Summary6 min read

Daily Cyber Threat Brief Podcast Summary

Podcast: Daily Cyber Threat Brief
Host: Dr. Gerald Auger, "Jerry"
Episode: 🔴 Feb 16’s Top Cyber News NOW! – Ep 1069
Date: February 16, 2026
Theme: The essential cybersecurity stories for professionals, analysts, and leaders — delivered with analysis, practical tips, and community engagement.

Episode Overview

Dr. Gerald Auger ("Jerry"), cybersecurity pro and educator, breaks down the day's top eight cybersecurity news stories, adding context, practical implications, and humor. He highlights attacker tactics, recent breaches, evolving AI-related risks, regulatory news, and tips for practitioners and those new to the field.

Key Discussion Points and Insights

1. Ivanti RCE Attacks: One Actor Dominated Early Exploitation

[11:09–18:39]

Summary: A single IP (on bulletproof infrastructure) is responsible for 83% of attacks exploiting recent Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities.
Key Data: 417 observed attacks; ~320 from one IP; vulnerabilities are being exploited as zero-days.
Expert Analysis:
- Patch quickly if you haven't already; check firewall logs for listed IPs.
- Bulletproof hosting enables criminals to act with impunity — traditional takedowns are difficult.
- As exploitation tools become more refined (especially with AI), expect faster and more concentrated attack waves:
  “If a threat actor is going to get a working valid exploit ... they are going to try to get theirs as quickly as they can.” – Jerry, [13:38]
Action Items:
- Patch Ivanti EPMM immediately
- Hunt for connections to the known threat IP
- Understand "bulletproof hosting" and why attribution is tough

2. Google's AI Overviews Manipulated by Scammers

[18:39–25:05]

Summary: Scammers are figuring out how to plant malicious content into Google's AI-generated search answers (Gemini AI), resulting in phishing sites and scams being suggested to users.
Risks: Users implicitly trust top AI answers, making phishing via this channel highly effective.
Memorable Quote:
“This is huge ... people are giving this implicit trust to the AI and the responses ... because it can’t be evil, it’s coming directly from Google.” – Jerry, [20:17]
Practical Advice:
- Educate users and family: always verify info and links from AI overviews, especially those providing support numbers or download links.
- “Any response from AI? Yes, it’s great. But you have, you can’t trust it fully. You have to have some level of skepticism.” – Jerry, [21:37]

3. DNS-based ‘Click Fix’ Attacks Use NSLookup

[25:05–32:14]

Summary: Attackers using "Click Fix" social engineering convince users to run commands (e.g., via Start→Run), which leverage nslookup to connect to attacker-controlled DNS servers and fetch malware.
New Tactic: Malicious commands use alternative DNS to evade filtering and logs.
Educational Moment:
- Click Fix tricks users with CAPTCHA-like prompts leading to executing PowerShell/DNS commands.
- Core defense: teach users never to run commands suggested by popups or emails.
- “At the end of the day, no matter what, the victim has to hit, start, run and pop open a command run box.” – Jerry, [31:44]

4. Snail Mail Phishing Targets Crypto Users

[32:14–38:53]

Summary: Physical letters sent to Ledger/Trezor hardware wallet users urge them to provide their recovery phrases under false pretenses.
Notable Aspects:
- Highly targeted and personalized, using breached contact data.
- Realistic design; phishing website is convincing.
Insight:
- Even tech-savvy hardware wallet users may fall for this, but usually these users are more skeptical.
- Traditional phishing principles apply: fake urgency, threat of lost access.
- "These criminals really invested in the infrastructure ... This website looks clean, it looks legit. I could see someone falling for this." – Jerry, [34:49]
Advice: Inform users these attacks exist—mail phish can be effective, albeit costly for the attacker.

5. Estonia Urges Europe to Build Offensive Cyber Capability

[46:08–52:31]

Summary: Estonia’s spy chief calls for Europe to invest in homegrown offensive cyber ops, not just defense.
Big Picture:
- Estonia, an early digital adopter, was hit by major cyberattacks in 2007.
- The US and UK are already pursuing 'hack back' and offensive security policies.
Philosophical Question: Should defenders legally attack back? Pros: deterrence; Cons: escalation and collateral damage.
Quote:
“If you slap [someone] and then they come around and slap you back, well, maybe next time you think twice...” – Jerry, [51:15]

6. Ring Cancels Flock Partnership After Privacy Uproar

[52:31–56:31]

Summary: After a controversial Super Bowl ad, Ring (Amazon) cancels plans with Flock Safety (police surveillance tech), amid privacy/facial recognition fears.
Analysis:
- Mass surveillance concerns are finally reaching mainstream awareness.
- “...digital surveillance, techno digital technical surveillance, the Flock cameras, mass deployment... It’s all over the place.” – Jerry, [54:09]
Takeaway: End-users and the public are waking up to surveillance and AI-powered monitoring risks.

7. Dutch Telco Odido Data Breach – 6.2M Customers Exposed

[56:31–57:05]

Summary: Major breach in the Netherlands; customer PII and bank accounts exposed (not passwords/location).
Desensitization:
- Breaches of this scale are now routine: “Just replace the variables ... this story happens every single day.” – Jerry, [57:33]
Actionable Reminder: Tabletop exercises — know your breach notification and crisis response plans.

8. Zero-Click Link Preview Attacks via Messaging Apps & AI

[61:13–62:03]

Summary: Attackers use prompt injections in AI messaging bots (Slack, Telegram) to trick the bot into generating malicious links; link previews fetch the URL autonomously—no user click required.
Expert Deep-Dive:
- AI agents (like OpenClaw/Karn) need careful permission control & identity management.
- Risks: Over-permissioned bots, no restriction on who can command, leading to major compromise.
- “People are going YOLO giving AI all the permissions ... if anyone else can get in there and tell it to do something, it will gladly do it.” – Jerry, [62:25]
Action:
- Implement least privilege for AI agents.
- Control access to bots & verify identities.
- Consider local LLMs for sensitive environments.

Notable Quotes & Moments

On Snail Mail Phishing: “Even the website ... these criminals really invested ... If you’re smart enough to be running a hardware wallet ... you have a healthy level of skepticism ...” [34:49]
AI Security Parable: “It’s not complicated, you have to think through the threats and the risks ... or you’re going to get screwed.” [62:45]
On Conference Talk Anxiety: “The absolute worst thing that could happen ... is that people won’t even remember” [Post-show Q&A]
On AI Agents: “AI is super smart, but it’s also super stupid, right?” [62:50]

Timestamps for Key Segments

[11:09] Ivanti Attacks Analysis
[18:39] Google AI Search Abuse by Scammers
[25:05] DNS Click Fix via NSLookup
[32:14] Ledger/Trezor Crypto Snail Mail Phishing
[46:08] Estonia Offensive Cyber Policy
[52:31] Ring & Flock Privacy Blowback
[56:31] Dutch Telco Data Breach
[61:13] Link Preview, Zero-Click AI Attacks
[Jawjacking/Q&A] Community questions — CISP prep, Google certs, OpenClaw set-up, career advice

Community & Tone

The podcast thrums with an inclusive, conversational spirit, taking cybersecurity seriously but maintaining levity and openness, e.g.:

Music breaks ("let the la-la-las wash over you")
Shout-outs to first-timers; encouragement for learners
Practical “preacher-in-the-classroom” tone on risk, user education, and non-technical user protection

Final Takeaways

Patch fast, check logs, and don’t trust single data points or AI-generated information blindly.
End-user education is more vital than ever (phishing, AI, strange commands, physical mail).
AI security requires careful thought—least privilege, identity control, and monitoring.
The “ordinary” breach is now table stakes—practitioners must prioritize response muscle-memory and communication.
Privacy and surveillance discussions are entering the mainstream—share awareness, not just technical knowledge.
Vibe: Collaborative, positive, and real-world relevant — “It takes a village”; “We’ve got work to do, let’s do it together.”

For the full daily brief and additional resources, head to Simply Cyber’s YouTube or Discord community.

Loading summary

Transcript25 lines

[00:01]
A
All right, Good Monday morning, everybody. February 16, 2026. If you want to stay current on the top cyber security news stories of the day so you can be a better cyber security professional, so you can navigate your career and ultimately be the most valuable candidate, either whether you're actively interviewing or you decide, you know what, I'm going to be the CEO of me. That's what it's all about. Welcome to Simply Cyber's daily Cyber Threat Brief podcast. I AM your host, Dr. Gerald Ozier, coming to you live from the Buffer Oer Flow studio. Thanks for joining us today. We got a great show. Get comfortable, get your coffee. President's day or not, we are cooking. See you in a second. All right. Good morning, everybody. Whether you're on the treadmill, Marcus Kyler of the Yeet crew, or whether you're, you know, in bed, space tacos, it's all good. Hey, you know what? Wherever you are, whatever you're doing, you're here, you're part of it. How you're doing it, that's your own prerogative. What I'm happy to hear is that people are doing it in a way that integrates with their lifestyle and how they're operating today instead of just saying, no, not today. It's a three day weekend. I'm not doing daily cyber threat brief. You know what? You showed up. Consistency, it's valuable. Nurman coffee cup. Cheers to you. I got the big guy today. My favorite coffee mug. This President's Day is going to be huge. All right, guys. Hey, check it out. If you're here for the first time, I'm, I'm stunned, honestly. Starting on a holiday for your first time with the daily threat brief. Kudos. Cheers to you. Now, we are an international community, so it's quite possible that you're like, what are you talking about, Jerry? This is just Monday. That's quite possible. But if you're here for the first time, drop a hashtag, first timer in chat. Hashtag first timer in chat. Snardong, I don't recognize your name. Are you a first timer at Snorknong? Guys, every single threat brief is worth half a cp. It's very simple. Say what's up in chat. Grab a screenshot. Say what's up in chat. It will appear above my head just like Steve Young. Dennis Keefe, a Witherspoon is up in here. Grab a screenshot with your name in chat. Right. And you'll notice that the episode title has the date and a unique identifier. I think it's like 1067 or something right now, that is to make it unequivocally defendable as a piece of evidence if you're ever audited for CPEs, which doesn't happen that often, but it's simple, it's easy. And if they ask, this is an instructor led webinar. Yes, I have a hat on. Yes, I'm very serious about my Wu Tang and my multi factor authentication, but that doesn't discredit me as a cyber security professional who's qualified to run an instructor led webinar. Right? So that's what's up. Dude, webinars don't have to suck. We don't have to do our dad's webinar or our mom's webinar. We can be all about good times and get work done. So we are going to go through those eight stories and what I got to tell you is the value proposition, because you can, you can read your own RSS feed, you can have your open Claw agent curate some news for you. Bfd, what we do is we go beyond the headlines. I tap into my 20 plus years of experience to give you additional thoughts, insights, value that you're just not going to get anywhere else. And then with the Simply Cyber community backing me up, we're going to get all sorts of stuff. Dude, we did the AMA on Friday last week. John V basically got on stage and ran like a TED Talk on AI. It was awesome. He's got to come on firesides. Also, if you guys didn't see really quickly, just self promotion because you know, it's okay if you didn't see Kathy Chambers and I did a video. It published yesterday 6 years I. So you want to, you want to start a podcast in 2026. How do you do it? Where do you start? Well, let me show you for absolutely free. Based on me and Kathy. What do we know? Well, I have a sans award winning podcast that you're actually watching right now. And Kathy runs a media company where she, she did Breaking News Forever. She knows how to produce. It's awesome. Go check that video out if you want. All right, so first timers, check. CPEs, check. Value proposition, check. All right, I think we got, we got all of it. Shout out to the mod. Shout out to all you. CPA to cyber security is here. So Canada is representing Steve Young. I don't know if anybody watched the Olympics at all. I did. I binged Olympics yesterday and it's so funny. I don't know the first thing about women's short form pair skating. But it was. I was on the edge of my seat. Danny o'. Shea. You know what's cracking, dude? Skeleton Germany coming out, a men's, women's paired skeleton. I know nothing about it. I was standing up cheering for Germany. It's insane. And of course, curling. We got some high, high drama in the curling world, but we'll get to that at Jawjacking. Guys, every single episode of the daily Cyber threat Brief is worth half a cpe. So what do we do? I mean, I already told you that I'm sorry. The show is sponsored and without the show's sponsors, I'm unable to bring this show to you with any value or regulatory regularness. So let's take a minute and say thank you to the stream sponsors, starting with Flair. Flair is bringing the heat. Some of you are actually already demoing Flare right now. I'd love to hear what your experiences are if you want to self identify. Yes. Team USA Hockey. So, guys, listen, Flare cyber threat intelligence platform is phenomenal. They go on the dark web. They, you know, go undercover. They get all this information on what threat actors are doing, what data they actually have, right? And they put it in a platform that allows you to query it in a very, very easy, effective way. So what does this mean for you? This means that you could type in your domain into Flare and see if you've had compromised assets. And I don't just mean like simply cyber.com I I mean like you could type in your slash, you know, local.clinland or what like you could put in your active directory domain. Because if info stealers have scooped up endpoints information, it's going to be there and it's going to be queryable. It's super, super valuable. You do have to go through quite a process of validation. And I understand that that is friction, and a lot of businesses don't want their customers to have friction, especially for onboarding. But I'm telling you, the value of this information is so high that they want to make sure that you're not a criminal. Because if a criminal got this information, it would be insane. All right, guys, want to say shout out to material. I use Google workspaces. You probably use Office 365. Cloud's workspace security is hard, man. Email security loan stops fishing at the perimeter. But that's not enough. Today's thread targets emails, files and accounts across your entire workspace. Material protects Google Workspaces and Microsoft 365 by providing holistic visibility and automated remediation across your cloud environment. And it goes beyond phishing protection to detect and protect sensitive data, monitor account threats and respond to risks across workspaces. Material uses advanced AI detections, automates user report triaging, delivers flexible one click remediation for email file and account issues. And best of all, this is definitely the best part. Scales your security without scaling your security team and it protects your entire workspace of the cost of traditional email security. You can learn more at Simply Cyber IO Material. Dude, it's hard to get budget for new headcount but it's o. It's. It's a lot easier to get budget for security tooling. Trust me. I'll tell you a dirty secret. This is a fact, Jack. Dirty secret CSOs will love to spend money on new tech because it it resets the clock on what they're accountable for. Oh hey, like you said you were going to reduce risk. What the hell are you doing ciso? It's like oh no, I just signed on with X, Y and Z. We got a six month rollout plan. Get back to me in six months because we're putting in this new tech that's going to be amazing. And then they just bought themselves some time, you know. Push, push, push, push. Six months comes down the road. Hey, where are you with that thing? Oh, don't worry about it, don't worry about it. We're rolling out dlp. It's gonna be good, I'm telling you. See, so's do it all the time. It's a fact. All right. Material Security help protect your environment. Let's hear from Threat Locker really quickly and then I'm gonna melt your face. I didn't see any first timers, but if we got them. Welcome to the party, pal. I want to give some love to the daily Cyber threat brief sponsor Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right everybody. I I expected it to be low numbers today just because the holiday we're at, we're not even past 200. Live with us right now. That's okay. First timers. Good morning Brazo uk. Not a first timer. Ah. All right guys, do me a favor. I'm gonna take. I think, I think this might be my first sip of coffee of the day and I'm very excited about it. Do me a favor, everybody except Marcus Kyler because he's on the treadmill. Sit back, relax and let the cool sounds of the hot news wash over all of us in an awesome wave. I will see you all at the mid roll. Let's cook. From the CISO series, it's cybersecurity headlines.
[11:09]
B
These are the cybersecurity headlines for Monday February 16th.
[11:14]
A
Oh, that's good coffee.
[11:15]
B
2026. I'm Steve Prentice. One threat actor responsible for 83% of recent Ivanti RCE attacks. A single IP address hosted on bulletproof infrastructure is responsible for more than 83% of exploitation activity related to two vulnerabilities, says intelligence company Greynoise. The two CVE numbered vulnerabilities exist in Ivanti Endpoint Manager Mobile and have been flagged as actively exploited in zero day attacks in Ivanti's security advisory where the company also announced hotfixes quote the source of these attacks is an IP address hosted by Prospero Triple O, which census analysts marked as a bulletproof autonomous system used to target various software products, Google's AI.
[12:07]
A
Okay, so a couple things here. Number one, this Avanti, like Avanti is this security technology IT management company. I, I've been in environments that have used it. It's, it's pretty good. I might be overstating it, but they're, they're very, to me they seem like they fit the MSP market. So you can manage multiple clients, environments or a mid sized environment. So like you've got, you've got pretty good footprint. Multiple sites, you know, thousand, two thousand users, lots of endpoints that you know, know. So they're essentially their mobile device management solution, which I think is called EPMM. Not to be confused with EPMD, you know what I mean? Okay, so it's their endpoint manager mobile edition had two CVEs. We talked about this last week it was get, you know, get it patched. Ah, you gotta patch it, get it sorted out ASAP and then don't be, you don't want to be the one, you know, freaking cleaning up a mess over the weekend because you didn't patch it. Well, as expected, like, and if you, as expected, it's being actively exploited in the wild like you know, from the office of obviously comes this news report that it's being actively exploited. One interesting thing is that, and the point of the story is that all, you know, one IP address is the RECOM responsible for 83% of the tax. Now when it's, when you start getting into percentages, my antenna immediately goes up and I, I hope this does this for other people as well. And if you never thought about it before, allow me to be the one who makes your antenna go up here on out. 83% of attacks come from one IP address. How many attacks? Percentages can be very misleading, right? If there's five attacks, right, then, oh, four of them came from one place. So like four attacks, big deal. If there's 380,000 attacks, 83% is quite a large number, you know what I'm saying? So just I always like to be mindful and this is the academic researcher nerd in me. It's like, okay, if you're going to talk percentages, what's the data set behind it? Like how many was in the data set? How valid are the, the data points in that data set? Like, what biases are there? Okay, so this is 417 attacks, 83% came from one location. So we're looking at like 3, 320. Rough. You know, back in the napkin math here, coming from one IP address. Now, as defenders and practitioners, first of all, if you are running this EPMM solution and you haven't patched it yet, chances are you've already been tickled by one of these. But if you haven't, you should absolutely, you know, put in your firewall blocking this IP address, right? One night, if they have it in the, in the story here, it's like 194 or something, dot, whatever. But this is not like to me, this is interesting in that a threat actor had a very good, good working exploit and they just went shopping with it. And this is, to me, this is a pretty what, this to me is what you should be expecting, okay? If a threat actor is going to get a working valid exploit working or chain of exploits working, and they know that businesses are going to be actively patching, they are going to try to get theirs as quickly as they can, right? Early bird gets the worm, if you want to say it. So they went whole hog and you could search for these things on the Internet and then pop them. If you are running epmm, you should go threat hunting in your environment. Go look in your logs and see if you had any activity from, you know, this IP address. Although you could see here there was, you know, about 60 other IP addresses that were doing active exploitation. The final thing I want to say, and this is, this is fundamental rudimentary lesson but for those, for those who are senior in the chat, you know, for those senior in the chat, you know this information but we have to educate the, the newer people as well. You might be thinking how on earth can someone just be straight up committing crime from a known isp? Well that's what bulletproof hosting is. So if you heard the term bulletproof hosting in the story, Bulletproof hosting is a, essentially like an ISP or data center think like AWS or one, you know, like you know, one DigitalOcean or whatever. Except it's in Eastern Europe typically and they don't ask questions and law enforcement doesn't bother them and, and the FBI can't query the, the business to reveal who is the human that leased that IP address. So it becomes bulletproof in that sense. Like the, the person, the criminal behind it is effectively protected by the ISP because they're never going to like give it up, right? Never going to give it up. Never going to let you. Okay, little Rick, roll action on a Monday morning. So anyways, that's the deal with this. Obviously if you patch your stuff, this exploit doesn't work and you know, you're off and running. We don't just the final thing I'd point out on this, like we don't typically get information like this to know like oh, you know, whatever, like Oracle Enterprise business suite which you know recently was attacked quite a bit by clop ransomware. We don't typically get the numbers of oh, it all came from this one location or this one criminal base. So it is interesting. Again, I really honestly believe with AI and the ability to reverse patches and quickly code up exploits, I think you're going to see more, more of this like you know, single threat actor with a single one really well defined bullet shooting it all over and over and over.
[18:39]
B
Search overviews manipulated by scammers from the this is why we can't have nice things department. Google's AI overviews feature is being weaponized by scammers who have figured out how to.
[19:00]
A
I am going to, I'm going to straight lose my mind. I can hear the trash truck driving down the street. I read the new I, I googled this. It said that Charleston city services were closed today. All my neighbors put their trash cans out and I said fools. And I hear the trash truck right now. I swear to all that is holy.
[19:24]
B
If I have to inject deliberately harmful information into its AI generated search summaries by reverse engineering how Google's AI sources information. This allows them to plant malicious content, such as links to phishing sites disguised as customer service portals, promoting counterfeit products as legitimate recommendations and spreading misinformation designed to build trust before hitting victims with financial scams. Experts emphasize that users should treat AI overviews as a starting point that requires verification rather than as a definitive answer.
[20:01]
A
All right, so yes, this is 100% it. And guys, this is definitely something you need to educate your non technical workforce users and your family. What's the next family thing coming up? Spring break, I guess. Maybe you go visit Grammy and Grampy on spring break or do a FaceTime call with them, whatever. Be that person in your family who's like, hey, it's great to see you, but did you know? Listen, Google by default now returns a AI, you know, response like, Google's trying to get Gemini online with everybody. Okay, One of the. Oh my God, dude, like just think, think about like fundamentally how, how fishing works in general, right? Fishing works by either giving you something valuable or scaring you, number one. But then also through having the source be authority or trusted or both, right? So if you get an email from your boss saying if you don't do X, Y and Z, you're fired, there's authority there. You look, it says it's from your boss. So you trust it and you're going to take action because you don't want to get fired. You're scared. If you get an email from flimflam725@xyz.ru and it says you're going to get fired, you're like, whatever, bruh. Because there's no, there's no trust there. It's, it's a random person on the Internet emailing you. Okay, now let's fast forward it to 2026 when you type in how, how do I repair my printer? Right? How do I fix my printer? And Gemini comes up with its auto AI response before any Google results right at the top and it says, oh, like, hey, having printer problems really is a struggle. You know, have you, have you tried turning it off and on again? Have you tried taking the ink cartridge out and resetting it? Have you tried whatever? Or you can call this number for Epson support or HP support or whatever, okay? The AI people are giving this like implicit trust to the AI and the responses of the AI because it can't be evil. It's coming directly from Google what's the problem, bro? Well, threat actors, just like marketers by the way, are now working their butts off to be AI engine optimized. You want to be in the AI's responses. You want to be in what AI is saying because AI is now that trusted voice. And this is the major difference between fishing and being like a sponsored link at the top of Google and having Gemini tell you the answer. Okay? This is huge. So anyways, here's what you have to do for today, okay. Or for your message of the week or telling your friends. Listen, any response from AI? Yes, it's great. But you have, you can't trust it fully. You have to have a. You have to have some level of skepticism if it is telling you to contact someone or to download something. I know, I know. Listen, you have to say this too. I know it's the easy button. I know it's so easy to just take the results and hit that button because you want to get back to doom scrolling Instagram or you want to get Back to your TikToks. I get it. But this is happening and I use the Epson one because a lot of those Indian call center scammers that are basically selling people fake antivirus and security software, they are literally using sponsored leak posting for common printer troubleshooting and then, you know, victims are calling in voluntarily into the scam centers. So this is happening with Google Search and Google AI. All right? So just be mindful of that, all right? Educate your end users. I'm telling you, this is critical. And also for any marketers out there, like marketers would love to figure out how to be in Google AI's responses. It's crazy to me like these, these cyber criminals that are so clever to get into Gemini's responses. It's like if they just weren't evil, if they, they would be like CMOS for tech startups. Elliot Matai says AI told him it can trust all what it says. Who do I believe? Oh boy. Yeah, yeah, yeah. All right. I mean this is interesting. This should not come as a surprise, by the way. This is. Phishing is so effective for threat actors. Initial attack vectors.
[25:06]
B
Microsoft warns of DNS based click fix attack that uses NS lookup.
[25:11]
A
Ooh.
[25:12]
B
A popular click fix social engineering tactic has a new angle in which attackers trick users into running commands that carry out a domain name system, otherwise known as NSLookup to retrieve the next stage payload. In this case, it performs a DNS lookup against a hard coded external DNS server rather than the system's default resolver said Microsoft's Threat Intelligence team. They added, quote, using DNS in this way reduces dependency on traditional web requests and can help blend malicious activity into normal network traffic. End quote.
[25:47]
A
Trezor and okay, so Click Fix continues to be a thing. So really quick, just so we level set for everybody in the chat, Click Fix is essentially this attack where a criminal tricks a user into running typically like a powershell command, like start run powershell command. And you might be like, how on earth could they fall for that? They make it look like a captcha, like you're not a robot, like, click on the fire hydrants, click on the bicycles, move the puzzle piece, run this PowerShell code. And humans will just be like, yes, yes, yes. Because they just want to get onto the thing behind the captcha. Now there are many different versions of Qlik Fix. It's evolved but it is highly effective. And in this instance they're using nslookup, which is an OG classic terminal command, right? Ping, ping, ping, Ping pong. Ping pong ping is a classic terminal command. NS Lookup is a classic terminal command. Really quick, like very high level setting. If you didn't know, DNS stands for Domain Name Service, I believe, or Domain Name Server. Doesn't matter. Everybody just says DNS. It basically translates an IP address to a domain name. So no one says, oh, you should check out the hot site 1-17-32-14222. It's so hot right now that Hansel's so hot right now, right? Everybody says check out simply Cyber IO, right? That's the deal. So if you wanted to see it in action, you can use NS Lookup. Now normally, normally your DNS server, you have to have a DNS server to do DNS resolution. And normally just by default, it'll be your isp, right? So if you plug in your home Internet and you've got packets flying right, the. The light on the back of the box is blinking green. Then when you type in google.com, your Comcast, your AT&T, your Verizon, they are the ones that are translating google.com into an IP address. And they will happily have you translate away whether it's a malicious website, an adult website, gambling website, those ISPs will help you translate all day long. What I would recommend, just as a pro tip, is configure your DNS resolvers to be either Google's DNS resolvers, cloud flares, DNS resolvers, quad nines, DNS resolvers, and it costs nothing it costs nothing. They basically, in exchange for free DNS resolution, they capture what you're querying because you can't, you can't, you can't encrypt your DNS requests. Personally, I use Cloud Flare. They have a great DNS resolver. That's the family friendly one. So mal known malicious sites don't get resolved and adult websites don't get resolved. So if my son's trying to, you know, investigate, you know, things he gets denied unless he goes, Unless he. Hopefully he's not watching right now. He's probably not. But of course he could just use his phone, get off the wireless network, and then use @t's default resolver. So there are ways around it. It's not bulletproof. All right, so this click fix social engineering tactic is using DNS. Let's see, it uses custom DNS. Yes, yes, yes. Let's see how this uses. Okay, so basically by using a hard coded DNS server, this is what I'm talking about. Like, so instead of using Cloudflare, instead of using your default ISP1. Right. So if my son or, you know, anyone in my house try to go to the click fix second stage payload website, Cloudflare might know about it and therefore stop the attack in its sequence. So what the threat actors have done, because obviously that's what's happening here, is they're having the victim do DNS resolution at a DNS server that they control, which means they, they can make it do anything they want. Right? They, they will provide the IP address. All this is, is a over the top, almost like Rube Goldberg style machine. Not Rube Goldberg. Yeah, Rube Goldberg. Is it Gold Brick Goldberg? Yeah, Rube Goldberg machine. Yeah. Of look. Yeah, here we go. This right here is a ex. This is like a real time look in of the threat actor getting, getting you to do DNS resolution so you can't detect it in your logs. Okay? Yep. So the web requests for the DNS resolution won't happen. It'll be explicitly just an IP address the whole time. That's the deal. Okay, you can see the command is here, command, slash, C NS lookup, website, IP address. So this is the DNS server IP address. You can see, here's what it looks like, guys, at the end of the day, okay? Threat actors can come up with clever ways to obfuscate the code to use their own DNS resolvers to do a million different things. At the end of the day, no matter what, the victim has to hit, start, run and pop open a Command run box. Okay, so I don't care what kind of pageantry and misdirection you know, David Blaine, jazz hands you're doing over here, Just tell your end users not to pop a start run box open. If you like, take a picture of this and say, if you see this, stop what you're doing, period. You don't need to know about click fix. You don't need to know about DNS resolution. You don't need to know about any of those things. If you pop a start run box stop. Okay?
[32:14]
B
Ledger users targeted through snail mail campaign. Physical letters sent through the postal service are urging users of the two cryptocurrency hardware wallets into submitting recovery phrases as part of a fictional authentication check. The letters include company logos and other letterhead features, as do the envelopes. The messages conveyed sufficient urgency, warning users to complete the process by yesterday, February 15, or risk losing functionality on their devices. It should be noted that both Trezor and Ledger suffered data breaches in the past couple of years that did expose customer contact information.
[32:54]
A
All right, Justin. Oh, I'm sorry, guys. Justin Gold, like, just. I feel like I. I love Justin Gold. So everybody knows. All right? But, like, in my mind, I don't know why I just thought about it, but, like, in my mind, Justin Gold, in this instance exclusively, I do not think he sleeps in a coffin normally, but in my mind, Justin Gold was like hands over his chest in a coffin and the story said crypto. And he was like. And like, basically didn't sit up, bent at the waist like, he. He pivoted up on his feet. He said, R.I.P. like, I'm here, J. Crypto. Parkour. Parkour. All right, so snail mail targets Trazor and Ledger. I guess these are crypto platforms, bro. Crypto's getting punched in the face on the regular. Oh, hey, this is one that we don't get very often. Threat actors are sending physical letters pretending to be from Tracer and Ledger. The cryptocurrency hardware wallets trick users into submitting recovery phases. Wow. So threat actors are buying stamps and sending letters in the mail. Very interesting, very interesting because again, it's all about the attack sequence and trust, right? Like, oh, it came in the mail. It's got to be legit. Oh, here we go. Real time looking at Jim J. Crypto. Shout out to the mods. Crypto, Bitcoin. All right, so there's. Oh, my God, bro. So they're sending physical letters. They must complete a mandatory authentication check. Again, this. To avoid losing access to Wallet functionality. Exactly. So now they're, as I just told you earlier. Oh, by the way, I should have said this, but I think everybody here is a regular. I don't research or prep for these shows. I have no idea what stories are coming up. Right? So I didn't know this story was coming up, so I wasn't teasing myself. But this is using phishing attack sequence in fear or scaring the victim into taking action. You're going to lose access to your wallet if you don't do this thing. Okay. Sense of urgency, pressuring victims. So hardware wallet. It's so funny, I thought snail mail was a company, not like traditional mail. All right, So hardware wallets. If I was going to have crypto, I would absolutely do a hardware wallet. Let's see. So a letter impersonating Trezor received by cyber expert Dimitri Said, yada, yada, yada. All right, so, I mean, this is the letter guy. Look at this. I mean, this looks legit. Lehigh Valley, Pennsylvania, shout out to Easton, pa. And all our Crayola factory people down there. Look, Czech Republic looks legit. Dude, this. I. I have heard the term snail mail. It's just, I. I swear to God, like, there was an email, there was a service called Simple Mail last week that got hacked, and I was confusing it with that. All right, dude, this looks legit. I mean, I, I would not question. I mean, I wouldn't question this. I mean, this looks legit, right? I guess all I would tell people is the following. Dude, even the website, dude, these criminals, like, really invested in the, the infrastructure. Look at this, this website right here. If you're watching online, if you're, if you're listening on audio only, I pulled up the phishing website that the snail mail letter will take you to, and it looks clean, it looks legit. I could see someone falling for this. I will say really quickly, though, like, if you're, if you're smart enough to be running a hardware wallet for your crypto, chances are you have a healthy level of skepticism when it comes to anything that involves your crypto. So, you know, some people are definitely going to be victimized by this thing. But I don't know, I might want to put this in a back pocket. In your back pocket and save it. Because we don't see snail mail physical mail attacks very often because it requires time, it requires money. Those letters cost money to send. They take a few days, but they are effective. You could, you could educate end users about it. I might even make a little YouTube post about it. Oh, speaking of YouTube post, can I. I want to show you guys something kind of funny really quick before we get into the mid roll. We're about to do the mid roll. Check this out. I'm trying to do more shorts recently and I did this short right here. I don't know if you guys saw this. The hardest part of I did this short right here. Not the technology. People in my comments said this is AI. I'm like no, I'm a meatbag. Like this is not a AI. This is me as a hu. Like, Like. So I don't know if we've reached this uncanny valley where people who don't know who I am think that this is an AI generated video. But I was stunned. I said I tried a black and white filter to kind of stand out in the. In the. In the feeds, but crazy.
[38:53]
B
All right, huge thanks to our sponsor, Conveyor. I'll tell you two things Conveyor cannot help you with. Conveyor will not make security questionnaires fun and it will not make your sales team stop asking you questions. But it did help Alteryx support a half a billion dollars in enterprise deals with the same four person team. All they did was get an AI trust center and use Conveyors AI agent to complete questionnaires. That's enough. You know where to go. Wwconveyor.com that is c o n v e y o r dot com.
[39:31]
A
All right. Hey, before I start the music because for those who got up today, for those who made the President's Day trek in the snow to the Simply Cyber Daily Cyber threat brief. We're gonna play it. We're gonna kick it old school, if you know what I mean. So let me read the Anti Siphon ad with no music so I can cut the music out afterwards. You know what's coming. You know what's coming. Guys. Hey, really quick. Shout out to the stream sponsors. Threat locker, Anti siphon flare material. Speaking of anti siphon, maybe many of you attended the Wild west hack infest Mile High last week. But you're back. And you're, you know, you're back at the grind. You're back at your desk. Anti siphon training is disrupting the traditional cybersecurity training industry by offering high quality, cutting edge education to everyone, regardless of financial position. And this Wednesday at noon Eastern, February 18th, you still have time to register. Now you can spend an hour learning from Eric Kuhn, who knows a thing or two about a thing or two when it comes to enhancements of active directory security. That's right. If you want to absolutely stun people in job interviews about your knowledge of active directory and I would assume it gets into Azure, active directory hybrid models, cloud on prem hybrid, entra id, then this is for you. This is free. You can learn how to harden your Active directory new using the newer features offered and the opportunities to get detections enabled. So you will be able to bring new information to the job interview or to work on Monday. Like, listen guys, hey, like, say you take this training and then you show up on work on Thursday and you go, you slide your chair over to the IT administrators and you're like, hey guys, I noticed that we didn't configure this in ad. Is there any reason why or can we enable it? Oh no, that's great. Thank you, thank you, thank you. Damn, dude, this guy's always delivering value. Damn, this lady's always delivering value. Don't miss this opportunity. It's free. Sign up, get it on your calendar. Go or don't go, but at least you'll have the option. All right, guys, check it, check it out. Now go to AntiSiphon Training.com and then. All right, guys, holla, holla. Hey, can we collectively welcome Nick lfgm into the chat? First timer, Nick. Nick. LGFM says he's a first timer. Studying for security plus exam right now. Very new. Lol. You know what, Nick? Welcome to the party, pal. Come on, chat. Let's get it, let's get it. I'm so happy we got a first timer. All right, guys, it's a holiday. Let's let this breathe a little bit, shall we? Gonna get a coffee. Oh, forget about me. All right, everybody, I hope you're having a wonderful day. Every single day of the week has a special segment. And my friends, I am so proud that Mondays is simply Cyber Community Member of the Week. So, Nick lfgm, we celebrate each other here in a community setting. I hope you get value from the stream, but I also hope all you first timers take advantage of what Simply Cyber is. There's an entire community behind it. Go to the Discord server. Engage there, LinkedIn, the YouTube videos, the chat right now. It's amazing. All of you are amazing. And I love the opportunity to recognize members every single Monday and shout out to Threat Locker who sponsors the Community Member of the Week segment. Which means. Which means I get to give a cash prize to that person. By the way, Robert Hendrickson, I'm gonna have to set some type of statute of limitations on collecting your prize. I can't. I can't have like an open tab in my brain on who hasn't collected their stuff. So I will need you to contact me so I can get you your hundred dollar Amazon gift card, compliments of Threat Locker. They take a deny by default approach to app security. We take a village approach to community. And today's member, many of you know him, I just wanted to recognize him because I think he's great. He's consistent. Ladies and gentlemen, our very own Minnesota Zone. Don't you know Steve Young. Curling is his passion, cyber is his career, and being awesome is his vibe. Ladies and gentlemen, your simply Cyber community member of the week, Steve Young. Steve, connect with me please on Discord so I can get you that Amazon gift card and get you rocking and rolling. We can, hey, you can use the Amazon gift card to buy like electric heated socks and electric heated pants. Stay warm up there in Minneapolis, Minnesota. All right, guys, let's get the la la la la on. Let it wash over us. Alpha Sierra is going to lead us off. Marcus Kyler's on the treadmill. All right, here we go. Sorry. All right, here we go. Thanks, Steve. All right, everybody, let the la la las wash over you. Just let it wash over you. Just, just give yourself up to the la la las. Believe me, you will enjoy it. Here we go. Here we go. Here we go. Lead us off. Alpha Sierra. So good. So good. The best part is everybody knows the words. Everybody knows the words. Dude, that song never ever gets old. All right, guys, let's finish strong, shall we?
[46:09]
B
Estonia's spy chief tells Europe to invest in offensive cyber capabilities. Calpo Rosen, Estonia's foreign intelligence chief, called on European governments and industry to, quote, invest in homegrown offensive, intensive cyber capabilities, noting that the continent relies too heavily on non European tools. Speaking on Friday at the Munich Cybersecurity Conference, he said Europe is focused on defense while modern intelligence and security operations increasingly depend on the ability to penetrate, disrupt or manipulate adversaries digital systems. And he added that he would love to coordinate and cooperate with Europeans. More on that.
[46:52]
A
Okay, I'm a little. Okay, so this, you know. Okay, okay, back it up. Number one, you, Elliot Mati and Rhonda Rummerfield and Zmif and Steve Young. Like, we're not doing anything different when we get off the stream today at work because of this story. Okay, so this is like a geopolitical story. Number two, Estonia. If you didn't know, Estonia was like the first country to go all in on like online everything online government, online banking, etc. And you know, they went early on, which means they had to learn a couple hard lessons. They got blown off the Internet at one point. Estonia cyber attack. I think it was like, yeah, 2007. I think my cadets weren't even born yet at that point. Oh, this is a. Awful, this is awful for live stream media content. Let me try again. Hold on a second. Give me, give me a graphic. Give me something visual to consume. Yeah, well, yeah, here you go. You could see where Estonia is. Estonia's got like a really interesting history because essentially Russia gets pissy at Estonia for establishing its own independence when the Soviet Union fell. You know, Estonia kind of got its own thing. You can see it's like kind of a Scandinavian vibe country, but it's like right on Russia that. Is this the Baltic. I hate to be ignorant, but I think this is the Baltic Sea up here. And it's just, it's, it's, it's ripe for Russia to attack it. And they did it early. So now Estonia is saying, listen guys, we should get together and have offensive security capabilities. The reason that I'm like, like, what are we doing here? Welcome to the party, Estonia. Let me, let me explain something to you. Number one, United States offensive security government, right? The NSA has been the United States offensive security and now they're talking About Hack back January 2026, just a few weeks ago. Having private companies basically be responsible for hack back. The US has been doing this for a while. UK hackback offensive security, right. The unit, the United Kingdom government. Well, I can't find it right now, but it was just in the news the other day that the United Kingdom is putting policy in place to hack back. Etc. So like the fact that Estonia is like, hey guys, we should get together and like have offensive cyber security capabilities. It, this is not new. Like they've already been marching in this way. So like, I don't know if Estonia like stopped off to like smoke a bowl in the graveyard across the street before it came into the party. But like, we're already talking about this. Estonia. Like you of all countries should have had it figured out since you were online back in 2007, 20 years ago. So my whole thing with this is, my whole thing with this is, this is, this is a very interesting, like conversation to have. Okay? So like we, most of the time in our world we're like zeros and ones and nerd stuff and beep, boop, beep, right? But there are some like really interesting philosophical conversations that should be had. Okay, so one question is, should you attack back Right? So say, say someone attacks you, right? Like, I don't care who, just wherever. And you see an inbound attack. Okay, go, go back to this original Avanti, Avanti attack story that we did early on, right? This one IP address is like bombarding you with Avanti attacks. Is it okay for you to turn around and attack that ISP in order to figure out who is the IP owner underneath it? Then go attack them, knock them offline, send them a phishing email, etc, right? Is that okay? Because the argument is if you're just sitting there as a defender, right, what is the motivation or incentive to have the threat actor stop attacking you? Right? Again, imagine someone who's like completely pacifistic, right? You're a complete pacifist, right? You're the original ael. Well, I don't want to spoil anything in the Wheel of Time series, but like, just bear with me. You're a tinker, right? You're an absolute pacifist. And someone walks up, an open hand, slaps you and you do nothing about it. And then you know, watch this, watch this, right? There's no motivation to stop attacking, right? So if you slap and then they come around and slap you back, well, maybe next time you think twice before you slap the person. That's the conversation here. But it escalates quickly. And honestly, sometimes the people who are hacking back don't know what they're doing and it can cause more problems. More, more, more issues, right? So it's a philosophical conversation to be had, but not one for us to do right now.
[52:31]
B
Ring ends partnership plans with Flock after Privacy Blowback from Super Bowl Ad following backlash from consumers concerned about privacy, Amazon owned Ring has cancelled its partnership plans with Flock Safety, a police surveillance tech company best known for automated license plate reader cameras. The Ring super bowl ad showed how people's Ring cameras could be used to help locate lost dogs. But the wording of the ad raised questions about how the facial recognition enabled cameras could also be used to surveil and monitor the movements of people. End quote. Ring still maintains a community requests program with another major police surveillance company called Axon A X O N. All right.
[53:16]
A
So somewhere, somewhere, somebody got unbelievably fired, like some, whoever came up with this ad campaign concept, probably like a, a marketing officer or a kind of a senior person. Whoever came up with this idea absolutely jettisoned off the boat full, fully fired. Amazon Ring cancels their partnership with Flock. This was probably a very lucrative contract for Flock and because of a commercial, They, they blew it up. Now Listen, the only thing I can say is thank you. Like sometimes, you know, on the world's largest stage, the super bowl, the commercials, etc, you got a lot of eyes on it. And it, it delivered on educating the masses. All right, so like digital surveillance, techno digital technical surveillance, the Flock cameras, mass deployment of surveillance, right. It's all over the place. We've talked about facial recognition for better or worse, right there. Just so everybody knows. Let's be, let's be real. There have been many examples of facial recognition incorrectly identifying someone to police as someone with an outstanding warrant. And innocent people have been arrested and held under the like, oh, you're wanted for. For murder. Like get in jail. Like I didn't do anything. Doesn't matter. The AI facial recognition says it's you. So get in there. Shall we play a game? And ultimately it gets sorted out. But it still sucks, right? Of course if I'm being a complete prick, you know, it seems like recently it doesn't even matter if you have a worn out. You can just get scooped up and thrown in a car and disappear for a while anyways. Which is annoying. But anyways super happy that to me I don't care about ring doorbell and flock cameras etc. What I care about is that the collective conscious like the Aunt Dorotheas of the world are being made aware of this capability. Because guys remember it's not. You should always remember this when you're trying to educate people. It's not about the how, it's not about ring doorbells being installed everywhere and Flock cameras having AI capabilities to, to read and doing this mass surveillance thing. It's the impact, it's the outcome. And the video, the commercial showed how those cameras and that surveillance capability could be utilized to quickly identify and, and inform, you know, leadership of law enforcement where somebody or something is like the dog, right? Then it's like oh wait a minute. Like when you make it so people can see how the pieces fit together and they have that like dawn, like dawning moment. That's. That's the deal.
[56:32]
B
Dutch Telco Odido reveals data BREACH the Netherlands largest mobile network operator has stated that a breach of its customer contact system may have affected around 6.2 million people. The data affected includes PII and bank account numbers. The telco says however, that passwords, call details, billing or location data or scans of ID documents could not have been accessed. The breach was noticed last weekend and was reported to the Dutch Data Protection Authority. AI agent.
[57:06]
A
I wasn't even listening to that story because I was talking to Jenny Housley top Dutch telco Odo. I always get this confused. The Dutch is, is Netherlands. The Dutch. I, I, I know, I know. I'm, when I say things like that, I sound like I'm uncultured. But yes, Netherlands is the Dutch. Really quickly again. I, I can't believe that only the Olympics can do this to me. And it's because I love competition. But. Shout out to the, Shout out to the Netherlands. The Dutch. The Dutch, if you will. Congratulations to Women's Speed Skating 500 meter. Taking silver and gold yesterday at the Olympics, like, for like 15 minutes. I was like, I was all in on women's speed skating. 500 meters. Too bad. Erica Jackson. I think it was erica Johnson. The U.S. hopeful. She placed fourth. No medal for the U.S. all right. Odo admits 6.2 million customers caught in contact system caper. Bank account numbers, access. Okay. The telco insists attackers couldn't have not seen passwords. Let's hope so. All right, so 6 million customers information. All right. I mean, it doesn't get into how they were attacked. But this is just, to me, this is just a, you know, there's this story, this story happens every single day, right? Just replace the variables. Top insert manufacture insert industry insert company name. Admits insert value of data records compromised. That's it, right? There'll be a story tomorrow. You know. Top Spanish manufacturing company Fubar admits 10 million customer cotton contact system. Like, that's tomorrow. Top Japanese automotive maker Yamaha admits 6.2. You know what I mean? Like, it's just, it's, it's the same. I'm like, decentralized. Decentralized. I'm desensitized at this point. So. Tldr, the one thing I would tell you as a practitioner that you should be doing is you should, if you're doing tabletop exercises, you should or you should, you should do this or you should at least work through. Hey, listen, let's just say that we have all of our customer data breached. What's the play? What's the play? Who do we contact? What do we do? How do we, how do we respond to that? Like, there's no, there's no, there's no getting the data back. We get notified by a criminal that they have our data and they've published it. Let's assume that's our starting position. Now what? You should do that if, if your information security program is even, like, moderately mature, like just even, like day two stuff. Because when this happens, unfortunately, if you haven't practiced or thought through it, everybody's Going to be bumping into each other, responding. You're going to get like friggin, get on the, get on the bridge. We've got an open communication telecon, like basically a zoom chat going, get on there. You're gonna have to answer the same question like 15 times. What happened? What happened? What happened? It's like Jesus man, like we have thought about this.
[61:14]
B
Tricked into previewing malicious links in messaging apps. According to researchers at Prompt Armorer, attackers are now starting to use malicious prompts inside messaging apps to, quote, trick an AI agent into generating a data leaking URL or which link previews may fetch automatically. These link previews can turn URLs generated by an AI agent and controlled by an attacker into a zero click data exfiltration channel, allowing sensitive information to be leaked without any user interaction, end quote. PromptArmor notes in its report that this technique removes the need for a victim to click a link, obviously, thus making the problem, especially inside messaging platforms like Slack and Telegram, where link previews are enabled by default, a whole lot worse.
[62:03]
A
Yeah, okay, so check it out. They say zero click prompt. Okay? Zero click prompt injection. Shall we play a game? Now? Listen, listen really quickly. I have, I'm not like, I have a, a little bit of, of AI utility knowledge, okay? We have real experts in, in the community. Phil Stafford, Elliot Matice. I'm sorry, Phil Stafford, John V. Sorry, Elliot. Jump out to me as ones that are kind of very informed on AI. And if you also know a lot about AI, drop it in chat so I can know you and be able to point people to you. Now, I, in full disclosure, this computer right here, this is a display. There's a Mac Mini. You can't see it, but it's, it's right behind. I have it hidden, okay? There's a Mac Mini in there that's running Open Claw. My Open Claw agent is named Karn and I have spent the last week really getting to know Karn. Okay. And having Karn work for me. So what is. Why, why, why, why am I telling you all this crap? Okay. I have been very focused from a cyber security perspective in the last two weeks on AI security and specifically around managing the identity of the AI and, and bringing to light and sharing borderline evangelizing the importance of understanding AI agent permissions, machine identities. Hold on one second. Give me one second. Hey, I'm on stream. What's up? Are you okay? For your iPad, look in the drawer. Look, look in the drawer where it always is. Okay. Or yeah, look in the drawer where it Is everything should be right there, bud. Okay. All right. And if not, I'll be. I'll come back. I can come in there in 20 minutes, right? I'm on. I'm on YouTube. I'm live right now. I gotta go. All right, I love you. All right, no, I'm. I'm live. Go check. Go to my channel and check it out. Say what's up in chat. Okay, bye. Sorry. My son, my youngest son is not feeling well. Normally I wouldn't take a call in the middle of a stream, but my son is not feeling well. You know, we got like the little trash can and the water bottle next to him. I just wanted to make sure he was okay. Thank you for granting me grace, because this is live. I'm not AI. This isn't a deep fake. And if you have children, you know, hopefully you care. Hopefully you care about your kids. So anyways, he might jump in chat in a second. Listen, I'm really big on machine identities, non human identities, AI permissions. And people are going, YOLO giving AI all the permission so it can do all the things. The problem is if anyone else can get in there and tell it to do something, it will gladly do it. And if you've given it all the permissions and it can do massive damage. So there's two parts here. Who can tell it what to do and how much permissions have you given it. Now, let me give you a really crystal example so everybody can appreciate this. If you are in someone's house and you have one of these Amazon Echo devices or Google Home devices, all of you are well aware that you can say, hold on, everyone's aware. Like, let's pretend that the echoes, right? You could say, hey, hey, Echo play Simple Minds. Don't you forget, forget about me. And the Echo device goes, sure, no problem. Don't you for. Right. Everybody knows that you speak, it hears, it takes action. There's no validation of who is speaking. So some jerk can walk into your house and say, hey, ekko, play Slayer Volume 10, and she'll gladly comply with that, right? So that is like not authorizing. So now that we have a clear understanding of like basically why it's not checking if people have given it access to bank accounts, email, all these other things, it can do all that. But then if you're using Telegram, Slack, anything to have it execute or, or take in prompt, and you don't control who can execute those things, the AI will gladly do it. Okay, so for, for example, with Karn, Karn is locally hosted not in the cloud, at the network layer. There's a lot of things that are preventing anything from getting to that, except for this computer and that computer and this cell phone. Secondly, I use a messaging app to communicate with Karn. Sometimes that messaging app is locked down where only my account can speak to Karn. Now we've introduced another piece of attack Surface. If someone can get control of my account, then Karn will gladly do what it says. But now I've got defenses, right? I've got multi factor authentication on my messaging account. So it's not complicated, guys. It's just you have to think through the threats and the risks and the attack surfaces and your risk exposure across the entire stack or else you're going to get screwed. Now, when it says, okay, all of this, when it says zero, click, prompt injection, this means that a human doesn't do anything. But it doesn't matter anymore because the AI, it looks just like a human, except the AI. We can't educate the AI not to click on dumb stuff if it thinks that it's you telling it what to do or you haven't put any permissions around it that only your voice can say Slayer Volume 10. AI will do it. AI is super smart, but it's also super stupid, right? So that's what's up with this. So th, like this right here is exactly why you have to be mindful of where you're deploying AI agents and most importantly, most importantly, where your like, what permissions you're giving it. Okay, Is Callan in chat? All right. All right, guys, thanks. Thanks so much. Let's do this. All right. I know we're a few minutes over. Thank you for granting me grace. Straw hat Sec wants a. Hey, let's talk about open claw workshops in a hot minute. I'm Jerry from Simply Cyber. Nick lgfm. I hope you enjoyed the show. For all those Simply Cyber Community members who showed up today, thank you. I hope you got a great, great experience. I appreciate all of you. Remember that video with me and Kathy Chambers dropped yesterday? This short is not deep fake. What else we got here? This is that cyber podcast. Oh, dude. For all this information, just go to Simply Cyber's YouTube channel. It's all there. This Thursday, we've got an all female takeover. Kathy Chambers is taking over Simply Cyber fire sites. I've given her the keys to the the to the house. She's taking it over. So come on down and check out that. I'm super excited about this conversation that's going to be happening. And did you know we've got a skill stream next week with Tim Papas, Hacking the hacker emotion in ransomware negotiations. For anybody who works in GRC or CISOs, if you're going to be an incident responder dealing with ransomware, dude, this is a must see. This is a free one hour skill stream. Come on down, check it out. You can always go to Simply Cyber IO Schedule. Simply Cyber IO Schedule to see all of our upcoming events and register for for get a calendar invite. Okay. I'm Jerry from Simply Cyber. Don't go anywhere because we're going to be jacking our jaws in one hot second. See you tomorrow. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some jawjacking. All right, what's up, everybody? Welcome to the party. My name is Jerry Guy. Nick lgfm. I am not Dr. Gerald Ozier, that nerd who just ran the daily Cyber threat brief. I'm a different person. I'm cooler. I'm Jerry Guy. I kick it. All right, guys, so this is jaw jacking. We've got 2818 minutes. I'm sorry for the shortened. I'm. I'm. I'm sorry for the shortened format. First question? Hell yeah. If you have any questions, put them in chat and I will answer them to the best of my ability. And this is, this is designed to help people level up. Many people have the same questions. First question comes from Callan Ozier, live in chat asks, what's a deep fake? So a deep fake is using AI to make visually someone appear to be someone else. Okay, so if you didn't know, this is used quite a bit in business. Email, compromise attacks, cyber attacks. It's becoming more and more easy. It used to be difficult because of processing power. You could see here. Here is an example of a deep fake. Okay? The guy on the left is the real person. He is made a video of him deep faked, so he appears to be Tom Cruise. So he's talking, he's saying, hey, what's up? And it looks like Tom Cruise, but in reality, if you were there physically in person, it would look like the guy on the left. It's just with the video, the deep fake is like a filter being applied. So criminals are using this technology to appear to be someone they're not so they can pretend to be the CEO of a company and get on a zoom call with you and be like, I need you to wire a million dollars out of here. Also, for our younger people in the audience, Callan, for people out there who have kids, it's not unrealistic for someone's favorite youtuber to be deep faked and, and then tell a, tell a victim, you know, a child or whatever to hop on a call with them. Imagine if you will. I don't personally like this guy, but imagine if you will. The world's like, most successful YouTuber said, hey, this is Mr. Beast. Hey, it's Mr. Beast. I'd love to get on a call with you and give you a million dollars. And you're like, sure, right? Or. Hold on, I don't, I don't even know. Like, I don't even know who these people are. But just imagine, if you will, this guy who's like a famous YouTuber for one of these kids games, Brain Rod. Imagine this guy's like, hey, I'm giving away whatever, a hundred thousand Roblox Robux to anyone. And you get on the call with this guy and he's like, all you got to do is give me your username and password. I'll log in as you and give you the million credits. And then they steal your stuff. Right? That's what a deep fake is, Callan. Thank you for asking. Next question. All right, what did you do to your finger that requires a blue band aid? Nick Dowd. So I cut the tip of my finger off two weeks ago yesterday. So we're on day 15. I cut the tip of my finger off with a chef knife. And yes, it's as disgusting as it sounds. Had to wear a glove for two days because the bleeding wouldn't stop. And then I had like a full pad and then this, and now it's gotten to this. I. I'm almost ready to not have. I wish I didn't have a blue band aid. I wish I. I had a nude colored one. Thanks for the question, Nick. Continuing to look through chat. If you have a question, drop it in chat. Bruising hacks does for perspective, so I don't black out for a qu. For a second. Bruise and hacks. I read that. As for perspective, so I don't blackout. What is the absolute worst thing that could happen if I bomb my first conference talk at B sides in a couple months and it ends up being awful? Lol. What's the worst thing that could happen? Honestly? Nothing. Think about this for a second. Bruise and hacks. And by the way, congratulations to Bruise and hacks for having his conference talk. Accepted. Imagine if you will, you do an awful job of your talk. Okay? Just imagine if you will, you, slides don't work, you're all sweaty, etc, right? Remember, I want you to remember this. Bruise and hex H, like first of all, have you ever been to a talk that wasn't good? The answer is probably yes, right? Many of us have attended a talk at a conference that wasn't good. Okay. Also attended talks that are really good. Do you remember any specific details about the talk that wasn't good? I don't. I know I've been to talks that were not good. I cannot remember anything about them. So bruising, hacks, the absolute worst thing that could happen if you bomb is that people won't even remember. You know what I'm saying? So like there is zero risk to you. Now, I know you and I know you're going to kill it. You're absolutely going to crush it, dude. So don't you sweat. But just remember guys, very low stakes if you bomb your conference talk, first of all, you can apply to another conference because they're not going to be like, oh, wait a minute, didn't you bomb your talk? No. And no one's going to remember. You'll be fine though. Next question in chat, Dream Logic says, bro, I didn't see the video yesterday. Go check it out. I might have to start releasing those videos on Mondays instead of Sundays. El Cyber Penguino says he says some nice things about the community and about me. So it's a, it's an absolute pleasure to serve El Penguino. He says, I'm preparing for CIS P. Would you have any advice when it comes to studying for this specific CERT exam? Sure, yeah. For me personally, my strategy for studying for paper based cyber exams like the CSP CISP has. So in full disclosure, I got my CSSP in 2009, so things have may have changed a little bit, but basically there's like six or eight domains. Okay. So a domain is a specific area within cyber security that the CISP is going to test you on. What my approach is to these type of exams and what I would recommend you do is first take a practice exam with zero prep. Okay. Or just take a practice exam now, whatever. And then look at how you perform in each category in each domain. If you get like a 97 in the risk domain, then you probably don't need to spend a lot of energy focused on that. Say you get like a zero on the cryptography domain, maybe you should Focus there. So what I like to do is take an exam to baseline myself, then I like to go through all the study materials one time, then take a practice exam again. And then for any area that I don't score a 90 or higher in, I go back and focus on those specific areas and then take another practice exam and I iterate until I get a 90 or higher on every domain and then I'm good to go. So basically what I like to do is spend my time focusing on the areas that I need to improve, not just completely retaking exams over and over and over again or trying to learn areas that I've already got enough knowledge to be able to pass. Could you please put a link to the ad training from Anti Siphon? I don't see it on the page. Yeah, so LinkedIn I am posting over on. I'm posting over on YouTube, but let me see if I can do this live. This could be a hot. This could be a hot mess. Give me one second. Here we go. And I don't even know who said this because it says LinkedIn user or higher in. I go back and forth. Hold on. This is for Anti Siphon training, ad training. And I iterate until I get a 90 or higher on every and then I'm good to go. So basically what I like to do is. All right, I just dropped that in chat on LinkedIn. All right, so Callan says some people fake call 911. Cry face. Yes, that's called swatting. Swatting is a real risk. You got to be careful of that. Soulshine says how to voice train my AI to my voice only. Oh, that's a good call. Although I will say Soul Shine. Unfortunately, even if you did that, 11 Labs is so effective now that someone could easily clone your voice. So I actually not to be a. Not to poo poo this idea, but I think that this. If you did this as a security control, it would be easily overcome. All right, continuing to look through chat. I don't know if Steve is talking to me or not, but. Oh, he's saying Bruising Hacks. His YouTube channel is awesome. Okay, go check out Bruising Hacks's YouTube channel. All right, question from Steve. Stefan Martin. I've downloaded OpenClaw. How do I use it? Only to do things on my home lab and network. Does it allow. Does it only work with the Internet? No. So you could do it. You could do it on home. Anyways, what you would have to do, Stefan Martin, is you would have to have a local LLM. So Open Claw is just like the front end, really. You have to have it connect to an LLM like a brain. Mine is connected to anthropic opus 4.6LLM, which by the way, isn't cheap. I actually had to buy more credits this morning. So in the course of like six days, I spent $110 and I put 200 more in today. So I'm in for $300 at the moment. So if you have a local LLM running on like a Raspberry PI or something, then yes, you can absolutely have it do only local. You can have it on. Not on the Internet. I will say. I will say one thing though. The Claude instance, for sure. I can, I can open this up and I can have it. I can access it through the command line. It is very convenient being able to access it through messaging app. But yes, your question is, is it possible? Yes, it's possible. I know, I know. I. Anthropic is not cheap. So I'm being. I'm being given an opportunity to roll out my own localized LLM. Maybe I will do that. That'd be fun. That might be another video. Because I could spend 100 bucks on a Raspberry PI, John. And I'll have to talk about it. Thoughts on the dust up about Discord? Not necessarily age verification, but they're entangled with Palantir. Yeah, Toasty pops. I saw that. And I know Discord's gonna have to have you validate and stuff. Not. I'm not sure. I mean, it's so convenient for community building that I, I'm. I'm. I don't know if there's a. Another option, you know, I mean, some of these other tools like I, I use teachable and there's like a community element to it, but it's just. I don't know. I don't know. I think paler is pretty gross. What's the link for your GRC course? Thanks for asking. I. I don't know where you heard about it, but if you go to Academy simply cyberIO, I guess I'll go to all products go to. Where's my GRC Analyst Master Class? There it is. I assume this is what you're talking about. Who asked that question? Ella Eller. Ellery Dory. So at Ellery GRC Master Class, this is my. Just really quick since I'm here. This is my GRC Analyst Master class. This is easily my flagship course. A lot of people have had a lot of success. I can't promise you a job. I cannot Promise you a job. I know multiple people who have gotten a job because of this course or it has absolutely helped them destroy a job interview. So I can't promise a job. I'm just telling you that this is a very, very successful course. And it's $149. That's not nothing. But it's also not $2,000. I, I have priced this. I make. Here's the deal. And if you're still hanging out, you're simply Cyber Community long term member. Listen, at its absolute base. If, if like just shredding everything back and being real with you guys, the way that Simply Cyber makes money, there's the media side with sponsorships, right? Like my daily threat brief is sponsored. I do sponsored posts and stuff like that. And then there's the academy side. The, the media side makes enough money, right, to, to be pretty good. So I don't. I charge businesses basically to fund Simply Cyber. And the academy side, we charge very low, very, very low to make it accessible to people, but also to incentivize instructors to put time and energy into building great courses. All right? So that's why they're so cheap. A lot of people, here's my thing. A lot of people are like, oh, it's a 25 course. Like freaking Tyler's like AWS pen testing course. It's like 25 or 50 bucks or something. And people are like, oh, that's not, it's so cheap, it must not be good. And it's like, my guy, you cannot equate value to cost. Unless you want me to mark it up to $2,000 and then it's worth it. All right, let's keep going. Looking at chat. Looking at chat. Robert Hendrickson says he contacted me on Discord. Cool. Robert, can you, Robert, can you tell me what your handle is, please? Or can you at me in general on Discord, please? That would be the easiest thing. So because Robert, I have like hundreds and hundreds of like friend requests on Discord. And not that I don't want to be friends, but like, I just. Discord DMS is like, it can be really dodgy. So if you can at Gerald Oer on Simply Cybers General Discord channel, please, I will get you your prize. I'm super excited to get you your prize. All right, couple more minutes. Are Google Certs good for entry level IT jobs? Urban POTUS media? I would say that the Google search are not going to get you a job, but the knowledge that you get from learning and earning the Google Cert will certainly Help you. It'll give you the foundation to be able to learn more. And it's entry level I T jobs, not entry level cyber jobs. So it, it will play more into helping you get it. I, I would say the Google cert on your resume doesn't get you the job. Learning and getting all the skills that the Google search covers and then going deeper beyond that certainly will help you. Are you doing home lab projects? If so, which ones? Yeah, I'm running Open Claw back here. That's my home lab project and I love it. I'm, I'm learning a whole lot. Also another like home lab project I'm doing that I'm almost done with. I've talked a little bit about this. I'm almost done. I have built a, I, I built like basically a, a tablet, Android tablet that is running. It's got solar powered batteries and ruggedized container and I have all of Wikipedia, all of the Gutenberg projects. So like something like 700000 books, a complete collection on how to, you know, basically survive like water filtration, food filtration or not filtration, but food. Like a complete skill set on fixing mechanical things. I'm not a prepper but I have built a, I've got all of, it's not Google maps but I have like maps of every, everything in the United States. All of it's offline just in case I lose access to the Internet and have to leave my home. It's part of my go kit. So again I'm not super sweaty, I'm not scared, I'm not prepping. I just doing that. Okay, so is this you Robert Hendrickson or is this. All right, continuing to chat here. So those are my two home lab projects right now. How's the thumb? Thumb's pretty good. Space tacos? I'm gonna probably continue to do band aids for a week. I, I, I cut off part of my, I went through part of my nail too. So I'm kind of waiting for that to grow back. Run Fish says how long will the RAM crashes last? Forever. If you look at it Run Fish, it's, it's economics, right? It's, it's basically economics. AI like all the chip makers are focusing on AI so all right, we are at 9:30. I've got to get out of here so I'm gonna speed run a couple questions. Francisco on LinkedIn says thank you. Is SEC AI worth getting? Nicholas Vincent. I don't know if SEC AI is worth getting my chances. My thoughts are initially like it probably wouldn't hurt. AI is freaking wicked hot right now. That Hansel's so hot right now. All right, guys, if I didn't get to your question, I'm sorry. I do appreciate all of you and spending time here with the community, sharing your own thoughts and experiences. All right, hold on one second. All right, really quick. Torpedo For Real asks about the AWS course. The AWS course is now $43. It originally had an O entry level, like early access price at 25. I'll just drop a link to this. I'm telling you right now definitively, this is absolutely. $43 is a steal for this. And I'm not just saying that because, you know, I have a financial interest in it. I'm telling you, this is ridiculous. It looks like AT Torpedo For Real has left the chat. So whatever. I'll drop a link to it anyways. All right, Angular 777 is thinking about getting a Masters. Yeah, I mean, it doesn't hurt. It only takes two years. It's not like you kind of get it. All right, guys, I gotta get out of here to stick with the time. I'm Jerry from Simply Cyber. I hope you had a good time today. Shout out to my son Callan for jumping in the chat. Thank you all so very much. Be well. We'll see you tomorrow at 8:00am Eastern Time. Until next time, stay secure.