And we got more articles. Get to. So, yeah, AI fighting AI with AI. So the AI doesn't AI us for our entire lives. Okay, so this. This does finally seem to kind of get into some meat potatoes. Yes. It's not. Yeah, it's more of talking points. It does have some meat on the bone, but not a ton. Just trying to protect. But how are you doing that agentically? What kind of agents are you building? How. What would be the. You know, I'm not saying give me the exact details, but give me some high level stuff. I mean, come on. Okay. Yeah, great. They're going to try to use AI to better protect us. Thanks for the heads.

FedEx

Up.

Steve Prentice

Next. Next. MongoDB flaw could lead to server takeover this high severity vulnerability, with a CVSS score of 8.7, allows an unauthenticated remote attacker to execute arbitrary code on vulnerable servers through a client side exploit of the server's Zlib software library implementation, which can return uninitialized heap memory without authenticating to the server, end quote. MongoDB strongly recommends users upgrade to a fixed version as soon as possible. A link to the article containing the affected versions is available in the show notes to.

Daniel Lowry

This episode. Okay, we are staring down the barrel of a high severity CVE 2025. You've got that MongoDB. You're probably going to look into this one right here. Billy, we running that? MongoDB? Oh, thank Jesus. Oh, thank you Lord. Anyway, MongoDB addressed a high severity vulnerability can be exploited to achieve remote code executions. This is our second RCE of today. Isn't it wonderful? It is not quite as. It just. It just lost out to the fortinet when we saw. Right? No, no, the. Or was it the digi ever? Yeah, the digi ever. I'm sorry, fortinet didn't mean to besmirch you. So this one is unauthenticated though. Can exploit the issue to execute arbitrary code on vulnerable servers. All right, so there are vulnerable services here or the, the versions, should I say MongoDB? So 820-823- you can read these here. I'll leave that on the screen for you. So if you're running these and it says that these versions here have addressed the issue. So there is a patch. Oh, you gotta patch it, right? You got to do the thing. So if you are running a MongoDB server in any one of these and you have hopefully with these, you, you're good to go. So just, you got to do some updating. It's the way it's going to go. So let's see here now what is causing this? I didn't quite catch it. Oh, you can also disable zlib Compression on MongoDB by configuring the compression options to omit zlib. So if, if you are running a version that has not addressed the issue, maybe that can be your mitigation for right now. Also some firewalls looking for command execution code, that kind of stuff. Probably a good idea. We strongly suggest you upgrade immediately. Do you know? Well, excellent, brilliant, brilliant work. Thank you for reiterating what you've already told me in this sentence. I really appreciate it. Security affairs. I mean this is a little more. Why just give me the meat man. Don't. You don't have to. You don't. You know, I don't need an appetizer. Just bring me the main course. Tell me what's up. Yes, we know that MongoDB is a open source, popular open source NoSQL database used to store all sorts of lovely things instead of tables and roles like traditional SQL database, Mongo source and JSON like documents. Perfect. I'm sorry, did I miss how this is happening? I feel like I did the client side here. It is a client side exploit of the server Zlib implementation can return an uninitialized heap memory without authenticating to the web server can return uninitialized heat memory. That is a problem. That's a real issue. Strongly recommended. Upgraded fixed version. Yeah, yeah. So when they say their implementation of zlib, they're using some library in. In their code. So you're importing a Zlib function into the code that is running the MongoDB service. Right. And that implementation, the way that they made it work, is allowing someone to go, hey, here's some memory. And it goes, cool, I know what to do with that. You run it over here and you tell it to execute. And someone goes, I'm sorry, I say, what? Yeah, yeah. So this is pretty straightforward. Just got yourself an rce. It has a fix, it has a patch and. Or a mitigation if you cannot patch for whatever reason. All right, so check this out. Make sure you go and get that done. It's as simple as that. This is Security 101 right here, kids. You get a flaw, there is a patch, there's a mitigation. You employ and you set up fences to try to block. It's that simple. It's so simple. It's so simple.

Steve Prentice

Moving on. Romanian Waters confirms cyberattack but critical operations unaffected. The country's Water Management Authority suffered the attack last weekend. IT affected around 1,000 computer systems across the central organization and 10 of its 11 regional offices, disrupting IT assets including GIS servers, databases, email and web services, Windows workstations and domain name servers. However, authorities emphasize that operational technology systems managing water infrastructure were not impacted and water operations continue to.

Daniel Lowry

Function normally. Okay, Romanian Waters, it sounds like you're saying that the actual bodies of water in Romania themselves have confirmed a cyber attack. And that actually might not be too far from true if. Just depends on how you. You look at it, right? Because it's critical water operations, so obviously critical infrastructure. It's the second time we're talking about, at least that I can remember. Second time, we're referring to some sort of critical infrastructure that, that can cause a problem. We want to maintain those critical infrastructures in a very secure, nice fashion. Because without that, or if something goes awry, we're talking about possible human life and limb on the line here. Got a frog in my throat. So let's take a look here. Does it is. Here's. Here's the real question. Are they going to tell us who did this, how they did this, when they did this, or why they did this? Let's see. So it did tell us that it was over the weekend. So we got when and it was ransomware that hit it. Okay, cool. I wonder if we'll find out who the threat actor was and what their. I mean ransomware. They want money, we know why they did it. Now as soon as you hear the term ransomware, you're like, oh, they just want that. Do me, they want that. Chang chan, chang, give me that moolah or will, you know, shut your water supply off. That sounds fun. I guess that's not how it works. They're saying, we'll keep your files. According to the National Cyber Directorate, an incident blah blah, blah, blah. Thousand computers systems across the Central organization and 10 of its 1111 regional offices. The attack disrupted IT assets, GIS server databases, emails and web services. Windows workstation and domain name services. So that is just. This was pretty bad. That's pretty bad right there. It seems like when the attackers got in, they were able to move about the cabin with impunity. They just did whatever the heck they felt like at that point. It was like, oh, you're in, then you're trusted. Enjoy. Right? This is why we do zero trust is it doesn't matter whether you have authenticated or not. I still don't trust you. I'm going to make you re authenticate, I'm going to make sure. And then of course setting up network boundaries and like it should not be easy to pivot and bounce around with inside of someone's network, including your own. It should be difficult unless absolutely necessary. Authority stressed that operation technology systems managing water infrastructure were not. And man, we need to get my call come up in here, man, because there's obviously some stuff going on with OT right now. They are being targeted ransomware attack on several workstations to the belonging to the national Romanian Waters Administration. A number of water basin administrations in the country, including names I can't say. This cyber incident, approximately 1,000 IT&C systems were compromised. That's a lot. Windows workstations, Windows servers. Okay, yeah, we got that already. You don't need to reiterate, just I gotta start writing my own articles apparently, because once I tell you something, I'm not going to tell it to you again. Just with slightly more detail. I'm just going to give you the detailed version of it and call it a day. I don't know if you guys picked this up, but when I read Tech News I'm constantly like swearing at the thing going, what are you doing? Just tell me. Technical teams. Well, okay, I'm looking for anything that's like useful. Authorities have Started the process to integrate it into CNC security platforms which use advanced technologies to protect critical public and private it. Well, it's a little late for that, isn't it? Government experts are investigating. The INF incident confirmed the threat. Hackers used Windows bit locker to encrypt systems. They use their own system. That is crazy. They're like, yeah, I don't have to put some actual, like my own code on here. Bit lockers running all these window systems. Just use that. The attack vector has not yet been identified. It doesn't mean they don't know what it is. They just aren't telling you. Let's see. They've been told not to contact or negotiate with ransomware actors to avoid encouraging the funding of cybercrime. We do not negotiate with terrorists. A holes. Yeah. Restore IT Services. This were backups, right? You need your backups. If you don't have backups, are you giving attribution here? In early December, cc alongside with FBI, nsia, Europol Pro, Russian hacktivist groups such as z Pen, Test, Sector 16 no Name and Cyber army of Russia Reborn are actively targeting critical infrastructure organizations worldwide. So we don't know which one those were, but it could be one of those, as it seems to be Russian. Great. I hope they get it cleaned up. I hope they get it fixed. Hope they got good backups that did not get. Oh, my goodness. What's the best practice on ransomware these days? Modern Rogue is asking. The hospitals just have to suck it up and pay. Cyber insurance is typically the way you go. Your cyber insurance kind of deals with it for you. They tell you what to do, you do that. And yeah, a lot of them just pay. Not the full ransom. Typically. They negotiate a ransom, they pay, you get unlocked, you're. You're back in action. But yeah, doing that just encourages them. But they've really got you by the short and curlies. By. I'm going to be honest, right. They, they, they've got your data. If you do not have a good backup, you are. You are in Hosedville population. Uh, all right, last article. Let's do it. I'll do this first. I'll.

Steve Prentice

Do this. Microsoft wants to replace its entire C and C code base by 2030. Writing in a LinkedIn post, Microsoft distinguished engineer Galen Hunt said his goal is to, quote, eliminate every line of C and C from Microsoft by that year, end quote. The goal of this project is to, quote, evolve and augment our infrastructure to enable translating Microsoft's largest C and C to rust, end quote. The Company has established an AI processing infrastructure that enables it to apply AI agents guided by algorithms to make code modifications at scale. Hunt's post also points to a job ad for a principal software engineer who is be expected to work on the tools to make this happen. There will.

Daniel Lowry

Be no okie dokie. Last of the day here and we've got Microsoft going. You know what? Coding's dumb, especially when it's in C and C. What's hot is that Rust memory safe. It's so nice when it goes down. It's just like, it's like when you crack that first natty ice. It's been sitting in the cooler. You ain't touched it, man, it's chilly. It's got those little, those little chilies in it, you know what I mean? Where it's like little, little pieces of ice not fully frozen over, just little pieces of ice floating. And then you take that first tug and you're like, ah, so refreshing. So, yeah, looks like they're moving on to Rust. They're going to use AI to make that happen. They need one new developer because, yeah, AI just does it all for you. Right? Well, that's just fun. Thanks, AI. I appreciate all the help you do here. So they want to move to Rust and it says. And is hiring people to make it happen. Did say it was hiring more than one person. Our North Star is one engineer, one month, one million lines of code. Okay. Our strategy is to combine AI and algorithms to rewrite Microsoft's largest code bases. Our North Star is one engineer, one month, one million lines of code, a job ad for a principal software engineer who will be. So this is, this is where you get to, like, when you start talking about AI, the words force multiplier tend to come out a lot because it does seem to be quite a bit of that. Whereas most of us realize that if you try to get AI to build some things, you just vibe coding stuff. It, it can do some things. It's usually not phenomenal. So you still need to be a software engineer to, if you're going to vibe code things so that you can correct it along its way, kind of steered in the right direction, make sure it's doing all the right things in the right ways. But whereas in times past, what we, what Microsoft would have done is they would have hired, let's just say, for the sake of an argument, 30 software developers, let's just say that that's, that's the case now, they hire one and it steers the AI to do the work of 29 other coders. Right. So it's, it's not taking a job. There was no job to be had. It's a, it's an evaporation of jobs. We don't, we don't need that anymore. That role is gone now. Those, those coders have to go off and either start their own businesses or find a new line of work. Right. So that's kind of how that goes. So they're, they're saying, you know, AI jobs will come up. I guess this is an AI job. But it's, it doesn't seem to be a very good ratio of, you know, just, just kind of going down that rabbit hole for a second there. Because we're seeing it right here. That one coder, one month and one million lines of code combined with AI. Let's see here. The purpose of this role is to help us evolve and augment our infrastructure to enable translating Microsoft's largest C O. Wonder why they're doing that. They haven't said yet. I haven't seen it. Maybe I just missed it. We're almost out of time. Let's see here. We build a powerful code processing infrastructure. Our algorithmic infrastructure creates a scalable graph over source code at scale. That sentence makes a lot of sense. Our AI processing infrastructure then enables us to apply AI agents guided by algorithms to make code modifications at scale. Whoever gets the job. Whoever gets the job. So yes, it is one person that they want doing this engineering group. Okay. Build capabilities to allow Microsoft and our customers to eliminate technical debt at scale. We pioneer new tools and techniques with internal customers and partners and then work with other product groups to deploy these capabilities at scale across Microsoft and across the industry. Unlike C and C, Rust is a memory safe language, meaning it uses automated memory management to avoid out of bound reads rights and use after free errors. So it's avoiding security issues that are typical encoding that allow for like buffer overflows and that kind of stuff. Let's see. Call for universal adoption of memory safe languages, especially Rust, to.

Steve Prentice

Improve.

Daniel Lowry

Software. That. That is true. Statement. Everybody just want. This is a big Rust propaganda piece right here. Just you know who is the best language. It is Rust. Rust is the best. Every other language is horrible. If you don't use Rust, you're stupid. At least that's what it seems to be saying. This is what I'm getting out of this article. The Register is telling me anything other than Rust is awesome. Okay. This is a big job that we only need one person in AI to do. Okay. Oh, there's the price range. You want to pay someone $140,000 at. At the low end to do this? That's quite a range. That's over $130,000 in price range. Are you really going to hire someone who is at the low end of your price range? Just put a flipping price on it. Oh, my goodness. Just say, hey, man, this is a tough job. You're going to be the only person doing it. It's. It's 275k a year. How's that sound? Plus bennies, bonuses, whatever else you're gonna do, right? Come on, man, don't be like that. Well, there we go, kiddos. We read the news today. It was fun. But guess what? We've got some jawjacking to do. That's up next. That's where you guys get to ask me those questions. We get some answers. I don't know how well I'll be able to answer, but I'll do my very well best. It'll be a lot of fun. All right, so let me run this little intro here, and then we will do.

Jerry

Some Jawjacking. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field Lies live, unfiltered and totally free. Let's level up together. It's time for.

Daniel Lowry

Some Jawjacking. Well, hello everyone, and welcome to Jawjacking. This is the portion of our show where you get to ask me the questions. I almost went Irish there. This is the portion of the show where do you get to ask old Danny McFlanigan a question or two. Let's see. Let's get the chat going on up in here. What do you guys got going on? Wow. Sad times. Not even a full year. I'm just reading you guys this post, so if you do want to ask me questions or you want to have some fun, be a part of the conversation and you have something interesting to bring to the the topic here. Make sure you put a big Q in front of your question. Maybe. Or maybe a few of them. A few of them usually works really, really well. That really pops, so it helps me see them in the chat. I'm actually going to bring the chat up onto the stream so we can see that. There they are. There you guys are. Tech Grunt says it's time for the nerds to assemble. Let's go. That's right. It is indeed. Hope everybody had a great weekend. I hope everybody had a great holiday time. You got some good gifts you hang out with loved ones. You spend some time with the old famous. Hopefully not yelling at each other. I like to be an AI doom and gloom dude. And I start telling everybody how AI is horrible are going to wreck our lives. I'm like, I'm just going to become a luddite in the woods. Let's see here. Nerd reporting for duty. Well, thank you for showing up. Find the true. We know we can always count on you to be a part of the. The solution, not the problem. I have an eyelash in my eye. It doesn't feel good. So. Yeah, yeah. What's going on? So let's start talking some of that cyber. I don't have any panel today. It's just me. But that's cool. We do what.

Steve Prentice

We.

Daniel Lowry

Do. We. We do the best we can. We got to get those. I don't know how many of you guys are actually watching today. I don't have that information up. Does it tell me that? I don't think it does. Yeah, I don't see it anywhere. So that's cool. What'd you guys get for Christmas? You get anything good? You get a cool tech thing? I saw a couple people on Discord said that they got some fun stuff. I saw someone got a URT USB device. I'm actually thinking I need to get some more. I'm. I'm going all in. I'm pushing my chips in the middle on hardware, hacking again. It's so much fun, right? It is just really, really cool and enjoyable to do. So I'm gonna get me some. Some kits. I need to get a hot air gun so I can start to D chip things. I want. I need to get a chip programmer. I got to get a few things myself, so that should be fun. I did get a question here from Eric McClelland, says any gets any get something amazing for Christmas. They need to share with everyone. Yeah, same question here, right? I didn't read it before I clicked it, so, yeah, that's the question we're at. What did you get? Modern Rogue got an.

Jerry

Ember.

Daniel Lowry

Mug. Cool. FedEx says no panel. I need to fix that. Yeah, let me. Let me get the. Oh, man. I don't do this enough to. Oh, there we go. Invite guests. I can bring you on, my brother. Let me copy that link. I'll hit you up in discord. Where's my FedEx? Faux FedEx. All right, FedEx, I'm sending you the link based. There you go, bro. All right, so let's see what else you guys got. Going on here. FedEx says he got a T shirt. Oh, Marcus Kyler got a stand, desks and a. And a monitor attachment for his laptop when he's not at his desk. That's cool. Cool stuff. Somebody asked me how many monsters I get. There it is. Oh, it was Dan Verdict, the haircut fish himself. How many monsters did I get? I got three. I got three. And two of them were good. I did indulge. I hear I'm here to confess my sins. I did indulge with that. What are you gonna do? I had to have some. They were tasty. And it's Christmas. Somebody got a Roku stick. Oh, it was Carrie. Carrie got a Roku stick. Very cool. Made that dumb TV into a smart one. Dang. Right? Now all the ads can be sent to you. Thank goodness FedEx has been summoned. The wizards began chanting. Yeah, but don't forget your questions. Have. Do you have any questions? You have any. Any other cool things? Like, let's start. You know what? No. Christmas is now past. Let's start thinking about New Year. And with New Year comes New Year's resolutions. That's right. Gotta have some, hopefully. And I think that they're good. A lot of people don't like New Year's resolutions. And for a long time I never did them. But I think they're good now. Because even if you're doing the same ones over and over again, at least you're making a plan to do it. And the more you try, the more likely it is that you'll succeed. So I. I applaud anyone with New Year's resolutions. So if you have New Year's resolutions, throw those in the chat. Let's see if we can. If we can help each other. Go, hey, I'm going to do this this year. I want to do X, Y or Z. What's your New Year's resolutions this year? For me, obviously it's going to. Going deep into hardware hacking. Yeah, I got the new job starting very, very soon. And so that just going hard in the paint with that. That's the New Year's resolution. And your boy, Daniel. Listen here, man. Unfortunately, I am not in the greatest of health at this point. I have let things go a lot and that needs to be remedied. So I know that's probably a very typical New Year's resolution. And the gyms across America will be filled. I have my own workout equipment here in my studio. I just need to get back at it. I need to. I have all this, like, shoulder issues and Those shoulder issues can cause me problems. Bringing in FedEx. There's my man. What's up, FedEx? How you.

FedEx

Doing, brother? Good morning. Can you hear me loud and clear.

Daniel Lowry

Or no? Oh, you.

FedEx

Are loud. I. I try to work a little bit on.

Daniel Lowry

This microphone. That's okay. You're good to go. You're very clear. Loud and clear is definitely what we're getting from FedEx today. So how was your. How was your.

FedEx

Holiday, brother? Is it still appropriate to have Christmas? You know, it was quite a strange, actually. I slept, I believe, probably about 18 to 20 hours, which was amazing. So that was a good thing. That was a good thing to have a Christmas sign in the house with PJs, the kids, you know, it's all about then opening those gifts and having fun. And just when they opened that gift and saved for mom and dad, and I was like, huh? I bought that. I mean, the wife. The wife is in charge of wrapping those things. I pretty much just say yes from daddy.

Daniel Lowry

And Mommy. Nice. Yeah, it's always fun when you got the kids. That's what really makes it awesome is to see them open something they really, really wanted and be like, oh, yeah, we got our kids the Marios. We have to get Mario Deluxe. They loved it. They were up playing, just having a great time. So they, they really enjoyed that. My son got a new, like, he's five, so he got a power wheels tractor with a, with like a, a front loader. Oh, yeah, yeah, he wrote it and he rode that joker till the battery died and then went, daddy, my battery's dead.

FedEx

I went. So what I'm hearing is you're gonna go get a convertible kit and pay and put an 18 wheel, an 18 volt battery, DeWalt system to actually transform the battery and give it.

Daniel Lowry

More power. I don't know what you're talking about, but I can either confirm nor deny that you already occurring. Yeah. Oh, we do have some good questions. Here's one from the Haircut Fish. Going into the new year, is there anything you want to focus on? Is it something new or something working on something or you already know to know it better? That's A good question, FedEx. What you working on.

FedEx

This year? Well, this year I got my cissp and I say, okay, that was my goal for this year. I think my goal for 2026 will be starting my master's and continue, actually my education. So I definitely want to take advantage of the new company paying some money towards education. And that goes to everybody. If you are in a company that they give you reimbursement, that they give you opportunities to go, go, take it, make the time. The reason why I say that is because the more you know, the more valuable you become in the market. Not necessarily. It might not help you for the current job, but you just never know how the situation can change on a blink of an eye. And if the more you have, the more ready you can become, the more knowledgeable. I mean, honestly, in this industry, it's a never stop learning opportunity. We always learning.

Daniel Lowry

Something new. Yeah, no doubt. And along the same veins as Haircut Fish, Blood Sweat and Rage asks, got any personal projects planned for the new year? They want to set up a VPN on their router and a pie hole. That's a great little project you got going on there. I do have a project in mind for this year coming up. I want to build a purposefully vulnerable firmware for ESP32. Yeah, yeah. It's a lofty goal. Like I'm going to have to learn how to do firmware at all and then make it vulnerable. And that way anybody that has like an ESP32 dev board, you can just upload it and then you've got an IoT device, quote unquote, that you can hack on and have some fun with. So it makes it cheap and easy. That, that's my thought process anyway. I don't know how feasible this is because I'm just starting to work on it, but that's my goal. I think that would be really cool and a lot of fun to work on and give to the community is something that people can project very cheaply and pick up a new.

FedEx

Skill set. So I know what you can do. You can tell Copilot to write the code.

Daniel Lowry

For you, but then I don't.

FedEx

Learn it. But it would.

Daniel Lowry

Be burnable. Oh yeah, I sure would. You got me there. That's funny because yes, that is true. Tech Run says he's got some stuff he's doing. He said he's already started on his New Year's resolutions, pen test plus and SLISA plus in 2026. You got this, bruh. You got this. What else is going on here? Haircut Fish says he's gonna write more blog posts, make some video content, speak at conferences. That's another thing I need to do this year is get on a conference. Maybe, maybe, maybe one of our local B sides would have me. I gotta come up with a talk. I've, I've got an idea.

FedEx

For one, but I mean, don't get Me wrong. They. They had those talks that. Where we just show up and talk too. So you can actually entertain us a public.

Daniel Lowry

In there. Yeah, yeah. And that's a, that's a really good one for all of us honestly, is give a, give a talk. Go to a group, start a group if you don't have one, right? Carrie says I can hear FedEx all the way in Texas. Your mic is, is very clear. It's very good. Just leave it alone though. Don't worry about it. It's good. That's a good thing at least. Okay, here's a. Here's a question from Dominic, Dominic LaPlante. What do you think about San Sec 504? It's expensive. I don't remember which one Sec 504 is off the top of my head. Let me go looking at that San Seco 504. I want to say it's the pen testing one. Hacker tools, techniques and exploits.

FedEx

Offensive operation pen testes and red.

Daniel Lowry

Teaming training. Yeah, it's basically their, their bread and butter pen testing course. I've never taken it. Listen, if it's from Sans, it's most likely very good. It's just extremely expensive. And you got to do a bunch of like, you can do things like volunteer as like a TA so that you can insanely reduce the amount of price, but it's still expensive and you got to work while you're sitting the.

FedEx

Class. So. Yeah, I'm not gonna dunk. I'm not gonna dunk on them either. I'm not dunking on that either. It's good material. They got great, awesome trainers. But you can also get a lot of the training for pennies on the dollar sometimes that will teach you pen testing. That will teach you red teaming. And you know, if you got a company that's gonna pay you to go there, if you got somebody that's a sponsor, you go take it, go full board. If you're gonna cost it out of your own money, that's what I draw the line. Because I mean, I know that I can probably spend that money a little bit more wiser and get more out.

Daniel Lowry

Of it. Yeah, I agree. 100% is exactly what FedEx said. Is that, yeah, it's going to be great training with a great instructor. There's no doubt. But it's the law of diminishing returns at this point. It seems where you're paying so much more money for training you can get that's pretty darn good. If not almost as good, if not as good. You know, hedging my bets here for way, way, way, way, way, way, way, way, way, way, way, way, way, way less. So if. If you are getting sponsored, if you're. If your organization or whatever is paying for it, by all means, go grab it. Because then you get to say, I did sec 504. Awesome. If not, if you don't have that, dora me. Hey.

FedEx

I know.

Daniel Lowry

All right, she can't hear me. She can hear me.

FedEx

Now. Hi. What.

Daniel Lowry

Do you. What do.

FedEx

You got? What is your plans for 2026 when it comes.

Daniel Lowry

To hacking? I wanna do more stuff like tournaments and I wanna do.

FedEx

More challenges. And. And what is that you like about going.

Daniel Lowry

To.

FedEx

Conference? Soldering. Soldering. See, there's little tools. There's little things that we can start. The kids, I mean, most of you guys had actually seen and know Miss Hannah right here. She loves going to conference, she loves doing Saturday, she loves doing lock picking. So that's something that you can invest on the little ones so they can become and have a career in.

Daniel Lowry

The future. Yeah, totally agree. That's a, That's a great point. And I think that we should be making our conferences very kid friendly so that they can get into it, they can enjoy it, and it's fun for us. It's fun for us to watch the kids have fun. Kind of like opening presents on Christmas morning. It's fun to watch Hannah over there with her soldering iron and put something together and go, look, I built my badge, I did the thing, and now she's interested. So that, that could be good if anybody out there has come up with some kid friendly talks even that they would enjoy. Bye, Hannah.

FedEx

Great question. And.

Daniel Lowry

You got. Thanks for.

FedEx

Bringing her. Merry Christmas, you.

Daniel Lowry

Filthy animals. You filthy animals. All right, we got about 10 minutes to go and then I gotta cut out for get ready for Cybercast irl. Trying to save some of the vocals here. All right, here's. Here's a question from Qu. Janog. Bibbins. Gibbons. Gino. Gino Gibbons. When you're reading it all together like that, that's fun. Says he wants to build a budget home lab for differ.

FedEx

Any recommendations? Yes, you can grab an I. You can grab an Android phone that can cost you 10, 20, and start going and do forensics on it. You can grab a laptop, Windows 10, Windows 95, whatever laptop you can find at a Goodwill home, start doing forensics on it. In fact, if you find one, an actual like a secondhand store, go try to see if you can see what they didn't wipe properly out of the hard drive. Now, responsibly. Okay, there's the keyword right here. Responsibly. Because you might not know what they had left in there and you might come across on information that, you know, it might be important to someone. So this is where your ethical hacker had come saying, but I mean, how many times we actually seen laptops? I have a laptop right there that someone was going to throw away because they didn't turn on. And I was like, I'll have it when I have time on it. I'm going to crack it open and I'm going to see why it didn't turn on. And if I actually can get into the hard drive, guess What? It's a MacBook M2. 2022. I mean, it's like two or three years old. And they say, if you can make it work, it's.

Daniel Lowry

Yours. Exactly. That's a good deal right there. I'd buy that for a dollar, as they say. Yeah, really great stuff. I. I would also recommend checking out. You can look up. There are some DFIR challenges, and you can do it in virtualization and things of that nature. You can mess around with autopsy and stuff like that. Just get handy with the tools. Do some file carving, Play around with this memory dumps. You can go find memory dumps online that can allow you to look through the memory and look for sensitive information. Follow the bouncing ball. That's the idea behind dfir, right? Is to be able to say, here's where the attack began, here's where the attackers were, here's what they did, and then recreate that story. That's going to really be your bread and butter. It's cool to be able to use the tools, but the tools are to enable you to be able to do that. That's what DFIR is for, is so that you can say, here's the attacker, here's where they came from, here's how they gained access, here's what they did while they were in there. Here's how we're exposed. Here's how it affects your business. So, Guiding Star, there is.

FedEx

A channel in Discord Place called Daniel Larry's Discord where you can actually post your. Your findings. So like, like you actually write up because a report, apart from the. Apart from the dfir, the report is what actually makes the most important value to.

Daniel Lowry

The business. Yep. True story. True story. Cool question. Good question. This one is one I'm not going to be able to answer, but I'll say it anyway because you asked What's a good first project for a Lily go CC 1101? Plus, I am not static.

FedEx

With that. You can, you can, you can you confirm. You can, you can write in that Lily go on my statics and create your own.

Daniel Lowry

Mystatics system. That's cool. So there you go. Got your marching orders. Mesh tactics. Mess tastic is now it is meshtastic Mesh tastics. Yeah. Booyah. So yeah, that'll be full. That'll be kind of fun. You can mess around with that relatively cheap device though I have seen these Lily Gos become much more popular lately. I'll probably want to pick one up my own self. So really, really cool. Good, good question though. And thanks for helping. Maybe there were some people out there who go, I don't know what this is. I want to go look at that and check that out. You can do a lot with it. It's kind of like a. From what I understand, it's a bit of a. A poor man's Flipper zero kind.

FedEx

Of thing. No, it's more like an off grid.

Daniel Lowry

Communication system. You do not need the Lily.

FedEx

Go device. Oh yeah. Oh yeah. I mean you can.

Daniel Lowry

Actually do. Yes.

FedEx

You can.

Steve Prentice

You.

FedEx

Can. If. So I do have a friend actually. I'll post a picture in your discord at some point. But he actually built it on a Lily go, which is 15 $20. Pretty much flipper zero hacking. Like he put the big antenna and he got more range than my Flipper Zero to knock out the. To do a wireless, you know, like actually congested a wireless system. It just. It was.

Daniel Lowry

Pretty cool. Yeah. I'm looking at it from Lilygo right now. The T Embed CC 1101 is $54, but that's still insanely cheaper than a Flipper Zero or.

FedEx

The Pineapple. The hacked Pineapple. That's already.

Daniel Lowry

Went out. Oh yeah, I saw the WI fi pager, the Pineapple pager or whatever. Have you seen.

FedEx

That? Yes. We got a couple people here in the chat that has that already. So I'm expecting them to actually get some opening videos and start showing us what they can do with that because it looks so cool.

Daniel Lowry

So retro. Yeah, it does. It's very cool. And you got to get the yellow colored one so that you can feel like you're Johnny Lee Miller.

FedEx

And hackers. Pager.

Daniel Lowry

Pager, Pager. Yeah. So this t embed cc1101 does pn532 NFC, RFID i2c transceiver module. This is a really cool piece of gear. I I might want to get my hands on one of these things. All right, well, haircut fish.

FedEx

You need. You need a 2026 resolution. You need is either going to be the lily. Go the hardware, tech testing. I mean, come on. We need to pick one and stay.

Daniel Lowry

With one. Why? We don't let that ADHD go wild. That's right. You gotta let it run wild. It's like. It's like the Hulkster, right? What are you gonna do when my ADHD runs wild on you? For those of you that get that reference, it's time to schedule.

FedEx

Your colonoscopy. Yeah, I went to the. I went to the eye doctor right before Christmas, and the doctor say, well, next time you go to the dmv, your right eye might fail. And that might be the time where we need to put you.

Daniel Lowry

On bifocals. Yeah, dude, I'm getting to where I'm like, people like to go check out my phone. I'm like, hold up. You can't. You can't just put it in my face like that. I cannot see that it's gonna. I can't. So I can. I can do it. I can see that closer. Far away. I just have. It takes forever for my eyes.

FedEx

To focus. Yes. And that's what the doctor was saying. The closer. The old. You got muscles in there, the closer you get, it gets difficult to actually focus in. But the older you start getting, those muscles start relaxing. So then you need to make more effort. And that was like, okay, so what that means. And that means. Oh, don't worry. Next time you go to your DMV license, you're probably going to have to. You're probably going to have to fail. Going to probably have to mark it that you now need to dry with glasses. And then that will be around the time that we need to put you in bifocals. And I was like, Yeah, I wasn't happy.

Daniel Lowry

About that. I feel all. Wes, Brian is asking if I'm looking at the floor yet, because I used to catch him all the time, and I would give him something like, hey, Wes, can you look at this for me? He's like, yeah, let me take a look. I'm like, what are you looking at, your shoes? He's like, no, I gotta.

FedEx

Look.

Daniel Lowry

Over there so I can see what's going on. Yeah, that's super funny. I've always busted for that one. All right, looks like we're right about time. Hulk hog tech grunt got the Hulk Hogan reference. Let's see here. So haircut fish added the some DFIR links to. I want to say he did it in the Cybercast irl. Let me check that just to.

FedEx

Make sure. He got laziness to have.

Daniel Lowry

That.

FedEx

Problem.

Daniel Lowry

Okay. Phil. Yeah. There's Haircut Fish right there. Booyah. So, yeah, cool stuff, cool stuff. Lasik. I. I want to get Lasik. Oh, there it is right there. Yeah. So Haircut Fish put the DFIR labs in the Cybercast IRL discord under the blue team study, Blue Team help channel. So there you go for everybody that's checking that out. What else we got going on before we call it a day? Well, before I have to go and get ready for.

FedEx

Cybercast irl. So what can we expect today in Tech? Next news is, is the night.

Daniel Lowry

After Christmas. Why do you think I gotta get out of here right now? Because it's 9:30 so I can go find an article for me to do. Tech. I don't prepare for Cybercast IRL or Technex. It's all impromptu off the cuff. So I.

FedEx

Don'T know. Well, there you have it, children. We gotta go and raid.

Daniel Lowry

Daniel channel. You gotta raid the channel so we can see what's.

FedEx

Going on. And it's gonna be a special one because it's the last one of.

Daniel Lowry

The year. That's right. It's the last one of.

FedEx

The year. The Last one.

Daniel Lowry

On 2025. It was fun. We had a good time, right? What are you gonna do? It's over 2026. I wonder what 2026 will bring. I'm sure only good things. Hey, I'm already starting it off pretty good new job. You got a new job. You got CISSP going on. You're working on things. I think, I think this is going to be a banner year for us kids. I hope it is. I hope we have a great time in 2026. And I'm looking forward to seeing you.

FedEx

All there. And we're looking for a new timing of Tech News because I mean I heard, I heard a little bird told me that it's gonna change hours.

Daniel Lowry

Of schedules. Yeah, we're gonna talk about that. So you gotta come and show up. We're gonna need some, some input from you good folks out there. I want to talk with you guys about the future of Cybercast IRL and after dark. So you're gonna have to come check us out in about 30 minutes. With that said, like I said, I gotta go. I gotta get ready for that show. Thanks everyone for watching today. Thank you FedEx for joining me on the panel. I appreciate you and I hope everyone has a great rest of your day. And hopefully we'll see you over there at Cybercast IRL at.

Steve Prentice

10.

Daniel Lowry

O'. Clock. Well, let me get rid of this thing. I don't need the chat anymore. Hit this. I gotta hit that. Outro. That's right. Until next time, everyone.