DJ B Sec (13:50)

From the CISO series, it's cybersecurity headlines.

Sarah Lane (13:57)

These are the cyber security headlines for Tuesday, February 10, 2026. I'm Sarah Lane. UNC 3886 targets Singapore Telecom sector Singapore's cybersecurity agency says China linked APT Group. UNC 3886 carried out a targeted espionage campaign against all four of the country's major telecom operators. The group used a zero day exploit and rootkits to gain access to parts of critical systems. Authorities say the intrusion didn't disrupt services or expose customer data. Singapore launched a counter operation called Cyber Guardian and says the attacker's access has since been cut off.

Dr. Gerald Oer (14:41)

Oh, I don't know why and hopefully this isn't like discriminatory, but when I hear like Singapore launched a defensive strategy called Cyber Guardian, like it the as soon as they said it, it's like China attacked Singapore and then Singapore, all four major ones. And then Singapore did this one. It's like, I don't know, like to me it's like a Kaiju coming out of the ocean. You know what I mean? It's like, ah, hold on one second. Like there, here we go. Like the Dan Reardon. I feel like, like this is like Singapore launching Cyber Guardian. Like they're just like bubbles out of the ocean and then, you know, beats back China from being into their isps. All right, so check it out. China has obviously, China as an advanced persistent threat actor has discovered, for lack of a better term, that the telecommunication sector is very valuable. Very juicy. If you remember the United States, nine top telecoms were all compromised, which is still disgusting to say in 2026. The, the fact it killed. Oh my God. It blows my mind how normalized it is for China to attack the United States top telecoms. And it's not good. But we're all just like, okay, okay. You know, it doesn't result in any like, type of like geopolitical fallout. So China sees the value of it and now they're continuing to cook on other countries, namely Singapore at this point. Now Singapore obviously much different than the United States as far as its Pacific Rim area. A lot of technology forward stuff. Their four major telecoms were compromised essentially. But it says in here that Singapore was able to beat them back. Now I do want to remember remind you that China is incredibly good at espionage, incredibly good at advanced persistent threat operations. Very sophisticated. So as much as it sucks to say for Singapore to say oh no, we, we totally rooted them out and beat him back. I don't know like what level of confidence do you have in that? Because remember you can't prove a negative like to this day unless you replace all the hardware. Russia's attack on Solar Winds. You can't have any 100 assurance that Russia's not still kind of lurking in some of the Solar Winds victims infrastructure. I feel the same way with this right like okay, thanks Elliot Mati. Because China is so good and they basically have the playbook on compromising telecoms after, you know, warming up on the United States. I just, I just don't know. Now they, they do say that they have no evidence that the threat actor exfiltrated personal data like customer records are off inter or availability. Sure. Like this is one of these. Okay, so listen really quickly. The whole, not the whole value but one of the main like tenants of Simply Cyber's daily cyber threat brief. Like one of my firm value points is going beyond the headlines and telling you things that you may not realize. Okay so listen, this story, you read it and you're like okay, no evidence that there was data exil of customer records or Internet cut off. Great dude. To me when I read that I'm like okay, like obvious like China is not trying to attack Singapore's telecommunication infrastructure to get customer records nor are they trying to do it a denial of service. Like that's like saying you go into like Gordon Ramsay's restaurant to order chicken nuggets. Like that's not what they're doing. They're an advanced military backed capability doing high level sophisticated espionage. They were probably in there to monitor and discover certain, you know, communications or to be able to pivot into other, you know, like get customer in like not customer information Excel but like who's got the phone numbers? Like you know, this important VIP or this business leader. Who are they talking to? What are they doing? Like they're not, they're not, this is not like Some Eastern European 25 year old ransomware threat actors smashing and grabbing all the things. So like for me personally and please community chime in on this, when I see this, this is great window dressing for people who don't know, but like, for people that know, I'm like, okay, like were you trying to hit a minimum character count or like give me security theater so I feel safer in my bed at night? Like, obviously China didn't do this. You know what I mean? This is like saying the United States doing some type of like, you know, next ninja level thing on an energy sector Russian OT infrastructure and then saying that like customer data wasn't impacted. No kidding. Okay, so anyways, yeah, China's doing Chinese things again. On the geopolitical landscape, there seems to be no consequences for this. China floated a hot air balloon or whatever with you know, gear underneath it across U. S territory and it was a big news story for a minute. And then it wasn't China. I think not allegedly. I think there's like high confidence. Attacked several energy sectors, several telecommunications companies. No fallout. North Korea attacked Sony Pictures in 2017. No fallout. Or 2021, whatever. It was like, what are we doing here?

Sarah Lane (20:49)

Searchers at ontinu analyzed a Linux based malware framework called voidlink that can persist across enterprise and multi cloud environments including aws Azure, Google cloud, Alibaba and Tencent. It steals credentials, fingerprint systems, escapes containers and hides at the kernel level while using encrypted traffic that mimics normal web activity. Analysts say the code shows clear science of AI assisted development with leftover debug logs and structured phase labels suggesting it was generated by an LLM with limited human review. 1.

Dr. Gerald Oer (21:29)

Well, all right, all right, all right, listen, I can get down again. Like I, I guess this is my bug up my butt today. The reporting versus the reality when you understand. So they just said this void link malware, which. They've been talking about this void link malware for like weeks now. Okay? This thing is a Linux attacking Linux. And hold on, it was a balloon. It, they've been talking about it targets Linux, but really the, the, the big stick here is that it's LLM built. Now the reporter says it's obvious that it was LLM built and not had human review.

Sarah Lane (22:12)

What?

Dr. Gerald Oer (22:13)

How can you possibly say that? The human, like very little human review. Humans are lazy, okay? And like I'll, I'll be first in line, okay? Like, so I'm not saying, I'm not saying like everyone else is lazy and I'm two thumbs. Well, 1.9 thumbs and working my butt off over here. But like, just because they left like commented code in stupid labels, that doesn't mean it Wasn't human reviewed it just means they didn't clean it up. Have you, have you seen, you know, like if you. I guess I'll just put it this way. I used to be a professional software engineer. Like people actually paid me for code. Like developers.

DJ B Sec (22:54)

You.

Dr. Gerald Oer (22:55)

What you see on the front end, like the application where it looks all pretty and slick and everything, that's fine. The back end, it could be duct tape, bubble gum. There's like a really famous meme of like a, it looks like a Cadillac with like chandeliers mounted on the front and different colored panels and everything. Like that's still a car. It still drives you. But it, it looks all kind of jacked up on the back end. 100 the deal. So I, I push back on that now. Now what I want to ask the community is and Phil Stafford, John V. I'm looking at you specifically but I'm really open this up for everyone. When you look at like when you look at content that is produced by an AI, like, like blog posts and social media posts and reports and stuff like that. I don't know about you guys, but personally I, I've, I've like, dude, AI has been like mainstream for a couple years now. Like, I personally feel like when I read content, if it was AI generated without, like, without any extra cleanup or fixing, right? Like those M dashes and just kind of the vibe of the content, you can tell that it's written by AI. I don't know about you guys, but like, I'm not saying I can 100 say that's AI or not AI, but a lot of like, you know, just give me a blog post about this topic and it generates out like that. I feel like you can tell it right now if you go through and say, do it in my voice. And here's like, you know, here's two hours of me talking on a podcast or here's my, my last 50 LinkedIn posts. Use my style as a starting point. Well then it becomes much more nuanced. Right? I want to ask, I want to ask the, the community here. Are there indicators in software that AI develops or LLMs produce? Vibe coded? Okay, Is there vibe coded indicators in the code base? Now listen, you can show me a SaaS app that's gross from a security vulnerability perspective. And I'm like, yep, that's probably vibe coded. But what I'm asking you is when you review the code, if you find a binary and you unpack it or disassemble it or it's interpreted and you Just look at the source code in a browser, I mean, excuse me, in an editor are there indicators and what are they? I would love to know, and I'm sure the whole community would love to know what are some of those like obvious things that as soon as you see it you're like this is vibe coded all day, every day, let me know in chat. But anyways, as far as this goes guys, this, you don't need to worry about Void Link today. What you need to worry about is faster malware being developed and pushed out. It's going to have bugs, which means it's going to be, you know, vulnerable to compromise. So threat actors aren't going to like that. But dude, do all the things have EDR behavior based checking. If you can start looking at your identity and access management, your, your non human identity governance. I'm going to be spending a lot of time in the next couple months talking about AI governance, machine identities, conditional access for them, all the things I, I actually just read a report around the current state of CISOs in their cyber programs. As far as like how they're handling machine identities. It's not good by guys. So really quickly I, I don't normally do this but because I did ask the community I want to, I want to share this with everybody in chat. So Phil Staffer, one of our AI experts says each LLM writes their own way. You can tell if you're not already trying to screen it away. Except they go away soon. I'm not entirely sure. Let's see. Where's John? John's just screaming yes, I love it. So John, what are those indicators? The high effort stuff is near impossible. For sure. For sure. Okay, I'm looking here. What are the. The back end is always spaghetti. John says okay, if John, I mean Phil says okay, so we'll keep on going but I, I will be keeping an eye out. Guys, I, I know it's not a perfect technical solution, but you, you do have to have like that sixth sense, that spidey sense about AI generated stuff and then address it, address it accordingly. So John says another, this is another simply cyber community member who's very, very educated on the AI space. John says AI model providers design the models to respond to the coders and users with next logical steps. For example, you asked for some code from an LLM and then they will end the response with would you like a YAML file? I'm sure he meant YAML file there but all right, so there you go.

Sarah Lane (28:03)

135,000 open claw instances exposed to Internet security Scorecard Researchers say more than 135,000 Internet exposed instances of the open source AI agent platform OpenClaw are vulnerable in. In part because the software listens to all network interfaces by default and a lot of users never change the setting. The tool's been linked to multiple high risk flaws and data leak issues, and more than 50,000 exposed systems are still susceptible to a patched remote code execution. The platform's design and widespread insecure deployments could give attackers access to credentials, files and other sensitive data across both personal and corporate systems.

Dr. Gerald Oer (28:50)

Bro. All right, so Open Claw. Dude, this is, this is like so. This is so 2026. And I'm not even saying like Gen Z or Gen X or this is so our society right now. Hey, here's a. Like, do you like how nobody reads the story? They just read the headline and then form all their opinions on it, right? Nobody like spends the time to do the fact checking. This is it right here, open. If you guys haven't seen it like, and, and don't do this. Please don't do this without like doing your research. This is Open Claw, right? All you have to do is run this one command effectively and it will install on your system. Okay? Now I'm obviously simplifying this. Obviously, okay? But because it's that easy, you've got everybody in their cousin who's like, look at this, I'm super powerful. I'm just gonna automate my job away, right? And they have no clue about any of the security hardening. Like again, I'm not, I'm not any great shakes, okay? But like I have spent days preparing, researching, hardening my instance, okay? And I'm not even done yet because once, once I install Open Claw today, there's the entire application layer of backup and continuity and hardening that needs to happen as well. Okay? Like, like taking. Taking the soul of basically all of the Open Claw configuration. Because one of the things with open clause that it's constantly learning from you taking all of that and backing it up offline. So if my, my. The buffer osier flow studio. If the hot takes are too hot and the studio burns down, I gotta backup of the soul of this thing, okay? Everybody's going yolo by the way. So I'm installed mine. Just this is another like thing. I. I installed mine on a Mac mini and I've got it all hardened. It can't see anything on my network, nothing can come inbound to it. Etc. There are, I'm literally saying like hundreds of videos on YouTube and most of them are around setting it up on a vps. Okay. It's a lot of like affiliate marketing, like, oh, hey, here, here's how you set it up on a cloud instance, use my code for whatever and you know, whatever. So most of these instances, I guarantee you are cloud based vpss. Now this is definitely going to lead to a compromise, definitely lead to some problems. Now let me tell you, let me tell you something. Let me explain to you what the risk is here because two things. One, you might be saying to yourself, like, who cares? Like I'm not doing anything really crazy with my open claw. I haven't, I'm not really putting, putting sensitive information in on it. Okay, so from a GRC professional perspective, let me break down what the risk is of this. Okay, GRC mafia, get your pencil and paper. You're gonna have to. This is why you don't want to see this on your company network. Okay, here's the deal. The likelihood is increasing because everybody's talking about it. It's gone viral. It's incredibly easy to set up. People who don't know what they're doing can set this up. Which means, means Carl in accounting, Tina in engineering, Bobby in research. Like it's going to be wide. So first of all, you should be looking in your, looking in your network logs for OpenClaw AI as a domain name. If you see, like literally if you see this command being run in your environment, which, hold on, let me show you. If you see this command, if you go to openclaw AI, you'll see the command. If you see this command running in your environment, in fact I would even go one step further and just look for this particular URL because you may not, the user may not run the entire thing, right? They may not pipe it into executable, they may just run pull down the PowerShell so they can look at it, right? But anyways, if you see that in your logs, immediately, immediately go to the end user's computer and say, what the hell are you doing? Okay, so let's talk about the risk here. Here's the risk number one, you have to put an, like this open clause, useless without an API key. Okay? So if a threat actor can use prompt injection, if you have this thing checking your email and they send an email with a prompt injection in it, your AI is going to run the prompt that's going to execute. So now you could exfil your API key and a threat actor could go spend all your money. That's like the least of your worries. Number two, most people, if they're, if they're setting it up with all the default configs, chances are the AI has full access to the operating system that it's being hosted on. So now threat actor can have the AI do things underneath like create accounts, reach out and pull down second stage payloads get weaponized. If you install this on a corporate asset, a company asset, they can execute and detonate on your machine. And now they have access to a company resource, they can ask the AI, or the AI might already be doing this, scooping up all the secrets. The AI wants to be the best helper it can be for you. And what better way to help you than getting access to all the things that you have access to so it can help you. But threat actor can get that as well. So it's, there's like multiple problems here. One is the AI is getting massive amounts of access to a threat actor can trick it to do the things right. So just remember, if you're giving it access to calendar, email, all these things, there is a reality where a threat actor gets to tell it what to do. Also a lot of people are using like Telegram to control this thing. That's fine. There is no validation of who is sending the telegram message. What? Oh, I see. Okay, so listen, no one. So just like you have an Echo device in your house and someone walks into your home and says echo play Slayer Volume 10. Like the Echo device isn't validating who made the command, it just executes. So if a threat actor gets into your Telegram channels or you do a group chat or something, the AI is going to execute the command as it is. So people are like moving recklessly with these things, these open claw instances. I'm telling you right now, if you see these in your environment, you absolutely need to get involved with it. Okay?

Sarah Lane (36:06)

Zero click flaw in Claude Desktop Extensions Layer X Researchers found a zero click vulnerability in Claude desktop extensions that could let attackers execute code on a victim system using a malicious Google Calendar event. Affecting more than 10,000 users and earning a CVSS 10.0 rating. The flaw stems from how the extensions chain tools together with full system privileges and no sandboxing, letting low risk inputs trigger high risk actions. LayerX says Anthropic declined to fix it based on the fact that the issue falls outside its threat model because users choose which extensions and permissions to enable.

Dr. Gerald Oer (36:50)

Dude, that is a lazy, ridiculous argument. Anthropic's not going to fix this because you get to choose whether or not you install it. Broseph, that's like the lamest excuse from a software vendor I've ever heard. Oh, we're not going to patch Windows because you can use Mac. Like what? That doesn't even make sense. All right, so here's the tldr. If you're running this Claude desktop extension, you got to patch it. But there is no patch, actually, now that I think about it, because they're saying that it's on you, I guess you got to uninstall it essentially. Dude, zero click compromises are no joke. Somebody can send you a calendar invite, which you can't stop, and as soon as you read it, they can do remote code execution on your box, which is not good. So what I would recommend saying, and I'm speed running this because I spent so long in the last story, is you gotta let people know, man, this desktop extension app for the Claude thing is, is, is, is bad. You gotta uninstall it. I do run the Claude desktop app, which is basically just a wrapper for the Claude website, but it's not the desktop extension. I don't know, man. I. For me, the story is like, dude, after Anthropic spent all that money dunking on open AI on the super bowl, they're going to come out with this thing. I don't know, man. So since they're not going to fix it, I mean, you gotta, you gotta, you gotta, you gotta uninstall it or, or run at risk. But dude, I'm telling you, with AI, I wouldn't run at risk in anything. Especially with a zero click compromise, you'll never know.

Sarah Lane (38:43)

Huge thanks to our sponsor, Threat Locker. Want real Zero Trust Training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4th through the 6th in Orlando. Plus a live CISO series episode on March 6th. Get $200 off with ztw ciso6ztw.com.

Dr. Gerald Oer (39:15)

All right, let's go. All right, all right, all right. We did all the sponsor ad reads at the beginning, so we can do this. I will be cutting this out on the replay, so for those on replay. Hey, what are you doing? Computer? I don't, I don't know, dude. Sometimes I'm like, today I just do that. All right, guys. Hey. Shout out and thank you to the stream sponsors. Threat Locker anti siphon flare material. Definitely appreciate them supporting the channel. Remember, the links are in the description below. Clicking on them, checking them out. It does help the Channel. It does help the community significantly. So thank you for checking it out. Every single day of the week. Every single day. Every single day of the week has a special segment. Tuesdays is tidbits Tuesday. Guys, I gotta tell you, this is kind of a weird one. I basically, I share things. I share things with y' all and we see if we vibe so really quickly. I don't know about you guys, but I, I try to use, I try to use like digital everything, right? So it's very clean, not a big mess. But just yesterday I had to make the call. I have a dry erase board that's like this, you know, like, I don't know, three, two foot by four foot or whatever. I dug it out of my attic and I brought it down. I have so much going on that I, I, I need a dry erase board. And I'm literally writing down like active work, active deliverables, active tasking, things coming up next week, things coming up two weeks from now. Like me personally, I can manage a lot of stuff, but at a certain point, it becomes too much. And the only way that I can ensure that I don't miss something, drop something, get, get confused or whatever is I have to physically start writing it down so I can look at it all the time. I don't know if anyone else feels that way, but yeah, w. For the dry erase board. We have all the technology in the world and I still need to write it down. Same with reports. Another, another thing, another thing. So if I'm going to read a report and then highlight it and stuff, take notes, I have to physically print it out. It's just, I don't know if I'm old. I know I'm old. I don't know if I do that because I'm old. Folks in, folks in chat let me know. Do you, do you write your stuff down? Do you need the physical paper or is Gen Z just all digital? I know, I know. Casually Joseph can just like basically plug into the bracket of his brain, like neural link. But for the rest of us mere mortals, let me know. All right, let's get the La la la la's going. Here we go. Marcus Kyler, Alpha Sierra. Please lead us off. La. Oh my God. It. Dude, that just hits different right S. Cole07, I think captured it in the most succinct way possible. He simply said unk. So if you're looking for a definition of unk, I think me in a dry erase board is the answer. All right, let's speed run the back half. Of this. We got about 15 minutes before I got a boogie out of here. Eric Taylor is in the green room to bring you jawjacking.

Sarah Lane (43:27)

China rehearsing cyber attacks on critical infrastructure. Leaked technical documents reviewed by recorded future show China using a secret cyber range platform called Expedition Cloud to rehearse attacks on the critical infrastructure of nearby countries. The system replicates real world power transport and smart home networks, letting reconnaissance and attack teams practice operations and analyze results in detail, potentially with AI assisted automation. The platform suggests state sponsorship and, and potential evidence of China preparing offensive cyber campaigns despite official denials.

Dr. Gerald Oer (44:07)

Bri, okay, I, I hate to be that guy, but allow me to be that guy. China rehearsing cyber attacks on neighbors critical infrastructure. Bro, I don't know if, I don't know if the word rehearsing needs to be here. Like China, like the, the first story was how China has attacked Singapore and their telecommunication, which is critical infrastructure. China's attacked Taiwan. Like they just attacked, I mean, obviously the United States several times, like South Korea, you know what I mean? Like, I don't know, why are they like, okay, they're rehearsing. I don't know if this is like a, like kind of framing it in order to not get called out. Yeah. You can see here Beijing's been accused long time of running extensive offensive cyber campaigns. Of course. Yeah, so. Oh, okay, okay. So, okay, so hey, listen, this is like less of them rehearsing and more. This is a training platform to teach their operators how to execute attacks on OT and ics for sure. So let's see what kind of poor OPSEC they did. This leak was shared with recorded future after being discovered on an exposed unsecure FTP server. Oh boy. Okay, cool. So, dude, I, I tell you what, man, you. It doesn't matter if you're English speaking, you know, I guess Chinese speaking, right? Cantonese or Mandarin or whatever it is. It doesn't matter if you're old, you're young. It doesn't matter if it's 2026 and AIs everywhere or if it's 1975 and you know, it's like you're considered, you know, a dork if you buckle your seatbelt things, man, humans are going to be humans. 2026. One of the world's top powers, right? I mean, let's be real. China is a, you know, incredible first world power. They have one of the best cyber capabilities out there. Largest country, huge influence. And they have their sensitive training program on an FTP server exposed to the Internet, apparently unsecured this is clear text protocol. Creds are sent in the clear ridonkulous. It has all their engineering and system architecture personal files on the FTP server of the developer and his wife as well as several types of malware. So this. All right, so here's the thing. Number one, if you are developing malware as part of a contract for a federal government, may I suggest, I don't know, setting up a separate file repo for your personal stuff. Like I don't know if this guy was like doing his 2025 taxes and he's like, ah, I'll just stick it here for right now because it's easy. So I, I've never seen that. That's ridiculous that this guy had personal files on this FTP server. Secondly, I don't know if this guy was vibe coding or not, but there's like a perfect example where like a human knows that this is a stupid, stupid approach to managing your kind of like your files on some type of like corporate infrastructure. And it's, you know, people are going to find it, dude. If you're an American and you stand up an FTP server, some like, and I say American just to kind of flip flop this, someone's going to find it on the Internet within a few minutes. Like within an hour. That's a really reasonable estimate. Okay, so like it doesn't matter. Technology doesn't care what your politics are or what language you speak. If you set up insecure infrastructure, you will be punished for it. This is ridiculous, dude.

Sarah Lane (48:24)

All right, Pay confirms ransomware attack. Bridgepay says a ransomware attack caused a system wide outage affecting its payments platform, disrupting card transactions for some restaurants.

Dr. Gerald Oer (48:37)

Oh my God. Really quick. I just saw this and it's totally funny and so true. Code Brew says Open Claw set up an OT security attack training platform with FTP server capability plus help me and my wife do our 2025 taxes. Sure, I'll get right on that. Right, like that's exactly like it feels.

Sarah Lane (48:59)

Vibe coded retailers and municipal services. The company says initial forensics show no payment card data was compromised and any access data was encrypted. The FBI and Secret Service are assisting in the investigation. Follow.

Dr. Gerald Oer (49:16)

All right, so BridgePay is one of these platforms. I think it's a lot like Stripe. A lot of small businesses use it to essentially outsource their credit card processing capability, reducing or eliminating their PCI scope of their systems. And some ransomware threat actor group took them over, knocked them out, screwed them over, which ultimately had downstream impacts because, you know, casually, Joseph's ice cream truck couldn't take payments. Cash only. You know what? My, My son is riding his bike, doing wheelies all over the place, and then wants a cool treat. He's not rocking around on cash, right? So basically, this resulted in loss of revenue for small businesses. I, I, I, I am surprised. I am surprised that the Secret Service and FBI are involved with this one. You can see here, Bridgepay said an initial forensic investigation indicated no payment card data have been compromised. Again, you got to remember about the motives of threat actors, okay? In 2026, we have many, many different cyber threat actors with many, many different objectives. So I know that, you know, like, stealing credit card information made a small comeback, like, last year. Like, I, I don't know if you saw that, but, like, Mage Card and Magento and some of those more traditional kind of like, web skimmers, we're making a comeback, but for the most part, this particular attack, it's a ransomware threat actor. They don't want credit card or information. They don't get time for that. Ain't nobody got time for that. They're looking to smash and grab, steal some data, dork up your availability of your services by encrypting your systems, and then getting paid straight cash, homie. Straight cash, homie, to give you the keys back. They don't want your credit card data. They're not picking peanuts out of elephant poop here. They're shutting down the entire circus and charging you to give you the keys back to the circus. You know what I'm saying? So, like, I don't know, man. Like, yes, that's fine. Credit card data wasn't compromised. That's fine. But I wouldn't expect it to be in this instance. The fact that U.S. secret Service and FBI are involved does surprise me. I'm a cynical prick, and this would be a tinfoil hat. So let me do a tinfoil hat really quickly. Tinfoil hat, me says, somebody at bridgepay. Somebody at bridgepay is connected. Somebody at bridgepay is got friends in high places because companies get. Oh, did I just freeze? This doesn't look good. I look frozen. Okay, I'm back. Companies get ransomwared all the time. Companies get knocked out all the time. Right? Like, I, like, I could pull up a dozen examples from the last month, and you don't hear FBI and Secret Service are on the scene to investigate the incident. Right. You can contact for anybody in chat who has contacted IC3, the FBI, to notify them that they've been cyber attacked. How many of you have been, you know, had the FBI respond in any meaningful amount of time besides like acknowledging that they got your submission? So again, I suspect that somebody at BridgePay has got friends in high places.

Sarah Lane (53:01)

From latest Ivanti Zero Days spreads, Ivanti's Endpoint Manager mobile zero day flaws have now been linked to around 100 victims. With Shadow Server identifying 86 compromised instances and warning that multiple threat groups are exploiting the bugs. The two unauthenticated remote code execution vulnerabilities, each rated 9.8, have hit organizations, including Dutch government agencies and infrastructure. At the European Commission, Rapid7 says exploitation attempts increased after disclosure with hundreds of attacks observed in a day. With nearly 1,300 Internet exposed EPMM instances still at risk.

Dr. Gerald Oer (53:46)

EPMM, not to be confused with EPMD. Ooh. And if you don't know EPMD, they are like very, very golden age hip hop, you know, early, early. Okay, so Avanti endpoint Manager mobile has two zero days. Okay. Epmm. I guess this is like mobile device management or MDM for Avanti. Avanti, I would argue I have worked in environments with Avanti technology. I'll tell you this, in my opinion, Avanti, you typically see Avanti in like mid sized business. So like thousand endpoints, you know, you know, 500 million give or take annual revenue, those kind of businesses. And it's, I mean it's legit, but it's an enterprise grade solution. This is used for security related capabilities, which means to me, when there's infrastructure that can be compromised that's related to security. So like think of like a patching system or an identity and access management system, a VPN technology, a firewall, those get elevated priority because they're literally your security. So if your security gets compromised, what else you got going on, right? These EPMMs, if you're running Avanti, Avanti suffered several high profile compromise or vulnerabilities last year, 2025. It was mostly around the policy gateways and the VPN technologies. So this is totally different. But if you're like bought into the Avanti ecosystem, you may have this in your environment. And the good news is, for lack of a better silver lining, is that you probably know the IT counterparts responsible for the Avanti technologies and you can get with them quickly to get this resolved. Now the patch came out on January 29, which means you should have already patched it. You gotta patch it. If you're just finding out about this now, two things. Number one, go patch it. Number two, go threat hunting in your environment, you'll. There's obviously going to be some type of. Not obviously, but I would seriously suspect that there are going to be indicators of compromise that you can look for in your environment. To see. You could see as of Monday afternoon. So yesterday, shadow server scans identified 86 compromised instances based on artifacts of exploitation. Artifacts of exploitation are essentially indicators of compromise. You can go look for these things and see if you've been punched in the mouth first, fix the problem, then see if you have an issue. This is no different. Okay, then hearing a report that there's like an uptick in like ants. Ants in your. In your house. Okay. Like, oh, we're getting a report of ants in people's houses. So you go make sure that all your sugary products in your pantry are sealed tight. Then go look to see if you have any ants. Right? You might not. You might. It doesn't. It. There's no way of knowing without doing the threat hunting. Okay, this is a pretty nasty 9.8. They do say 9.8, but these are actively being exploited in the wild. So spoiler alert, it's actually a 10.0, so I don't know why they say 9.8, but whatever.

Sarah Lane (57:15)

Warlock gang breaches Smarter Tools via smarter mail Bugs SmarterTools says the Warlock ransomware group breached its network by exploiting two critical Smarter Mail vulnerabilities, including an unauthenticated remote code execution bug and an authentication bypass flaw, both fixed in January. The attackers gained access through an unpatched server, compromising about a dozen Windows machines, though the company says business apps and account data weren't affected. Smarter Tools also observed similar attacks on customer systems, with the group targeting Active Directory to spread ransomware.

Dr. Gerald Oer (57:54)

The c. All right, there you go. So the threat actors compromise Smarter Tools and. And then move laterally to get to the active directory server and then basically deploy ransomware and malware wide across the business. If you remember when I was talking about anti siphon training during the sponsor reads, and I said, oh, next Wednesday, Eric Kuhn talking about new Active Directory security enhancements. This is where that training ties into reality. Okay. You can use this training to help harden your ad instance and maybe threat actors don't pivot over to your ad instance and then use it as a distribution center to compromise all your assets in your environment. CVE202624423 we're going to go over to EPSSLOOKUP.com drop it in here. Hit the button. Oh, and you can see. Look at this, guys. You got a basically a 9% chance of getting compromised in the next 30 days. This is a 92 percentile. Bad. This is really bad. Like this is one of the worst vulnerabilities in the environment, in your, you know, possibly in your environment, that if it gets compromised, you're really going to have an unhappy day. Let's see you. The vulnerability allows an attacker to point a smart mail instance to a malicious HTTP server managed by the threat actor and then can deliver malicious commands. So if you're running. This is a straight up. This is a straight up. Do this today. If you're running Smarter Mail, you have to take action. This is like a pause the show, go get this sorted out. All right? Smarter tools had 30 servers with smarter Mail installed throughout its network, but it was unaware. Okay. All customers should update to a fixed version of the software immediately and use IOCs to investigate. This is literally what I just said with the last story. Fix it immediately. Ah, you got a Patrick. And then go threat hunting. A lot of times people fix it and just move on to the next thing with something like this. This is really bad. You have to do some level of due care afterwards to, to, you know, take a look. By the way, you can't prove a negative. So even if you go threat hunting and see nothing, that doesn't mean that you're not compromised. It just means you didn't find anything. So this is why cyber security professionals, you know, self medicate, frankly. And I don't mean just doing drugs or drinking alcohol. There's different ways to medicate. But what I'm saying is this is one of those ones where you have to get comfortable with uncertainty, patch it, go threat hunting and then, you know, to the best of your ability, if you're running Smarter Tools or Smarter Mail, you have to take action on this, right? Especially if you're running in a Windows environment. If you're not running in a Windows environment, less of a problem. But you could still get compromised. Realistically, everybody's running in a Windows environment. Very few businesses are running in a non Windows exclusive environment. So get that sorted out. All right guys, let's cook. All right, everybody that's gonna do it for today's show. I hope you enjoyed it. Today was February 10, 2026. It was a Tuesday. Episode 1065 we went through the top stories. I hope you got value. Shout out to Phil Stafford and John V and others for their insights on AI vibe coded content to see what it looks like. I definitely appreciate everybody's thoughts and engagement in the chat. I'm learning as much as others are in the community. This was a banger. I'm gonna go teach the Citadel. But don't go anywhere because Eric Taylor is going to be our guest host for Jawjacking. Simply Cyber Media Group expands beyond just me. We have several professionals who are bringing value to the simply Cyber community. And you've got 30 minutes of jawjacking with Eric Taylor, digital forensics expert. So if you have questions around cyber career, digital forensics, incident response, etc, get ready to drop them in chat. Put a Q in there so he knows that they're for him. Guys, I'm Jerry, your chat. Until next time. Stay secure. Let's go. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some jawjacking.

DJ B Sec (63:13)

Thanks, Jerry. It's a morning. If you can't tell I'm traveling, definitely hairs of freaking mess. Even so, if you can't tell, a little tidbit. You know, I got curly hair, so anytime there's like, change in humidity, like, I live in South Carolina. I'm down in the lower Florida area, right outside of Miami area for another couple of days. So definitely humidity has changed. And unless I put, like 10 pounds of, like, goop in my hair, it just goes goofy. So forgive the. The craziness. Looks like I've been all day, right? But hope everybody is doing well. I gotta remember my camera is not there. I'm using the pocket three so that way I could feel like I look at y' all a little bit better. Let's get some music going. How's everybody doing? Hopefully everybody is unshoveling from snow. I've been living in a bubble under a rock, I guess would be more like it. So I'm not sure, you know, if there's a lot of snowstorms still going on, I think we got them all gone. There's been other certain unfortunate items that are taking a lot of the new store. The news channels this morning. So. Or this week. So. What's going on, everybody? Davy, crack it. Doctor Fernandez, Sorry, I'm not sure how to say your name, but what's going on? Nerman? What's up? What's up? Pocket three. You like it? Is it worth it? I like it. So if you don't know, let's see. I've actually got. So a lot of times when we travel, I talked about this last time, we got a new series that we're doing, the Ass Barricade. So we kind of do this but in a more structure. You submit questions and stuff. So, you know, got two of these that go around with us, myself, Lisa Kim, all that will be, you know, recording answers to the questions that are being submitted. Tons of questions coming in. I've also seen a lot of people complain like, like you fill out a job application when you submit a question, but we're literally doing that just to help prevent spam. And if you want to be mentioned that we answered your question and we can get a hold of you like, hey, you're. We answered your question coming out on the channel on Tuesday. And it's, you know, to keep in touch with you hear from Mickey. Here in the uk, the weather is beautiful. If you like moody weather or cloudy weather. Yeah, I don't mind it. I don't mind it at all. I'm actually considering. So we got a conference coming up in London area. April, May, something like that. So maybe heading. Maybe heading that way like Jerry said. If y' all got any questions, definitely put a Q in there and a colon so that way I can find. Oh, just like John here. Do you have experience with AGI? If. So, what are your thoughts? AGI, Is that a different term for something I already know? I thought you almost said you're talking about agentic AI, but AGI, what is AGI? So either my skus are. My Google FU is messed up just because I'm a business owner. Everything in my Google is like AGI stands for gross adjusted gross income and blah, blah, blah. So you can't put in the chat. What AGI? I'm. I think I know what it is again. I think it has something you're talking about an AI. I think of like a, like artificial something intelligence or something. So, yeah, agentic AI. So no, I don't. We are messing with some AI stuff. You know, we've got. I'm messing with Claude code, both tied into the anthropic AI and through Ollama and trying to figure out, you know, where the real power. Because cloud code does some pretty cool stuff. It's fixed some. Some powershell scripts that I've been struggling with for a while, both because of time and because I was racking my head trying to figure out. Sorry, something fell, rocking my brain, trying to figure out where in the world this code, this code error, and it wasn't sensitive information by any means, like anthropic could freaking leak it out, I don't care. It wasn't sensitive. So I was like, you know what, let me throw this into clock code and see what I can do. And it did. It didn't get it a hundred percent, but it got me over the hurdle that I was facing and I was able to figure out the rest again. So, I mean, and again, it was one of those projects I wanted to get a script that I needed to get out. And I've been battling off and on for like three weeks. So again, just threw my hands up and I was like, you know, let's just see what this thing can do. And it worked out really, really well. Again, got me over that. But trying to figure out, you know, where that power is. Is it in my CLAUDE code, the actual CLAUDE code, the CLI version, is it in anthropic or is it in the combination of the both? And what it looks like is the combination of the both while tying in CLAUDE code into ollama for Q Win, I think is how you pronounce it, the Q U or Q W E N Local model, both the 3B and the 70B. It's doing that. But what we're looking at now is taking something like Node Red or N8N or whatever and doing like a prompt, say, hey, take this PDF and parse out the IOCs for it, right? Something simple, you know, record feature, put out an article or you know, bleeping computer, name your news article of choice, pull out all the relevant information, pull out the IOCs. That way I can go threat hunting with it because I just didn't want to copy and paste a whole bunch of stuff. Can you take it, feed it into a llama through qlan, double check what it did against CLAUDE code, inject CLAUDE code back into it and just make sure it goes in a circle until it's got an acceptable answer automatically and then produce a result. That's probably one of the next things we're going to be working with. So. And if that works well, coming up with like vanilla AI or some other SQL data platform that uses a SQL database, that way you can train your local model off of stuff, again with non sensitive information and be able to build out something that you need to build out. Kind of did a little behind the scenes. Not secret sauce by any means, but yeah, anyway, Hopefully that answers your question, John. I know I went long winded on that. I know we do have only 30 minutes, but I definitely want to make sure that we are answering qu. We only had a couple of them so that's good. From Mickey. Is there a specific resume format that is specific to the cyber world? No, and to be honest with you, I don't think there ever will be. And you know, not even just the cyber world but in you know, any business. And the reason I say that is you've seen Jerry's comments earlier and I'm, I'm. Yeah, I'm just like him. I love a whiteboard. I use the trash out of my notebooks. I'm much more of a visual and hands on learner and visual like for 30,000 foot view stuff and hands on for the nitty gritty. I mean I learned the best when I'm actually doing the thing. It's just the way I learn and I use the visual for like I need to get A, B, C, D and E accomplished, you know and then lessing the priorities and stuff like that. So a visual for that aspect. But you know I learned the most when I'm actually got my getting my hands dirty so to speak. And I've seen a lot of yalls comments like you know, freaking boomers here and all that.

Dr. Gerald Oer (72:21)

Right.

DJ B Sec (72:23)

So I say that to say a lot of people are going to review your resume formatting in a different light. Now your format that you put out that you think looks amazing, it's well formatted, it doesn't got a lot of color or it's just two bland. So you spice it up. You know, you can put 10 people in a room and half of them may not like it. There's an old running joke, I'm not sure if you guys have heard it or not. Put a patient in a room with 10 doctors and you're going to come out with 12 different diagnosis, right? So I would just say put something together that looks professional, you know, maybe run around your peers like hey, is there anything professionally wise, aesthetic wise? Now I do know there's a lot of organizations out there that use an ingesting tool and I forget what the name of it is but it kind of look goes through and tries to filter out a bunch of the keywords and stuff like that and rank you in the importance of severity for considering for a review with hr. So in that particular situation is your formatting really that big of a deal? Probably not the part that I don't know and maybe somebody in chat can definitely let me know and let the rest of us know. Again I don't know because I just don't have an experience with it. But let's just say hypothetically we'll click on Blockbuster because I literally just seen them down the road. You're submitting your application, your resume to Blockbuster for like a district manager or something. You know, as soon as it goes through that AI or auto processing system that they may or may not have. Again, I don't know if Blockbuster does again, just using them as an example, you know, once you go to HR or the district or regional manager, are they getting a stripped down version of your resume or they get an actual copy of your resume? I don't know. So again, it depends on who you're applying to. You know, is it good to have like a blue side? Well, you know, like all your highlights and then all of your technical or, you know, plain white. I will say, I will say because we've been doing, trying to go through some interviewing processes as well. Please do not let the platforms build your resume because I put certain keywords in my job description for a Falcon administrator that came immediately verbatim in the application. The resumes that were being submitted over, I'm like, yeah, you don't have a real resume. You just let AI take your job experience and put it into the resume. And to me again, this one person, I found that little lazy. Like I would. Me personally, I would rather you put together something in Word and send it over than to do that again. That's just me though. So I say all that to say everybody's different. Everybody unfortunately is different. And there's no. I don't know if there is a right or wrong answer. Except for, you know, I wouldn't put Winnie the. Even though I love some Winnie the Pooh. I love like my office bathroom is decked out in Winnie the Pooh. Like I've been a massive Winnie the Pooh. That's probably the non mat. Most non masculine thing a guy could say. But I do love me some Winnie the Pooh. But I say that to say that, you know, just do, do your best. Just do your best. Go out there and knock it out of the park. Let me ask you a question as well. I think this is a trend that a lot of the influencers and maybe even Jerry has been saying lately. I don't know. Again, I've been so heads down. Unfortunately, I have been. I haven't been tuning into a lot of the shows. I'm so sorry, Jerry and the team. But is it a tactic now where we've gone back old school? So I remember growing up talking about AI and I see there's only a couple questions. I just want to take Another moment and ask this. I remember growing up, you would fill out an application long before computers were a thing. You rode your bike everywhere when you didn't have a license yet. And you stayed on literally till the street lights were on and we all drank from garden hoses across the neighborhood. And nobody yelled at you for stomping on their yard because it's just a bunch of kids getting the water. Then again, that was also the time we didn't pay for water in a bottle. Anyway, anyway, I digress. I knew that back then, like, if you wanted to stand out, you would fill out your application, then you would wait a couple days and you would call them, hey, did you get. Did you see my application? Yeah, Just want to make sure you saw it, really interested in the job, blah, blah, blah, thank him for the time. Then you wait like five, seven days. Calm again, like the persistence. Have we come to that? Because again, that was something we're seeing. Like people are emailing the team with their resume. I was like, I didn't find. I didn't know how to take it. I really didn't. A part of me was like, why are they just not doing the process right? Why are they not just submitting? But I was like. Then I took a moment. I'm like, is it where everybody's using AI to auto fill out job applications now? That's a way to stand out again. And those people stood out for good or bad, I won't say either way. It's just interesting. Again, I'm not yelling by any means. I'm not yelling at anybody for doing that. Just interesting. Anyway, onto it, because like I said, we only got a little bit of time. All right, what are your. Your favorite resources for building, maintain and vulnerability management programs? That's a really good question. So if you're new, if you haven't really heard me ramble a lot, I'm a huge CrowdStrike fan. We use the CrowdStrike for everything. Like, we always warn people about vendor lock in. I'm pretty vendor locked in with CrowdStrike. I'm not gonna lie. I rely on them heavily. It's because I know the platform and there are other tools that do what CrowdStrike does, but, you know, they haven't caused enough pain point and friction for me yet to really warrant another one. But anyway, I leverage their exposure management in there and we use a CTI platform called Open cti and it's free. You just got to host it yourself. But the key thing is to pull from external feeds into it so I'm looking at my CVS a CVE plus I use my own tool, the EPSS lookup tool to do my client notifications and things of that nature. Yeah, that's why I built the EPSS lookup or advanced it. It was originally done by another dude but it just still was lacking. So if you scroll down you'll see inspired by but yeah, really built on that thing to meet what we needed it to do. And that's how I do it. All right, what else we got?

Dr. Gerald Oer (80:59)

What else we got?

DJ B Sec (81:03)

Are there still any block but there is. Is that dude still around? They're on Twitter X whatever you call it now look up the last blockbuster. I don't know if it's still active or not. The account may be not responding more, but for the longest time I think it was in Colorado or something like that. But there was a last blockbuster and it was in operations to the best of my understanding. Understanding. Well, at least that was a year or so ago. There was still a at least a perceived blockbuster still running. With all these malicious extensions out there, how should an organization contr secure, securely control, approve and monitor browser plugins and extensions? Oh, that's a good question. So I found the easiest way, and most people do not like this answer, but the easiest way I have found is to use Enter ID. So having your local environment tied to the Microsoft 365 and your devices being hybrid joined, that works really, really well. The only reason I say that is now back in the old days, I'll just tell you, hey in there, you can still do this. You can set up a GPO for approved and unapproved browser plugins. However, you got to know every browser, every browser's got to be in the gpo. All that. So first things first, you have like two approved browsers, say Edge and Chrome, right? Whatever your two may be, Firefox, Brave, whatever it is, pick two try to make sure you can be able to get it into the GPO for those controls alert on any unapproved browsers and just work on the approved and denied white or work on the white listing of approved plugins from that aspect. Usually you can do it by gpo, but I don't know if you can get some of the other browsers into active directories. Gpo. Now if I say that out loud, I don't think you can do like braving them in entra id. I don't think so. Now that I'm thinking out loud, I think it's only Edge that you can do an entre id. Yeah, I could be wrong, but if memory serves me right now I've had a moment to think about. I think that's correct. So again, recap. Approved. Unapproved. Make sure you're alerting on unapproved browsers. That'd be the first thing. Then work on how to get deny all except for these approved browsers. You know, as much as I hate to say it, you know you're gonna go full blacklist. Like everything is nuked and you're going back and white listing the approved stuff. All right, last question because we only supposed to be at 30 minutes here. My girlfriend, who does not have any ticks experience wants to migrate into tech while we decide grc. I'm out the I out the GRC master course. How can I mentor her to you? The course I have a. I'm trying to. I think I understand your question. Maybe I don't have enough coffee in me. This morning we decided. So. Justin Goldwyn. I'm sorry, I don't fully understand your question. I really don't. But I do think I get a gist of what you are. So if I'm not answering this correctly, please forgive me. I would say two things. One, if it sound looks like part of it you're trying to flush out or you're trying to go through the GRC master class. I assume that's Dr. Gerald Oer's master class. If so, just kiss.

Sarah Lane (85:50)

Good.

DJ B Sec (85:51)

Good work. For you.

Sarah Lane (85:54)

The.

DJ B Sec (85:54)

For your girlfriend who wants to get in tech but has no tech experience, I would say she needs to under us not understand. That's a wrong. That's incorrect. What sector of tech does she want to go into? Like even. I'll use an analogy if I may. You want to be a. A mechanic. Okay, you want to be an auto, marine or diesel mechanic. Okay, you want to be a marine mechanic. You know, so you're only going to work on outboard motors and stuff. Are you gonna. Are you scared of water? So you're only going to do dry docked marine. You see what I'm saying?

Dr. Gerald Oer (86:35)

There.

DJ B Sec (86:35)

There's nuances to all of it. So understanding what tech she wants to do and getting to that nuance is going to be very beneficial. Doesn't say I want to do tech is really, really beneficial, broad. And I'm not beating you up. I'm just saying help her go through. What does she enjoy and then more importantly, what does she not enjoy doing when working on with computers, when messing with computers and tech. You know, she might find that she loves freaking Iot hacking. Like, she likes to rip apart a vacuum cleaner or an Iot camera and just scroll down, watering, and just doing all that. You just never know, right? So find out what she likes to do and more. Again, more importantly, what she doesn't like to do, and just try to help her navigate those waters. Like, okay, you don't like this? Perfect. And let her tinker. Like, hey, go check out A, B, and C. Go play with that for a couple weeks. Let me know what you think, and just guide her on that path. It's a personal journey. Not everybody, even in this chat, everybody likes and dislikes things individually, all for the same reasons. So, again, it's everybody's own journey. Finding out what makes them tick, what makes them inspired, and being able to do what they want to do. That's. That really is a key, and that's how you help prevent burnout in our industry. All right, ladies and gentlemen, we are coming up to the bottom of the hour. Thank you all so much. Again, I mentioned it earlier. Yo, we do have askbarricade.com so if I didn't get your question, either save it for next week or go over to askbarricade.com we're queuing up the questions, things of that nature. Hold on one second. Kim is. I can't. It's actually after. It's right at the 30. So sorry. We'll queue it up maybe definitely come back and talk to Jerry, because he is the GRC man. He's the man with the plan when it comes to grc, ladies and gentlemen. So go. Definitely talk to him. And, you know, he could be able to answer your stuff in a little bit more nuance, but at least for your girlfriend, that's the advice I would do. And that's what I tell everybody looking to get into tech. So hopefully I at least answered half your question. Come back to tomorrow. Jerry's gonna be on here doing doll jacking. Ask your GRC again. He'll have a lot better of an answer. That's another thing to always learn, ladies and gentlemen. Know what you're good and you're not good at? It's a lot of personal growth. And don't be ashamed to say it. I'm no GRC master. I hate documentation.

Dr. Gerald Oer (89:23)

Right. So.

DJ B Sec (89:26)

Go out there and kill it, ladies and gentlemen. Again, go to save your questions for next week or go to askbearrick.com More filled questions over there. We'll create stuff. Blah, blah, blah. Thank you all so much for tuning in. I do greatly appreciate every last. If you found value at any point today, please go out on LinkedIn, X, Kick, Rumble, whatever and like, dude, you gotta go see what Jawjacking is talking about. You gotta go see what the man Dr. Gerald Ozier is talking about every morning. Yo, we got me. We got. I think DJ B Sec is back from time to time. You got Daniel Lowry. We got all these people here that are bringing information to you and we're as part of the community. Bring. Bring a friend, bring a friend. Next time I'll challenge you for that. All right, y' all take care of yourselves. Ladies and gentlemen, I probably won't be on on Friday. I got a lot again, a lot of heads down stuff going on. But I do appreciate all of y' all and I'll see y' all next Tuesday. Take care yourselves and be curious.

Dr. Gerald Oer (90:26)

Hey everybody. I hope you enjoyed that content. Keep the cyber security train going by connecting with the other Simply Cyber community resources. We have the Discord server that's lively and always keeps the conversation going. You can connect with me directly on LinkedIn. And also every single weekday morning on the Simply Cyber channel. We're doing live daily cyber threat briefings, 8aM Eastern time as well as Thursday at 4:30pM we're doing live stream interviews with industry experts and we produce videos that we push out every Wednesday morning. I'm Jerry from Simply Cyber. I hope you enjoyed the content and we'll see you in the next one.