🔴 Dec 30’s Top Cyber News NOW! - Ep 1036

Sarah Lane

Foreign.

Daniel Lowry

Everyone. And welcome to the Simply Cyber Daily Cyber Threat Brief. I am your host today, filling in for Jerry as he is out on vacation. I'm Daniel Lowry. Welcome. This is going to be a good time had by all today. At least that is what I hope everyone's doing great. Hope everyone's doing well. I am still getting over a little bit of sickness, as you can hear. I. I typically have a decently based voice, but right now I'm. I can reach the bottom because, you know, and then the, the germs get into whatever is in your vocal cords. It's. It. It makes you have a really nice deep based voice. So I'll use it as much as I can until it runs out, but it'll be a lot of fun. Thank you for joining us, everyone. A lot of cool people in the chat already. I saw Phil Stafford in the house. Who else did I see? Oh, there's Sean Sailors, ad tech. Right, Ad tech is there. Who else? Grady. I see Mando Avila. I see Tech Grunt. My boy. What's up, tech grunt? Cyber KV Marion J122. Don't you love it? Because I. I don't. It used to be that it seemed like YouTube allowed your. Whatever your screen name was. You could change it to something that was a little more readable and usable. But now I'm just seeing like the. Whatever you actually created at the other end. I don't know why they changed that. I've noticed that that's been for like the last couple months now. It's really, really weird. But anyway, thanks for joining us, everyone. We've got a lot of great people, like I said, and hopefully we're going to have a great conversation. If you're wondering what the heck is this thing, maybe you're a first timer. If you are, by all means, let us know that you're a first timer. Drop that. I don't have all the cool sound effects and everything that Jerry does because he's got his own little setup, but we'd still like to know, we'd still like to hear from you. So if you're a first timer, drop that in the chat. If you typically are just lurking around, hey, just pop up for a second and say, hey, I'm here. How's it going? It's good to see everyone. So, yeah, definitely, definitely do that. Let me get my little things to do list here. So let's make sure you guys know exactly what's going on here. Like I said, if you are new to the show, you might not Be aware this is Cyber Security podcast where we talk about cyber security headlines. We go through those every day. The top ones that come out in the CISO series headlines. We'll take a look at that momentarily. Today is December 30th, so if you are wondering what day it is, it's Tuesday, December 30th as a matter of fact and we start this little shindig at around 8am Eastern time. And the cool thing about it is is that's a bit of an op ed. We read headlines, we kind of go through the article really quickly. We give you the unfiltered, unfettered reaction to said things. I have not pre read these articles. The most I've done is just get my start and stops for the CISO series thing so that I know when to turn up the the audio on there. But other than that I have no idea what's going on here. No. We may get lucky a time or two and I'm sure it will happen where the headline is a basically all you need to know about the article that does happen. But we're going to go through that. And the cool thing about that whole thing is at the end of this episode you will have earned half a CPE credit. That's right. Don't say we never gave you anything. Right. So that'll be great. So make sure you keep your eyes on that kind of stuff on what's going on there. A lot of people like to comment to make sure that they can prove that they actually watch this episode. So if you, if you're really into those CPEs, make sure you put a comment there and then you can say no, no, no right here. It's in the chat replay. I commented, I was there, saw the whole thing. All right, with that said, I am going to jump us over and let let Jerry do what Jerry do best, which is keep his own lights on and he's going to do a little ad read for us. So give us a second and we shall return after a word from our sponsors.

Jerry

Want to give Some love to fortify 365 the Microsoft 365 configuration solutions from Barricade Cyber Solutions. Barricade Cyber Rock brings you all the knowledge in the incident response form, but they are also quite adept at helping you configure and set those protection controls for your M365 instance. Go to fortify365.com today to talk to Eric Taylor and the team over at Barricade Cyber and make sure that you are taking full advantage of all the configurable security controls that you have in your M365 instance. Fortify365.com today also want to give some love and some shouts to Anti Siphon Training Holla holla holla at Anti Siphon Training, the group that is disrupting the traditional cyber security training industry by offering high quality cutting edge education at a discounted rate. For so many people out there, their rates are insane. Some of their courses free or pay what you can. It's amazing. Go to AntiSiphone Training.com today, check their upcoming live training, their on demand training, government and military discounts. I mean it's absolutely crazy. I love it. Maybe not government and military discounts. I made a mistake. They've just aligned their training to the NIST. Nice framework. Also pretty awesome. Thank you anti siphon training.com and of course as always we've got Threat Locker kicking it. We'll hear from them and then back to the news. I want to give some love to the daily Cyber Threat Brief sponsor Threat Locker do zero day exploits and supply chain attacks keep you up at night. Worry no more can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about about how Threat Locker can help prevent ransomware and ensure compliance. Visit threat locker.com daily cyber.

Daniel Lowry

Man, that Jerry sure does know how to read an ad, doesn't he? I wish I had advertisement money just to send to him so he could read an ad for me. But hey, you know that's not the way it is. Oh man, lots of good stuff. Well, okay, now that we got that out of the out of the way, it is time for us to jump into today's headlines and see what is going on. Let me do all the things I need to do so that we can make that happen. First of all, let me share my screen with you. Booyah. And get to the one that I like to show. And let's get to that CISO series.

Sarah Lane

From the CISO series, it's Cyber Security Headlines. These are the cyber security headlines for Tuesday, December 30, 2025. I'm Sarah Lane. Coupang recovers laptop allegedly thrown into river South Korean e commerce giant Coupang says it recovered a MacBook Air allegedly used by a former employee who leaked customer data after the device was weighted with bricks and thrown into a river in an apparent attempt to destroy evidence. Coupang says forensic analysis shows the employee accessed data from about 33.7 million accounts and. And retained information from roughly 3,000 users with no evidence of data being sold. 685 trillion won voucher compensation plan during its investigation Trust wall.

Daniel Lowry

Well, thanks, Restream for dropping the connection momentarily. That was always the Restream. So great. I just love it so much. Excuse me. There's that little bit of sickness, right? But. Okay. Okay, we got our first article here today. Let's jump into this bad boy. So somebody thought that they could get away with stealing. They did. And I mean, it seems reasonable that sticking your laptop in a bag with a bunch of bricks in it and chucking it in the river like you're some sort of weird digital Dexter would. Would work, but apparently it did not, because they found this laptop. I don't know how they found it. Let's see if we can find that in there. Find the truth says microwave must have been broken. Yeah, there seems to be better ways to destroy a laptop than chucking it in a river. But hey, I'm sure this person had this all planned out, and this was just a. A crazy coincidence that they were able to find it. Okay, so they're investigating an insider data breach. By the way, fun fact. Insider threats are one of your more difficult types of threats to account for, because by nature, you have to give them trust. That would be like scattered spider going, hey, can I just have access to some part of your system and I'll do work for you while I'm there? And you go, well, I mean, if you're gonna do work, I guess so, but I don't know that you're scattered Spider. I just think you get the idea, right? Like, because when you get. When you hire someone, you give them access to your systems, you have to give them some level of access and trust. There is. It's. It's like dating, right? You have to put your heart out there if you're gonna find the right one. And that can mean your heart gets broken. And apparently. What was the name of this company? Coupang. Coupang Got their heart baroque. They should not have swiped right on this person because they smashed their laptop after they stole a bunch of stuff and put it in a can of canvas bag, weighed it down with bricks, and chucked it in the river. All right, so Coupang is South Korea's version of Amazon. They have faced wide widespread criticism in recent weeks following announcing after announcing in November that the Personal details of 33.7 million customer accounts had been compromised by a former employee. What kind of employee was it and how. Like what level of access did they have? That's what we'd like to know. That's the real meat of the story here, kids. Responding to the continued misstatements that coupang was conducting an investigation without government oversight, the company revealed the details of the ongoing probe and announced the voucher scheme worth 1.685 trillion. Wong still pretty hefty. A little amount of money there at $1.18 billion to compensate affected individuals. Company said it was fully acknowledging its responsibility for the recent personal informational leak with Harold. Okay, blah, blah, blah. That's like. Yeah, I mean that's, that's good information. I mean they are reporting the story pretty well. I gotta be honest with you. Good job. The record. You're giving me the details. But the details I really care about are the ones of like how. How did the insider threat access this information? How were they able to exfiltrate that information without being detected? What detections occurred that made you go, hey, I think something has happened here. And then what was the investigation like that led to the right. The discovery of the said laptop being in said river. Like, these are the details I care about. I don't know about y', all, but. Okay, What else do we have here? Rogers, previously a chief administrative officer, Coupang's U. S. Based parent company, resigned. Good for him. All right, see, like. Okay, yes. Nice information. Where is the. The details about the actual hack? Y'. All. Y' all know my pet peeve when it comes to it news and cyber security news is they love to tell you a lot of nothing. Everyone. Coupang and the government authorities have been working tirelessly. Okay. I mean this seems like a pretty long article, so maybe it's in there. We should start at the bottom. Forensics analysis. Analysis revealed that although the individual accessed only 33 million accounts, only retained user data from approximately 3,000 of them. Yeah, but how. Okay, how did you find this? Received government approval. Contact the leaker. Okay, so somebody leaked it or somebody. Did somebody tell on him or like, what's going on? It confirmed using digital fingerprints. Okay, here we go. I think we found it. I'm just checking. Yeah. So he confirmed using digital fingerprints and other forensic evidence to identify the former employee who leaked user data. The perpetrator confessed everything. I'm sure after they presented him with all the information, like, that's the. That's the stuff we would actually need to know to make use of this is, hey, what were those cool tools and techniques that you used in which to discover these things? That's the kind of articles I want to read. Because then you go, oh, okay, maybe I can start to learn more about that. Or maybe we need to utilize those tools and techniques to start looking for insider breaches in our organization. Just saying. Well, there you go. You know, a whole lot of talk with not a lot of detail on the techniques and the tactics and the tools and all the fun stuff that goes along into hacking. Okay. But insider threats are a big deal, so you got to keep a lookout on those things. And, you know, again, I wish I knew what the smoking gun was like, what made them say, and maybe we just missed it. We are skimming articles. We got limited time. But what made them go, I think we got a problem here? And, yep, here's. Here's how we investigated that, and here's what made us think, yes, we absolutely do have a problem here. All right, moving on to the next article. Let's do it.

Sarah Lane

Reports more than 2,000 wallets drained. Trust Wallet says attackers drained about $7 million from 2,596 cryptocurrency wallets after compromising its Chrome browser extension on December 24. The malicious update exfiltrated wallet data. And while the attacker accessed that many wallets, Trust Wallet says it's reimbursing affected users and investigating how a leaked Chrome Web Store API key may have allowed the rogue release.

Daniel Lowry

Oh, man. Another day, another crypto scam. Man drained seven millions in crypto. Seven millions, not million. I say seven million because I sick. And that's what happens. All right, 2596 wallets with a total of seven millions. TrustWallet attack compromise. Okay, there was a browser extension. I think it was a Chrome browser extension that was compromised right before Christmas. All right, what was the browser extension? How did they take advantage of the browser extension? And then I'm sure that the smoking gun on this one was the fact that people started noticing the crypto was going down. Did. I don't remember transferring all my crypto over to this wallet on Christmas Day. Last time I checked, I was opening presents with my loved ones. Let's see, it says this crypto wallet used by over 2 million, 200 million people. I'm sorry. According to its official website, allows users to store and send. Of course, that's what a bitcoin wallet does. Duh. Again, Are we getting paid by the word here? I mean, do they honestly believe that somebody just randomly fell into this article and was like, what is this cryptocurrency of which they speak? Wallet, you say, I wonder what that does. Let's see here. And a free iOS and Android mobile apps. So it's a browser extension, man. If it's free, you are the product. Right? So. So I'm sure that they were collecting all sorts of wonderful information since it's a free browser extension. Trust Wallet, launched in 2017, was acquired by Binance. Great. I don't. Do we really need. It's a decentralized wallet application. Okay, well, that's interesting. As Bleeping computer reported earlier December 24th. Yes, we get. Please stop telling us the same thing over and over again. We what, act like, is it just me? I mean, am I the only one that sees this and goes, why? Why do you do this all? And I mean, it's Bleeping Computer. It's hacker news. It's all of them. They all do this. It just blah, blah, blah. Is this just AI slop or. Come on, man. So annoying. Elliot Matisse says the articles have to be written to the lowest common denominator. Unfortunately, that means fifth grade reading level. That is a true statement right there. The average reading level, at least for America, is fifth grade. And excessive background information. It's so ridiculous. No wonder people are like, hey, AI, summarize this for me. You know what I mean? This. Anyway, so how did they compromise? So they compromised this Chrome extension with attackers, adding malicious JavaScript file to exfiltrated sensitive Wallet data. Okay, so at least we know they were using JavaScript. So they added some malicious code which was written in JavaScript. Trust Wallet confirmed the hack after Bleeping Computer reached out. Confirmed for confirmation and advised users to immediately update to 2.69 to block further crypto theft attempts. You gotta patch it, as they say. Gotta update. The malicious extension was not released through our internal manual process. Our current findings suggest it was most likely published externally through a Chrome Web Store API key, bypassing our standard release checks. Okay. Our current findings suggest it was most likely published externally. So on a separate place, not through their official come download our app area, which I would assume is the Chrome, not the Chrome Web Store. But what do you call that? Like Google Play. There is a Chrome Web Store, is there? I think so, yeah. Chrome Web Store, blah. That's where they published it, the Chrome Web Store. Not through something like Google Play or like Apple App. App Store. So they had an API key for their Chrome Web Store. That's where they put it. That's a weird thing to do. Why are people going to the Chrome Web Store to get your thing and not do something? That's. That's odd. Oh, it's because I'm an idiot. I'm over here thinking about sick. Sick. I'm not firing on all cylinders today, kiddos. That's the medicine talking right there. And it was delicious. I do enjoy it. Oh, are you not supposed to just drink cough medicine all day? I think that's. That's like, a problem, right? All right, I'll stop. Okay. Okay, cool. A working hypothesis still under investigation. Okay, hedge your bets. We get it. The hacker used a leaked Chrome Web store. You just told us this. Stop saying it and then quoting it. You can just put a link to the thing or go. The working theory from such and such from so and so is quote, blah, blah, blah, blah, blah, blah, blah, blah do. I mean, I'm not even a journalism major here. Okay. In response to the incident, Trust Wallet expired all released APIs to block any attempts to release new versions over the next two weeks. It also ensured that hackers couldn't steal additional Wallet. So are they not sure that they've gotten the hackers out of their system? Oh, interesting. Yeah. We got to move on. All right. Oh, man. So the hackers or the attackers doubled down on their efforts, launching a phishing campaign that took advantage of the ensuing packet a packet panic. Using Trust Wallet branded website and asking users for their wallet recovery seed phrase to gain to get an important scheduled update with security improvements. Oh, man, that is. That's clever. I'm not gonna lie. That's a clever one right there. And then they went to just pilfer in your pockets left and right. They're going to reimburse all affected users, and that is mighty sweet of them. So I give them kudos to that. Well done. Well done. Y' all made the mistake. You. You owned up to it. I'll give you. I'll give you some credit for that one, Jojo Rabbit back in college, that old school nyquil with some Adderall. Oh, yeah. Listen, kids, do not be your own pharmacist, okay? Go to the actual doctor, have them tell you what to take. That is funny, though. That is funny because it's absurd. We would never do that. Never. So far, we've identified so many wallets. Yeah, thanks for re iterating everything you've already told. Like, this article's a bazillion Miles long because it's. It's probably got six lines of actual knowledge. I mean, it's got some good stuff in here. But because of this accurate verification of wallet ownership and critical to ensure the funds are returned to the right people, our team is working diligently to verify claims, combining multiple data points. Now, that's legit, right? They can't just be like, oh, yeah, you got busted. Here's some money. They have to verify that. It will take some time. I'm sure they got a lot of work to do when it comes to their investigative team, but it looks like reimbursements have started already, so that's cool. They're. They're getting to it as quickly as they possibly can. And that. That does bode well for. For Trust Wallet or whatever the heck they're called. I don't remember. So this is all about the compensation process. So if you need to know about that, there. There's the actual site. Go to there, fill out your form, and then you can start getting reimbursed. I'm glad that you apply. Oh, my goodness. Whoa. This is. This is something we do not see every day where they just straight up go, our bad. We apologize and acknowledge that this situation has been frustrating and disruptive. That we apologize statement is rare. We are working around the clock to finalize compensation process. So I will. I will. Hats off to Trust Wallet. They made a mistake. They're trying to make it right. And, you know, you got to have a road to redemption. And that is. So it looks like they're well on their way to that. We'll see, right? You know, anybody can get popped, but we'll see what happens from there. Let's hit the next one. Moving on.

Sarah Lane

Sachs discloses 2024 data breach. US accounting firm Sachs says a cyber attack detected back in August of 2024 exposed personal data tied to around 228,876 people. But the company apparently didn't complete its investigation or begin notifications until more than a year later. Stolen data may include names, dates of birth, Social Security numbers, and government ID details. No ransomware group has claimed responsibility, but Saks is offering a year of credit monitoring.

Daniel Lowry

Okay, well, good for Sachs. Thanks for the credit monitoring. I mean, shouldn't they just preemptively give us credit monitoring at this point? And, you know, on your bingo card, how many. How many credit monitoring free or how much free credit monitoring do you have at this point in time? I bet it's a bit. So anyway, top US Accounting firm Sachs Maybe you've heard them, heard of them. Discloses 2024 data breach impacting 220000 people. It took them well over a year to complete this investigation after detecting hackers on their network. Okay, so again the things we want to know. How did the hackers get in? How did you discover them? How did you mitigate? And it's like if you're a, if your rag is called Security Week, that's the information we want to know. I don't give a crap about how long it took them to notice. I mean that is kind of like funny or weird that it took so dang long. And it is a part of it. But that is not the meat potatoes of this here article. Tell us all the information. So let's see what they do. Let's, let's check it, shall we? A top ranked US accounting firm has been notified. Blah blah blah. Sensitive personal data. Yeah, compromise. Yada yada yada. Filler, filler filler. Top 100 accounting and advisory company with annual revenue exceeding 100 million. In a filing with the main attorney General's office, Sachs revealed that had detected network intrusion on August 7, 2024. However, but not how. Oh, here we go here. Oh, just know when, when they gained access, but not how. God forbid. Tells us a bit about the information that was stolen. Compromise information varies for each individual, but can include the name, date of birth, Social Security, driver's license, state identification number and passport number. That's not crazy scary like it's not a big deal, but it could be just everything about you. I hope you enjoy identity theft. So here's some free credit monitoring, bruh. Fun fact. What if using all that information they're able to gain access to my personal systems and then after that they lock me out, excuse me, of all my accounts and start running up my credit. Like, what good does credit monitoring do me at that point? Fun graces. But it's embarrassing to talk about. Yeah, I know it is. God forbid that, God forbid that we all go, you know what? So this does not happen to you. Here was our problem. We had a VPN password of 12345 user guest. And somehow these elite hackers divined this, right? It's because it is probably something stupid like that. Instead of holding their feet to the fire and you know, giving us the, the like, oh, maybe we should change our 12345 password on that Guest account, man. Because if they, if they got popped and maybe we're next. Just saying. Anywho, so it's Possible the company was targeted by summer criminals do not have public and, and honestly, the most likely way they got in was through a phishing lure. Right. They sent some emails out, somebody clicked on it, they got into that system, they dug in like an Alabama ticket and then pivoted throughout their environment. And that was fun for them because once you have access to a device and now you have trusted Technic has entered the chat. Let's go. Listen here, man, I'm sick. All these guest couch password 12345. At least throw a six on there. Maybe an exclamation point. I mean, it's better than nothing, right? Take them a little bit longer. See, the company is offering impact. Yeah. Credit monitoring. Thanks a lot. Yeah. And nothing about how significant delay in notifying victims renders these services functionally obsolete because cyber criminals typically monetize stolen information. So wow. Rights like, man, there's some, there's some colorful colloquialisms and, and things I could say about what Sachs feels about their, their users, but I'll refrain because we have limited time. We got to get to the next article and then hit the mid roll. All right, what's this one? Let's do it.

Sarah Lane

Korean AIR SHARES SUPPLIER ATTACK Korean Air disclosed data breach after its inflight catering and duty free subsidiary Korean Air Catering and Duty Free or K KCND was hacked, exposing personal data tied to around 30,000 airline employees. The airline says customer data was not affected and that the leaked information appears limited to employee names and account numbers stored on KCND's ERP system. The Clop ransomware group has claimed responsibility for the KCND attack and says it has already leaked the stolen data.

Daniel Lowry

What? Oh man. So let's, let's run through it again. What should we be getting out of this here article? We should be getting things like how Korean Air was hacked into, what detections they had in place that allowed them to detect that they had a problem. And that very well may have been like, hey, by the way, you have ransomware, right? That, that's, that could be the first indicator. But that's cool. We just need to know that. What, what would also be nice is talking to someone that can say we had these types of detections in place. We had, we had edr, we had this, we had that. But it was completely bypassed because X, Y or Z. So we were doing all the right things, but they were still able to circumvent because of this. So if you have that now we've put this in place and it's much more Effective, or at least we think it is. We're doing these types of security audits to make sure that this kind of thing is no longer a vulnerability. And they're going to have to find a new way into our systems because that no longer works. And we verified it. That's the kind of thing we should see from these type of articles. That's just one man's opinion, but I don't know. I'm sure it's all in there. Let's go check it. So let's see. Korean Air employee discloses a data breach after a hack and catering. Like when they say an employee discloses a data breach. Like were they not supposed to say anything? And they did. Okay. 30,000 employees of Korean Air employees. Korean Air, South Korea's flag carrier. Okay. Largest airlines in Asia. We get it there in airline. You know, you have to. It's fine if you want to tell us the size of it, but I mean, is this an advertisement for Korean Air at this point? That's what it seems like. Okay, so nothing there so far. Just an advertisement for Korean Airlines. The company posted an internal notice that they had been for that KCND had informed them of security breach involving personal data belonging to the airline's employees. According to the sources cited by here. Okay. Korean Air pointed out that no customer data appears to have been compromised. Just our employees. So. Oh, ah man, don't you hate to when you read this like this? I guess for all our Korean speaking and reading viewers, that that's pretty cool stuff. I do not understand any of that business right there. That's the notification. Gotcha. An in flight meal. What is this? KCND service. An in flight meal and inflection spun off from our company in 2020 and operates as a separate entity recently attacked. So. Oh, that. That is a good point right there. That. So they. They were a service that was a part of career and they broke off and became their own company. So now they're effectively a third party. At least that's how I'm taking it. And maybe they just assumed trust at that point, which is a. No, no, we don't assume trust. And you need to be vetting them just as if they were your own employees at that point in time. Spun off from our company operates as a separate entity. Was recently attacked by an external hacker group. Understood that the process to personal information. Yes, we know what they got. How did they get it? Our company recently learned. Because otherwise we're just reading headlines going these are the data breaches of today. I mean, should I just make like a. Like a combiner of headliner. Did you just go to and read and it's just called data breach. I mean, security week kind of does that, don't they? Or you. It's broken down by attack type. Let's see here. But then you can just read who got breached. And then if you see one that's something that you need to be aware of, you can click on the article and not learn anything other than they got breached. And the fact that no customer data. Oh, next week's. I'm sorry, it was customer data. Let's see. Okay. I'm sure they take this matter very seriously. I have no doubt. Korean Air stated that upon learning of the breach, implemented security measures, reported security to authorities and is working to identify the scope and effective employees. Okay, I'm sure you are. We literally just read this, please. They've notified the relevant authorities. Great. They're investigating. For the precise scope and targets of the leak. Do not attribute the attack to any threat actor. They think Klopp might be them because they have claimed responsibility for the attack in November. The group blah, blah, blah, Tor leak site has already leaked allegedly stolen data. That's probably how they. They found out that they've been popped, is that they have, like, a dark web monitoring service. And they went, hey, by the way, your stuff is on the dark web. And they went, I'm sorry, what? And there you go. They might not even know how it happened yet. But tell us that. Tell us that through a dark monitoring service, we discovered that our information was out on the dark web, letting us think we probably have an issue here. Yes. Clop bad. More clop bad. More clop. Because they are Russian. Good to know. There's a little backstory on Klopp operators. Like, wouldn't it be go to another article to learn more about Klopp? You don't have to give me Klopp's backstory. I don't know. It was 1997 when the first Klopp ransomware actor emerged from the primordial digital ooze. I mean, come on, man. We gotta go. That and, you know, here's all the fun clop exploits we. Okay, great. Now they're just giving us a clop history lesson. All right, it's time for the mid roll. Time for the mid roll. And that means we are thanking our sponsors for today. There's Jerry. Jerry gonna tell you how great all these people are. Well, I guess I. I'll. I'll mention them, but he's. He's got his. This almost looks like AI generated because it's so clean. It's just so clean. I love this ad though. Like wherever you got this done, they did a phenomenal job. So thank you to our sponsors, Barricade Cyber Solutions. We love you. Threat Locker Amazeballs Delete Me Antiphon Flare Mana From Heaven we thank you all for sponsoring this show. We hope that a lot of you out there are getting a lot out of these. Me ranting about the them not telling us anything about the articles are in the articles. Yes, I see. Q qgbfh dash KC says each article has a minimum word count required. Yes. Which is ridiculous. So what that tells me is is that if you have a minimum word count. Anyway, so we're thanking our sponsors. Let's let the CISO series do the same thing as well.

Sarah Lane

Huge thanks to our sponsor Threadlocker. Want real zero trust training? Zero Trust World 2026 delivers hand on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4th through the 6th in Orlando, plus a live CISO series episode on March 6th. Get 200 off with ztw ciso20ixtw.com Next Publica France fined by CNIL France's data protection regulator CNIL find software company next Publica France 1.7 million euros over cybersecurity failures that led to a data breach. Regulators said the company knew about security weaknesses before a November 2022 incident that let users access third party documents, but didn't fix them until after the breach, which violates GDPR rules. CNIL said the fine reflects the sensitivity of the data, the number of people affected and Next Publica's lack of basic security safeguards.

Daniel Lowry

Oh, that is a big fat no no right there. Right? That gdpr. They will come and get you. They do not play around in the GDPR world. All right, let's take a look. French company find $2 million. $2 million for cyber failings leading to data breach. Yep. All right, so this isn't so much a cybersecurity technical article. This is more of a fifo, right? Like. And they did so. Francis Data protection regulator has fined the software company next publica 1.7 million or $2 million in USD. So 1.7 million euros 2 million USD for poor cyber security practices in the wake of a data breach. Now, if I'm remembering correctly, it's been a while since I read GDPR or you know, gone through some of the basic details of it, which is you get fined like X amount of dollars or X percent, whichever is more of, you know, X percent of your profit, right? Or is it your. It's been a while, it's been a while since I read some GDPR stuff. So they, they go for whatever's the bigger bite of your butt and they go, hey, you messed around. You totally messed around. You didn't do the way we told you to do it. Which is for the protection. Now I, I will give euro. I, I like the GDPR in a lot of ways because it is about the end user and protects them, gives you rights over your data and things of that nature. I really like that portion of it and I know that we have some similar types of, of legal frameworks here in America as well, but I, I like that, I like the idea that that's my data. Anything that you have about me is me, right? Just because it was available and you, you gathered it doesn't necessarily make it yours. And I have the right, I have rights over that. And that these, what do you call it, these regulators are, are being fairly diligent on making sure that these things happen. The way in which they've been said, it does make them some money. So it, it's worth it for them to enforce this quite heavily. All right, so what did they do? Right? What was it? The, they waited too long, right? Was that what it was? I think you have 40, 72 hours to report a data breach or at least let them know that you're working on it. There are instances and you know, edge cases for like, oh, it was a three day weekend, we couldn't get a hold of anybody, blah, blah, blah. That can extend that a little bit. But generally I think that's what it is. This is. Their security program was inadequate according to. So that's why they got fined. Oh, they just sucked at security. They're like, so here's what's up. I found multiple passwords under keyboards on sticky notes. It's. And it didn't help that those passwords were QWERTY pencil, you know, password1. So y' all in trouble. Here comes, here comes heavy fines. Sacre blue says that Grunt France is totally not having a good time right now. First Rainbow six gets hacked, now this. I know, I know, it's rough. It's raw. Up in France, they deep in the streets when it comes to getting in trouble with cyber stuff right now. All right, so on December 22, C nil levied the fine, which is based on the company's financial capacity, its lack of knowledge of basic security principles, the number of people affected, and the sensitivity of the data process. So there you go. Those were the factors that come into play on how they came up with this specific fine. So their financial capacity, its lack of knowledge of basic security principles, which I love. The number of affected. I mean, right. We can't just let them continue to play in. I was like, I just didn't know. I. This is a bad thing that I have all these wonderful passwords laying around like this. OpenVPN tunnels got RDP open to the World wide Web. That's not good. No. Why does this story remind me of the Lou with default passwords? I. Apparently, there's like a pandemic of dumb cyber security over in France right now. They need to wash that off. Huh? So their poor security practices violated Europe's gdpr. Problems were known in the. To the company before the breach. Oh, bruh, y' all messed up. Hey, you got what you got coming, fifo, right? You. You did the. You did the FA part and you are absolutely finding out right now. So there you go. Moving on. We got to hit these articles. Hit it.

Sarah Lane

Criminals disconnect wired subscribers from their privacy. An extortion group called Lovely has begun leaking subscriber data tied to Conde Nast after claiming the publisher ignored warnings about security flaws. The group published 2.3 million wired subscriber email addresses, along with names, home addresses, phone numbers, and account metadata, and says it holds more than 40 million additional records across Conde Nast titles. Researchers from Hudson Rock say the data appears authentic and likely stems from infostealer malware, though no payment card data has surfaced.

Daniel Lowry

Well, praise God in heaven that they actually said something about, like, what they think technically occurred, right? They think it was an info stealer malware that got installed, and that is how this breach occurred. I mean, and. And that's not, like, super detailed, but it's something. It's better than nothing. So good job, Register. I think it's the second time we've given you some props for today, right? Was it the register or was it something else? I don't remember. Anyway, so this has got to stop. Extortion groups should not be able to call themselves Lovely, right? Should definitely not call them. We should be calling them, like, cloacas or, you know, adult diaper, something to that effect. Anyway, 40 million pieces of info. If you want the standard to be 40 million pieces of info, then make the standard 40 million pieces of info. That's like a play on the office space about pieces of Flair. A criminal group is beating Conde Nast over the head. What is Conde Nast? I've never heard of this before. Copy. I'm going to look up Conde Nast. Go. What is Conde Nast? American mass media Company founded in 1909 by Conde Montrose Nast and owned by Advanced Publications. Right, so they're a mass media company. Uh huh. So they're beating Conde Nast over the head for not responding sooner to its extortion attempts by posting stolen subscribers emails and home addresses and warning publishers of Wired, the New Yorker, Vanity Fair and Teen vogue. That has 40 million more entries. Let's see. It said that it tried to tell Conde Nest about the host. Well, if this is true. If this is true, this is crazy, right? I just out of curiosity, I mean, at what point do you say, you know, the, the IT team is sitting back and, you know, it's holiday season, you're just kind of chilling. You're playing solitaire, you're surfing YouTube or whatever. You get an email, you look at it, you know, what's this from the hackers at Lovely. Okay, interesting. What, what's going on? Hey, by the way, we found some security holes here. Here's that information. Actually, this was a month ago. This was a month prior, so whatever. You're actually like engaged in work. You're chilling, you're doing your thing. Well, it might have been Thanksgiving. You're, you're looking and then the, the. This threat group known as Lovely contacts you to tell you that we found security holes in your system. You might want to fix that. And you're like, whatevs? Ain't doing jack and you can't make me. And they go, oh, the gauntlet has been thrown, huh? What in the actual hell is wrong with people? Like, are we not going through it? Do they not have enough people? Because last time I checked, there's like a bazillion people that would love to get into cyber security and they'll take an entry level salary to do things like this. Hey, can you check and just verify the D, blah, blah? Is that true? Can you follow the bouncing ball? Cool. Moving on. Right, so they could be hiring people to get to work on things like this instead of going, we're swamp. That's. That's if that is the case. Right? I'm just. This is all just a me making stuff up, trying to figure out what went wrong here. Qc, qgbf, hkc. You have been on point today. Told my boss more than once, when is the best time to stop robbing A bank. No response. Didn't care. Right? This is so crazy. Space Taco says something. I missed it. What happened in to NYC today? Do I need to run away? Impending doom? I have no idea. I haven't heard anything either. Somebody fill us in on that, would they? Throw it, throw that in the chat. Maybe we'll hit it with the. With jawjacking. Yeah, that's what it's called. Jawjacking. And we'll. So if there's something to know, let us know. So they get told, they say, eff it, I'm doing what I want. You can't make me. It's my hot enterprise systems. I'll do what I like. And so the current leak is centered around. So they, they said, okay cool, we'll go ahead and snatch all this information. And they did. Here's what they got. User IDs, display names, account creation, update timestamps, in some cases session dates and IP addresses. Which shows the database was targeted, could have contained live data and was not a static marketing repository. Conde Nast does not care about the security of their users data. It took us an entire month to convince them to fix the vulnerabilities on their website, end quote. The hackers wrote on a forum post, quote, we will leak more of their users data over the next few weeks. Enjoy. End quote. Well man, I mean when you get warned and you don't do nothing about it, I feel bad for your user base. I don't really feel bad for you. And yeah, you're not my dad. You're not my real dad. You can't make me. Tech grunt. Yeah, I love this. The Register has reached out to Conde and asked for comment, but has not yet received a reply. And nor will you. Right? They have egg on their face. Idiots. Okay, so we know it's real stuff. I think the meat and potatoes here, I mean this is pretty good stuff right here. If researchers warn that victims or its researchers warned that victims could be subject to doxing, swatting phishing campaigns as a result of having their information published. Right, because depending on who's using Conde Nast, they, they could be targeted for activism or whatever the case is. You never know. Or just someone being an a hole does happen. All right, let's get that next article. Let's get it.

Sarah Lane

Aflac data breach affects millions. Aflac said personal data tied to around 22.65 million people was stolen in a June cyber attack on its U.S. systems, including names, addresses, Social Security numbers, government IDs and medical and insurance information. The insurer Said the intrusion was part of a broader campaign that targeting the insurance industry, did not involve ransomware and has not yet led to known fraud. Though affected customers, employees and agents are being offered two years of credit and identity protection. Aflac. Sorry, I had to.

Daniel Lowry

Oh, she funny. I know. Afflac, right? It's like you have to do it. It's just right there. So like I've been saying throughout this entire episode, it's just breach, breach, breach, breach, breach, breach, breach, data stolen, breach. Anything cool about that? Yeah, it's just breach stuff. Don't forget when breach happen. What'd they steal? Well, that we can kind of tell you. Names, addresses, Social Security numbers, ID, medical and health insurance insurance information. Nothing critical, nothing really crazy. Oh, do I need to worry about it? I mean, if you're that kind of person, I guess you can, but I mean, I'm not gonna get that free credit monitoring, right? Yeah, let me just. Let me just put it on the stack. Free. Like my credit is monitored so well right now. What do we even have to worry about, right, if I'm being monitored? Maybe this is just a elaborate, you know, Lex Luthor style scheme to give the world free credit monitoring and leave no stone unturned. Is that what's going on? The company disclosed the intrusion on June 20, saying it had identified suspicious activity on its network. You don't say. How'd you do that? That'd be useful information so that other organizations could go, oh, they're doing, oh, that seems interesting. We can deploy that. Anyway, the company said it immediately contained the attack. Define immediately. Define immediately. And engage with third party cyber security experts to help with incidents. So they called it Security Incident Response Team, A C. CERT Or Computer Incident Response Team. So, yeah, Affleck's operations were not affected as file encrypting ransomware was not employed or not deployed. Just before Christmas, the Columbus, Georgia based company announced it had completed its investigation and potentially compromised data and had started notifying the affected individuals. 22.65 million individuals were involved. The compromised information. Insurance giant says include. Yes, we know what they stole. Already told us that. Review of potentially impacted files determine personal information associated with customer. You already told us that the company is providing the affected individual 24 months of free credit monitoring. You already told us that Affleck is not aware of any stolen information being fraudulently used, but urges the impacted individuals to remain vigilant against identity theft and fraud attempts. And as we learned yesterday with the whole lastpass thing, they will continue to work their way through that. Data so don't think that you can sleep on like changing thing, whatever you can change and, and getting monitors over whatever you can monitor. So take, take a, take a day and make sure that that happens if you are affected. The insurance giant did not name the threat actor behind the data breach because they don't know who it was. The incident was part of a campaign against the insurance industry. This suggests that the scattered spider hacking group. I've mentioned them in passing and here they are. I'm like a prophet. Occurred around the same time that the Google Threat Intelligence group warmed that the gang was focusing on insurance companies. So that looks like the most likely culprits. So cool. Another breach. More identity monitoring. Thanks a lot. My entire life is out there on the Internet at this point in time. Next article. Hit it.

Sarah Lane

Romanian energy provider hit by ransomware. Romania's largest coal based energy producer, Ultania Energy Complex, says a ransomware attack over Christmas disrupted its IT systems, encrypting files and knocking erp, email and document management services offline. Though power generation was apparently not affected. The company is rebuilding systems from backups, assessing whether data was stolen and has reported the incident to national cyber and law enforcement authorities. The attack is attributed to the Gentleman Ransomware Group. If you have.

Daniel Lowry

The Gentleman Ransomware group, they are gentlemanly. They were like, oh, it appears that your files have been encrypted. The encryption key, you ask? No, I have it right here if you would like it. Well, then we will have to make a gentleman's agreement that you pay me buku amounts of money because I love money. Money is a phenomenal thing. So the report, Romanians, they're over there going, why? Why is this happening to us? I do not like what's occurring with the whole gentleman. The ransomware. Let's see here. I think Roswell UK said something funny. He said, oh, Daniel is grumpy today. I'm always grumpy. You want to know my secret? I'm always grumpy. Yeah, well, when, when you just read these things like this is the, this is the state of cyber security, how it doesn't make everybody just like throw their hands up in, you know, that the Jackie Chan meme. Why are we not doing better? I, I understand to an extent, but I'm talking about with the articles where. Why are we not doing better with the articles? Maybe I need to start my own company where we get actual detail. Tech Run says this story has meme potential. Or the evil group opposite of the Kingsman. Yeah, that would be kind of cool. All Right, we got a few minutes left. Let's rock through this article. Let's see if we get any real detail. Ransomware attack hit Altenia Energy complex Romania's largest coal based energy producer. Okay, second day of Christmas. Now that's a, that's an interesting little piece of information. Attackers like to go after holidays, three day weekends, that kind of stuff. Because you're most likely on a skeleton crew. It's, it's just smarter them reaction times are going to be slower. That kind of stuff. They're hitting you when you're on your heels. The 40 year. I wonder if they think of Christmas in the same way of like retail retailers do, right? Where they're like we're getting ready to make like a third of our annual income in two months. Let's see here. 40 year old Romanian energy provider. Okay, a little backstory on them. Great. A result of the attack, some documents and files were encrypted. Several computer applications became temporarily unavailable, including their ERP system, document management applications and company's email service and website said over the weekend. All right, so that's, that's what happened. Any, any of the how, any of the why company's activity was partially affected without jeopardizing the operation of national energy system Complexual and energetic. Ultinea is cooperating with competent authorities. I'm glad they're competent and making every effort to fully restore its IT system as quickly as well. It's great. As soon as the attack was detected, which was done by doing what? How did you detect the attack if it's ransom, like you know, if there's encryption files. Right. Can we just say that was detected when a worker noticed that their files were encrypted and they did not have access to X, Y and Z systems. From there they pulled out their cyber security incident playbook and followed line one which said contact blank. IT team started rebuilding their systems on a new infrastructure using existing backups. Very good. That's good information right there. Maybe we're going to end the articles on a high note. So using backups is ineffective is of the most effective things that we can do to, you know, protect against ransomware stuff encryptions, because we just go to the non encrypted version which is there and hopefully they haven't gotten in and been kind of lying around doing nothing then. But it's on new infrastructure. There's going to be new IPs, going to be new stuff. So hopefully, you know, that gives them the time to do everything they need to find out. Okay, this is the attacker traffic. We can kind of isolate and we can get this new infrastructure spun up and we're at least in business. May or not be at full capacity, but we're doing what we need to do. They're still assessing, analyzing with the attacker. Stolen the data from the compromise systems. Gotta love a good double extortion scheme. Hey, pay us to unencrypt your files and then pay us to not release those files to the general public. The incident was reported to the National Blah, blah, blah. Lots of stuff there. Company also filed a criminal complaint, as they should, as terrorism ice. I mean, that does follow the Gentleman Ransomware operation surface in August and is known for using compromised credentials and targeting Internet exposed services to gain initial access to to the victim's network. Thank you for some detail. Much appreciated. Good job, Bleepy computer. Good job, actually. Who wrote this article? Want to give them props? Who wrote it? Who wrote it? This is Sergio Gotlin. Excellent work, my man. At least I assumed your gender. My bad. I don't know. I'm not familiar with that type of naming scheme. I just say my man a lot like. It doesn't matter who it is. It's just. The ransomware gang also deploys README gentlemen text ransomware notes with contact information, and it uses the 7mtZH file extension. Okay, that's what's up. You're not gonna not know it was Gentleman ransomware because they leave a note. By the way, in case you were wondering what all these encrypted files were, it is us, the League of Extraordinary Gentlemen Ransomware gang. Now, we feel horrible that we have done this to you, but if you would just pay us a pittance, we would get you back to operations. Leave your. Your environment too. Sweet. Ta. All right, so that's what happened. It comes on the heels of another ransomware attack. They hit remaining waters. That doesn't matter. That's another article. All right, there we go, kiddos. We did it. We got through them. Articlays. That's not the. Why do you do this to me? Do this? Ha. That was it. That's the Daily Cyber Threat brief for today. But stick around. We are not done. Because now we get to move into the AMA side of things. It's going to be a lot of fun. We get to ask questions. We get to have more of a conversation than it is me rambling on about and ranting about the lack of information inside of cyber security articles and telling you who got hit today with ransomware and fines and data breaches and Enjoy all your new credit monitoring, so stick around for that. In moments we will be doing the old Jawjacking.

Jerry

Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some jawjacking.

Daniel Lowry

Oh, you dirty dog, you. It did it. It grabbed my stinking articles. Do the thing. It's jawjacking time. Why did I. So I hid. I'll just stop sharing then. That won't be a problem anymore. Stupid restream swear. Anyway, it's jawjacking time. This is the part where we get to talk to each other. We get to have fun. And I like doing this part. This is, this is where it's fun. I, I learn stuff from you guys all the time, so thank you so much. But if you need, if you need to ask me a question, that's what this is for. You're like, hey, here's my thoughts on this. What do you think? Or do you know what this is? Or blah, blah, blah. And we got a whole community of people here in the chat willing to help out as well. Plenty of really smart people in here. If you have a question, throw a cue in front of it or a string of cues. That makes it kind of easier for get to pop out from all the chit chat that's going on. That's just cool. I like the chit chat, it's good. But if I'm looking for your questions, I don't want to miss them and I can take that out, I guess. So yeah, use those cues to prompt me to say, hey, Daniel, I got a question for you. I do already do have a few of them, I think. Just making sure I haven't missed any. Yeah, I think we got to the first one, which is right here from Sean Sailors. He asks or he. Yeah, he asked. Do you all submit phishing emails to the abuse at domain email addresses? We get a lot here at work, but I've never sent it to the abuse report email for the domain. That's a great question, Sean. Maybe if we did do it a little more, because here's the thing, right? It's really easy to not do anything, right? Inertia is a difficult thing to overcome. It is what it is. That's. I mean, if, if we all just did a little bit more. I mean, I'm probably, I'm guilty of it as well, where you're just like, oh, That's a fish. And you don't do anything with you just delete it. Because I'm busy. I don't have time to be like sending abuse emails to abuse@wherever.com. right. But we probably should. I say probably because I'm hedging my bets. We definitely should. We should definitely do. And maybe just like throw that email, create a folder of stuff to report to abuse or abuse email and just throw it there and at the end of the day or at the end of the week, maybe do it once a week, fire off those abuse. That would be a good idea. I am interested in like how many people actually do report abuse emails to abuse@whatever.com. So that's a. But that's a really good question. Whether or not we are able to effectively answer that in jawjacking today. That's. That's dubious. But what I like about it is that it makes us think, oh yeah, it's up to us to be the change we wish to see in the world. Right. So I will tell you, I will start to make a more concerted effort that when I get abuse email that I will respond to that domain to let them know, hey, I got email that is typo squatting. They're fishing, they're doing blah blah blah blah and they are using you as, as kind of their allure. You might want to check this out. Here's their. You know, or send it to the the domain registrar and say hey, hey there go daddy. Didn't know if you knew this but these a holes are fishing. They're doing some, some skeevy skanky stuff that no one likes. I'd love for you to do something about then whether or not they do something that's on them, then we can hate whomever for not doing more about it because we're doing our part. Can never blame us at that point. Right? So great. Thank you Sean for bringing that up. All right. This one comes from cryptic roses. How long should a cyber security graduate realistically expect to job hunt and which must have certifications most improved chances of breaking into the industry. That's a difficult question, right? If I want to be funny, I can say that your realistic time to expect is kind of like waiting for the like your cable repair man to show up, your Internet repair man to show up. We'll be there anytime from August 3rd to December 15th between the times of 8:00am and 8:03am or you know, no, they give you this broad. It's. Who knows it. It could be a month it could be 10 months, it could be a year, it could be 10 days. Really the best thing you can do to increase your chances to get some cyber security work is to network with people, to make acquaintances, friendships, relationships, situationships. As the Grinch kept telling me. He's like, I hope this helps your situationship. Right? That I, I am, this is where I'm out of the loop. I have no idea what a situationship is, but he just kept saying it in that commercial that I saw a bazillion times. So how long is anybody's guess. Which must have certifications will improve your chances? That's, that's a little bit even more speculative because I don't know what kind of cyber security you want to get into. Right? Like we like to say, saying I want to be into cyber security is like saying I want to be a doctor. What kind of doctor? You know, we got the general MDs that are out there, general practitioners, those are probably like your soc analysts and that, that fair. But there's also offensive security, pen testing, vulnerability assessment, management, red teaming, that kind of stuff. Or do you want to do cloud security or do you want to do grc? Right. So there's, there's all these different areas in which you could go and each one of them have their own like must have certification or go to certification that kind of holds the most weight in that specific niche. So cryptic roses. I will look through cloud security engineer. Oh, that's what you want to be. You want to be a cloud security engineer. Okay. So for cloud security engineer, it's going to be. This is where it gets fun. Know I'm going to do my best, but obviously you start to see it's very subjective. And of course anything I tell you is subjective. You could get the, like the cyber security cert and still never get a job. Or you might not have a cyber security cert at all and get a job. Right. There's a lot of variation and variables to how this works in real life, but generally. So if you're going for cloud security, which vendor aws, you're doing gcp, you do an Azure, let's say you're going to Azure route, then you're going to want to jump in and get some of those Microsoft certifications that, that circle and specify in Azure technologies that are, that are certification around the security of Azure technologies. You want to learn about things like Sentinel and just how, how do we keep our. So Sentinel is going to be your monitor, kind of like your seam for, for Azure. So again, that's that's, if that's Azure specific, you might be going aws. So there's a, there's a lot of things to it. So hone in on what cloud provider you want to start with, get some certifications around security in that cloud provider and that, that should put you well on your way. And of course, like I said before, the best, biggest and best thing you can do is to start building relationships, networking with people, going to cons. Cons are some of the best things you can do because that's how you can meet people, go to lunch, make new friends and then join communities like this one. Simply cyber, join the discord, start conversing with people, have conversations, start becoming a part of the community and then you're going to want to do things like projects and write ups and blogs and stuff like that. And that gets your name out there and that makes you a known entity. These are all the standard fair things which you can do to help yourself to get into cyber security. That's, that's what's up. If you can find a niche, maybe come up with something that nobody else is doing or find those hard things that no one likes to do and specialize in that, that can go a long way as well. So there you go. Hopefully that helps you out. Want to move on and we've got about 15 minutes left to go for jawjacking. We'll get to other questions, but hopefully that helps. This One comes from arty Y1K. In a situation like the lovely disclosures, what would have been the better next step in reporting the flaws than releasing the files? Who could they have reported it to? Yeah, it's, it's a tough one. I would say for me, if it were me, I would become the squeaky wheel to get the grease. I would, I would like spam email them over and over. I would send them snail mail. I, I would, they would just hate hearing me like, oh, it's them again. Like, yeah, because this is still a problem. Do something, stop sitting on your hands. Right? Maybe instead of releasing the information, you could start anytime you say anything about, I know there's a public facing vulnerability, you, you immediately lose the moral high ground. That's just how it is. Because now a threat actor that might not have been aware of that goes, say what? You know, there's one there. Well, I'll start looking for it and I'll see what I can do. So even that's is very frowned upon. But I mean I get the, the impulse to go, well if you're not going to do something about. I'm going to force your hand. It's very tempting. So what you try to do is you try to become very annoying on the back side of things so that they'll get to it. Maybe email them some of their own data, right? Encrypted everything through private channels and go, hey, here's your data. Do something about this. I would hate. Maybe threaten them privately, right? If you're already a threat actor, you know, it's in the name. I'm going to threaten you. I'm kidding, kidding. I don't endorse threatening people at all. Anyway, it is something you could do. Not that I tell you you should do. See, there's a difference. There was no moral ought behind things that you could do. You can do a lot of things can. And you know, that's all about ability, not whether or not you should or shouldn't do things. Man, I'm trying to get myself in trouble today. So, yeah, you just, I, I, for me, I would just continually be like, hey, hey, hey, mom, mom, mom, mom, mom, mom, mom, mom, mom, mom, mom. That's, that's what I would do. It's annoying, right? Okay, moving on. Moving on from FedEx, his Billy had gotten his credit free monitoring from Conduit Family. I already got it this week. Oh, I'm sure he has, Billy. You know, Billy ain't got no credit over here. He's like, I'm hoping they do something that gets the credit score to go. Nobody wants Billy's credit, right? They, they hack his stuff and they go, ooh, yeah, you're good, bro. Don't worry about us. He's like, that's what I thought. Then he goes, eats like pickled pig feet and stuff.

Sarah Lane

That's.

Daniel Lowry

This is, Listen, I'm from the South. I cannot get down with eating pickled pig's feet. I've tried it just. It's not gonna happen. It's just it. Yeah, that's what's up. All right. Question, question, questions. Looking for your questions. Here's one. Elliot Matisse, what are your 2026 cyber resolutions? What do you predict as 2026 cyber trends or needs? Ah, AI. It's gonna be AI. It's all AI. That's an easy one on that agentic stuff. More fast, better AI. And then my 2026 cyber resolutions are going to be. I'm gonna be learning a lot more about. And I've said this before, but because I've got a new job, there's going to be New skills to be learned there. So nose to the grindstone with that. And that's all around like infrastructure as code and orchestration and cloud technology. It's going to be really cool. I'm really excited about it. But then in the off hours, me and the hardware IoT we are getting down. I am, I'm going to deep dive my butt into that stuff. I want to buy a microscope, heat gun, good soldering iron, breadboards, whole electronics kits. I'm going to be doing a lot in that space. I'm going to be doing a lot of research in that space. When it comes to firmware, I want to create firmware, I want to break firmware. I want to do also I want to do all the things I need a couple of pieces of kit. I might even take some training in that space on my own dimensions. It's just really interesting to me. And so that's where, that's where, that's where I'm headed. That's, that's my plan. So look for like in the cybercast IRL discord, I created a new channel. It's called hardware hacking. That's, that's what that's going to be dedicated to. It's just me. Oh, this is cool. And that's cool. Here's something I did, here's an article I read, blah, blah, blah, blah. So that's me. That's what's going on in 2026 for Daniel. Looking for those questions. Looking for. Here we go. From Tech grunt. I heard using Microsoft OneNote is the good method to take notes and study for the pen test plus exam. Do you agree and why? Absolutely, positively. Maybe OneNote is fine. You can totally do that. I, I tend to use Notion. I like Notion really, really well, like a lot. I think Notion is great. But that's my personal opinion. There's Nothing wrong with OneNote necessarily for taking notes, cloud based note taking stuff. You can use Google Docs if you want. So the answer to your question, Tech rent, my main man, is if you like it, then it's right. It's the right thing. Now whether or not you're gonna parlay, you're gonna move into Create and there are firms out there that use things like OneNote for their pen testing notes as well. So you, you. But you might not be in that shop. If you could land a job as a pen tester, you might not be in a OneNote shop. They might be using something else. Right? They may be Obsidian people or you know, we're going to use a SharePoint thing, who knows? So just, just keep that in mind. But anything right now, it's totally cool. Just get into the habit of doing it and then re. Like go over your notes later after you moved away from. So let's say you use like a hack the box and you wrote up a pen test report or whatever, something in that style, wait a month, then go back and look at it and see if you can follow it. See if it makes sense. Because sometimes it doesn't. You're like, oh, I'm dumb, right? Hey, we've got that whole rate my report thing in the Cybercast IRL discord, which you could drop it in and people can go, oh, I have no idea what this looks like. A child got sick and threw up on a, on a screen. There's, I mean, there's screenshots everywhere, but I don't understand what's going on. You'll get better at creating the narrative behind what you're doing. That's, that's really what separates you from just vomiting notes onto a screen, is being able to tell the. Use those pictures and words to tell the story of what you did and how you did it in a way that others would be able to effectively follow that bouncing ball. Cool. Good question though. Already got another one. What is a realistic starting point for companies to begin reforming current security standards which would apply to the entire industry, no matter if it's Walmart or a medical company? Some advice. So realistic starting point, that's a tough one, right? Yeah, man. I guess a realistic starting point would be getting an idea of where their cyber security maturity level is, what their threat surface looks like, what their attack surface looks like. They need to know everything they can about their own environment. Security wise. That is always a really good first step. You know, we've got regulations on certain industries on certain things, so I don't know if the problem with regulations can be, is they maybe not even regulations, maybe even standards and frameworks as well. Right. Because so many organizations and environments are so diverse, it's hard to say this is how you should do this. It's more of guidance on. This is generally how you should do this. Right. Otherwise everybody's running the exact same environment and that's not how it works. So the reason that that cyber security is so hard is because of the complexity. There's so many different complex things. There's so many automatic options and vendors and solutions, and that each one is kind of their own fingerprint. They're a unique snowflake among the rest of the companies out there, while they might be doing similar things, they might not necessarily be doing the exact same thing in the exact same way. And that's what causes it to be difficult. Right. So a realistic starting point is know thyself, look internal and be on. I think honestly, that's maybe the best one, is like be honest and passionate about and concern. You should care whether or not your clients data, your, your, your users, the people that utilize your service, whether or not their information becomes fodder in the cyber security war. Right. You should really care about that as someone who's in charge of that information, who owns it in a way, quote, unquote. Right. I think that's where it could be. Yeah, we as consumers should demand more. We should, we should be like filling out, you know, protests and signatures on like, I don't want free credit monitoring. I want to hold your feet to the fire and see that you are doing these things, that you are implementing better security and that the reason you got popped wasn't because of a lack of security. Kind of like what we read today. Like, that's bull crap. You should not, you should not be getting emails from ransomware or threat actors going, hey, bro, this was so bad. I just felt, I just felt bad. It's sad. Your security is so crap. You should probably do something about that. Did they care? No, they did not. Because if they did, they would have done something. At least that's what we got from the article. Maybe there's other things to it, but from the article, that's what it seemed to go, is that they just didn't care. Right. This is, this is what gets me kind of like pod about this stuff is the people that should care don't. In a lot, a lot of times, people that do care don't have the ability to do anything about it. Right. It's like, man gets me up about AI, right? Doesn't matter whether or not AI is as good as a junior developer. Is it good enough? Because all some. There's a lot of CEOs out there, not every one of them. There's a lot of people that are in charge out there that go, as long as it's good enough, then that's good enough for me. I've got a product I can sell and people will buy it. And by the time it's a problem, we can just smoke and mirrors this thing and go, oh yes, we've realized now the error of our ways. We're going to fix everything. And we go, thank goodness, man. Like how numb are you to the fact that like 90 or 80 or whatever percent of the companies are. I would assume it's a large portion of of the companies that you do daily business with in some capacity where they have your data have probably been breached and you've received a breach notification from many of them, if not directly, indirectly. Right. You're just like whatever, it's another day at the beach. It's how it go, right? So yeah man, it's a tough one. Good question, good question. These are questions we should be asking and working on getting better answers than what we've come up with so far. I, I, I don't have all the answers. Honestly I don't know that I could. But smarter people than me should really get to work on this and make it happen. All right, questions. We got time for one or two more? Oh, I mean I, I kind of bliate a little bit. So maybe one more. What do we got here? Here it is from the rich. 646. Any advice on this? I email a company that that's website was compromised via the cloudflare clickback hack. I advise them of the issue. They think I did this and want to go legal on me. Tips. Get a lawyer, right? Yeah, get a lawyer. I, I have no legal advice for you. I am not an attorney. If they want to go legal on you, I mean you could sue a ham sandwich in, in America. I'm not saying they're going to win, but you're going to have to deal with it and of course that deters other people from following suit of going hey man, saw that there was a problem. I just want to let you know you're the attacker. If I'm the attacker, why am I telling you this? Honestly, that doesn't make a lot of sense and it could just be boilerplate stuff that they sent you. You don't, I don't know but I will go, I would go discuss this with an attorney and then maybe next time don't use your real name and stuff when you inform people of unless they have an open scope responsible disclosure or whatever you found is in scope of like a bug bounty program or responsible disclosure program. You have to work within the, the confines of that stuff. So if you did something like that would be considered hacking. They might have legal standpoint. Right. So I anyway consult a lawyer. Is it easy to transfer from network engineer to pentester? Asks Ashraf Muhammad. Absolutely, positively? Maybe. Just depends, right? That's a subjective question. It can be. Some people find it very Easy. Some people find it very difficult. It just depends on you and your specific circumstance. The pickled pigs feet. Yeah, they're gross. I'm gonna speedrun a few questions. I'll go a little over. Since we went over on the show from the rich, I definitely didn't do anything. So this is just going to be a waste of everyone's time but the lawyers. I know, right? No good deed goods unpunished. Man, what are you gonna do? From Cowboy? I'm in college for school for emergency management, but want to add cyber. Okay, that's not a question because there's no question mark and there's no question there. But if I'm trying to read a question into it. Are you talking about moving? So you want to like. Are you asking how do you add cyber to that? I don't know if anybody can help Cowboy out. Please chime in. Emergency management, are you talking about, like disasters and things of that nature? I don't absolutely know what emergency management is, so I don't know how cyber would marry to that. So if anybody knows that, please throw that in the chat. Like I said, we're trying to speed run through some more questions, so I want to just do a few handful of questions. Oh, here we go. This cowboy says that they work in emergency management. Also in school for emergency management. I want to add cyber. Okay, no, no more detail there. Like, the only thing that's like jumping to the top of my head would maybe be incident response and how incident response works with emergency management. Because there that might be the emergency is there's been a cyber incident and it's affected critical infrastructure or something like that. You know what I mean? Like again, I don't know enough about emergency management to tell you, but we can get creative. All right, question, question, questions. We're speed running speed run, Daniel. That means quick answers and then move on looking for questions. Tyler Scott says, I heard Billy's a pretty good attorney. Man, I would not hire Billy. That boy is dumber in a box of hammers. Watch him win just from like the Chewbacca defense or something. You know what I mean? Crazy stuff. All right, if you don't have any more questions, I'm at the end of our chat here. I haven't seen any more questions. So this has been fun. I hope you've enjoyed. Oh, you know what? I forgot to show this on the stream. That's my bad, yo. Usually I keep the the chat up on the stream. I'm so sorry. I just realized I did not do that you know what it was? It was stupid Restream. I blame Restream. Restream did the thing where it, like, put my computer screen up instead of my camera for whatever reason. Crazy. All right, kids, this has been fun. Oh, Bearded Ruckus jumps in at the last second. You had time left? Beard Ruckus says I've been. It's been a year since we last talked at B Sides. Thanks again for the guidance on what I should focus on with cloud platforms. It paid off working at the sock. I owe you a spurgeon beer. Nice. Good to know. Bearded Ruckus, congratulations. I'm so glad to hear. So glad to hear that, man. Next time we see you, absolutely, we will do that. All right, everyone, thanks for joining us today. Time to close it out. Time to call it a quits. We got more. I will be back tomorrow with more of the daily Cyber threat Brief. I will also be back for Jawjacking tomorrow as well. So I hope you've enjoyed your holidays and your time off. Hope some people are still on time off on vacation or whatever the case is, but it is that time for us to say goodbye. It's been fun, Tear. Until next time, Stay secure, Sa.