Daily Cyber Threat Brief – Ep 1066: February 11, 2026
Host: Dr. Gerald Auger, Simply Cyber Media Group
Main Theme:
A fast-paced, insight-driven walkthrough of the day’s top 8 cyber threats, recent security incidents, and emerging trends, with actionable advice for security professionals and leaders. Dr. Auger brings his trademark energy, humor (“face-melting!”), and inclusive community spirit.
Key Discussion Points & Insights
1. EU Approves Google’s $32B Wiz Acquisition
[11:54-16:48]
- Google won unconditional EU antitrust approval for its $32B purchase of cloud security firm Wiz.
- Insight: This is Google’s largest deal, aiming to strengthen its competitiveness in cloud security, specifically against Microsoft (Azure) and Amazon (AWS), both of which have bigger cloud footprints.
- Dr. Auger’s Take: Google’s always been “the ant,” far behind AWS and Microsoft in cloud, but this deal is part of a tortoise move to catch up. He notes confusion about how different governments assert antitrust authority:
- “I understand antitrust laws and I appreciate them. I just find it weird that the governments can intervene between a private sector business and dealing with another private sector business... it just seems rife for compromise.” [16:27]
2. Microsoft Rolls Out Secure Boot Certificate Update
[16:48-22:43]
- Microsoft is pushing new Secure Boot certificates ahead of the 2011 originals expiring in June 2026.
- What is Secure Boot? Prevents loading of untrusted bootloaders/rootkits at startup (unsung hero of system security).
- Risk/Action: If devices don’t get updated certs, they continue to function but enter a degraded security state.
- Advice:
- Situational awareness: ensure updates are applied, particularly for high-risk endpoints.
- Dr. Auger highlights Microsoft’s “poster child” approach for communicating and rolling out changes.
3. North Korean UNC1069 “Deepfake CEO” Crypto Exec Attack
[22:43-31:56]
- North Korean threat group used a highly orchestrated attack:
- Compromised a Telegram account of a crypto exec.
- Invited the victim to a Zoom meeting impersonating a CEO via deepfake video.
- Used a “ClickFix”-style social engineering trick to get malware installed (data-stealing, credential harvesting, etc.).
- North Korean hackers reportedly stole $2B+ in crypto in 2025 alone.
- Analysis:
- This attack checks every “advanced threat” box—social engineering, deepfakes, Telegram compromise, credential access.
- Action: Tailor executive/c-suite awareness training using this very story; emphasize that even tech-savvy folks are not immune.
- “This is a really great cyber attack for you to collapse down into quick bullets and then share out... This is a perfect one [for awareness and briefings].” [26:07]
- “Don’t ever shame your victim. Someone who falls for an attack... do not shame them.” [27:55]
4. SolarWinds Web Help Desk Vulnerabilities: Internet-Exposed Risks
[31:56-37:00]
- Critical bugs in SolarWinds Web Help Desk exploited in the wild (~170 systems online).
- Attackers gain initial access to vulnerable public-facing help desks, then use “living off the land” tools for lateral movement.
- Practical Advice:
- If you run SolarWinds Web Help Desk: patch immediately or take it offline if patching isn’t possible.
- Regularly scan your internet-exposed assets; use tools like Shodan or nmap.
- “...if you legit don’t know if you’re running SolarWinds Web Help Desk, you’re basically doing like a butt-kicking contest and your shoelaces are tied together.” [35:22]
5. Microsoft 365 Admin Center Outage (North America)
[42:17-46:53]
- Admin center was down for thousands of Microsoft 365 customers.
- Service restored rapidly; mostly an inconvenience, not a “production down” event.
- Advice:
- Know about Down Detector for real-time status checks during cloud service disruptions.
- “At the end of the day, Carl’s in the data center... leans over and pushes like a button—accidentally turns the server off. That’s the equivalent of what happened.” [45:08]
6. New SSH Stalker Linux Botnet Uses IRC for C2
[46:53-53:10]
- SSH Stalker: Linux botnet exploiting weak SSH credentials, using brute force and old vulnerabilities (some 15+ years old).
- Uses old-school IRC (Internet Relay Chat) for Command & Control.
- Mitigation:
- Disable SSH password authentication; use keys only; rotate credentials; ensure SSH is not exposed unless needed.
- “If you disable password authentication for your SSH and enable certificates only, you will never be infected by SSH Stalker… This is like attacking low-hanging fruit.” [50:43]
7. ZeroDay RAT "Stalkerware" for Mobile – MFA Bypass Threat
[53:10-61:21]
- ZeroDay RAT spyware for Android/iOS openly sold on Telegram (~$2,000 per kit).
- Able to record keystrokes, audio, screen, read SMS (MFA codes), full account takeover, etc.
- No special skill needed to use it (malware-as-a-service).
- Advice:
- Don’t install apps from SMS or unofficial sources; especially warn VIPs and financial staff.
- Use stronger MFA (app-based or hardware token > SMS).
- “Why are you installing dumb stuff on your phone? …Just go to Publix [for verified apps].” [59:25]
8. Intel TDX Confidential VM Vulnerabilities
[61:21-61:59]
- Google and Intel jointly found 5 vulnerabilities, 35+ bugs in Intel's TDX (hardware-based VM isolation).
- Intel patched flaws; critical for high-assurance (e.g. gov’t or regulated) environments.
- Takeaway:
- Most organizations won’t directly use TDX, but if you do, apply patches.
- Full 85-page technical report available, but not “must-read” for most practitioners.
- “This is a pretty weak sauce story to end on... If you want to have hardware-isolated VM infrastructure, you’re doing national security work.” [62:13]
Notable Quotes & Memorable Moments
- “Hero of the realm: Secure Boot. That’s a Game of Thrones reference.” [18:20]
- “Don’t ever shame your victim... It doesn't help anything, and long-term, it impacts them.” [27:55]
- “This attack right here... I would make one version of this as awareness for your executive team... Executives like special treatment, okay?” [28:45]
- IRC nostalgia during the SSH Stalker story:
- “Want to get into the way-back machine? Jesus, welcome to the party, pal. IRC heard our Walkman Sony Walkman reference and wants to enter the chat!” [47:41]
- “Way Back Wednesday” segment: remembering the Sony Walkman, mixtapes, and the evolution of tech [midroll/37:33–42:17].
Timestamps for Major Segments
- Intro, Community Energy – [00:00–11:54]
- Google/Wiz Acquisition – [11:54–16:48]
- Microsoft Secure Boot Cert Updates – [16:48–22:43]
- North Korea Crypto Deepfake Attack – [22:43–31:56]
- SolarWinds Web Help Desk Attacks – [31:56–37:00]
- Sponsor/Midroll, Way Back Wednesday: Sony Walkman – [37:33–42:17]
- Microsoft 365 Admin Center Outage – [42:17–46:53]
- SSH Stalker Botnet/Irc C2 – [46:53–53:10]
- Mobile ZeroDay RAT Stalkerware – [53:10–61:21]
- Intel TDX VM Vulnerabilities – [61:21–61:59]
- Community Q&A Jawjacking (post-show, omitted for brevity)
Actionable Takeaways for Security Pros
- Audit patch status on all externally-facing apps (esp. SolarWinds Web Help Desk).
- Ensure Secure Boot updates are reaching critical endpoints.
- Harden SSH access—disable password authentication and use keys.
- Reinforce executive-targeted social engineering awareness, especially as deepfakes and multi-step attacks become routine.
- Educate all users, especially VIPs, on mobile malware risks—never install apps from links/texts.
- For organizations handling high-value data: Track vendor security advisories closely (e.g., Intel TDX).
Summary
This episode delivered a fast, energetic, and approachable roundup of the day’s most relevant cyber threats and trends. Dr. Auger used relatable analogies, community shoutouts, and humor to bring the stories to life, focusing on action items and how professionals should communicate risks to both executives and non-tech users. The blend of up-to-the-minute incident reporting, classic “way back” tech reminiscing, and practical security wisdom make this a must-listen for anyone wanting to stay both current and strategic in cybersecurity.
