B (11:54)

From the CISO series, it's cyber security headlines. These are the cyber security headlines for Wednesday, February 11, 2026. I'm Sarah Lane. EU grants Google approval for Wiz Google has secured unconditional EU antitrust approval for its $32 billion acquisition of Cloud security firm Wiz, Google's biggest ever deal. European regulators said the purchase wouldn't raise competition concerns because customers would still have alternatives to Google in cloud infrastructure like Amazon and Microsoft. The deal was first announced in March of 2025 and is expected to strengthen Google's cybersecurity offerings and its position in the cloud market.

A (12:42)

Microsoft rolls out okay, so I mean this is a pretty. Okay, I mean this is about as cyber a story as like I had my oil change last week in my pickup. Like this is, I'm here to do the cyber news. Yes. Okay. Wiz is a cyber, a cloud security company. Google's acquiring them. Google, when you, when we think about the cloud, okay, Microsoft is like the king. You know, basically they have the largest kind of footprint that again this is anecdotally but so many businesses are signed up with Microsoft and now have like Azure ad hybrid infrastructures with Entra ID and you know all these things. So Exchange online protection, Exchange online, it's just like Microsoft's got a massive footprint now. Amazon aws, it has a huge cloud footprint too in my opinion. Anecdotally, Amazon AWS was like the king in kind of the mid, like late 2000 teens, like 2017, 18, 19, like around then even like 2010. But like they've, they've eroded and Microsoft has supplanted them, in my opinion. And it's definitely because Microsoft is clever with the way that they bundle things. And you know, you already have this massive ad infrastructure investment and Google has been like, if, if there was the story of the tortoise and the hare, right, the hare would be AWS and the tortoise would be Microsoft, and eventually the tortoise wins. But then one thing you never hear about is like the, like the ant. It's like the tortoise, the hair and the ant. The ant is so far back that like, it doesn't even make the story. That's Google. Google is like the third option, but it's, it's like, I don't know, man. It's, it's definitely not usually in the conversation, but it is the third option. So Google's making a play, $32 billion worth of play in order to continue to grow and be viable as an option for cloud infrastructure. Now I will tell you, Google Workspace, if you use Google Workspace, which is a direct competitor to Microsoft 365, that is, in my opinion, that's the, the avenue that Google is going to, if it's going to have any success with Google Compute and rolling out, that, that would be the avenue to go. So basically, even though they announced it in March of 2025, these things are slow moving. It takes forever when you're dealing with these tech behemoths. And the European Union says it's okay, no antitrust, which makes sense. Now. One question I have is like, what if the, has the United States said anything? Like, why? Like, who gets to say this? Like, if the country of, like Ghana said, like, oh, no, no, no, we think this is antitrust. Like, do they, do they stop the acquisition? Like, who get, who gets authority? Like, and, and don't be like, oh, the European Union's, you know, a big power. Okay. Like, does China, if China says no, does that because of antitrust, does that mean that Google can't do this? You know what I mean? Like, I don't know. To me it's, it's un. I understand antitrust laws and I appreciate them. I just find it weird that the governments can intervene between a private sector business and dealing with another private sector business. And I know it's for the greater good of the community, but like, I don't know, it just seems, it just seems rife for compromise. You know what I mean? I don't know, man. There's been a lot in the news lately of high ranking, powerful individuals Making selfish choices. So this is not a cyber story. Thank you very much.

B (16:48)

Secure Boot certificates before expiration Microsoft started rolling out new Secure Boot certificates through monthly Windows updates ahead of the expiration of the original 2011 certificates in June. Secure Boot prevents untrusted bootloaders and rootkits from running at startup, and the refresh affects millions of devices across different hardware vendors. Most supported Windows 11 systems will receive the new certificates automatically, though some PCs may need firmware updates from manufacturers. Devices that missed the update will still work, but will enter a degraded security state without full boot level protections.

A (17:30)

All right, so again, I almost need to make a T shirt for this. Like Microsoft is the poster child for clearly communicating long in advance of major changes and then keeping reminding you and then rolling it out, sunsetting and then, you know, ultimately transitioning. Yes, G Social shout out to Ghana. So Secure Boot is a, a feature in Microsoft Windows operating system that makes sure that only trusted bootloaders can load on computers with UFI or ui. I feel like that sounds like Luffy, which is a one piece reference that like I know more about one piece than I should because of my kids. And basically the whole, the whole point of the Secure Boot is to prevent boot sector viruses from being implemented and essentially loading before the operating system loads. That root kits used to be back in the day. Torn Root kit. And that's what it is. And honestly this is one of those features. This is one of those features that it's been loaded, everybody's using it, nobody knows it. And you know, like, basically you know, like Secure Boot is the, is the soldier on the wall making sure that the realm is safe. Right? This is like the night's watch of security control. Secure Boot just vigilant doing its job. Nobody's given any flowers to Secure Boot. And you know, you're not running a root kit or my aunt Dorothea is not running a root kit on her box because Secure Boot did its job. So you know, hero of the realm Secure Boot that's a Game of Thrones reference. So what's the big change here? The certificates that are used to, to, to validate all the Secure Boot are expiring now. This gets into, this gets into PKI infrastructure, Public key infrastructure and how it works. It's cool. It's cool that the Secure Boot certs actually had a expiration date of 15 years. That's a very long time. But, but they have them just from a best practice. So they're rolling out the certs as part of an update. You shouldn't experience A problem for me personally. This is a situational awareness thing more than anything. Share with the IT team. Hey, like basically these are going to be coming in the, the half year patches for Windows operating system. Good to go. The only thing. So just to give you perspective in, in my thought process when I see this I think okay, no action. It's good to know that the secure boot certs are going to be expiring and new ones are coming. This is a standard approach to PKI implementations. The only question I have is if the certs expire in June of 2026 and I have an who's not received the updated certificates, what is the impact? Can they boot their computer up? That's the only question I have because if the answer is no, you're going to have. The certs are all going to expire on the same day at the same time. So any users that have not gotten the new updated certs are going to experience something. Is it a problem? Is it going to stop the boot up process? Is it going to boot? But they could have a root kit in it? I, I don't know. That's the only thing that when I, you know, comes to my mind around risk management here. Let me see. They do say some devices might have to get the updates separately. So just be mindful of that. Okay. And here we go. Devices that fail to receive the update before June will continue to function normally. So I mean, get it done. I don't think it's, I don't think it's a super big deal. Like if you have very sensitive computers or high ranking individuals using computers, you might want to give them white glove service and go make sure that their specific machines are updated. But for the most part I like another thing that comes to my mind right away is we typically do tech refreshes every three years. In fact, my company laptop, my mobile computer is due for a tech refresh. So if I went to Best Buy right now and bought a Windows computer, does it have the new certs or not? You know what I mean? Like so even if you miss it, your exposure window is actually going to continue to close because as you replace devices they're going to have the updated certs again. This is not a big deal. This is for me. This is like, you know, this is like a report you read and you're like okay, like you just throw it over the fence and keep on going. You're not really, you're not stopping anything to, to do anything with this.

B (22:43)

Great. Korean hackers target crypto Exec.

A (22:46)

Yeah.

B (22:47)

North Korea linked UNC 1069 hackers targeted a cryptocurrency executive using a fake zoom meeting that allegedly featured a deepfake CEO. According to incident responders at Mandiant, the attackers used a click fix style trick to get the victim to run commands that installed multiple backdoors and data stealing tools, harvesting credentials, browser data, telegram messages, and Apple notes. Mandian says the attack likely sought both direct crypto theft and material for future social engineering campaigns, noting North Korean hackers stole more than $2 billion in crypto in 2025 to fund weapons programs.

A (23:31)

Wow. Don't. Don't tell me that cyber Crime doesn't pay $2 billion. Is that what they said? Two billion? Bruh. Hold on. Yeah, $2 billion in crypto. Now it's crypto, and last time I checked. Let me. I'll have to check with my. My resident crypto expert, Jay Crypto. Many of you know him as Jay Gold, but he got off gold in 2010 and got on to crypto, so his. His last name is actually Crypto now. So Justin Crypto, AKA Jay Crypto, will have to explain to me this, but $2 billion in crypto does sound very nice. The problem is, number one, you have to wash that or launder it, which means you're not getting $2 billion worth of value out of it. Secondly, last time I checked, like, if you're buying intercontinental ballistic missiles, you know you can't pay in crypto. So you can steal. I mean, it's not good. Stealing it is not good. But like, the utility of crypto is like, okay, so I do want to say shout out to North Korea for basically hitting all of the main elements inside the bingo card for, for cybercrime in 2026, they target a crypto exec. Number one, they used a fake Zoom meeting. Number two, which means they use deep fakes. Number three, they use click fix as the attack vector. Four, I. I feel like I should get, like, one of those flashing red lights and, and like, you know, a sound effect of like, winner, winner. Like they hit the jackpot on a slot machine somewhere, but not a slot machine. Like, you know, those like, janky carnivals that pop up in, like, mall parking lots and, like, they're gone the next day. They look like they definitely are not safe. Like one of those where you, like, spray the water into the clown's face and then, you know, I don't know, something races up in front of you and when you get there, it's like. And you win, like a 45 cent stuffed animal. Like one of those alarms is going off for them, hitting all these. All right, so this is the deal. Everybody fake zoom meeting. Anyone can send you a zoom meeting. Anyone can send you a zoom meeting, right? In fact, I don't even know why they. I don't even know why North Korea did all this. So the hackers initially contacted the victim through telegram using the compromised account of another crypto executive. So right, right away, social engineering, they compromised another account. So I'm sure all of you have dms, right? You have like the family group chat, you've got your friends group chat. Maybe you're, maybe you're seeing someone, you know, like a romantic encounter, and you've got like the DM going on there, right? So if that person or someone in that group chat messages you and it's them, you have no reason to believe it is not them. So this crypto executive got their telegram compromised, so poo on them. Secondly, the. The victim got sent a calendar link for 30 minutes with a zoom meeting link. So they got a zoom meeting link from a friend. Okay, no. And then they deep faked that person. So North Korea is like really going over the top here. I don't even know why click fix was involved. Oh, dude, this is a really great, this is a really great cyber attack. And I, I say that, academically speaking, this is a really great cyber attack for you to collapse down into quick bullets and then share out. Basically, they sent, they sent a zoom meeting link under a compromised account to someone. The victim had no reason not to accept it when they got on the call. Person is deep fake. So it looks like me, right? So I send you a link and say, hey, I want to talk to you. You hop on, you see me. I say, I can't hear you. Even though your audio is perfectly fine. I, I can't hear you. I can't hear you. And then I get you to basically hit, start, run and run PowerShell. Now, first of all, this crypto executive. Was sent to a web page with troubleshooting directions, and that's where the click fix happened, bro. This, this North Korean attack went way, like around, around its elbow to get to its butt. Like, they really did a lot. I do want to say one thing. There were so many indicators here that this was an attack, and the executive falling for it must feel embarrassed and shame. Two things. One, don't do not ever. Like, please don't ever shame, don't ever shame your victim. Like someone in your environment. I don't care if it's an executive or it's a help desk person, right? Someone who falls for an attack or gets compromised, do not shame them. It doesn't help anything. And if anything, like, long term, it impacts them because when they get hit, it's going to be a problem next time. Secondly, the more I get away from my keyboard, meaning, like, the, the more, like, I run a small business, so to call myself an executive feels absolutely, like, inappropriate or disproportionate. But, like, the further away from the keyboard I get, the more I feel like I'm one of these people. But, like, dude, this guy was an executive of a wealthy company and he fell for this attack and got totally compromised, right? So remember, your executives are wanting special treatment. They want special exceptions. They use. You know, when I say exceptions, I mean, like, they get to use software that's not appropriate. They get to use a Mac when everybody else uses Windows. Executives are problematic in that capacity, and oftentimes they're not technical, which makes them more of a vulnerable population to get hit. So just remember, guys, this. This right here, I wouldn't even paint this as, hey, executive team. Well, actually, I would. I would. I would use this story in two ways. One, I would make one version of this as a awareness to your executive team. Make it feel curated and bespoke for the executive team. Because, like it or not, dude, executives like special treatment, okay? They don't want to wait in line at Disney World to get on the, on the roller coaster. They don't want to wait for a table to open up, to sit at the restaurant. They want to walk in, be seated. They want to walk up and get on the roller coaster. It. It's for better or worse. I'm just telling you. It's like, it's like a. Anyone can be successful in America, but I do feel like we have a cast C A S T E cast system when it comes to privilege, okay? So make the executives their own little bespoke awareness and educate them on this particular attack so they don't fall for it. Then for your entire workforce, I would curate this and make it because it's. It's. It's. Honestly, it's very sexy, for lack of a better term. Everybody knows what zoom is. A lot of people have heard of deep fakes. AI is all over the place. Real money got stolen. All of those attributes are something that my, my cousin Pat, my Aunt Dorothea. They're things that anyone, regardless of technical acumen, can resonate with. So, you know, get into that. I. I would not specifically say click fix. That's not going to resonate with them, but you could just educate them. Number one, I would say on the, on the Telegram dms, on the zoom, it wasn't compromised. It was the deep fake on the zoom. All right, let's keep going.

B (31:56)

Solar Winds attacks highlight risks of exposed apps Attackers are exploiting vulnerabilities in SolarWinds Web Help Desk with incidents tied to Internet exposed instances that give threat actors an initial foothold. According to both Microsoft and Huntress, CISA recently added a critical deserialization bug to its known exploited vulnerabilities listed while Scans found around 170 vulnerable systems online. Once inside, attackers used living off the land tools and remote management software to move laterally, deploy tunnels and forensics tools and target high value assets.

A (32:38)

All right. Organizations that have exposed their instances of web help desk to the public have inadvertently made them prime targets or attackers. Yes, this like, okay, sue Me Roy at sou. Sue Me Roy first timer squad members if you can. Let's rain down love and welcome Sumi Roy to the party. Welcome to the party, pal. There we go. All right guys, this story's been going around for a couple weeks, okay? Couple weeks. So if you. Here's the deal. If you're not following Simply Cyber's daily cyber threat brief, this might be the first time you heard of this vulnerable system which we talked about for two weeks now. If you're a regular of Simply Cyber's daily cyber threat brief, then you've got this all sorted out already and this is just interesting. Thank you squad members for welcoming Sumi Roy. Yes. Dude, when there's an Internet facing service that's vulnerable, that is widespread, can be discovered quickly and easily with tools like Shodan and can lead to full compromise remote code execution. It's not a matter of if, okay? It's a matter of when threat actors are going to exploit it and take it over and punch you in the mouth. So dude, this, this vulnerability is from 2025, which you know, we're only in February, but still it was five, six weeks ago, man. Going to epss, look up dropping this in fetching data. All right, here's the deal. If I told you right now you have a coin flips chance of having one of the worst vulnerabilities in known documented vulnerability history. You have a coin flip chance of having it exploited in your environment. If you're running SolarWinds well, web help desk. But worse than a coin flip chance. This is worse than like roulette odds would you would. You want to risk it for the biscuit? No, nobody wants to do that. Nobody wants to flip a coin and see if they're going to sit on a thumbtack or not, right? This is the equivalent of saying like, hey, guess what? It's pretty cold out there. The roads, some of the roads have black ice on them. You may spin off the road and go off a bridge. It's about a 50, 50 sh of shot of dying today. Like you'd be like, I'm good, I'll just stay home. I want to get caught up on some, I don't know, what's something to get. I want to get caught up on some Altered Carbon season one. You know what I mean? No one's doing that. So anyways, TLDR web help desk, Solar Winds. It's a. It's a hot, hot mess. Get it patched. If you don't have a way to patch it, take it down. Ha. Change your workflows to call the help desk. Some organizations have exposed their web help desk instances on the public Internet, making them prime targets for attack. At a minimum. At a minimum, what you should be doing, if you're not doing this all already, you should absolutely add this to your general information security program. You should be scanning your Internet, facing IP ranges. You can use a tool like Shodan Monitor, you can use nmap, you can use any tool. Threat actors are doing it all the time. You should be too. Because if you don't know, like listen, if you legit don't know if you're running Solar Wind's web help desk, you are starting like you're like you're basically doing like a butt kicking contest and your shoelaces are tied together. Sure you could kick some butts, but it's going to be really difficult and problematic, right? So step one, untie your shoelaces. I. E. Go find out what your Internet facing surface looks like and see if you're running the SolarWinds web help desk.

B (37:00)

Huge thanks to our sponsor Threadlocker. Want real zero trust training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4th through the 6th in Orlando, plus a live CISO series episode on March 6th. Get 200 off with ztw c26ztw.com.

A (37:33)

All right, here we go. Here we go. All right guys. Hey, welcome to the mid roll. I do want to say thank you, all of you for being here. Thanks again to the stream Sponsors Threat locker, Anti siphon, flare and Material Quick word about material security guys. Cloud workspace security is hard. Email security alone stops phishing at the perimeter. But that's not enough. Today's threats target email files accounts across your entire workspace. Material protects Google Workspace and Microsoft 365 because they provide holistic visibility and automated remediation across your cloud environment. Going beyond phishing protection to detect and protect sensitive data, monitor account threats and respond to risks across the workspace. Material uses advanced AI detections, automates user reporting, triaging and delivers flexible one click remediation from email file and account issues. Thank you for one click remediation. Awesome when you're, you know, got low headcount. Best of all, this is the best part. It scales your security without scaling your team. You get more functionality, more risk reduction without adding headcount. And this protects your entire workspace for the cost of traditional email security. If you want to learn more and support Simply Cyber, go to Simply Cyber IO Material. Go to your web browser, type Simply Cyber IO Material to learn more. All right guys, every single day of the week has a special segment. I don't have a, a promo card for this one yet. I'm going to have to ask. Kimberly can fix it to help me make one of those. But basically I want to do way back Wednesdays. So Gen Z reached out to me and said, hey, like I did the cartoons last week and it felt very exclusive, like, you know, old man reminiscing while, you know, the youngs are like, oh my God, this is kind of lame. So I'll try to keep it more tech focused. I do want to share this with you. This was, this was the rage in the 80s. I remember getting one of these and it's just being the absolute bomb dude. I don't know if you guys remember this. So first of all, if you had one of these Walkmans shout out in chat, listen, way back Wednesday, old tech, you want to talk about a piece of technology that absolutely dominated on the landscape for several years. Walkmans were a thing. These ran cassette tapes, right? Reel the real cassette tapes and for whatever reason, this particular Walkman, like most of them would just flap open. You slide the cassette in and slap it shut. This one had like it opened up and then opened and it was just, it felt well produced, well made. It had the headphones with the orange, the orange foam things. Like nobody was doing the orange foam and is like you saw like this color yellow. It was unmistakable. Just such a dope piece of tech. Look At. Look at how this thing opened. I remember getting. My brother had one of these. I remember getting one and being like, oh, my God. See, look at the orange foam. Look at the way this thing was built. This was built for speed. Yes. DJ B saying that the Walkman itself changed the audio industry. I don't think you guys know, like, this thing was. This thing was awesome. Oh, so good. So this is your way back Wednesday. You know, whatever. I. I'm trying a new segment. We'll see. We're. We're working through it. I also want to say, I mean, actually, this is awesome. I didn't even think about this. Like, the. This, my shirt. This is a cassette tape. This went in the Walkman. And I want to call your attention. Like, one of the best things you could do. Valentine's Day is right around the corner. One of the hottest things you could do for that crush of yours was make a mixtape with the songs that you liked. And you'd have to, like, hold the radio up, record it off the radio. You got the DJ talking. You'd be waiting for your song to come on. Oh, man. Nostalgia. So anyways, yes, this is your your way back Wednesday. If you got any feedback, drop it in chat, drop it in discord. I am trying to work on this segment to replace Worldwide Wednesday. So I hope you enjoy it. Let's keep working on it together.

B (42:17)

Microsoft 365 outage takes down admin center Microsoft is investigating a Microsoft 365 outage affecting some business and enterprise admins in North America, blocking access to the admin center and in some cases the Microsoft 365 app. The company says it's analyzing telemetry usage patterns, CPU utilization, and user provided data to isolate the root cause. While thousands of users have reported connection issues and slow performance. Linux botnet.

A (42:52)

All right, hold on. I was distracted. M365 outage takes down Admin center in North America. Well, that's bad. Last time I checked, it's not good to lose access to admin, The administrator console. All right, All right. So some customers, some companies were impacted. Remember, here's the deal. Like, not having access to admin panels is not good, right? I mean, if there's a problem, you need to be able to access that admin panel. However, losing access to the admin panel does not effectively break production, right? Like, you've got your operations going. You're making widgets, you're sending, you know, invoices, whatever. You're making money. So, like, losing access to the admin panel is not a deal breaker now. It's not good because if you're dealing with an active issue, then of course you've got to, you know, you got your hands tied around your behind your back. But this happened to thousands of customers, which again, I don't want it to happen to me. But in the grand scheme of things, thousands of customers is a small percentage of Microsoft. 365 customers. Let's see what happened. This doesn't feel like a cyber attack. Here's another thing. Like when I think cyber attack, like typically it's. I don't want to say it's all or nothing, but it's usually either very targeted like DJ B sex companies down, or it's like Microsoft's down. It's. It's like typically when it's like a small segment, it's to me like something like this is like getting a rash on your leg, right? It's like it's an isolated thing. It's probably because of something you rubbed against or something you're allergic to. It's not. Somebody ran up and like covered you in poison ivy. Right? So let's see there, there. Is this even been resolved at this point? Like, has this been resolved? This has probably been resolved already. Right? It says Microsoft's investing in an outage. This is yesterday morning. All right, let's look at Down Detector. Down Detector is a great website. You should definitely know about Down Detector. You can see here, yesterday, 9:30am Hundreds of people reporting that it's down. Microsoft has gotten this resolved. So, you know, by the time you get your coffee and sit down, this isn't an issue anymore. Okay? So like, thanks for checking the story out. I guess if anything, this is just reassurance that Microsoft is, you know, obviously making an a load of money from Microsoft365. So they have tons of engineers working around the clock. So if there is a problem, yo, they solve it. Check out the Office 365 instance while my DJ revolves it. Cloud. Cloud, baby. All right, so whatever. Some, some, you know, at the end of the day, Carl, Carl was in the data center. Thanks DJ B Sec Carl's in the data center talking with a cup of coffee. He's like, did you see the Super Bowl? And he like leans over and pushes like a button on a server and accidentally turns the server off. And he's like, oh, crap. Like that's, that's not what happened. But like that's the equivalent of what happened. This sounds like it was just an engineer fat fingering Doing something dumb, a patch, getting pushed, whatever. They backed it out, they figured it out and they're, we're back up and running. So like, okay, we're good.

B (46:53)

Ssh Stalker uses old school IRC Researchers at Flare say a new Linux botnet called SSH Stalker is using old school IRC for command and control, relying on noisy SSH brute force attacks. One minute Chrome jobs and exploits for more than a dozen Linux vulnerabilities dating back more than 15 years. The malware spreads worm style across cloud hosts, compiles payloads locally, and includes tools for AWS key theft, crypto mining and potential DDoS attacks, though current bots mostly said idle.

A (47:33)

All right, this is cool. SSH Stalker, you know, whatever. Give it props for its name. We've got Linux malware and it's being used for botnet. A botnet is just a compromised asset that is part of a overall network that can be commanded from a single kind of controller instance, right? So think of threat actor compromises, a thousand devices and now this. You know, one individual can make a thousand devices. Send a bunch of tele. Excuse me, send a bunch of network traffic at an asset. Have it, you know, operate in proxy so it can, they can attack from those devices. Whatever. That's what a botnet is. There's two things here. One, it's using IRC for communication protocol. You want to get into the way back machine. Jesus. Welcome to the party, pal. IRC heard our Walkman Sony Walkman reference and wants to enter the chat. Guys, if you don't know irc, IRC is like old, old school chat windows, right? Do you guys. I mean here, this was like Pre AIM or AOL Instant Messenger. Like honestly this looks like pretty good for what even I remember IRC for. But a lot of terminal shell. This is when nerds were. This is what nerds were. Nerds. Okay, but, but what you need to know and like this is the takeaway for you is anything can be used for C2 or command and control communication. C2, command and control, C2 command and control. All that is is having compromised assets receive commands or, or push data back to the controller, right? So C2, I don't care what you're using for C2, how big your infrastructure is, how sophisticated you are, you control some computer as an attacker. I control a computer in digital Ocean and it's my, think of it as like my main console. It's. It's the bridge on the Star Trek Enterprise, okay? It's the bridge. I can control things from there all of the compromised hosts that I own, that I have infected, that have infected themselves, whatever they are reporting to my computer, my server up in digital ocean, okay, that communication back and forth, them reporting in me sending payloads, that is done through C2. That's what C2 is now. C2 can happen in any way. You can do DNS, you can use IRC, you can use. We're seeing North Korea and China use blockchain. I just saw Alfie, what's his name, VX Underground on Twitter said that Alfie ransomware threat actor gang contacted the VX Underground and said that they're actually starting to use blockchain for, you know, in. In, not for C2, but in executing their ransomware attacks. So anyways, you can do anything for C2 and they're using IRC, if anything. This is like kind of cute, right? I feel like it's very nostalgic, but it doesn't matter. The real question here is how is the infection happening? Because guess what? There's no, there's no IRCC C2 if there's no infection of your box. All right, let's see how this works. SSH Docker achieves initial access through automated SSH scanning and brute forcing using a go binary. Masquerades as the popular open source network utility nmap. All right, I'm going to give you, I'm going to give you the answers to the test, everybody. I just read that one paragraph. Listen, guess what? If you disable password authentication for your SSH and Enable certificates only, you will never be infected by ssh. Stalker. Make sure that you don't have extra SSH accounts, right? Make sure that you change default credentials. So maybe you just have like admin or root at your box. Okay, fine. You want to use root at your box? Fine. Make the password a passphrase. If you have to use passwords, this is, to me, this is like attacking low hanging fruit. If you have SSH open on port 22 and you have a default account name and you have password authentication enabled and you're using a crappy password for your root account, you will be compromised. Welcome to the party, pal. Welcome to the party. Okay, I, I just, I'm not saying I just saved you, but like IRC chat, C2 is very cool. Not happening on my network. In fact, I just hardened the crap out of a Mac Mini back here, which is basically a Unix machine. And you know what's not running on there? Password authentication for SSH connections. In fact, SSH isn't running at all. I Harden my Mac mini so hard that it's like, it's actually difficult to use.

B (53:10)

Zero Day RAT is textbook stalkerware. Mobile security firm Iverify says a spyware family called Zero dayrat is being sold openly on Telegram, giving buyers full remote access to infected Android and iOS devices. Through smashing and other social engineering lures, the malware can read SMS messages, capture SIM and location data, log keystrokes, record audio and screen activity, and send text to bypass mfa, enabling account takeovers and targeted scams. Researchers say the roughly $2,000 kit reflects the growing commercialization of surveillance tools with once limited to nation state actors, Google.

A (53:55)

All right, I'm going to. I thank you. I'm actually teaching the cadets at the Citadel this week about malware and all the different versions of malware and what the correct acronym is for rat. But this is a good one. Stalkerware. Right? Be mindful of stalkerware. And in bypassing mfa, MFA is not a silver bullet. MFA doesn't stop everything. That doesn't mean that you should stop using MFA or not use it in the first place. All right, so if you got access to a SIM location data and a preview of SMS's, attackers have everything for account takeover. That's right. When you get text message, text messaged, the six digit PIN for logging in, it typically pops up as a notification. All right, let's go. So it's called the Zero day RAT being sold on Telegram. All right, so you have to get someone to install a malicious binary. They do have it for iOS by the way. So don't think that your Apple phone is in, you know, immune to this. So you get a text message with a link, then you download what looks like a legitimate app and then install it. Okay, so. No Clawbot stories today. That's funny. I have a Clawbot story. I'm still working on it back here. Zero Day Rats capable of connecting real time surveillance. All right, again, I always like to look at initial infection because if you can stop the initial infection, all the cool, sophisticated stuff downstream doesn't really matter. All right, so the malware will work on Android 5 through 16 and iOS up to 26. No technical expertise is required, which is perfect for selling malware as a service. Right. Most people buying it don't know what they're doing anyways. I'm looking at my iPhone right now to see like what version I'm on right now. So I'm on iOS 26, 21. So I don't even know if I would be vulnerable to this because it says up to 26. So I don't think there's an iOS version. 27. Yeah. The current is 2621, which is what I'm on because I update my stuff. Ah, you gotta patch it. But. So I don't know, it just sounds like it could be a problem for you. All right, so once they get on you, they own everything. And, of course, they're. They're. They're not bypassing mfa, they're getting your MFA messages and able to use it. Right? So this is why it's not a bad idea. Like, text messages is better than nothing, but, like, six Digigit PIN app is better. Yubikey hardware tokens are really, really good. Here we go. Full access is two grand. Now, they say this is putting it out of traditional script kid territory, but I will say this like, dude, again, I don't. I don't promote or condone anything, but, like, if you spend $2,000, what they're saying there is, like, my son, who's 13, doesn't have $2,000 to spend on malware. But anyone who, you know, 2,000. You'll get $2,000 back. Right. If you target who you're trying to. If you're. If you're smart about who you fire this off at, you will get your roi. Okay, so again, the fact that this is now out there in the wild means that we're aware of this. I. What I would do is educate your end users, especially your VIP is like, people with access to money, like the cfo. Really, you should do this for everybody. But for me, I would advise, hey, if you ever get a text message to download an app, don't do it. That, like, that's. I know that sounds basic, but, like, don't download apps from text messages. Like, that's how this attack vector works. Now, the same. They could send you an email, and if you check the email on your phone, you could still install it that way. So it's not like it only comes through text messages. But that's the TTP for this particular threat actor. Why are you installing dumb stuff on your phone? I'm sorry. I'm not throwing shade. I'm just like, there are. Listen, it's like, it's like, going to, like, if I want to buy, like, what. What do I want to buy? What's something I want to buy? Like, say, I want to buy a loaf of bread. Okay, I'll go to the grocery store. Publix. Love myself some Publix. Okay, you know what? Let's buy an Italian Sub. Public subs, right? I love public subs. So I'm gonna go get an Italian sub. I go to Publix because they are a known, verified, validated entity where I have great, great confidence that their food is clean and, you know, fresh. The service is good. I'm going to make the financial transaction and have no concern about my money being taken more than it should. Okay? So imagine if you will, that's like going to the Google Play store, the Apple ey Store or whatever the they call the thing. Apple Store, App store. Now I want an Italian sub. Why on earth would you go to the, you know, wrong side of town, go down a dark alley, knock on a door with no indicators of anything, enter the door, and then have some shady person who's like, kind of hidden in the dark, like, who's cutting on like a filthy cutting board cutting meat that looks. Is it meat? And they're like, here's your Italian sub. Like, why are you eating that? What are you doing? It's the same thing. Why would you put that on your phone? Don't do that. Just go to Publix. Also Publix, not a sponsor, but if you want Publix to pay me in Italian subs, I'm happy to share. Share the, the glory that is Publix. Okay? So that's the deal. And they're by. If you want for a cybersecurity person to get a little extra value for this, this bypassing mfa, they're basically able to just see your text messages because of the notification pop up. Okay, this is not some leet0day hacksaw who's like, man in the middle attacking your MFA. Okay, Buc EE's.

B (61:21)

Intel security audit reveals TDX vulnerability. Google and intel found five vulnerabilities and more than 35 bugs in Intel's Trust Domain Extensions TDX, a hardware based confidential computing feature designed to protect virtual machines in cloud environments. One flaw could let a malicious host fully compromise a protected virtual machine and access its decrypted state. Intel says it's patched the issues which were uncovered during a five month joint security review by Google's cloud security team and intel researchers.

A (61:59)

It's all right. So Google doing some security audit work with Intel. I'm curious why they did this. Okay, like, I hate to be. I hate to be this guy, but, like, I feel like old me wouldn't have thought of this. But, like, why is Google and Intel doing research on, like, did intel reach out and hire Google to do a hardware security analysis on this Technology, you know what I mean? Like what, what was the motivation? All right, so trust. Domain extension technology has several vulnerabilities. They're going to get it sorted out. TDX creates confidential virtual machines, hardware isolated VMs that deliver strong enforced protections. And Google, Google which has, you know, some of the best engineers out there identified five vulnerabilities, 35 bugs. Intel's patched them all. Ah, you got a Patchett. Okay. All right, so this is a pretty weak sauce story to end on. Here's the deal. If you want to have hardware isolated VM infrastructure, you're doing like national security work, very, very high level sensitivity, the, you know, fisma audit, like high confidentiality security objectives, then maybe you need to use this Intel TDX security control to hardware isolate the vms. All this is doing is giving you assurances that you know, there is security being baked into it. That's it. Most of us aren't going to use this. Honestly, no one's going to pay for it if they don't need it. There is an 85 page technical report. That gets into it. So if you are really, really into engineering, if you're really, really into the deep, deep weeds of hardware hacking and, and you know, VM isolation hacking and you know, cross tenant attacks and stuff, you may want to read this report for me. I'm not going to read this report. There you go. Here's the link to the report. Go check that out. It's 905. I think we're good. Let's do this. Oh my God. Fastest hour in cyber security. I hope you got value from this. Sue me. Who was our first Timer? Soul Shine, C2. First timer. Self Self attested First timer. I hope you guys had fun. I hope you, the regular Simply Cyber community members had a great experience. Shout out to the mods. They were very active today in chat. I'm Jerry from Simply Cyber. Thank you so much. We'll be back tomorrow at 8:00am Eastern Time to roll it back again because you know what we are. Don't go anywhere because I'm going to do everything in my power to answer as many questions as I can in the next 25 minutes with my boy Jerry Guy. Episode 1066 2-11-2 a CPE Daily Cyber Threat brief. Thank you. Until next time, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some jawjacking. Yo, what's up everybody? Welcome to the potty. My Name's Jerry Guy. 1.9 thumbs, a smile, some glasses coming. Hot off the heels of the daily Cyber threat Brief hosted by that nerd. Oh my God. Dr. Ozier, why are you not reading an 85 page deep dive engineering report? You absolute nerd. I'm the cool guy here at Simply Cyber. If Simply Cyber was a mullet, I would be the back part. Dr. Gerald is the front part. Let's get into it. If you have questions, I have answers. If I don't have the answer, I have friends that have answers. And I will get that for you. What can I do for you? Put your questions in chat with a Q up front. I'll lead off, I'll lead off with the first question. Jerry Guy, how's the Open Claw implementation going? Oh, thanks for asking. All right, so check it out. I've been rolling out Open Claw. I wiped a Mac, a Mac Mini last Friday. On Monday I hardened the crap out of the environment on Tuesday. Yesterday I installed Open Claw. So I have Open Claw running. I actually I, I, I'm not going to get into all the hardening but basically there, the, the AI has its own non privbed user account on the Mac Mini. Also I created a like, you know, Google workspace because I, I use Google Workspace or simply Cyber. I created its own user account in Google Workspace so it has its own email, it has access to, you know, those resources and stuff. And right now the big challenge is getting the API key to work. So right now the, the Open Claw doesn't have access to a AI LLM basically so it's stupid right now. And I have API keys for anthropic and for some reason it's not, it's, it's like not seeing it somehow. So I don't know. I'm, that's currently where I'm at. I'm getting into it. But I am cautiously optimistic. I did tell Tyler Ramsby yesterday what I was up to and he asked me, what's my use case? How am I going to use it? First, I don't have a good use case yet. It's one of those ones where, you know, it's very hot, everyone's talking about it. I want to understand it better and instead of reading about it, I'm going to stand it up and I'm going to play with it and experience it and see what I can do with it. All right, here we go. Here we go. So I'M looking at. Chat really quickly. All right, Mark King. Hey, Jerry, Caught the video of Wade Wells and yourself setting up Clawbot. Would love to see you produce more content on this topic. Can you recommend someone or training? No, Mark King, I can't recommend yet. I will tell you. Let me, let me, let me show you this really quickly. I've seen there's a lot of YouTube content creators out there making like Clawbot content. Okay, I, I like this guy. I do like this guy. I can recommend this guy. Okay, this guy right here, Matthew Berman. I, I do like him. Okay. What I will tell you is I, I can't attest that this guy is showing you how to deploy Claude Open claw securely or anything like that. All I know is like I've watched several different YouTubers. I like that guy's like, he seems like legit and genuine and all these other things. What I want to tell people is I've watched a lot of different YouTubers around open claw. A lot of them are basically like wholesale spamming. How to set it up with vpss, which is fine, but then it's all, it's all affiliate marketing. Like, here's how you set it up. Click here and basically use my code and like it. It just feels like unfortunate. For better or worse, it feels like there's a saturation of low quality bull crap affiliate and, and you know, just be mindful of that. Okay? All right, have a good one. Larry Shervington S. Cole07. How do you stay consistent when working and balancing life, work, labs, etc? I mean, Esco 07, you know, it's all about prioritization. I, I use a lot of checklists. I do want to point out, like I get this question a lot. I want people to remember, like there are sacrifices. Okay? So if you're a friend with me in real life, then you're probably aware how difficult it is to hang out with me. Not, not like I suck to hang out with. It's just I'm very difficult to pin down. Like my friends, my friends joke that like in order to like make lunch plans with me, they have to make it like six weeks in advance. And so work is important to me, right? Because I get, I, I have to fund my life. Work is important to me. I take a lot of pride in my work and my family is very important to me. So like, you know, I forget what the list is. But like there's seven Fs I think, like friends, family, faith, financial or something. Like whatever it is. Like you have to make Compromises. Okay. And, and what I have compromised on is my social, social relationships and social experiences. Like I don't go out very often and do things because my day is I get up at 6.30am, I work until 6pm and then I go in the house and like do dinner or do, you know, family things. I do family stuff basically until like 9:30 and then I chill out for half hour. Like I take 30 minutes from me so that you know, that's how I maintain it is that I make compromises and then I prioritize the things I need to. I, I can tell you definitively. Casually Joseph is wants to shake a fist at the sky when he tries to make plans to play magic with me. Casually Joseph says he lives 30 minutes from me and it takes longer to get a hold of a Microsoft support engineer than to hang out with me. All right. Justin Godwin says my girlfriend's excited to start the GRC masterclass. Okay, cool. With my experience in cyber, how do I keep her motivated and mentor as I do? Experience in cyber but she has zero tech experience. I mean you can do a couple things. One you can set up like a reward system. So every time she finishes a mod like you could. Here's my first thought, Justin, if you want you could set up like an like an advent calendar type thing with like five hidden prizes and every time she finishes a module she gets to open one of them. And I'm not saying you put like a diamond in one and a gold necklace in another and the key to a BMW in the third but like you know, a little chocolate or you know, a lotion or you know like just kind of like a little in reward incentive program. That could be it as a good way to keep her motivated. You could take the class alongside with her. So it's like you know, even though you probably know what's going on, it could be like a mutual like not a date experience but like you know, you're experiencing it together. Toy Toyanala. Good to see you. Toy Nala. Toy Nala says how best can a sock analyst improve on speed when investigating alerts? Also, is there any platform you can recommend that provides hands on experience for sock. Thank you. Yeah. So a couple things, I'll share these with you. I have done deals with these businesses in the past but I'm not currently sponsored by them or anything like that. Just to kind of qualify what I'm about to say. So hack the box. Cdsa. This right here, I've heard good things about. This is a certificate Program. But I've heard. I've heard that this is a pretty solid security operations analyst experience. Okay? Also, let's defend this right here. They actually have, like. Like a. They have a platform that has, like, a sim and you get ticketing and you open tickets, and then you work through the tickets using SIM and EDR logs and stuff. So, like, very much like a sock analyst experience. KC7. KC7 is a big. This one's quite popular with a lot of people. I know, I know Dan Reardon loves this one. This might be the first place to start. Toyina, Toyonala and everybody. Those three platforms are pretty good. Now, as far as improving speed when investigating, you know, for the SOC analyst in chat, please comment. I'm a sock analyst, and here's how to do it. Honestly, toy and all, I think speed just comes with experience. I, I think you just need time in the. The repetitions. You know what I mean? Casually, Joseph's been doing sock work for a minute, and he. I think he's gotten faster at it. I know Dan Reardon's been doing sock work and getting faster at it. I. I really think speed is just getting comfortable with essentially seeing the same things over and over and over and over again and knowing, like, okay, like, this is click fix. I'm gonna go here, here, and here. I'm gonna do this, this, and this. Done right, like, almost like starting to develop your own runbooks. Angular says you answered past. You've answered past many times. I was told over the weekend, it's not what you know, it's who you know. If you are not on management's radar, how do they get. How do you get their attention? Yeah. So it's. Well, I, I shouldn't say it's not what you know, it's who you know. You do have to know some things. Like, you can't. Unless you're like, the CEO's kid or, you know, you're. You're juiced in because of money and all these power relationships, right? Like the, The. The mom from oh, my God, Full House, the Uncle Jesse's wife, like, how she was sending her kids to Stanford and, like, they weren't really qualified to go to Stanford. Like, those exceptions. You do have to know what's going on. But you know what? Who you know is important because, yes, for better or worse, we do not live in a meritocracy. And if management has a problem and they're thinking, how can they solve it? They're gonna think, oh, like, we should. Like, this person can do It. Let's move on. Couple things. Angular, you want to be the person that people talk about when you're not in the room in a good way. How do you get on management's radar? My opinion of this, it's not like a transactional activity that you do. It's much more around being consistent of, you know, volunteering for certain things, taking initiative, being a little bit more proactive, but, but making management aware you're doing it right. Nothing's worse than like busting your hump. There's a lot of people that do this, by the way. You bust your hump and then like your boss takes credit for your work or you bust your hump and a co worker takes credit for your work. And then management, their perception is, oh, your co worker did all this stuff, that's great. It's no different than when you were in high grade school, high school, you're on a group project and like, you got that one person on your team who sucked and they get the A. Also, like, you don't have to throw them under the bus. But, but, you know, take, take. I don't want to say take pride, but take ownership of your work. Make management aware. Like, hey, you know, yeah, Lori Loughlin, I think her name was like, Angular. You could be like, hey, manager or whatever. First of all, let them know that you're interested in either promotion, management track, getting access to more responsibility, like, whatever it is. Like, literally tell them so they know that. But then demonstrate value to the organization. And, and when I say demonstrate it, do it, but then make sure that they know that you're doing it. Okay, so you can subtly bring these up in meetings. Like, let's say that. Let me think of an example. Like, like, I'll just give you a silly example, but it makes sense, right? So you're. I worked at a medical university. No one asked me, no one asked me to go look at the wireless network and see if there was any unencrypted sensitive communications. So what I did was I thought it would be cool to buy an SD radio antenna. I hooked it up to my computer, I got a scanner and I basically went to the hospital and I stood it up and I. What I discovered was a lot of physicians have pagers. Okay, so in Gen Z, go Google it. But for whatever reason, pagers are still used quite a bit in healthcare situations for basically redundancy, speed of messaging, etc, and I was able to sniff the traffic and discover sensitive communication. Sensitive information was being transmitted. Okay. No one asked me to do this. So then I went back, wrote a report, and then next opportunity I had with the CISO at the time, I brought it to their attention, and I said, hey, listen, you know, I did all my regular work, but I also thought that this could be an issue. I investigated it using these techniques, and I discovered that we do have an issue here. And I have thought of how we might resolve it. I've reached out to the key people who are responsible for the communication system, and I've talked through what's going on. So, like, I'm not bringing problems to the ciso. I have brought a problem and explained how I'm working to resolve it. So I look like a superstar. So angular 777. That's a way to do it. Okay. Michael Fang, planning to attend Simply Cybercon. What are your feelings about Mill? Have to play my commander deck before lodging. Okay. So Simply Cybercon. Justin Crypto. Can we get together today? By the way, Jay Crypto. I wanted to talk to you about Simply Cybercon. Michael Fink. Here's my thing. I am firmly in the camp that Let it go, man. I like to me, no one's gonna. I mean, whatever. I will play. I will play magic the gathering in a way that makes the table happy. But I am firmly in the camp of there's no rules. I. I think, like, I. I'm fine with banned cards. I'm fine with two card combos. I'm fine with mill. If you can beat me, beat me. Dude, I don't care. Lock me out of the game. I'll go get a beer. I'm firm. There's nothing you can do that's gonna piss me off because I want to play the things that I get excited about. If I sit down with a table and someone's like, all right, listen, rule zero. You can't do these things. I've got to be able to do my thing. You can't win. Win until turn seven. Okay, whatever. So, Millet. Yeah. Casually Joseph loves himself some mill. Terrence, can you do a video on steps you take to harden your Mac and home network? Teren. Possibly making a video like that is very time consuming because I basically have to do it all, then reverse and then film it all. So potentially, Terence, I'm trying to get the open claw up and running. I'm so mad about the stupid API key. Okay. Continuing to look through chat for questions. I was war walking the hospital. I was war walking the hospital. I thought it was so cool. There we go. So Adam is offering why the pagers Work longer distance, modern cellular. Etc. How's the thumb? Space Tacos is asking. It's pretty good. Replacing the bandages every two days. It's still sensitive. It still looks disgusting. So I won't be showing it on stream anytime soon. But yeah, we're on the road to recovery. Thank you. Space tacos. I'm still showering. Like I'm asking a question in third grade. I'm caught up on chat right now. Okay, jay, crypto's dms are open. Okay, okay, okay. All right, so if you got questions, you're listening to Jawjacking or you're watching Jawjacking. This is a 30 minute cyber security AMA. I'm Dr. Gerald Oer. I've got 20 years of experience, a ton of education. I love helping people. I love cyber security. I cannot do one on one coaching or. Or one on one. I can't do one on one anything. But what I can do is mentor at scale. Which is why we have the Jawjacking segment. Hey, for those who are in really quickly, if you live in San Francisco, I know Phil and Elliot and a couple others. I had someone message me saying that they were going to rsa. They wanted to know about a simply Cyber meetup. Phil and Elliot, I got in Airbnb and it's right around the corner from a place called Irish Bank. I don't know if we can go to Irish bank, but. And I've never been to Irish bank, but this place in San Francisco called Irish bank looks like it's a thousand percent my vibe. It is like an Irish public house. It's down an alley. It looks cool. Let me know. Let me know if we could do that, if that makes sense. Or not. Asking for a friend. Jerry, do you have a mixtape? Thought you had a link for one. I do. Legrat. It's actually this QR code. Whoops. This QR code right here goes to my playlist, but I. I'll just, I'll share it in chat right now. Okay, really quickly, if you didn't know, this is the playlist. Simply Cyber hip hop mixtape. Okay. I made this playlist and I'm going to drop a link in chat. My mixtape. Okay, starts off with tribe, Set the mood. Got some things. Digable Planets in here. Outcast for sure. The Roots. Love the Roots. Fun fact, you may not know. I have seen the Roots in concert more than any other group. All right. Oh, thanks, Stones fan. All right, so Kyle. Kyle. I started to get asked to speak up about threat trends during ISAC calls and local cyber collab. Group calls. Do you have any tips to get asked to do more? Yeah, Kyle, Kyle. What I would do. You know, I'm a big control freak, in case you guys didn't know. It's. It's probably one of the worst kept secrets. Don't ask casually, Joseph. I'm a control freak, very type A. Which is. Which is why I. I've been working on getting better at delegating. But what I would do in that instance. Kyle, since you want to do more, whoever's asked you to speak up on the ISAC calls or local cyber collaboration groups, reach out to them and tell them you have something that you want to share. Listen, as someone who's organized meetups and monthly meetings and conferences, if someone comes to me and says, hey, I want to talk about this, yes, thank you for helping me. So I. Kyle, Kyle. What I would recommend, just as an example. Okay. And I don't know your current situation, but as an example, I thought this story today during the daily Cyber Threat brief was awesome. Okay. North Korea hacker, deep fakes crypto exec, compromised Telegram credentials. Click fix this had a little bit of everything for everyone. All right? I actually suggested that you take this and. And bundle it up into a nice message for your executives and for your end users. This is a perfect one. Bundle it up and make it like a share for one of these group calls or group meetups. Right? And then reach out to them and say, hey, listen, North Korea just did this really sophisticated, elegant hack. It could affect a lot of executives. Real money was stolen. I want to. I want a brief the group on this particular attack. They're going to say yes. So what I would say, Kyle, is to get at. Don't get. I guess here's the trick. I'm going to rephrase your question, like, frame it differently. Don't ask for tips on how to get asked to do more. I'm giving you tips on how you can take action and initiative to speak more on these calls. You don't need to get asked. Offer, Offer. 929. Couple more minutes here. Adam wants a. A link to the EPSS lookup tool. Sure. Here you go, Adam. All right, next question. Stones fan, Jerry. Ever seen King Gizzard and the Lizard Wizard? No. Is that a band? King Gizzard? It is a rock band. No, I haven't seen them. Okay, so we got a recommendation for King Gizzard and the Lizard Wizard. I like the name. Francis. Who asked one of these questions earlier? Is CySA plus or Pen Test Plus a better cert after Pen Test Plus. Well, I don't know if this is a trick question, Francis, but, like, if you already have the Pen Test plus, I would not get it again. So in this. This question on stream right here, Cysa plus is 100% better than the Pen Test plus after getting the Pen Test Plus. Now, you asked this question at the beginning, so I think you meant SEC plus. So is Cysa plus or Pen Test plus better after SEC plus? What I would tell you is the answer is this. If you want to become a SOC analyst, CySA plus is better. If you want to become an offensive security penetration tester, Pen Test plus is better. So depending on what path you want to take, depends on it will decide the answer. So they're both fine. One will help you towards sock analysts. One will help you towards pen tester. All right. Cody is saying the band is good, you know, just to offer one more. Trying to think here. There is a bear. There's a DJ named Grizz that did some collaborations. That was like, I wish I could remember who. Who Grizz did a. Anyways, yeah, there's a group called a DJ called Grizz that I got into right before I got into the midnight. That's worth checking out. You're welcome, Francis. All right, guys, I'm gonna get out of here. I'm gonna go fight Open claw again. We'll see how it goes. Thank you to the mods. If you're a squad member, please open your emote tray and spam that mod button. Give the mod some love. Thank you so much again. Thank you guys for attending the Daily Cyber Threat Brief, Simply Cyber's Daily Cyber Threat Brief and the Jawjacking. Appreciate this, community. Today is Wednesday. Just a reminder that tomorrow is simply Cyber Firesides. We do the firesides every Thursday. We're talking shadow AI. I'm leaning into AI governance in 2026. So if you want to hear about it, come check this out. This. I'm. I'm partnering with area on this particular firesides. This guy is a Pratik Doshi, is definitely very savvy on AI governance. So I want. I want you guys to get value, get educated on AI governance. I'm also asking you, as you know, from the community perspective to come check this out. It is a sponsored fireside, so, you know, engagement. I want you to get value, but also it supports the channel. So I want to say thank you, everybody. Jay Gold, I'll get with you later tonight or this afternoon for Simply Cybercon. I'm Jerry from Simply Cyber. Until next time, stay secure.