A

All right. Good morning, everybody. Welcome to the party. Today is Thursday, December 4, 2025. This is episode 1017 of your Simply Cyber Daily Cyber Threat Brief podcast. Listen. If you are looking to stay current on the top cyber news stories of the day while engaging with an inclusive and supportive community of cyber professionals, whether you're pivoting into cyber, looking to get into cyber, you've been in cyber for 20 years. There's a place here for you and for everyone. This is what we're doing at Simply Cyber. We're going to go through the top eight stories over the next hour. I'm going to deliver value and insights that go way beyond the headlines, and we're going to have fun doing it. Welcome to the show.

All right, good morning, everybody. Yes, we are going to be going through those top stories of the day. I will be giving way beyond. And I got a news for you. I literally have no idea what we're going to be doing today. Got into the studio just a few minutes late, haven't even pulled the stories up. So you'll actually see a little bit of the production magic as we go through it. But, yeah, I give you my rough, royal, rugged takes on each of these stories as they come up. Because if I briefed for him, it wouldn't be as real. It wouldn't be as a good show, in my opinion.

B

Ain't nobody got time for that.

A

Ain't nobody got time for that. We can't be doing that. I didn't even have time to shave today. I'm. What the hell? Oh, I cut myself bleeding, I guess it's odd.

All right, well, we've got an injury on set, everybody. Injury on set. We do have the Simply Cyber firesides later today, so I will have to shave so I can look appropriate. But, yeah, no, we're off and running, guys. I want to tell you every single day. Hey, what's up, brute7679.

Every day of the Simply Cyber Daily Cyber Threat Brief has a special segment. Thursdays is what's your meme Thursday? This guy right here, Dan Reardon, AKA the Haircut Fish, AKA Ramen Master, breaks down a custom meme for us every single Thursday. He's been doing it for years, and it's usually on brand with something. And he went so big this week that literally it couldn't even be communicated through discord. It was too big, too much, too heavy. So we're going to be going to the Google Drive today to pull it. As always, if you like to play along, some people who are regulars. Enjoy trying to guess what the theme of the meme is. He usually ties it to something that's been current in the community, and this week he definitely did. It's a good one. I'll tell you what, it's so good that I told Dan if I didn't have a family, right, if I wasn't married with children, it would be my phone wallpaper. That's how cool it is. I love it. All right, guys, I also want to let you know, every single episode, including this one, AA Witherspoon is worth half a CPE. I submitted CPEs for my ISC2 CISSP yesterday, and wouldn't you know.

Daily Cyber threat brief does map in there. Good morning. Kimberly can fix it. Good to see you as always. So, say what's up in chat, Grab a screenshot, file it away. Once a year, count up the CPS, divide by two for me. You know, I say January 1st to December 31st, and then I count the screenshots, divide by two, and that's it. Now, when you do your screenshots, make sure you include the date and the episode number, making it a. Making it a uniquely identifiable piece of evidence. Trust me, as a GRC Mafia card carrying member, screenshots with times, dates, episode numbers, and your name in the chat is an un.

Unquestionable piece of evidence to support your claim that you were here getting the value.

From the show. I also want to say, if today's your first episode. Whoa. Hashtag old timer, DJ B sec. As if I called him down. I looked in the mirror and said, DJ B sec three times.

Good to see you, DJ B Sec. As always. Guys, if today's your first episode, drop a hashtag first timer in chat. Hashtag first timer in chat. Sean sailors. 13 months. Get to see that blue badge on you. Looks good. Drop a first timer in Chad. I know. Jose Alfredo. You're. You're telling me, buddy. All right, guys, before we get into it, let me pay the bills I've got. Well, I'll tell you afterwards. Guys, start. Let's start with delete me. You know, I've been using delete me for some time here. Ad tech old timer. Delete me. Makes it easy, quick and safe to remove your personal data online. At a time when surveillance and data breaches are common enough to make everyone vulnerable and data brokers make a profit off your data. Your data is a commodity. Anyone on the web can buy your private details. This can lead to identity. The efficient attempts, harassment. But now you can protect your privacy with Delete Me and as someone with an online active presence, privacy is really important to me. As I said earlier, I have a wife, I have children. I love protecting them, I love providing for them. That gives me purpose. But I'd like to protect them by not having people I don't want showing up at my house, knowing where my house is so they can show up. So that's part of the Delete Me service to me is making sure that that kind of information, like my home address is scrubbed from the Internet as best can be. Take control your data and keep your private life private by signing up for Delete Me now at a special discount for our listeners. Get 20 off your Delete Me plan when you go to join DeleteMe.com simply cyber use promo code Simply Cyber at checkout. The only way to get 20 off is to go to JoinDelevy.com cyber and enter code Simply Cyber at checkout. That's JoinTelemy.com Simply Cybercode Simply Cyber at checkout as always, anti siphon training continues to run there.

Black Friday 2025 special. Kind of a high ticket item, but Hear me out. $1,500 one time fee. You get a year subscription, access to all of their courses. Red team, Blue team, ir Cloud, AI Forensics, Threat hunting, osint. And you get a virtual ticket to their Wild West Hacking Fest conference in Denver. Mile High Fest I think they're calling it.

Huge value. As I've said before, fifteen hundred dollars is kind of pricey to dole out of your own wallet. But hear me out. If your employer has a tuition, not tuition like a training allocation, training budget, training, whatever, dip into that thing. This is uber legit and it's an easy sell. Get your employer to pay for it and then crush it all year long. Level yourself up and be off and running. I love it and honestly it's like, you know, what is that, like 100 bucks a month, 110 bucks a month or something like that. Any employer can definitely do that. It is way cheaper than a sans course and you get it for a full year. Not to mention some of the instructors like Kevin Johnson, you know, well I, I don't see him here but like dude, Bo Bullock is one of the trainers. Hayden Covington. I don't know if Eric Capuano's classes are in here but dude, it's just sick. Okay, 66666. All right, let's hear from Threat Locker really quickly. I actually met with Threat Locker yesterday. Looks like they're going to continue to support not just the simply cyber daily Cyber threat free, but the community member of the week in 2026. We have not signed a contract or anything but just so everyone knows, they love what we're doing, they love our community and they want to continue to support us. Again, no contract signed at this time but just letting everyone know I there, I told them about the community member of the week and how I wanted to continue to get that supported so I could give out Amazon gift cards and merch and they're like, oh, we love it. Yes, let's go. So just working through the.

You know, the contract and stuff like that. Divine dream divine first timer. Oh, she's saying hello to the first timer there. Let's hear from Threat Locker. Okay. I want to give some love to the daily cyber threat brief sponsor, Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night. Don't worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their U. S based Cyber Hero Support Team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCybert.

All right, all right. I see Z. Oh, Z said he didn't have the emojis. Now he does. Thanks for supporting Zenith. And if you want to know how to get those emojis, allow me to help you get there. As I. Hold on, hold on, hold on. Dr. Gerald Ozer wouldn't do this, but Jerry guy can do it. Shooting out five gifted subs right now. Pe pe pe there they go. Let them fly. To the five gifted members who got those like Dive 1337, DB3892, Isaiah Pew Pew and Travis Connor. Welcome to the party, pal. Welcome to the party, pal. All right. Hey, really quick. I do have an update. Listen, I'm not perfect at all. Trust me. Ask my kids. They'll let you know. Hey, yesterday's news. I, I, I think I've only done this once or twice in the thousand episodes that I've been doing the show. I need to.

Submit a correction. Okay, so yesterday on the show, if you were here yesterday, this was the final story and I lost my mind talking about FISMA 2002. How is this a new thing? What are we doing here? God, like I got all pissy. I think I swore. All right. I think it was Travis Connor. And if I'm getting the name wrong, I apologize. But a community member who's been more of a lurker than an active member, but, but very engaged with the community, reached out to me and said, hey man, you got the story wrong. This is the Coast Guard requiring like longshoremen and, and people that work at the dock. People who are basically inter, like private sector folks interfacing with the Coast Guard are required to take this training, which I think is awesome. To me, that kind of aligns with like CMMC and kind of where that's going as far as supply chain concerns and pushing down security requirements to third party suppliers. So I actually love this and I want to say thank you to the community member for reaching out to me and letting me know I do pride myself on.

Delivering a good show to you guys. Not just entertaining, but actual factual and educational. So if I get something wrong, I'm not doing it because I'm a jackass. I'm doing it because I either misunderstood it or my, my angle on it was incorrect. But I, I'm not so proud that I will push into, you know, double down on being wrong. Okay? So do me a favor, everybody bruising hacks knows what's up. Sit back, relax. Marcus Kyler and the Yeet crew. Pull that lever on the recliner, get your cup of coffee, settle in, snuggle in. If you're taking the day off, grab a blanket and let's let the cool sounds of the hot news wash over us in an awesome wave. I'll see you at the mid roll.

C

From the CISO series, it's cybersecurity headlines.

These are the cyber security headlines for Thursday, December 4th, 2025. I'm Lauren Verno.

Record breaking DDoS attack. Azuro just broke the DDoS record again, firing off a massive 29.7 terabyte per second attack that Cloudflare had to absorb. This botnet is basically a rentable army of up to 4 million hacked routers and IoT devices.

A

Oh my God.

C

And it's been hammering targets all year. Cloudflare says nearly half of those attacks are now quote, unquote, hyperv, volumetric, end quote. And one recent wave even disrupted parts of the US Internet despite not being the intended target.

A

Okay, wow. All right, so a couple things here. One, I hadn't heard of Isoro, but this is clearly a uber legit denial of service service. Okay? Now they might, they could have Gone. They could have gone legit and called themselves a stress testing service. But the, frankly the money's probably better.

On the criminal underground. So they, they, they've turned to the dark side, if you will. 29.7 terabits per second is insane amount of traffic. They're using a technique called UDP carpet bombing. Now I haven't heard of UDP carpet bombing, but as far as using UDP for sending junk traffic at a target, remember, without getting wicked nerdy and in the weeds, UDP is at the transport layer of the OSI stack. And it doesn't, it's connectionless, whereas TCP is connection full. UDP is connectionless. Which means it just, it just, you send it and it doesn't matter which is perfect for denial of service attack. Now the thing that caught my attention right away and again I've been working in industry for 20 plus years. It just you, once you, you know, if you've been around a minute, you kind of see trends and, and whatever, or if you're really old, like DJ B Sec, you, you remember these things when they actually happened. But at the peak of Mirai botnet, when the FBI got involved and when, you know, federal governments were concerned that this was a nation state threat actor, the Mirai botnet at its peak, I think it was450,000 to 500,000 endpoints compromised, router switches, Ring doorbells, etc, right? 4 to 500,000. And this got on the radar of federal law enforcement. This Isuru is 4 million infected hosts, literally 10 times larger than Mirai back in the day when it was, oh my gosh, this is a major concern. So like first of all, that, that is like holy crap dude, that's insane. Second of all, I can't believe it's gotten that large without law enforcement getting involved. Additionally, I want to know.

I want to know how is it building its botnet that large? Because with me, right, it was attacking default credentialed Internet of things devices. I, I don't know if Isuru is doing the same thing, but 4 million is quite insane. I do want to say that this graph shows the attack only lasted 69 seconds.

But you know, with these type of attacks it literally is a, it's a. You could do denial of service attacks many ways, but the generic way when you say denial of service attack, the thing that people normally think of right away is just large volumes of traffic being pushed down. Imagine if you will like a, like a flash mob at the mall. Well, you kids don't remember what malls are but like flash mobs or you know, a run on the banks or something when there's just like tons of people or tons of data all in one place, like legit traffic can't get there. How is this thing?

I want to know how it's getting infected because ultimately what I would like you to do is two things as a practitioner, number one.

Number one, I want you to be a practitioner and understand how this can impact you and how to defend against it. And number two, I want to understand how you, how you defend yourself from an overwhelming volume of denial of service attack and then how do you make sure that your devices are not compromised and brought into.

Into their network? Right.

See.

All right, well I mean if you want to defend from it, Cloudflare is kind of like the default standard service for handling denial service attacks. So Cloudflare, you know, if, if you're an online business, right, like simply Cyber Academy is online business but I use teachable as the infrastructure. So they're responsible for getting, getting the Cloudflare. But if you're you know, hosting your own SaaS service or something like that, you definitely want to make sure that you have a denial of service defenses. If your information security program is a bit mature enough to handle that and have the budget for it, frankly. How are these infections happening, bro?

It doesn't say. That sucks.

B

Bruh.

A

How does this.

Okay.

Yeah, it doesn't say how it's getting infected so I don't know. I would have to assume that it's very similar to Mirai of default credentialed devices. Exploitable devices like we've seen Fortinet devices and sonic Wall devices recently just have exploitable vulnerabilities, et cetera. So by the way, quick shout out to DJ B sec who pointed out really quickly I mentioned malls and how you youngs wouldn't know what a mall is. However, I guess Stranger things has made malls a thing again so people understand what they are.

C

React bug puts servers at risk A maximum severity vulnerability in React server components could let attackers run arbitrary code on servers without authentication.

A

What's up ag?

C

The flaw affects apps using React server function endpoints and even Next JS with app router as well as libraries bundling RSC like Vite Parcel and Redwood JS researchers warn nearly 40% of cloud environments may be exposed.

A

Oh my God. All right, so really quickly if you're running modern web apps like put it this way, my sister in law is a developer for a company and she's definitely a full stack Web app developer. I'm going to send this to her. Now, I'm not responsible for her organization's information security, but this is. This is a gnarly one. Okay?

Unauthenticated remote code execution. You see this right here? Like the headline? If you see unauthenticated remote code execution, your antenna should immediately go up. This is the worst. Which is further confirmed when a CVSS score of 10.0. That's the highest you can have for a CVSS score. All right, React and Next JS are really, really common text tech stacks inside of modern web applications. As the story, as the reporter said in the story, 40% of, you know, the Internet's web apps are thought to be running this. So definitely not good. I'm gonna go to DJ B, Sex EPSS tool. We're gonna give him another shot.

Hold on one second.

Bro.

All right, here we go. I'm copying this. DJ B sec.

What the crap? All right, here we go. Getting results. Oh, look at this. And it does have a CVSS score. 10. But there's no EPSS score at this time, guys. What I would say is it's just literally a remote code execution unauthenticated on a web app. Tech stack means that it's highly impressive that it's all on the in. Like, there's a. There's going to be a ton of these on the Internet that are exposed. You're going to hear about some sites getting popped pretty soon. Okay, hold on. Do we have a first timer here in chat?

Brian hw6wr. We'll call him at. Brian says first timer live. Been listening since September on Spotify. Brian, welcome to the party, pal. Welcome to the party. Love it. I'm actually super pumped that you made it here, buddy. And I'm glad that you've been listening on Spotify.

All right, so this vulnerability is called React to Shell. You'll probably hear about it in the news.

Unsafe handling of serialized payloads in the REACT flight protocol. So this is kind of a deeper, you know, embedded little problem. And if you're running these versions of the NPM packages for REACT Server dom, webpack, REACT Server DOM Parcel, basically the REACT Server DOM NPM packages of version 19.0 through 19.20, you're at risk. Right? So what I would say is this is not a burn it to the ground, rip the plug out of the back of the computer Internet thing. This is a really bad bug. But you. It may not be in your environment just because you're using a reaction.

Web, you know, web App that uses React technology in it. Go do the work, figure out if you're exposed to this particular vulnerability and get it sorted out. Also, I don't know if there is indicators of compromise. There is not. With something like this, you definitely want to not just fix the problem but then go investigate if you have already been exploited. Okay. A lot of people like GRC people, it's like, oh, like here's the, here's the fix, right? Gotta. Gotta patch it. Ah, you gotta patch it. Well, that's fine, but if you've already been compromised, then. Hold on one second.

Okay, There's a quick note here. Even if you don't implement a REACT server function on your endpoints or react server function endpoints, right. It may still be vulnerable if your app supports RSC or REACT server components. So you definitely want to make sure this is not like, listen, this, we cover vulnerabilities every day on this show. This is a really bad one. All right? One that you don't want in your environment.

I don't understand here is this. It's like what, there's no context to the blog you're sending me, man. So, okay, so immediate action recovered, right? Obviously patch these things. I want to see the.

Oh, this is great. All right, so Justin Gold shared this. This is great. Like this is literally I said I was going to send this to my sister in law. I, I'm going to, but I'm not going to send her this story. I'm going to send her this blog post. Because not only is this blog post call out the problem, but it actually gives you the, you know, the exact steps to run on your machine or on your servers to get this fixed really quickly. Do not just go whole ham on this thing and start running package updates. Use change control. Make sure you understand what the impact could be to your operations.

Because you could cause a problem. All right? Having said that, you should prioritize this as an emergency change. I don't see any indicators of compromise, which means you can't verify if you've been popped or not. Which sucks, but you know, good luck to you.

C

Ransom house attack cripples retailer Japan's A school is finally getting back online six weeks after a ransomware attack forced companies to order supplies by fax. The Japanese retailer thinks Staples meets Amazon for office goods, has reopened limited online sales for corporate customers and says it'll gradually restore its full catalog. The ransom house attack exposed customer and supplier data and disrupted supply chains for brands like Muji, which later confirmed its own customer data. Was affected. It's the latest in a wave of major ransomware hits on Japanese companies, including Asahi, which is still still recovering months later.

A

All right, I don't think anyone's got it out for Japan. I think that's just. I mean, United States gets hit every day, right? Multiple times a day. So I wonder if there's a, you know, simply cyber, daily cyber threat brief, Jap Japan edition, where they're like, oh, you know, the United States continues to get hammered.

It was Thanksgiving. If you're picking up what I'm putting down.

Listen, this is. This is awful for retail, okay? This time of year, people are. Got their checkbooks all greased up and like buying everything for everyone. Happy holidays, Black Friday, Cyber Monday. And when you're having to submit your orders through fax, F A, X Facts, not to be confused. Gen Z with fax, no printer.

It's not a good situation.

Let's see what happened to my. Did my computer just freeze? Oh, no, we're good.

I'm trying to see who hit them.

Ransom House is the ransomware threat actor group that compromised them and exposed whatever contact information and inquiry details from users. Whoop dee doo. Okay.

I would have to imagine that there was encryption of servers because stealing. Dude, ransomware threat actors basically do this. They either encrypt your data, exfil or steal your data, make a copy of it, or they do both, right? And occasionally they'll do a denial of service attack. Occasionally. Okay.

So the fact that they were. Were down would lead me to believe that not only did Ransom House take some data, which doesn't seem like it's super valuable, they also.

Encrypted the servers and brought them down. Now, this is a. This is a kind of a run of the mill basic story. It sucks for a school, right? Obviously. But hey, let me tell you this. This is a learning opportunity for you, whether you work in retail, manufacturing, healthcare, whatever. This is an opportunity for you to remember that ransomware is a top threat to be concerned about. And you should be doing tabletop exercises at minimum to validate and verify that you and your organization are capable of being resilient, continuing business operations in a limited capacity if you do go down, and more importantly, that you can recover quickly. Now, the reason I bring this up is because, first of all, you can see here that.

A school says on Wednesday, corporate customers can now purchase a limited range of products on its platform and they're gradually going to add more items as a restore system. So I would assume that this company, a school that has figured out, you know, where their bread is buttered, right? Where, where are they making money? And they're bringing the things up slowly but surely in a deliberate order. Now, they were kind of screwed for six weeks. And I want to point out, even though sending a fax, like a, a fax, you know, fax is awful and slow and whatever it is a business continuity solution, right? And hey, you could be completely down or you could send a fax. I applaud that they had at least something. Even though it sucked, they had an option available to continue some level of business operations. And this is why you at your business should be thinking about these things. Hey, if everything goes down, how do we continue to serve our clients? How do we continue to deliver business or product or whatever it is? Throwing your hands up and being like, I guess we're just down is not a great answer. It's actually a sucky answer. So work through it. Because believe me, you don't want to be this group right here.

You don't want to be a Jaguar Land Rover who didn't have an answer and was down for like three months and, and lost half a billion dollars.

B

Bro.

A

Again, listen, it's not my money. It's not your money, right? Like for the company you're there to protect. But I mean, if you take pride in your work, having your company be down for so long that you lose half a billion dollars, it's not a good look, okay? It's not a good look. And I'm not putting that on you. Exclusively cyber professional, right? This is a coordinated thing with I T and applications and systems and leadership and management and buy in and practicing and tabletops and all the things, okay? But this is when you pet. When you post a half a billion dollar loss because of a cyber attack, to me that is just an ugly look for the entire team.

C

Ransomware PAYMENT DENIED Unless.

The UK government is moving forward with a proposed ban on ransomware payments for public sector and critical national infrastructure organizations with national security exemptions to avoid life or death dilemmas. That's from Security Minister Dan Jarvis. The legislation would also require other businesses to. To notify authorities if they plan to pay a ransom. Jarvis called the current system, quote, not sustainable and is consulting across government, CNI organizations and allies in the Five Eyes and G7 to ensure the ban is effective and workable.

A

All right. I mean, this has been another, like, long standing.

Crude solution to ransomware as a threat. Don't allow them to pay the ransom. Eventually, threat actors will stop doing ransomware because Businesses won't be paying. There won't be any money in it. Well.

I just want to point out to you that threat actors steal the data and sell it to each other. They're gonna get paid. Okay, great cash, homie. This is why data xville is a thing, okay? Among other reasons. Okay, so now the UK is saying. Roswell, uk, please chime in on this. They're saying that you're not allowed to pay the ransom. This is, this is being proposed as a law. Unless there's national security exceptions. I want to say national security is definitely a subjective term. Right. Because, you know, to prove a point, in the United states during the 2008 housing crisis, private investment banks got bailed out because they were too big to fail. Right. It would have, it would have been a national security issue. So when you say national security, a lot of times people think like, ooh, like nuclear weapons and Secret Squirrel stuff and like, you know, at the highest levels of government secrets. And it's not. It's like, you know, functioning society. Which means basically, I hate to be such a jerk about this, but that just means that like, you know, say you're a, a mom and pop company, right? Well, you're not going to be able to pay the ransom because it'll be illegal. And you know, if your business goes out of business, sorry, it sucks to be you. But if you're, you know, Barclays or your co op or Mark and Slot or whatever that retail company is. I know, I butchered it. Roswell, uk, Marks and Spencer. Maybe you're too big to fail and you've got friends in high places. So I'm being a little cynical here. Again, I'm not entirely sure of what I'm saying is how it will play out. But.

Let'S see, I do wonder if this would include public, private sector businesses as well as public sector.

Okay, so they do say like a hospital and healthcare would be.

Oh, yeah, look at. So I don't research or prep for these shows. I certainly don't read the stories in advance. And you can see here we're looking very carefully at national security exceptions because we don't want people to face a choice between shutting a hospital down or going to jail. Exactly. To me, this is, this is the. The devil is always in the details. And what defines a national security exception is what's going to get the. This thing all gunked up and stuck.

So we'll see how it goes. It's a proposal right now.

And again they're saying, you know, ransomware has been a problem for eight years. The United States has done this at the federal level, right? Like if. If federal government gets hit, they can't pay the ransom.

It doesn't seem to have slowed anything down.

C

Huge thanks to today's episode sponsor Vanta. This message comes from vanta. What's your 2am Security worry? Is it do I have the right controls in place or are my vendors secure? Enter Vanta. Vanta automates manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started@vanta.com CISO that's V A N T A.com C CISO.

B

Feel like a.

A

Little piece of me dies every time. All right, hey, really quickly, Marcus Kyler provided a instrumental version of Simple Minds. I'm getting flagged right now because of the lyrics, so we're going to see if we can do this now. This is on YouTube.

Hey, wait a minute. Didn't Tyler Ramsby's stream get pulled down yesterday because he was playing something from YouTube?

I. Yeah, I'm not sure. Hold on. Give me one second. Okay? Give me one second. Let me. Let me. You guys get to see how the sausage is made really quickly. Let me just look really quick. I want to see if yesterday's show got pulled down because we did the other. The. The 11 one or whatever. You guys get to see what's going on here.

Yesterday was December 3rd. Let me look at this. All right, hold on.

Oh, yeah. Copyright melody or lyrics. Don't you forget about me. This is what it looks like, guys.

Con. All right, well, I guess we just freaking blow it out then, right? I mean, that would be the. That would make the sense, right?

All right. I don't know. Neck beard, guys, Here we go. Thank you all so very much for being here. Holla.

B

Holla.

A

I love this community and I appreciate all of you being here. Thank you so very much. I'm very transparent. JC in motion. You know.

I'm not big brain. I'm not 4D chess up in here. I'm just a dude with a podcast trying to make a dollar out of 15 cents like Tupac. Guys, thank you to the stream sponsors, Delete Me, Anti Siphon Threat Locker and Barricade Cyber Solutions. Guys, Barricade Cyber Solutions has been providing this amazing webinar series every other week. Eric Taylor presents a deep Dive Practical skills Hands on webinar on M365 configurations. And yesterday, did you catch his Microsoft Defender for Endpoint? I hope you did. Yesterday at 1pm, two weeks from now, December 17, right before the holiday, you can learn about compliance settings. GRC Mafia. Dial in, please. If you want to learn how to enable the Unified Audit Log and get full environment visibility, among other things, how to set a sensitivity label for not allowing forwarding of emails or docs, get on that dlp. Sure, we'll take some. You want to see a demo of Activity Explorer? We got you covered. Go on to webinars.barricadecyber.com now and register for this webinar. It is free to register, so get it on your calendar. And if you can't make it, that's okay, but at least you'll have the option. Dude, having options is awesome. All right, guys, I want to say thank you, all of you, every single day of the week. Hold on one second. Again, I didn't prep the show. So every single day of the week has a special segment. And Thursdays is what's your meme Thursday. Now, Dan Reardon makes these. I love this one. Dan is unavailable right now because he's doing. He's doing God's work right now. But dude, check this out. Okay, here we go. Here's your meme of the week. There it is. For those who don't know, Battlefield 6 came out. We've been doing a lot as a community. If you want to play Battlefield 6 with other simply Cyber Community members, there's a hobbies channel on the Discord server where people are sharing their bf6 tag. I know Shamiri is in there. James McQuiggin at 35, 000ft. Here is the squad I'm leading point. We got Justin Gold back here casually. Joseph's got the sniper rifle running scout, and Dan Reardon is in the back leading up the rear, throwing supply drops at us. So thank you very much, Dan Reardon. Like I said, I think this is super cool. I would make this my wallpaper on my phone or my computer if I was a younger man. Having this as your wallpaper is a younger man's game.

All right, thanks, Dan. All right, let's get our La la las on. We're gonna milk this song for every single second it's worth. And if you're watching on replay, you probably don't even see this because I might just carve this section out. So lucky you. All right. And if you want a link to this, I'll happily share it to you. Alpha Sierra, if you're in chat. Get ready to lead us off. Marcus Kyler, drum majors. Alpha Sierra is not here. It's just you. Marcus Kyler. Let's go.

C

La.

A

So good, so good. Great meme, great song, awesome community. Let's cook. Finish strong, everybody.

C

It's not just the Ivies. University of Phoenix hit by klopp. The University of Phoenix has joined the elite ranks of Harvard and UPenn, all targeted in Klopp's ongoing ransomware campaign. And Dartmouth attackers exploited a zero day in Oracle's E business suite in August of 2025, just a few months back, stealing sensitive personal and financial data from students, staff and suppliers. Phoenix detected the breach after being added to Klopp's data leak site and is currently notifying affected individuals.

A

All right, so at this point, you know, whatever, I mean, I'm not saying whatever in that. It's, it's. I don't, I'm indifferent or insensitive. Obviously somebody at Oracle who works in the sales department had a hook into the higher education scene and went gangbusters selling Oracle EBS to higher ed. All right, there's clearly a trend here. They all got slapped in the mouth. University of Phoenix, yes, it's not an Ivy League school, but it was the OG of online schools.

That was legitimate as opposed to like the scammy ones. Like what was like DeVry was devi legit or ITT tech. There were a couple of these early ones that like went wide and got caught being like, like unaccredited and stuff. Anyways, it doesn't matter. It's another business that got hit by Oracle ebs. It's clop ransomware. I've said it before, I just ordered a bunch of simply cyber flags. If I, if I was a, again younger man, I might get a co op ransomware flag because I think that they're the, the most elegant and, you know, well oiled ransomware threat actor. Again, I'm being playful. I don't support, condone or endorse cybercrime. It's just when you, when you look at all these different threat actors, right, you know, they start to have personality, they start to have signature moves and, and you know, it's like, it's like having a fabric favorite WWF WWE wrestler. It. For me it was wwf, right? Like you're either an ultimate warrior person, a macho man, Randy Savage. Maybe you prefer the tag teams like Demolition or Legion of Doom, whatever your bag is, there's a reason that you kind of gravitate towards one or the other. Clop. Ransomware whatever. So there's nothing to do here. If you're running Oracle ebs, you've probably patched it at this point. Ah, you gotta patch it. And you're just hoping that you're not the next threat actor to get, you know, basically come out. See Daniel Lowry went to ITT Tech, then it's got to be legit there. Do you guys remember it though? There was a slew of like online schools that were like, basically the predecessor to these like scammy boot camps.

C

Android expands in call scam protection Google is expanding its in call scam protection on Android to cover popular US banking and fintech apps, including Cash App and JPMorgan Chase. The feature warns users when an unknown caller tries to manipulate them into sharing their screen or banking info, showing a 30 second alert that can only be dismissed by ending the call. Originally piloted in the UK, the system now aims to protect Android 11 + users in the US from social engineering attacks that exploit urgency and panic to steal money or sensitive information.

A

All right, dude, I love this again, I know Google had to like shed their do no evil motto when they decided to put Google search in China because, you know, reasons.

But I love this, guys, listen, I. We get paid as cyber professionals to protect large organizations, small organizations, businesses, but at the end of the day, everybody needs Cyber Security. In 2025, everybody is using the Internet. There's only one Internet. And threat actors don't give a damn if they're robbing a business or they're robbing my aunt Dorothea, my dude, my good friend's parents got taken for like five grand a couple months ago. Excuse me, I don't want that. Dude, they're just trying to enjoy retirement and instead they got to deal with some, you know, jerk robbing them. So for this, thank you Google. I'm still not going to use Android devices, but Android malware is all over the place and having these like transparent overlays where it's stealing your, your pins and stuff like that. This right here puts an alert on the screen that you have to acknowledge and it doesn't go away for 30 seconds. So it's un, it's full of friction and Google knows that it's full of friction and it will cause you to force, to be forced to deal with it. And hopefully it captures your attention and makes you get that Spidey sense that hey, this is probably a problem. Now I will tell you, this is going to just stop technical attacks if a threat actor calls you on the phone and says that they're from Chase bank or Cash App or whatever and that you know they're trying to help you. They will be able to say oh yeah, no, no, like that, like the alert you're getting on your phone right now. That's why I'm calling you because it you are having a problem but I'm here to help you, right? So unfortunately this isn't going to solve all the problems. Definitely educate your end users and your loved ones this holiday season with awareness of social engineering and and whatnot. So good on Google, working with the different financial institutions and fintech companies to help thwart scams. But it's not you can't solve this exclusively with technology. I see Zach Hill is in chat. Hi Zach, he says hi Harold and team. Simply Cyber that's what they call me over at the Hill residence is Herald.

C

Another critical WordPress plugin vulnerability.

A series flaw in the King add ins for Elementor plugin is being actively exploited, allowing attackers to grant themselves admin privileges on vulnerable sites. The bug affects versions 24 12.92 through 51.1.14 don't worry, I have this all in the show notes and was patched in version 51.1.35 on September 25th. Since the disclosure, over 48,000 exploit attempts have been observed with attackers using the vulnerability to potentially take full control of affected websites.

A

As Phil Stafford casually put in chat wait, what a WordPress vulnerability?

Get your Kevin McAllister home alone shocked face on.

Guys, if you're wearing WordPress.

And like I guess if you're young or you're just getting into cyber or whatever, you're just waking up to technology. If you're running WordPress or you're responsible for an environment with WordPress, do the following Remove all plugins that you're not using. Make your, you know, whatever web admins aware that they can try out new plugins, but if they're not going to use them, get rid of them. Make sure you keep your plugins up to date and patched. Ah, you gotta patch it because if you just have this thing lingering, guess what? You're gonna get pwned.

Unauthenticated attackers.

Can specify their role without any restrictions. Which means what? Which role would you give yourself? God mode, Admin mode, whatever you want to call it. Root mode, system mode, whatever it is. Tldr if you're running these King add ons for elementor elementor version 51135 or lower, you're screwed.

C

Microsoft silently mitigates zero day oh yeah, Microsoft has quietly addressed A high severity Windows LNK vulnerability. Both state backed hackers and cybercriminal groups are using this flaw to sneak in malware like Ghost Rat and trickbot. In its November updates, Microsoft quietly made a change. Now when you check a shortcuts properties, you can see the full target field where the hidden command is. Though even with Microsoft's update, the hidden malicious command still exists. And Windows doesn't warn users when they click a dangerous shortcut. So it's not quite a full fix.

A

All right, so sending LNK files or Windows shell link files has been a technique for threat actors for some time. Usually. My understanding is it's usually sent via email. Like, oh hey, check out the, check out the invoice or whatever. And you know, it's, it's an LNK file which obviously will detonate. Threat actors distribute these files in zip or other archives because email platforms will block LNK attachments. There you go. So it gets through an archive where it's compressed in the email gateway. Doesn't see the LNK file. So it's like, oh, here's an invoice, you have to unpack it first. People fall these things, which is insane, but it happens. Okay.

So I don't think Microsoft was trying to be like super covert here. They just pushed an update and helped reduce the risk of this vulnerability from being exploited. And the vulnerability is human vulnerability, by the way. Okay, so what does this do now? You get to see patting the target. Yeah, yeah, yeah.

So again, this is a social engineering technique. So in the target field they'll actually add a bunch of blank spaces.

When. A bunch of blank spaces. So basically when you're looking at the command, you only see the, you know, kind of the executable, you don't see the actual, you know, encoded payload or what, whatever the, you know, payload is.

So as an end user, my entwart would be like, oh, looks good. Okay.

But now Windows basically made it so you can see the first.

Hold on. Yeah, now you can see.

Hold on one second.

I, I'm. What are we doing here? So.

You'D have to, here's the thing you'd have to look at.

Is there a picture of this? No. All right, so here's the deal. You can see here in this target field. This is dumb because like they actually like blank out the target field so you can't even see it. But essentially you would only see 260 characters, which means if the threat actor adds a bunch of blank spaces, then the.

You could see my mouse on screen right Here, which is why listening to it on Spotify, you missed this part. But like, the payload would be over here, right? So you wouldn't be able to see it. Guys, like, okay, thank you, Microsoft. Not a bad idea. But dude, like.

My aunt Dorothea, who, if you're, if you're vulnerable enough, okay, to unpack a zip archive, then run an LNK file. Okay? I don't know if you're going to right click and look at the properties of the file as a general end user, right? Like if you're an IT person or a cyber person, if you're pulling the properties file up on the executable, chances are you're already suspicious of it. My Aunt Dorothy is not doing this, okay? If anything, this might help prevent malware analysis from a cyber security professional who's like seeing weird in their environment and they pull this down. But dude, at that point you probably have several, you know, flags pointing out that this is probably malicious. Like an unknown sender, an LNK and a zip file probably proposing to be like an invoice or something else stupid, right? Like, whatever. Like, again, I don't know why I'm so mad about this. Like, yes, this is fine. Like, way to go, Microsoft. This is a problem. But like, I don't know if this is quite, you know, a zero day being patched.

C

Okay, Remember to subscribe to this.

A

No. All right, hold on one second.

B

Foreign.

A

Hey everybody. We had a great show today. Finishing just a couple minutes early. I don't know why. Two days in a row, two stories that are just kind of like meh.

But like I said, I'm Jerry from Simply Cyber. I do have a, a request or an ask of the community. I don't do this very often, but I would use this opportunity now. If you are available today at 4:30pm Simply Cyber Firesides. I've been doing this show at 4:30pm on Thursdays for probably four or five years. Okay. I, you know, I'm always, I'm always, you know, love to see you guys. Love to have it. This particular one is a sponsored one. Threat locker's coming on. This guy Yuri I met on Tuesday, he's a very nice guy, very, very technical, Ukrainian based.

They've. They're rolling out new functionality. It's. It's pretty interesting and I want to have them on and share it. But I would ask, please come out, come support the show again. I don't ask often, but I'm asking here, Please support the show. I'll drop a link in it, hit the reminder to notify you if you can. Here we see Firesides. And I'll probably ping everyone on Discord too. Come hang out, have some fun, even if you can only be there for half an hour until 5 o'. Clock. Mike Andruzzi, thank you so very much for coming on out and supporting and anyone who can come out, please, thank you. I would appreciate it. Okay, like I said, Threat Locker, this is part of this thing where they're talk, they're talking about renewing for 2026, which would be huge for the channel and for my ability to deliver this to you guys. So come on out. Thank you, Steve Young. Thanks Neckbeard. Thanks everybody. I appreciate it. All right guys, the value train keeps on coming. Don't go anywhere because we are about to get our Jawjacking on with one unbelievably wonderful person. Hey listen guys, just like I'm Dr. Gerald Oer, but occasionally I'm Jerry Guy, okay? Daniel Lowry is going to be your Jawjacking host today. But we don't know. There's been rumors that tech Neck, his alter ego, his hillbilly cyber infused, mossy oak wearing, monster energy drinking, pistol shooting, you know, alter identity has been known to crop up. So I don't know who you're gonna get, but I do know that you'll be in good hands. Come, stay, have fun guys. Happy holidays, Happy, you know, Merry Christmas, happy Hanukkah, all of the holidays. I just hope that you're enjoying the season, you're getting to work and spend some time with loved ones. I'm Jerry from Simply Cyber. Be well everybody. And until next time, which will be today at 4:30, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking where industry experts answer your burning questions about the cyber security field. Live, unfiltered and totally free. Let's level up together. It's time for some jawjacking.

B

Woohoo. What's up everybody? Welcome to the show. It is jawjacking time. It's your favorite technique. Oh, Daniel boy here, he's ready to do the thing, you know what's up. Everybody loves a good technic. That's right. Being a hillbilly and knowing about computers is an interesting combination and that's what we got going on here today. What's up everyone? Got my red siege hat on because it was the only hat I had available. But it's good to see everyone today. I hope you enjoyed Jerry, but he is now bitter. So fond adieu. It's time for us to get down and you know what to do. If you've got questions, you got comments, you got stuff you want to talk about, you throw it in the chats. And then I do my very level best to try to, like, bring some answers, some clarity to those topics. Sometimes I can, sometimes I cannot. But, hey, we do what we can. I love how Jerry was like, gun shooting, right? I feel like Yosemite Sam when I go that way. I'm like, oh, dar. You know, dang it, rabbit. When I says. Or the horse, that's what it was. Dang it, horse. When I says, whoa, I mean, whoa. Right?

Good to see everybody in chat today. A lot of great conversation already going on. Everybody's having a lot of fun. That's what this is all about. We have fun. We talk cyber. We elevate our knowledge base just a little bit every day, at least, hopefully, right? We want to be better versions of ourselves today than we were yesterday, at least by the end of the day than we were yesterday. Raising the bar for each one of us. Thank you, Jerry, for the rousing introduction and thank you all for joining me. So let's see what we got in chat already. And of course, throw your questions in there when you got them. But let me just kind of scroll along. Elliot Matisse says Daniel Lowry never had dull moment. You haven't been around me long enough because I can get pretty dull from time to time. Let's see here. Technics. Here we go.

A

That's right.

B

Just a little. Little special. Little technic special here. Just for Jerry. We're gonna do a little technic. I guess I can keep it up for the rest of the show. I. I'll be technic for the rest of it here. So if you're joining us today, I'm gonna bring some country hill folk style philosophy and insights to all of our cyber talks today.

A

All right.

B

Yep. Here we go. Let's have a good time with it. Why not? It is fun. Looking for some questions. Good comments. Bless your heart, Steve Young. You just bless your little heart to death. Which if you're from the south, you know that that does not mean anything. Good. That is a nice way of saying other things. There's my man, Tech Grunt. It's time to kick the nodes and light the firewalls. It's time for Tech Neck news. Yeah, Tech Neck News is tomorrow, right? Last 10:15 of the show over there. It's Cybercast IRL. You know, we like to a little bit of this right here. We look in the News. See, if we can't.

Just berate some crazy, horrible cyber news story. It's not too difficult to find. Any day that ends in Y is typically complete S show when it comes to. I don't want to give Jerry any more strikes than he's already got.

Oh, here we go. Simply cyber. Did you know Mandela effect. Yo, 70 Sam never said the word what in tarnation. I agree to disagree. I got you Mandela effect. I drank some Mandela effect this morning, and it is having the Mandela effect on me right now. I'm not gonna lie. I'm a little bit. You know, I think the technical term is drunkard and cooter brown. But yeah, you know, when you drink that Mandela effect, first thing in the morning, you gotta have a little bit of hair of the dog, you know what I'm saying?

A

Right?

B

Gotta have. My Uncle Dan's gonna have his. His cough medicine before he gets too deep in the weeds on this stuff.

Let's see here. What's going on? What you guys got going on today? Where's technic Ricky? Where is tech Ricky? I have not seen that boy's. He's technic. If I ever seen anybody with technic, right? Man, if I ever needed a technic partner, I know I could call me some tech Ricky, get his ass up in here. He'd do it. Let's see. Oh, here's a question. Here we go. What we got here? He says, I'm always messing up on information with the correct CTI articles. How to do better cti. That's a great question, man. I don't. I did not necessarily specialize in the cti, but you can set up some of the servers and stuff like that. But ultimately, you got to track what you got going on, right? So if you got yourself a little organization, they're in a specific line of business. Well, the thing you got to do is start looking at that miter, right? Start looking to see what are the threat groups, that kind of attack against that specific type of organization. And then start threat modeling that bad boy, right? Once you get threat model down, what's your most likelihood or what's the most likely? I told you, I was drunk. I was. The most likely thing to have happen to you vulnerability wise. And what's with the greatest.

What's the word?

Exposure, right? The. The worst that can happen, that has a high level of probability as well as the worst outcome. Those are the things you want to start honing in on and then go, okay, these threat groups starting to do that now. You start to track. Here's a cool thing, man. I'd really start checking into that diamond model of intrusion detection. That right there, man, that's better. My mama's jalapeno cornbread. I'm just gonna tell you right now. It's a real. It's kind of like a bit of a mind twist to get your head around. But once you do, once you kind of work that out, you're gonna be able to really do a good job with threat modeling. So I had to use it on Billy, right? I had. I had to use the diamond model on Billy because every now and then he'd just throw a walleye fit in the back room, trash the whole joint. I'm like, the hell's wrong with you, Billy? And X, Y or Z reasons. So I started tracking his capabilities, right? What kind of infrastructure do you have? He always carried a club on him of some kind. Every now and then he was armed. Never know what Billy's gonna do. He's. Hell, he's crazy, right? But we love him. He's my mama's boy. Let's see here. So that's what you can do, and then you start tracking him. You start doing your research, seeing what they're working on, what you can do and then what kind of things their. Their attack types that they do. Start building better fences around that stuff. So just doing better cti. Everybody here does cti. I know that there's a few folks out there in that chat room probably can help you out with that stuff. Get into a good CTI group somewhere and start getting them questions answered. That's what you're going to need to do. Get that support someone. That's really CTI Chef's Kiss kind of thing going on there. It's like putting that first water dip in your mouth first thing in the morning. You get with a good CTI group, man. They. They help you out. They'll help you out. All right, let's see here.

Random skills.

A

X.

B

Do you own a banjo? Inquiry Minds would like to know. My brother in law's got the banjos and he's. He plays that banjo like nobody else. I'll play a flat top. Get fiddle though. That's what's up. I flat pick just a little bit. Little bit. I can get that banjo roll going on. On a. On a big like Dreadn Martin, right? That's what's up. Good question though. I like that question. Make me want to pick up my guitar.

Man. Simply cyber wants to know what does alligator taste like? I'm going to tell you right now, it tastes like, delicious. It's like heaven in your mouth. It's nice and soft. It's not rubbery. It does not taste like chicken. For anybody that's interested, it's typically deep fried, which is where you get the idea that it might taste like chicken, but it's more like catfish. So if you've had cat fish before, very similar. It's like a. It's like a blend between. If you took catfish, frog legs and soft shell turtle, ground it up in a meat grinder, rolled it up in a ball, deep fried that bad boy into a golden perfection, washed it down with a natty ice, now you're in heaven, right? That's as close as it gets to the good Lord's realm. Right before you cross over into a, like a pearly gate situation is a good piece of fried alligator. Man, that junk is delicious. Oh, dag nabbit. That's right. Marcus Schuyler, I love that term. That's just a good.

Ellipsis. Says, I love you, dealer. I love you too, man. I love everybody here. And that ain't because I'm drunk. I mean, if I was. I mean, I do love you because I'm drunk, but I also love you. Love you because you're just cool people. That's how that go. All right, let's see. Let's see here. We're down in the hollow this morning. Dang right we are. Cyber risk. Witch.

Dad. Gov. It says space tacos, man, everybody turning into a tech neck this morning, ain't you? Isn't it fun? Isn't it fun to just go ahead? Man, if I have my overalls on right now, it's a little chilly this morning for the over, man. I got to get those thick car hearts on so I can get my overall action going on my suspenders and be like, listen, you just kind of settle on in that. That lovely, lovely draw, man. It's like the sun going down over the hills of Kentucky. Isn't it just wonderful? Isn't it just nice? All right, here. Let's see here. We got one from Mark King.

Not a question, but caught your series on network troubleshooting, and you're an awesome instructor. Well, man, I'm just gonna. I am. I. I don't even know what to say that I appreciate. I really appreciate that. I put a lot of hard work into that and I. I do the best I can to deliver information in a way that's engaging and makes it understandable. Because I tell you right now, your boy, I have re. Now, now, here's the thing, man. I only went to third grade, right? Right. That is three. Yeah. Because on the other hand, I only have that many anyway.

And I read these books, they got all that tech information in it, and I'm like, who's the. Some bitch that put this in here like this? Are you just trying to justify your PhD or what? I don't. Just like, you don't have to get so technical, improve your big brain, right? You gotta show your brain off front of your mom, Paul. You can just say, hey, here's information in a way that people understand. And here's the thing, man. I've been around some cool PhDs there, all right? Jerry, one of them, right? Jerry, he got that big brain. He put that big brain energy out there, but he cool like that. He don't try to, like, flaunt that business. He knows I'm but a humble pea farmer and that I don't understand all this big fancy jargon talk that he got from his school, right? So when you're writing your books out there, people stop writing books like you're talking to like, other really smart people. Pretend you're talking to people that don't know their ass from a hole in the ground, right? They don't know. They ain't got the sense to pour piss out of a boot or ain't got the. The wisdom God gave a sweet potato, right? That's who this guy is. I need you to break it down nice and easy. So when I start teaching people, guess what I do? I make it to where it's like, hey, man, here's the thing. Let me just put it in simple human terms, you know, Because I mean, half the time I'm drunk as hell anyway, so you think I'm gonna pick stuff up. You got your big old ten dollar words going on there, and I'm drunk. I gotta reread things six times just to pick up the first word on the thing. Come on, man. Come on. I'm glad you enjoyed it. Mark King, man. Check out my. We'll be doing some more stuff. I'll be having. I just dropped the course. I got one course here. Simply Cyber. Got pen test plus, baby. You go check it out. Watch your favorite redneck teach you some. Some pen testing stuff. Move you on up from that networking business and get you on into that pen testing business. That's what's up, baby. You know it's good. All right, let's see here.

Bruising hack says, I love overcooked shrimp. Hey, man, that's an interesting thing. I mean, that is kind of. You can definitely get that texture from Alligator Divine. Dream divine says alligator. Ew. I'm gonna tell you what, girl. You ain't lived. You ain't lived until you've tried it. Try to tell my kids all the time. Here's the thing, man. You just. You taste him with your eyes again. You taste him with your eyes. You close them eyes shut, and I pop one of them little bad boys in your mouth. You're gonna be like, well, that is delicious. That did. You got more of that. But I got a whole bowl of it right here. It's goodness.

All right, let's see here. Question, question. This one comes from Carrie, my man. My. Why was the hillbilly throwing disc in the fire? He was burning discs. Oh, man. I'll tell you what I like to do. I like to burn rubber because I like to party. That's what I like to do. I like to get that. I got that 1969429 Boss Mustang, baby. I throw it in the first gear and I start roasting them back seats, man. You know what's up. Get that bellow smelt going on there. You know that smell, that burnt rubber smell. And then you light it up. I will tell you a true story. Y', all. Y' all ready for story time on Uncle Dan? It's a true story. Uncle Dan used to have a Mustang Cobra. Yep. There was a time when I was cool. So I had this Mustang Cobra. One day I blew a tire and I come. I was coming from work now, I worked at an insurance company at the time. I pull over on Size road at a place called Eddie's Fast Nickel. That is the real name of the place. So I'm like, man, I gotta get this tire off. I gotta get that changed. I reach in there. I cannot find my lug key. It is. I must have taken it out when I was cleaning the car or something. But I can't get this tire off. So I'm like, some. What am I gonna do? So I go into Eddie's Fast Nickel. I'm like, man, you guys got a phone? Because I had no cell service out there. So I looked in a phone book called a Toka Truck Company. They said it was going to be 50 bucks for the first 10 miles or something, and then $5amile. And I lived like 30 miles away. I was like, oh, man, that's expensive. And I'm. I'm broke. Here's what's Up. I'll call you back. So I started thinking, how am I gonna get this car home? These old boys, they came in, no shirt on, jailhouse tattoos. One of them said, hey man, you said you need to get a, get a tire off. I said, yeah, brother, you know I ain't got that lug key. He goes, I get it off. I said, oh, really? He goes, I wouldn't be the first time I got one of them bad boys. I said, all right, let's go take a look. So we get out there, man's got, he's got a kid with him, right? So it's these two dudes. One dude, shirtless, prison tats all over. The tat on his back is of a naked lady swinging around a pole. I can't make this up. His kid is probably six. I think he was in a diaper. Yeah, Red popsicle all over his mouth. He's just kind of like staring off into space. I think he's about to attack me. He gets up underneath this thing, man. He just jams the four way lug on that joker and just cranks it and gets it off. I. I'm like, son, what good I would. How about that? He's like, oh, yeah, man. You just push it on real tight and it'll come off. I said, oh, you, you save me a bunch of money. I appreciate that. He says, yes, this is a true story. Kathy Chambers knows this story. He says, hey, man.

I got you, brother. I said, I really appreciate that. I said, I tell you what, man, you got me square. We get tire change. I said, you got me squared away. What you poison? He said, are you serious? I said, I'm. See, I get your case, what you need? He said, natty ox, baby. I said, I knew you was a brother from another mother. And his friend was there. He's like, well, oh man, I want to get bush. I said, I'll get you a case of bush too. That's still a cheap payment to get this done. They were like, call the boys. We are partying tonight. I bought him two case. He goes, hey, man, that's a cobra, right? He goes, you do me one favor when you get out of here? I said, name it. He goes, when you pull up out his place, you get on it. I said, that I can do good, sir. I pulled it out into the highway and I put it in first and I just roasted the rear tires, hooked up, finally hooked up, yanked it in the second chirp that gear took up. I see in the rear view mirror. He's in the middle of the street, like finger gun in the sky, screaming and hollering. I'm like, that's my boy right there. That's where Daniel Lowry's from. That's. That's what's up. So there you go. This was fun talk. We still got time to go though. That's a good time for me. All right, so let's see here. Questions, questions. That's right.

Let's get in here. Here's one from heartbreaker. Are there any significant updates on flock security, cyber security vulnerabilities or other mass surveillance topics in the scene? That is a great question. You know, I have not kept up on that. Has. Do a little Google searching. Has Flock survey. Well, Flock, I guess they're cameras, right? Or is it flock surveillance? I don't know that Flock place. All I know is flock of duck, man. You shoot them and you eat them because they're delicious.

Security updates. See if we can find anything here. So their Flock safety has stated that it addresses security vulnerabilities through a combination of over air updates and improved factory settings for new devices. These updates. Okay, that was. That's old as hell. I want to know now. Three days ago.

I don't even know this is. This. This is like. It is Flock safety.

It says public safety company Flock safety has built its surveillance system as a program to root out criminal activity on local streets. Man, I just call that man the government coming to get my land. Come forward. See what happens. What is Trump deporting? Blah, blah, blah, blah. That doesn't matter. I just. I just want to know about what? Why? Why? Oh, I guess it's because it's on politico. That's my fault. Politico not known for their cyber security news, but for their political news, definitely.

It's mostly just talking about the political side of things. So I don't know. You'd have to go to Flock security on that one. Or Flock. It's not. Is it flock. It's Flock safety. Flock safety is the name of these individuals. But I mean, it just goes to show you that you cannot trust. You know what? Let me get the. I don't need that. I'm showing. There we go. You cannot trust these types of systems, man. You got to do your due diligence. You always got to stay on top of things. So if you are employing any kind of flock safety devices, then you better be up on up when it comes to firmware updates, software updates, anything updating, make sure you change all the defaults. Don't trust that the defaults are a good place for these things to land, right? Because idors and things that nature, most of these things require some sort of web administration portal. You're using some bullcrap password. Something Billy come up with in his adel brain, right? Hey, I'm gonna make it. I'm gonna go with password 1. Oh, that sounds good, Bill. Real smart. What you making that for? My WI fi. Yeah, what you calling it? My WI fi. I see what's going on here. You're. You're just dumb as a tree stump, ain't you, Bill? My goodness, Billy boy. What are we gonna do with him? So there you go. Try to stay on top of that. I mean, if you are using that stuff, you gotta. You cannot let these things. I have not heard of it yet. I have not kept up with it. I've been busy with other things. And I guess I should probably deep dive myself into that. Maybe we'll do something with that on tomorrow's show and cybercast I irl. Let's see what else we got here.

Simply Cyber said he drank some Mandela effect this morning, too. That's good stuff, man. I don't like how it makes your tongue turn black, though. But what are you gonna do, right? Everybody walk around, they know you've been drinking that Mandela effect all morning because you got that purple, blackish tongue. You look like a. You look like a chow dog, right? Or a polar bear or something like that.

Let's see here. Here's Phil Stafford. What's up, Phil? Yo. 70 Sam says it in a movie in 1983. So all this depends on what you mean by original. Good point. Good sir. Good point. Love you got the detail. Bringing the detail in.

All right, moving on, moving on, moving on. I know I've kind of. I've got to get caught up. I went. I went a little hard in the paint on that story. So we only got so much time. We got 10 minutes left here.

Here we go. From Roswell, UK Great question. I already saw the beginning of it. How often do you back up? Every full moon or whenever the catfish stop biting. Listen here. The answer to how often do you back up? Is always not often enough, right? Because storage cost money, and it takes time to do backups and things of that nature. I used to be a backup technician. Now that's what I did. I ran backups every night. I verified them. I took them off site, took them to my fishing hole. I fished with them. We sat there and drank natty ice and howled at the moon. It was fun. This is back when I. This is like lto. I think the last time I touched a tape was lto, six tapes, or was it seven? I did not recall at this point. I was drunk, but there you go, right? So definitely that is a good reminder though, if you are not backing up your data, Billy, I'm talking to you. You know, when it. Mr. Password1, you got to back it up, right? And some backup better. No backup, that's for sure. That is. That is God's truth right there, right? But as the Navy SEALs like to say, two is one and one is none. So take another backup of that backup. I've been there, man. I remember back in the day, I started messing around with this little lovely tool called Partition Magic, which had an affectionately changed name to Partition Tragic. And then I found out why that people called it Partition Tragic. Because it will straight up delete your stuff and you'll be like, well, wow, what's going on? Where's all my fishing pictures? Where'd all my recipes for granddad's moonshine go? They're gone. Unrecoverable. That's gone. That's out of here written over. You're like, haha, that's. Then you got to go to the bar with the boys and cry in your beer and say, oh no, what are you gonna do? And you say, I'm not gonna do that again. I'm not gonna get bit by that snake twice. I already lost three toes to that fight.

True story. Anyway, moving on. So. Good point, good point. Take your backups, kids.

Let's see. Here's one from Space Tacos. What's the next class I'll be taking? Teaching. And which accent will you be teaching it in? Oh, you know, that's a good question. Maybe we'll, we should create like a, like a multi sided die with accents on it. We'll just roll it, see what we get. Someone could probably spin that up with in the, on the interweb somewhere, right? That'd be fun to kind of do.

All right, here you go.

Oh, man. Heartbreaker, you asking a tough question here. The old redneck in me just says, AI is the devil, right? It's. It's. It's what was talked about in the scariest parts of the Bible kind of stuff. That's what it feels like. But then there's another part where you're like, well, maybe, just maybe, but you're talking about regulation or lack thereof.

Man. Oh, I don't know that I can. I don't know. I. I don't know. This is such a new and different and scary roller coaster that it's hard to keep up with what the hell is going on with there and whether or not we should be regulating, because if we regulate it, then we can't keep up. And if we keep up, we build something that could very well take us all to hell in a hand cart, right? But then you. The idea of, well, if the other people build. If others build it, they're just going to build the same devil, and it'll take us all to hell in a hand car. So should we. I mean, I feel like. Honestly, I just wish I'm pro. Dear Jesus, please just stop. AI make it a really cool tool that we all love and get to use to make cool, funny memes and make our jobs a little bit easier, not destroy economies and right. That. Whether or not it needs regulation, make that happen, man. I. This. This boy's only got IQ of 72, so I think that's above my pay grade. Honestly, I have personal opinions about that that I'm not willing to express at this moment in time.

Because it ain't my show.

But that's an interesting thought experiment right there. Y' all need to start. I will say this. If you're not thinking about it right now, you sure as hell should.

All right, let's see here. Moving on. Moving on. We got five minutes, and y' all gotta bust over to that old Cyber mentors podcast, because that boy's gonna teach you how to get you a job. All right? Jay Gold coming with the Gospel of Paul right here, Ain't nothing better than jalapeno cornbread. It is pretty dang good, isn't it? With a slab of butter right on top of that bad boy, and it's melting down. Oh, man, you put a piece of that cornbread on top of your head, and your tongue will beat your brains out trying to get to it, won't it?

Code Brew Cyber is absolutely correct. Tech Neck is more of a foam trucker hat vibe. Absolutely. I've got to get me a good foam trucker hat.

Let's see here.

Marcus Kyler.

Speaking of drunk, did y' all hear about the raccoon who broke into the liquor store, got drunk, and passed out in the bathroom? I heard that raccoons right now are, like, adapting to urban society, and that kind of like dogs did, right? That we. They started realizing that, hey, man, if I just act all cute and be sweet to these people they feed me, I ain't got to go Looking for the food. They give me some of their hard earned vittles. They just throw it on the floor, let me have it cooked and everything. Seasoning. I'm not eating just raw flesh or whatever it is I eat because I guess if it's a dog, yeah, that's what they eat because they're canines, right? And that's. That was like the start of domestication of dogs. Are we looking at the new, like, the new pet, the new family pet? I'll tell you right now, this little bastard, they get up in my garbage cans. I. I am willing to put out a. An honorarium to. The raccoons have just stopped dumping over my trash because other than that, we got to go to war. I'm gonna electrify the cans. I'm gonna do all sorts of be dead raccoons everywhere. I don't care for that, but I'm sick of cleaning it up. Three minutes. Got three minutes. Tech grunt. Oh, my Lord. Billy the intern has entered the chat. He can't stay out of the chat. He's always in there, that boy. Steve Young says, love me some jalapeno cornbread. I don't know how you can't.

Roswell UK Technic. Danny, is it true when you replace old tech with new tech, retire the old. You call it a swamp?

True story. That is a true story called swamp out. That's right. Oh, this is good stuff right here from Find the Truth cti. J, the man is amazing at cti. If you need something to follow when it comes to cti, you could do vastly worse than ctij because he has got that stuff on point. Good job right there. Find the true. Two minutes. Where are we at? Where are we at.

Man? I'm trying to just. I'm okay. I'm gonna drop down, I'm gonna catch up with where you guys are because I. I missed a lot telling my story.

Heartbreaker says the morbidly obese raccoons online are the best pets. They are so sweet.

A

Another thing.

B

I love her in a big old chubby raccoon. Ain't want to do nothing, lay around and eat stuff. I'm like, look at him. Ain't he cute as hell? Is he not cute? Here, have some natty ice, buddy. Get them drunk. They're fun. Don't piss him off, though. Tell you what, you. You can't handle no pissed off raccoon.

Oh, man.

Bruising hack says I got him laughing so freaking hard this morning. Good, good. That's the way to start the day. Right there. That's how we do it. We got one minute. Anything else?

I'll hide that message. Let's see here.

Anything else? Anything else? Well, looks like it just evolved into fun, fun times. I'm so glad we had a good time today, kiddos. There's you a little. A little preview of Tech Deck news, kids. We have fun. We talk about crazy redneck people. Because that's what I am. A crazy redneck guy. Y' all didn't know that? You see me at the conventions, you're like, oh, it's that guy from IT Pro tv. Taught me how to get my. Whatever. That's the real D right there. All right, everybody, thanks for watching, and I appreciate you showing up today. Hope you had a good time with it. I know I sure did. I gotta find, like, where is this stuff? Is this it right here? Yeah, there it is. So, yeah, we're gonna peace out just a few seconds early so I can let you guys jump on over to that Cyber Mentors podcast, man. Till next time, stay secure.

Sa.