Loading summary
A
What's up, everybody? Welcome to the party. If you're looking to stay current on the top cyber security news stories of the day, while having entertainment education all blended together like one sweet chocolate vanilla swirl soft serve kind of dessert, then you're in the right place. Welcome to Simply Cyber's Daily Cyber Threat Brief podcast. I'm your host, Dr. Gerald Ozer, coming to you live from the Buffer Osier Flow Studio. We're off and running on this beautiful Wednesday morning. I hope you're locked in and got your coffee. Let's get cooking. That's right, everybody. Good morning. I hope you are doing well this lovely Wednesday, February 18th. Guys, every single episode of Simply Cyrus Daily Cyber Threat Brief is bringing the heat. We're going to cover the top eight cyber stories of the day. Now, of course, you can get your own. Hey, what's up, Marlon J. Lavencia? Listen, you can get the cyber news through your RSS feed. You can even have a little AI bot curate for you. But what we do here at Simply Cyber, that is unlike anything else. It's. It's multi pronged, okay? It's like a trident. First of all, you're gonna get way beyond the headlines, right? I've got 20 plus years of experience. You know, we're talking about best practices, things that you only learn from being in the seat. Number two, you have the Simply Cyber community. So whether you're a solo operator at work or you're studying as a student, trying to break in and you're looking for your tribe, the Simply Cyber community, supportive, inclusive, and all about good times is up in there. What's up, Rob Cooper. Good to see you in chat. And then three, we just have fun here, guys. It's all about good times. So the show itself is fun, the community is awesome, and the knowledge is worthwhile. Now, speaking of that knowledge, let me tell you something, friend. Every single episode of the Daily Cyber Threat Brief is worth half a cpe Continuing Professional Education credit. So if you have these cyber security certifications that require maintenance, let me help you with that. Say what's up? In chat, you will appear directly above my head because you're part of the show too. Grab a screenshot while you are on stream and include the title of this episode, which you'll notice says February 18th, episode 1700, 1071. That is a unique identifier for that screenshot and for this episode. Do it tomorrow, 1072. Do it the next day, 1073. All of this is. So you assemble a evidence trail that you were here and, you know, basically are valid for claiming the CPE credits. Now, what does that mean? That means once a year, you count up those screenshots and divide by two. Marcus Kyler, thank you very much. Is AI news. Brief generation is not meant to upstage the amazing work you do. Thank you, Marcus. I saw your note about how you can't live down what you said at Simply Cybercon. Dude, it's. It's all fun. It's all good. So anyways, get your CPEs here. Number two. Hey, guys. Know we got a lot of fresh faces in the chat. If you are new to the show, to the community, maybe you listen on audio only and you're coming over to the live. Maybe your work schedule changed and you've been team Replay. But now you're here live. Whatever your situation is, if you're live with us right now for the first time, drop a hashtag firsttimer in the chat. Hashtag first timer. We love welcoming our first timers. We want you to know that this community is inclusive and welcoming. No stupid questions, right? That doesn't exist here. No judgment. None of that nonsense. Okay? Ain't nobody got time for that. And the daily cyber threat brief. You can come and go as you please. You don't need a special code word or a special knock or anything like that. DJ B Sec is in the house. Good to see you, DJ B Sec. I've actually got a video coming out on March 1, 2026, that has a shout out to DJ B Sec in it. Spoiler alert. DJ B Sec. All right, guys, it is Wednesday. We've just been rolling out a new segment. I don't even have the. I don't even have the card for it, but it's way back Wednesday where I pull up some kind of, like, antiquated tech or something from the. From back in the day, and we. We kind of vibe on it. B. Duncan, third says. How about a first time in a while, judges? Yes. First time in a while. Hey, Sam 8:4830. First timer. Welcome to the party, pal. Bites 85. First timer. Welcome to the party, pal. Look at us, guys. We got first timers for days up in here. Welcome to the party. Bad Child Cat. First timer on the live. Been listening for a few weeks. Thanks for the content. All right, guys. Hey, let's run this. Let's run this because we got first timers all over the place. Bad Child Cat at Bad Child Cat at SAM Aid and at Bytes at P. Pajama Suit. Damn. Guys, we got the. I am the real big dude. I don't know. Did like somebody send a newsletter circular out or something? Get your John Mlan's if you are a squad member. John Mlan all the things. I think I have some gifted subs I'm going to give out right now just because of the first timers. This is sick, man. Can I do this membership gifting? I'm sending out five gifted subs right now just to recognize the first timers. I don't know who's going to get them. They've been thrown out into the chat. There we go. All right. Nerd Apocalypse, picking up one. Scott B. Picking up one. Rash, Fleck, Reflection. And Aaron D. Caster. Congratulations, guys. SK Conservative became a squad member. Welcome to the party, pal. Love it, love it, love it. Thank you all so very much. It's all about good times. I'm so happy that you guys are hearing about it. And you first timers, like, listen, I know you're here for the first time. Don't think that that means you can't engage and like you have to like go through some initiation. None of that crap. You are here. Get right into it, right? Just you know, put on, put on the, the, the swimsuit and dive into the deep end. Welcome to the party, pal. Bruise and hacks wants to blow the copyright strike out at the mid roll. I, I think we should, I think we should. Judges. All right, we're going to blow out the copyright at the mid roll. So let me rip through the, let me rip through the sponsors. That way I don't have to cut it at the mid roll. So really quick guys. Every single episode of the Daily Cyber Threat brief including episode 1071 is sponsored. Thank you to the sponsors. Remember, there are links in the description below for all the sponsors. It does support the channel if you click on those sponsor links and check them out. Now let me tell you first and all about anti siphon training, guys. Anti siphon training is absolutely disrupting, flipping the script on cyber security training and the industry itself. They make high quality, cutting edge education available to everyone. And I want to call your attention to this since John Strand sent this note out yesterday. John Strand is teaching cyber security foundations. This is a course authored by John Strand and it is four days, four hours per day, which means, which is cool because you can do your morning routine, your emails, whatever, and then you get four hours of training and then you can wrap the day by, you know, closing out any fires that came up. So this isn't training where you have to like go away and miss a week of work and you come back to like an inbox with like 3,000 things in it. 4 days, 4 hours a day, 16 total hours. Certificate of completion with 16 CPEs. You can take this training live for as little as $25. Dudes, I'm telling you this is John Strand's one of the best and this is an amazing training. So if you are, listen if your situation is you work in a different, you know, industry like you're in marketing, you're in retail, you're a K through 12 teacher, you are a stay at home parent going back in the workforce, you are a military person transitioning out whatever your situation is. And you want to get a foundation right here. John Strand Cyber Foundations I'm going to drop a link in chat. This, this is not like there's no link in the description for this specific training, but go ahead and scoop that up. I also want to say holla to Material Security guys Material. Now this, this splash page may not look as sexy or as as interesting as others, but listen to me. Your Cloud workspace if you are a business, probably a small mid sized business running Office 365 or Google Workspace and you are tasked with doing all the things your IT and cyber and other stuff, listen to this because material can help you. Your cloud workspace is more than just email. So why does security stop there? Material delivers complete protection for Google Workspace and Microsoft 365. Going beyond perimeter defenses to secure email files and accounts across your environment. With advanced AI detections and automated threat responses. Material correlates signals across the workspace to identify risks others miss. Protecting sensitive data in inbox and shared files monitor accounts access and third party apps and automates remediation. The result? You get to mature your security posture and scale protection without adding headcount to your workforce. Which is dynamite. So much easier to ask for budget for a tool than it is for a new employee. Believe that. Ready to secure your entire workspace? Yes. Please learn more at Simply Cyber IO Material Simply Cyber IO Material. Now again we're doing all of these sponsor reads right now so we can party at the mid roll. Oh and I've got to show this video here. Let's see Flare. Hold on one second. Where's the flare video? Is this it? Hold on, hold on. Let's hear from Threat Locker really quick and then we're going to do flare. All right. I want to give some love to the daily Cyber Threat Brief sponsor Threat Locker. Do zero day exploits and supply chain attacks Keep keep you up at night, but worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right, we're going to do the flare right at the mid roll and then I'll blow out the copyright. And in first timers, if you don't know what blow out the copyright is, you're in for a real treat at the mid roll. All right, do me a favor everybody. Samobite. I am the real big Mr. Jono. Sit back, relax and just let the cool sounds of the hot news wash over all of us in an awesome wave. Can't wait for the mid roll. From the CISO series. It's Cybersecurity Headlines.
B
These are the cybersecurity headlines for Wednesday, February 18, 2026. I'm Rich Stofalino. Hackers Target Anti Government protesters Researchers at Acronis discovered a cyber espionage campaign targeting supporters of recent anti government protests in Iran. Since early January. The threat actors distributed malicious files bundled with authentic protest footage and reports, deploying a previously undocumented malware dubbed Crescent Harvest. This operated as both an info stealer and remote access trojan, obtaining credentials, browsing histories, telegram information and executing commands given the intended targets and the sophistication in avoiding detection, the researchers suggested it shows links to Iranian aligned threat actors. Given ongoing Internet blackouts in the country, the spike in peer to peer sharing of protest related media has made this an effective distribution channel.
A
You okay? So a couple things here, you know, for if, for for anyone who isn't working cyber in Iran, this is an interesting story, something to learn from, but not really something to take any, excuse me, action on. There's revolution in the air, right? Iran citizens are protesting against the government. Now the government is essentially infecting the devices of those protesters for espionage capabilities. Now of course, it doesn't take a brain surgeon to figure out that by infecting the protesters they can figure out who, who, like who the humans are in their network, how are they organizing, how are they communicating, what are all their secrets? And then ultimately you swoop in and eradicate them again. You know, I'm Making some assumptions here. I'm being a little hyperbolic about what the action on objective would be by the Iranian government on these protesters. Right, Obviously. But, but by you know, choosing kind of the extreme examples we can do the risk analysis on the impact. This is not an uncommon approach guys. Like when you are a centralized government with power, you don't want the people in power, do not want their power unseated. We see this in authoritative regimes all the time and it honestly it's not that different than what we've seen in China or with Xi J Ping, you know, kind of ruling with an iron fist and protester or not protesters, but like anti, not anti government but counter government citizens having to share information anonymously through like airdrop on subways and stuff like that. Just, just so because if, if you don't, if you're openly against the government, you get rounded up and re educated. Okay? I mean just without getting too dark here. I mean look at what's happened to the Uyghur population in northwest China and the re education campaign going up there. They don't talk about it too much, but just trust me, Google it. So for me personally this is a life lesson, right? Because listen, this can happen in your, the United States, this can happen in United Kingdom, this can happen in you know, Ghana. Like this can happen anywhere, right? It's, it's a leverage of power. Now the interesting thing if you want to get into the details, is they say in the story they do not understand how the initial infections are occurring. But think about this. How, how trip, like if I had to guess, how trivial is it to be a, you know, pro federal or a state sponsored, you know, government employee or whatever and just pretend to be a revolutionist, pretend to be a counter government person and share some materials with like minded professionals. Like people are going to open those files, people are going to click on those links, right? Like instantly people are going to install whatever you tell them because they think that you're part of, you know, the revolution. And so I mean the initial infections like kind of easy. All right. I didn't re. This is interesting. I had no idea that this was happening in Iran. I do want to personally, I want to get more educated on what's going on in Iran since I've. I don't know, I've heard some speculation that there might be like a global conflict that involves Iran and other countries.
B
UK launches lock the door cybersecurity campaign the UK government recently released a cybersecurity longitudinal survey showing that 82% of businesses experience some form of cyber incident within the past year. This comes as 30% of businesses admit to following the government's Cyber Essentials frameworks. In response, the UK will run a campaign across social media, business networks, radio and podcasts to directly encourage SMEs to adopt these cybersecurity basics, which focus on patching software and maintaining strict access controls. The campaign will also point organizations to free online separate readiness checks, a 30 minute chat with NCSC advisors, and preview certification questions for Cyber Essentials.
A
Okay, sure. So 80% of UK businesses, it says still leave the door open. I mean, this is a anecdotal statement that like, or this is like, like an analogy. Like this doesn't tell me anything. What is, what the hell does still leave the door open? They don't have MFA. They leave, you know, RDP port 3389 open to the Internet. Like, what, what does this mean? Like, I get that it's a title of a story, so they're not going to break it down, but let's see what's going on here. Incidents remain routine. Baseline protections are still Patchy. Yep, yep, yep. 82% of businesses and 77% of charities, which by the way are still businesses, they're just non profits, have said some form of incident over the past year. 54% experience the same incident. Okay, what, what is the. This is annoying. Like, where's the. Okay, okay, so the story is dumb. Okay, I'm sorry. You are so dumb. You are really dumb. For real. All right, so this story points to a bunch of statistics that businesses get. Have cyber incidents. My, my guy. Like if I send a, if one of my employees falls for a phishing email, that's a cyber incident. Like, so, you know, if my business gets hit with lock bit ransomware and my business is down for two weeks. That is very different than Carl in accounting gives up his password to an account that has multi factor authentication. We catch it and reset the password. It still counts as those both count as an incident. There's just wildly different risk or, you know, impact associated with those. So like, this story gives me no actual detail. The story itself is about how the United Kingdom government's trying to help out private sector businesses get their crap together. This is totally on brand for the uk. They have been on a massive like, go, like go get them secured push recently, but both at the federal level and kind of at the private sector level. Remember last year several high profile incidents hit them. Their. Well, national health system got hit by WannaCry. In 2017. Mark and Spencer or Marks and Spencer, whatever. Roswell UK always gets pissy when I say it incorrectly. But like the co op, like they had massive retail hits. Klopp ransomware took down some type of water municipality. So the UK has been getting absolutely slapped around like it's, you know, like just egg. Right? So they're pushing for it, they're trying to help out. Now let me point something out that I find, I don't want to say comical, but like real. Okay, first of all, this, if anything, this just reinforces what I already believed. My, my guy. Like I spend, I spend, you spend. We all spend tons of time trying to convince our business, our executive team to fund cyber security. We spend tons of time trying to convince Carl in accounting not to click on dumb stuff. We, we try to tell people, whoa, like we're not saying you can't use AI, but let's just put some guard rails in place. Let's just have some governance. Right? Yeah. And the business is like, no, we're moving fast, we're breaking things. So like this story right here, like this, this right here should come as no surprise. Like we literally deal with, this is why we have a job. This is why some of us self medicate when we get home from work. Because we, we are running into this wall over and over and over and over again. So for the UK government to push a campaign, we'll see what kind of impact that has. The business isn't listening to the people that they give money to to help secure the business. Why would they be listening to the government with PSAs? The only thing I will say, just as a quick little, the first thing that came to my mind, there was a government backed campaign that had wildly successful Results in the 80s in the United States. Okay. And this is not a drink, I'm not an old person. It's just true. Did you know if the UK government launches the cyber lockdown campaign and does it well, this could result in better outcomes for the private sector. In the 1980s, it was considered very uncool to wear your seatbelt in your car. I'm not joking. It was super uncool to wear your seat belt in a car. There was like, there was like public outrage that you would be required by law to wear your seatbelt. People be like, ain't got time for that. How's the government gonna tell me to wear a seat belt? I'm wearing a suit. I don't want my suit screwed up. Right? And then the US government tried everything and Then eventually, I guess this was in the 90s, felt like the 80s. Eventually they came out with Vincent, Larry. Oh my God, Vince and Larry, the crash Test dummies. I don't know if you guys remember this and you youngs probably don't, but like, dude, they had it. These two guys had their own like, commercial campaign and like, essentially it was like, like, they're dummies, they're crash test dummies. And essentially they, they, they made an equivalent. Like, if you don't wear your seatbelt, you're a dummy. So socially, like, are you a dummy? And no one wants to be a dummy, right? So then people like, I'm not a dummy. I put a seat belt on and it's like, okay, go put a seat belt on. And like this was wildly successful at changing the overall behavior of all US citizens. So anyways, long story short, like, just know that the UK government or any of these public service things can be successful. They just have to be executed correctly.
B
Celebrate linked to phone hack on Kenyan politician Citizen Lab released a report claiming that it found signs that Kenyan authorities use Celebrate's phone cracking software against human rights activist and presidential candidate Boniface Mwangi. Following his arrest in July. Mwangi was alerted to this intrusion when his phone no longer required a password to unlock. The researchers found evidence of data exfiltration from the phone, including plans for his presidential run. In response, Celebrite said it maintains a rigorous process for reviewing allegations of technology misuse.
A
All right. Oh, I'm sorry, guys. Sorry for the. Look, if you're watching on stream, I had the, the story as a, as a small. My big face. All right, so Kenyan presidential candidate has forensic evidence suggesting its phone was cracked. Now, Cell Bright is not spyware. So Cell Bright allows you to. At least my understanding is that it allows you to unlock a phone and be able to dump data from it. Now this guy, Bonaf Mwangi, presidential candidate in Kenya, got arrested in July. And when you get arrested, the police take your stuff. You can't stop them. Now normally if you got your phone locked down and you're not going to give your pin up, the, the, the, the government, law enforcement's like screwed. But if they have a special tool like Cell Bright, they can just bypass that and dump all your stuff. Massive invasion of privacy, abuse of power. And you know, Cell Bright's trying to take the high road saying, oh, we only allow law enforcement to use it for the right reasons or for, you know, good reasons or whatever. But my, my guy, like, I gotta Tell you like people in power will abuse power. This is why having like a massive surveillance network to catch bad guys is like could be weaponized. All right, Cell Bright has legal grounds to say we only allow it for righteous causes and they, they prove it or whatever and they sell the license to law enforcement. But then the human, like the actual human person, the guy or the lady who works at the law enforcement place with the celebrate thing, you know, they can abuse their power and in this case I don't know if it's right or wrong. But this guy is presidential candidate and his phone got compromised, right? So we see this all the time, right? Go look at the. Not to get you guys all excited about prestige worldwide but. Just as another example, you know this happened in 2020. This guy right here, presidential candidate in the Catalina region, not to be confused with the Catalina wine mixer, had his phone targeted by government grade spyware by, by guess who the, the current in power party of the Catalan region. Right? So I, I don't care what you say. Like everybody wants to be like on the righteous side of all the things but people in power, this is a fact. People in power want to keep their power. That's why the, the, the, that's why the United States transfer of power for the president is like considered such a you know, coveted like ceremony because people in power don't want to give it up. And they will do. They will use all the resources at their disposal in order to maintain that. And this right here is what's up. So celebrate's not going anywhere. So unfortunately that's, that's what's up. I will say this. If you're concerned about, if you're concerned about having your phone like if you have super sensitive information on your phone and you're concerned about it, does Apple lockdown mode prevent Cell Bright? I'm not sure. Apple has this new lockdown mode. See how I'm looking at this right now? Of course. This is Gemini. Look at it. All right, so this is according to just some random on Apple community. I'm not going to. Basically the lockdown mode can prevent cellbrite and Grayshift from working correctly. That does not stop you from Pegasus spyware. I, I don't know definitively but just know not everybody really needs the lockdown mode. But just if you have like a high ranking CEO or you're ultra paranoid personally check it out. Obviously when you add security you lose functionality and usability. Right? So those are the trade offs you have to make.
B
Pentagon is considering anthropic as a supply chain risk. According to Pentagon sources speaking to Axios, the Department of War is considering naming Anthropic as a supply chain risk, a category usually reserved for foreign adversaries. Currently, anthropic's LLMs are the only ones approved for use on classified information and have been verified as used in active military operations. The ban seems to be a response to continued negotiations with Anthropic on how the LLMs can be used by the Pentagon. With Anthropic holding a hard line against using it for mass surveillance of US citizens and for unmanned weapons development. Naming Anthropic a supply chain risk would cut it off from government contracts and government suppliers could not use Anthropic in their own workflows.
A
All right, not a political show, Not a political show. What I want to tell you right here, if Anthropic is a supply chain risk, then like explain to me how OpenAI is not a supply chain risk. Explain to me how any AI is not a supply chain risk. The Pentagon allegedly used Anthropic on the Venezuelan President Maduro kidnapping or I don't even know if that's the right term to use politically speaking. But like the operation where Matt Maduro came to visit the United States, like however you want to put it to me and I'm gonna listen, I do try to keep this incredibly apolitical and stuff, but I'm going to take a small step and put my toe in the circle. This to me smacks, absolutely smacks with a veiled threat to Anthropic from the US Government. I, I don't know what it is the US government wants here from them. Maybe better rates, maybe spying capability, I don't know, whatever it is. But this right here, when you threaten, literally Pentagon threatens the Department of War, the Department of Defense, the depart, you know, the Gulf of America, like whatever you want to call the friggin department of the military and the US Government, they are the largest, you know, business in the U. S Federal government. The U. S. Federal government is one of the largest employers slash businesses in the world. The Department of Defense is the largest of the agencies under that. What does that all mean? Straight cash, homie. Straight cash, homie. That means that they have tons of money. And you know what, Anthropic is a private business that wants to generate revenue. So when the largest employer threatens you of cutting you off, how do you, how do you avoid this? How do you avoid being like cut off, you bend the knee. That to me, that's what this is. Because how can you say anthropic is a supply chain risk and none of the other ones are broken? It will be enormous. A senior official said it will be an enormous pain in the ass. Very classy. A pain in the a to disentangle. And we are going to make sure that they pay a price for forcing our hand like this. Again, my guy. It will be enormously painful to disentangle. Broseph, you are on Microsoft 365. Like show me Department of War how quickly you can pivot to Azure or Google workspace. You're fully entangled in Microsoft technologies. So are we going to threaten Microsoft? This is absolute. Whatever. Listen, I'm sorry. I'm trying to keep it apolitical. This is just, this is just like I'm not even the smartest guy in the room, right? I'm a dummy and like I can see how, how, how transparent this is.
B
And now thanks to today's episode sponsor, Conveyor, most of what Conveyor automates is boring. Like really boring. Security questionnaires, customer requests for things like your SoC2, all of their follow up questions. Answering tickets from your sales team. You know what's not boring? Alteryx using Conveyor to support over half a billion dollars in enterprise deals with a small four person team. All they did was set up an AI trust center and use Conveyor's AI agent to complete questionnaires. Learn more at conveyor.com that's C-O-N-V-E-Y-O-R.com identity.
A
All right. Hey, we're at the mid roll. Really quickly I do want to say thank you all for being here. Remember the stream sponsors, they do help support the channel just like you guys do. So if you are getting value from the stream, not only tell a friend, you know, hit the like button if you enjoy it, but go check the stream sponsors out. Okay? Threat locker, anti siphon material and Flare. Real quick word with Flare. Guys, Flare is doing a two week free trial for their cyber threat intelligence platform. Let me show you what that looks like. You're watching a real time feed right now of that platform. I have used this platform. This platform is phenomenal. You do have to fill out a verification form. If you go to Simply Cyber IO Flare, Simply Cyber IO Flare, you will get that verification form. If you're a legit person, you'll have no problem getting it. If you're a criminal, you will not get access. There's too much valuable information in here. Flare's threat intelligent platform allows you to query all the Dark Web data they've curated, all the info stealers, all the telegram channels you can drop in your own domain and quickly find out if you have any compromised assets out on the Dark web. So let's say you have crappy EDR and you've got tons of compromised assets and you have no idea. You will find out because they know that the threat actors are talking about it. That's what makes this platform so awesome and so powerful. Go check it out. Don't take my word for it. Two week trial. Listen, I used it for a week and I. I'd say within the first four hours, I was like, holy crap, the value train on this thing is out of control. I'm telling you, go check it out. There's no risk. It's a two week trial. If you don't like it, no big deal. Simply Cyber IO flare. All right. Hey, you first timers, guess what? We're. All right. Yo, welcome to the mid row. Welcome to the mid roll. I hope you guys are enjoying it. All about good times. It is Wednesday every single day of the week. We have a special segment we used to do Worldwide Wednesday, but ironically, because of the copyright for Daft Punks around the world, we stopped doing it. As I'm blowing out the copyright with Set Simple Minds right now. But I want to see we like Way back Wednesday. It's a new segment we're doing where I kind of show you an old piece of tech and we talk about it for a minute. I just was thinking about this. See if we can find it. This is huge. Do you guys remember this? Like, I used to go to my aunt, my. My grandmother's house and like beeline it for her things. They weren't exactly this, but do you remember this? It's like basically a. A game where you would just pump the buttons and it would push water bubbles and you would try to get the basketball into the. Into the basket. Like completely mindless. But I remember thinking like this was all. Are like inarguably the best thing about my grandmother's house. Also there was handheld games, 1980s football. I wish I could remember what it was. There was like a tracking. Oh yeah, these things. Holy crap. Mattel had a lock on this. Like Steam. Steam decks had nothing on this. Okay, I don't know if you guys remember this. Like, I was too young to even understand how to use this thing, but I remember like grinding on it. And heaven forbid you get to grandma's house and the batteries are dead on this thing, like by the Way like stsc. Those buttons on the left, what do they do? Start and then. What's sc? Anyways, you were, you were pretty legit if you had this game right here. So anyways, I hope you guys vibe on this. Obviously nowadays this is the equivalent. Like kids will never know. Like we've come a long way, baby. Moby said it best, right? Or Fat Boy Slim said it best. This is the, this is the equivalent of today. All right guys, I hope you enjoyed that. That was kind of fun. I, I thought it was fun way back Wednesday. We're kind of working on it again. Thank you so very much. Let's do the la la la's really quick. You, hey newcomers, first timers, just type la la la la la la in chat. You regulars, long timers, you know what's up. And dude, it just, it just feels right having this wash over you. It feels good. La. All right, hopefully that throwback was, was. I'll have to check with casually Joseph as our resident Gen Z, but hopefully that wayback segment felt good for everybody. Let's keep going. Let's finish strong, shall we?
B
Identity abuse behind most attacks as is quickly becoming cliche, Threat actors aren't breaking in, they're logging in. A new report From Palo Alto's Unit 42 found that identity based techniques were were behind roughly 2/3 of all initial network access in 2025 that they responded to. Social engineering was the most common method, but compromised credentials, poor identity policies, insider threats and good old brute force attacks were all in the mix. Vulnerability exploits accounted for roughly 22% of initial intrusions in the report. Most of the attacks Unit 42 responded to were financially motivated with median payments up 87% on the year 20 to $500,000.
A
Man, shout out to everybody in chat who's explaining what the STSC button does? You know when, when you're seven year old, Jerry, you're like, like you push it and like nothing happens on the screen. So you're like I don't need this. All right. Unit 42 which has Apollo Alto networks, kind of MDR slash threat intelligence group that have a variety of employees working there of different experience levels. Identity based attacks are exploding as peer security, poor security controls stretch across a widening mosaic of integrated tools and systems. Yes, I, you know, honestly, the reporter on this one I think said it perfectly and this could be, I almost would argue that you should steal this for yourself when you're talking to the business. Threat actors are not breaking in, they're logging in. I mean that statement alone Speaks volumes. Identity is the new perimeter. Period. Full stop. Identity is the perimeter. We're logging into cloud systems. We're giving AI its own identity. Right? Machine identity. You can like, you know, log in from your phone, log in from your laptop. Pretty soon you'll have a neural link. You can log in there. Identity is where it's at. The idea of the castle with the moat and the alligators in the moat and the guards, guns and gates, that's quaint. But that's 1991, right? 2026. Identity is where it's at. Which is why. Why I lose my mind about not having Multi Factor Authentication in place. Multi Factor Authentication is not bulletproof. But do you know what? If you steal my password, you don't log in because you get challenged. For MFA, I make the hurdle higher. 2. Third of all initial intrusions started at the identity. You don't need a more compelling argument on pivoting and making identity based risk a priority. If you. Listen, just based on this first paragraph, if you make identity a priority and securing the identity and you know, detecting identity compromise and responding to identity compromise, you will be addressing the majority of initial network intrusions. The majority. And by the way, I say this all the time. If you take out the first step, steps 2, 3, 4, 5, 6, 7, 8, 9 don't happen. 6, 7. Listen, if you take out the first step, the rest of the attack sequence doesn't happen. And believe me, if you look at these, you know, process flow diagrams of attacks and stuff, once they're pulling down second stage payloads, you're screwed. That machine is pwned. It's over, you're done. Stop it at the beginning. Conditional access, mfa, just shutting down accounts when you don't need them anymore. Having visibility over these things, looking for large data, Excel coming from an account or from an endpoint under a certain permission. Right, all these things. Social engineering is the leading attack method. They're attacking the human again, my guy. Social engineering is easy to educate end users on the one thing. Listen, I'm going to drop a link to this story. If you want to read it, go ahead. Like I think, I think it's, it's, it's. I don't want to say it's simple, but like it's crystal clear. Two thirds of attacks start with some type of identity based compromise. Either you have crappy passwords, you don't have mfa, some, some mixture of all that. You fall for things and give your sessions up. You store your passwords in the browser. Okay, all these things Also, I want to tell you all this too, okay? And I believe this wholeheartedly. I've seen a couple reports. This is a hut take. So do me a favor, you newcomers, you. You very likely don't have access to the emote tray. But for everybody who's a squad member, please, tinfoil hat. The tin foil hat is just a fun way of having a qualifier that I'm about to say something that's a hot take, not grounded in evidence. Here we go. In 2026, when you add AI, an open claw and automation. N8N all these things, you pair it with criminal minds. Not the TV show, just people who are criminally motivated and deep. Fake technology, including fake voice, fake video. I believe there is going to be like, as much as, like, click fix was like the rage in Q4 of 2025. I genuinely believe that social engineering at scale, because of AI's relentless 24. 7 capability is going to be a massive problem. Your phone is going to be blowing up. They're like, literally. There could be like a borderline denial of service attack of just AI calling you, calling you, calling you, calling you, calling you, calling you, calling you. Right? Just. I. I honestly believe, like, between just the things I just told you, AI can go 247 if you put enough tokens in the machine. AI is getting better. Opus 4:6, like anthropic is talking about. It's sentient. Okay? Whether you believe that or not, I don't know. I mean, I think we're marching down that path anyways. But I digress. So I would try to get in front of it now. Like, have a. Have a. If you don't already, just protect yourself, you know? Of course. Tinfoil hat. I've built a prepper tablet at this point. Have a code word for your family, whatever it is, the ability to, like, simulate your voice, come up with a compelling social engineering pretext, and call your spouse. It's trivial in 2026, especially with data breaches happening all the time, where your phone number and name are part of the data breach, feed it into AI and let it go buck wild. So have a code word. I know it's going to be crazy. I know if someone calls you and they're like, I'm being held against my will, going to murder me, and you're like, give me your code word. It seems insensitive, but I'm telling you, it's. It's a small control you can put in. But 2026 is going to be the year of that.
B
For not deleting files. Last week, a 40 year old Dutch man contacted police saying he had an image that could be related to an ongoing investigation. An officer responded intending to send a secure upload link, but actually sending a download link to confidential documents. After realizing the error, police told the man to delete any documents. The man refused, saying he would do so only if he received something in return. In true, mess around with it and find out energy. The police arrested the man, seized his data storage devices and searched his home. No word on whether any charges will be filed, but a police statement said such behavior could constitute computer trespassing.
A
Whoa. All right. I mean, this is interesting. I mean, what a dick. I mean, I'm sorry. Excuse me. I. This is a family friendly show. I'm sorry, I'm very sorry for the, for the families who watch this and their kids are in the car where your kids are listening while eating their cereal. I'm sorry, I. I do not try to do that. All right, so this is really interesting. Police officer just doing his job, makes an honest mistake, okay? Makes an honest mistake, sends them something they shouldn't have and says, hey, hey, man, can you just delete that? I'm sorry. And they're like, what are you gonna do for me? So, you know, listen, if you come in possession of, of, you know, illegal material, you can't be like, it's mine. Now, like, whether, obviously they arrested this guy to make a point, I. I would imagine that they're going to like, let him, let him go, right? But this is wild. I hope the policeman who accidentally sent the wrong information was also admonished in some capacity. I mean, to me, this is no different than like a bank accidentally putting money in your account. And then you being like, it's my money, it's like, no, it's not your money. Like, come on. I. I wish I could. Is this guy's. What is this guy's name in here? Like, I would love to see a picture of this guy. Oh, my God. This is not in. This is in Dutch. Oh, his name is in here. It's too bad. I would love to see a picture of this guy, see what he looks like. All right. I mean, there's nothing here. Again, here's what I would say, you know, be careful when you're sending files out, sending sensitive information out, sending links out. This can happen. I will say, if this was a private sector business, right? Like, let's say this is like Phil Stafford, not the Dutch police, and Phil Stafford accidentally sends out confidential information from the company to A non company employee. You know, it's a little bit different, right, Because Phil can say, hey, delete that, send it back, I shouldn't have sent it to you. And that person can say no. It's, it's like literally the, the police, I don't want to say the police bent the law here because they are doing what they're supposed to do. But like the police have the capability of arresting the person. Right? So this, this only works in this particular instance. I don't know. I wanted a picture of the Dutch guy who got arrested. See if he looked like a, you know, fool.
B
Backdoor discovered in Android firmware Researchers at Kaspersky detailed a new Android malware called Kinadu. This malware was found distributed through compromised over the air firmware updates embedded in system apps, third party app stores and through Google Play apps. As this suggests, Kinadu comes in various forms ranging from a malicious app with elevated privileges to a fully embedded firmware. Kaspersky found over 13,000 infected devices located in Brazil, Germany, Japan, the Netherlands and Russia. Kinadu came preinstalled on devices from multiple OEMs with one Aldo Cube tablet showing a malicious firmware dating back to August 2023. While Kinadu can operate as a fully capable backdoor that could completely take over a device, operators are currently using it for ad fraud.
A
Yeah, I mean it's a business. So much like gateway computers in the 90s, these Android tablets are coming with bloatware installed on them. I'm making a loose thing here. Computers back in the late 90s used to come loaded with so much crap on it that your computer was like instantly slow. But anyways, these Android devices are coming prepackaged with malware on it effectively. You know, when you go to Best Buy and you purchase a brand new tablet, you don't expect it to have malware on it. This is a supply chain attack. Shamiria Gonzalez, 29 months she says. Morning SC nerds. I hope everyone's well. Guess who got accepted into Texas A. M? Oh yeah. Now listen, we normally reserve the wrecking ball for getting a job, but. Shamiria, let's go. Awesome. That is so cool. Super pumped for you. So listen, this has a logic bomb in it. I do want to let. Well first of all, number one, if you are using Android tablets like the, the Android tablet I just bought, I. I would check it. Right now it's a Samsung so chances are it's fine. But if you're worried about this, you should check it. There is a Logic bomb in here. I would like to educate you all on what a logic bomb is. Effectively this malware will not go off if the time zone or the language is associated with China. So obviously or not obviously there's a high probability this is a Chinese based threat actor. Right? This is no different than Russia. Malware authors make like looking at the keyboard language and saying, okay, this is Cyrillic, so we're not going to detonate. Oh, it's English. Detonate. Okay, so that's a logic bomb. If the Google Play store and Play services are not found on the device, the malware also does not detonate. It's funny that they went through all this trouble and all they're doing is using it for ad fraud. So it's making money. This is like, this could be like a next level piece of espionage equipment and instead they're making some money on it. Like so like I said, like I have a Samsung tablet, my prepper tablet, it's not infected with this stuff. This is like if you are buying a Android phone or an Android tablet for like eight bucks, you know, that's probably where the problem where you'd have this installed. How do they get in the supply chain? Well, I mean if it's a shady manufacturer who's, you know, selling tablets for eight bucks, they're probably open to making some more money. If you're picking up what I'm putting down, you can see here, this is some disassembly. Okay. What? Researchers discover pre installed malware on certain models of tablets. Running it called Kinidu. In the, in the graphic, they high. They underline. They underline. Hold on, what is this? They underline this load. Next stage. I don't know, I mean this doesn't necessarily scream infection to me, but you know, it is what it is.
B
Polish police arrest Phobos suspect Officers from Poland's Central Bureau of Cybercrime control arrested a 47 year old man with suspected ties to the Phobos ransomware as a service organization. This came as part of a larger Europol led effort to target the group dubbed Operation Aether. Authorities seized computers and phones and found credentials and server IP addresses linked to recent Phobos attacks. While Phobos isn't in the news too much lately, back in 2024, the U.S. department of justice linked Phobos to breaches at more than 1,000 global entities receiving ransoms of over US$16 million. Apple.
A
All right, police officers are, you know what, I'll give it to law enforcement, dude. Like Phobos hasn't really been in the news lately, but they were pretty heavy hitter ransomware threat actor in the past and you know, law enforcement putting their stuff together. The 47 year old gets arrested, this guy is facing charges, see. All right, so I don't know if this was an international law enforcement effort or just Poland's law enforcement effort, but you know, I guess the only thing to take out of this really quick is that the brain behind the Phobos ransomware seems to have been apprehended. Guys, I, I tell you this all the time, the only way we're, I mean there's multiple dimensions to it, but the like one key thing of disrupting and curbing ransomware operations and getting rid of them is you have to get the human behind it. Because if I know how to run a ransomware as a service thing and I call it flaming Donkey ransomware and then flaming Donkey gets too hot, right? Too hot. I can just rebrand as you know, you know, Stinky Toad ransomware group. And I'm still, it's, I'm still the brain behind it, right? Flaming Donkey, Stinky Toad O. I stepped in it ransomware, it doesn't matter, right? When you get the 47 year old guy who's the brain behind Phobos, that's not rebranding, we're not rebranding anything like you've cut the head off the snake. So I love it, I love it, I love it. Round them up, hold them accountable, make examples of them.
B
Bans RCS and memory protections the Latest beta of iOS 26.4 adds limited support for encrypted RCS messages. This is limited to messages between Android devices at the moment which already have access to end to end encrypted imessage. And there's no word on if and when messages to Android will be supported. The beta also updated Apple's Memory Integrity Enforcement, or mie, allowing developers to opt into full protections with the feature. Since it was announced in September 2025, Apple only allowed for a soft mode for testing. MIE is meant as a defense against typical spyware attack paths, providing always on memory protection across the kernel and user land processes. Have you heard of YouTube?
A
All right, so check it out. Android Apple is continuing to not only like treat protection and privacy seriously, but they're continuing to, you know, make it so communications or more private. Right? Again like this is Apple's whole thing, right? For the most part, unless you're in China, I think, I think Apple bent the knee in China and maybe in the uk But Apple's all about privacy, right? Well, I, I knew a little bit about the story. I don't research or prep for any of the stories. If you didn't know it, ain't nobody got time for that. But if you're a person who dunks on. I'm in a couple group chats where like one guy's an Android guy and we always crap on them for being a green bubble. And I know that's like elitist blue bubble stuff, but it is what it is. Apple has been working on rcs. RCS is the communication that allows interoperability between Apple and Android devices. Apple to Apple communications are encrypted end to end, which means that nobody, law enforcement or whoever can intercept in the middle. But if you're talking with an Android person, it can be. So this RCS encryption is designed to help that. I don't know anything about the memory protections. Honestly. You should have already patched a 264 because there was a massive, very sophisticated zero day being exploited. No one was targeting me because I'm nobody. But. But there was a really high, high end exploit going around. I want to quickly share this with you. This is Matt Johansson. You might know him at Vulnerable you. He makes great content. His channel only has 21,000 subs on it on YouTube. But like literally I know about this particular story because Matt did a short, this one right here talking about RCS and what it means and why it means all those things. So I think this is cool if you are interested and would like to hear more about this specific story and get Matt's hot take on it and, and learn his style. I'm gonna drop a link in chat right now and I'm serious. I hopefully you guys know I don't normally just pump anyone whose content but like I watch Matt's content, I am into Matt's content and I think it's very good. He goes down more of a deep technical level if you're into that. So get giddy up on that. Computer play. All right. Yo, yo, yo, yo, yo, yo. That is going to do it. For Simply Cyber's daily Cyber threat brief, this was episode 1071. Let's see. I am the real Big Sam. Aid other first timers. Hi. I hope you guys, all you first timers, I hope you had a wonderful experience today. I hope you come back tomorrow, bring a friend. For all the long timers, Simply Cyber squad members, Simply Cyber community members, thank you as always. It's an absolute privilege to serve this community on the Daily I'm Jerry from Simply Cyber. Don't go anywhere because we've got the next show coming right up, and you first timers who are like, what are you talking about, Jerry? We do another show right now. I can't mentor one on one, but I can do a 30 minutes every day and help people out. So that's what we're gonna do right now. It's called Jawjack. And don't go anywhere. I'll take care of it. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your bur questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some jawjacking. What's up, everybody? Welcome to the party. My name is Jerry Guy. As you can tell by the glasses, I am not Dr. Gerald Doer. Do I look like a nerd? Oh, bro, calm down about your cell Bright. And you, Pegasus spyware, Catalina wine mixer. You're trying to be cool with that Step Brothers reference, you dork. No, I'm all about good times and helping people out. So let's party. You put a question in chat with a Q, I'll answer it. Let's go. Angular says, worried about the future with work inflation, Trying to live in the moment. How do you do? How do you stay positive? This is a question for everybody in the chat to share. Also, Angular, thanks for the 25 months, 2 plus years of community support. You know, I'm a control freak, Angular, so I'm trying to control, like, for better or worse, you know, like, I built that prepper tablet. It's probably theater for myself, if anyone's wondering. The prepper tablet, it basically has an offline version of all of Wikipedia, an offline version of Google Maps, an offline version of field medicine, like military field medicine, an offline the Gutenberg Project, all the published books within that. It's like 200 gigs of books and an offline version of basically, like, how to fix, like, anything mechanical. It's. It's. If we get kicked off the Internet, right, Permanently, for whatever reason, I worry for my children, honestly, you know, I. I don't want to get dark with everybody here. If you want, when we're in person and there's. I'm happy to go deep into all these conversations. All I would say is, you know, hope for the best. It can't help but, you know, want to survive and persevere. All right, all right. BW says it's a gold Medal for value. Thank you. What is a squad member? I am the real big, so I am the real big on you. If you're, you are on YouTube, there should be like a join button. A join button. It allows you to get membership. It's just like a fun little thing. It's like if you want to support the channel, the membership levels are $2 a month or $5 a month. They're deliberately low. But when you get, when you get access to being a squad member, you get the emo tray. The, the two dollar level and the five dollar level are identical. It's just, it's just a fun thing we do. And a lot of people have said, I would love to support you, Jerry. I would love to support your work. How can I do it? So I, I set up the squad member membership thing And I'm sure YouTube loves it too, because they get 30 of everything. So for every two dollar membership, YouTube takes like 50 cents or whatever. Run fish. Hopefully I answered that question for you. James McQuiggin. What's up? James Quiggin. Good to see you as always. All right. Calvin says, hey, Jerry, you mentioned that moisturizer. Yeah, let me see if I can find that really quickly. I, I looked at the title. Ae. I think it starts with ae. All right. Yeah, here it is. I don't know, I don't know where to buy it. One second. This is the, this is it right here. And again, my wife is the moisturizer expert. This is it right here. It's what? Oh, my God, bro. It's this one right here. I think it's definitely this brand. Aestura. I think this is the one I put on my face. There we go. So thanks for asking. I was using the, the hydro boost thing, but Mrs. Oer just put this in front of me and said, this is better. Use this. And I said, okay. I don't question it when it comes to product like that. She knows what's up. Cyber St. Stephen says I'm starting my full first full cyber job on Monday. I was told I need to brush up on Azure and O365. Any good resources to start Cyber St Stephen. I think you've buried the headline here, bro. Like, let's go, Dude. So sick. So sick. Yeah. Hey, if it were me, best place you can go, my man, is right here. Microsoft actually has all of the Training for free. 1500 results for Azure. Just dig in there. Go look for the Cyber St. Stephen. Go look for the A900 training. Alpha Zulu 900 training. You don't. Don't get the cert. You already have a job. Right, but look at the AZ 900 training. That is definitely where you want to start. All right, here, I'm actually going to what's his name? Cyber Saint Stephen. Here's your answer. Good luck, dude. Super pumped for you. All right, continuing to look at chat. In yesterday's episode, there was a story you said you needed more time to read. It was compromised. Password managers, maybe not. Any new updates? No. BW it. Yeah, it was with password vaults and bit warden was mentioned quite a bit. With the research, I haven't had a chance to dig in. I had to teach yesterday, and yesterday was just a very busy day. And Kimberly can fix it. Actually had shared something in chat that made it seem like it was less of a concern. But, yes, as I learn more about it, I will comment back. Zero keystrokes. Any plans for Discord server if ID verification goes through? No, we haven't talked about that yet. So I don't know, you know, I don't know where else to run the community if not Discord. You know what I mean? So let me know if, if, you know, the mods have a thought, we can certainly look into it. You know, honestly, I. I know that there's some concern around Discord ID verification being like, a privacy infraction. In the last week, we have had to ban so many people from the server. It's like, kind of crazy. Like, we've had people who are, you know, I would argue are, like, mentally unhealthy. We've had people who are harassing. We've had, obviously, scammers and fraudsters. It's like, it's kind of crazy. Goat dude or Goat Doo Doo says it's first time here. Is it okay to start a new journey in Cyber at age 35? Yes, sir, for sure. Yeah, there's no. There's no, like, dude, hey, go doo doo. A lot of people do cyber as a second career. Like, it's not uncommon to take all your experiences from whatever you did before and bring it into cyber. Ael, George, I don't know if you need a prepper tablet. That's up to you, man. I just. I have a safe with passports, cash. A prepper tablet now, you know, potentially a pistol. I don't want to give away all my secrets. Lazaro. Long timer. I was given the opportunity to write my very first detection rule and have to present it to my IR team later. Not best at presenting any tips to get over nervousness. Yeah, I Mean, Lazaro, I, I wish someone had told me this because I, you know, I publicly speak in front of hundreds of people every day. You know, I've done up to, you know, probably 1200 people live in person. So what? And, and early on I just kind of was like super anxious and just leaned into it until I got more comfortable. What I would say for you? Here's what I would do because you don't want to memorize a script because that's going to feel awkward. Just make a very rough outline and maybe put it in front of you, right? Like, you know, like maybe the outline is introduction, what the threat is that the detection's checking what the detection is actually is and you know, next steps or follow ups or whatever. And then Q A. Like if you just have kind of a basic outline, you can make sure that you are just sticking to what you're doing. If you can, you know, with an outline it allows you to kind of freestyle and drift off, but then you can like get back on track by just going to the next outline bullet. That's what I would say. Make a YouTube for Prepper, please. Oh, Berlinda. Yeah, thank you. Maybe. See the thing is that kind of content doesn't align with simply Cyber's other content. So it, it could, it could be poor for the channel itself. Maybe I can just build it and then make the video available to people less like, like unlisted. Silence Poet. I've been in this role since August and I wonder if there's a course on office tools for cyber like Excel, Power BI and such. Otherwise, thanks for convincing me to go into grc. It's awesome. My pleasure. Silence Poet. Yeah, there aren't really a lot of great like cyber specific content around, like how to use Power BI for cyber or like how to use Power Bi to make a vulnerability management dashboard. Honestly, it's, it's more, it's more about like just understanding that the tools are capable of certain things and doing it that way. Justin Gold. I believe Justin Gold knows how to make a good Power BI tool dashboard. Sorry, Silence Poet. Hey, if anyone in chat has a suggestion on, you know, office tools for Cyber content, please share it in chat. Again, I just don't know of any off the top. Mad Destroyer, not only a coffee aficionado and one heck of a Magic the Gathering Commander player, he's given gifted memberships away. We just become best friends.
B
Yep.
A
Thank you very much, Mad Destroyer. Appreciate the support. And for all those new squad members, Goat Doo Doo Ghost and she's reaper etc. Enjoy those. We're gonna go to 9:30am Eastern time. So we got 15 minutes left of this hangout and Q and A. So please, if you have a question, don't be shy, get it into chat right now. Steve Young. Steve Young, my man, I need to get with you. Can you at me on General on Discord so I can get you your Amazon gift card for being the community member of the week. All right. All right. And Angela Wolverton says playing with splunk bots and would like to practice writing investigation reports. Suggestions on where to find some to read as examples. That's a good question. That's a very good question. Casually Joseph, do you have any thoughts on this one? I don't know where there are temp like sample investigation reports. I I assume that you're talking about like invest like kind of a write up on an incident. I will say for me personally I like and I I learned this in the healthcare industry which does this for clinical stuff for like you know, clinician to clinician handoff, physician to physician handoff. The S bar format. Hold on, let's see if I can find a good Again, this is more in healthcare but I I found it was practical sbar so if you're writing like an investigative report, you cover these four areas. What's the situation? Right? Describe, you know, what's the situation, right? There was an incident here. My indicators to suggest that this was compromised a background. This could be about the actual threat actor, the TTP or the environment itself. Like you know, the background is we don't have mfa. The background is we, you know, detected that this endpoint was compromised through intelligence. We got from flare threat intelligence platform. Whatever assessment would be your take on the current situation? Like assessing like this is, this is, you know, this is bad. This is going to result if left unmitigated, this is going to turn into a real problem. This is the fifth time that this person has done this and will continue to be a problem. And then recommendation what do you suggest we do? Fire the person, reimage the laptop, go thread hunting for certain TTPs, etc. Again, I don't think that this is accepted as a standard within the SOC or security operations center for analysts to write investigative reports. But this is how I would do it without you know, because I, I've worked on blue team stuff but usually as a small team. So I've never worked in a proper sock or an mdr. Casually Joseph, if you got a thought, drop it please in chat. I'm Trying to get caught up casually. Joseph. B. Duncan says, what's your thoughts on Purview? I am not familiar with Purview. Let's see. Okay, so I guess Purview is a Microsoft thing. Safeguard your data with a unified approach. Decrease. All right, so this is like Microsoft solution to AI governance. I don't have an opinion on this one. B. Duncan. Third, this seems like something that would require quite a bit of evaluation. Don't even get me started on dlp. Here's the thing. The only thing I would say about Microsoft Purview is it probably is good because Microsoft has the money to make it good. But if you're going to rely on this for your data governance and your data protection, especially in the world of AI you like, you would have to have a foundational support of. Nobody is allowed to use anything in this business besides Microsoft product. Right? Because the, the second you start using chat, GPT or CLAUDE or whatever, and sending data out, that would be outside the scope of. That would be outside the purview of Purview. Lol. You see what I'm saying? So like, this could be a fine product. It's going to turn into policy and tone at the top for it to be effective. Okay. IRC question mark? I don't know. I'm gonna guess what you're saying here. That stands for Internet Relay Chat. It's like the old, old, old chat messenger, like in the 90s. How's claw networked? What did you learn from booting perspective? Oh, if you're talking about my AI bot, this, this guy back here. Karn. It's Karn. K A R N Karn. And I don't know what you mean by booting perspective, but like essentially the Mac, it's a Mac mini, it's on my network. It's isolated on its own network segment. It is not allowed to communicate with any other devices on my home network. It is not allowed to receive inbound, inbound network traffic. It is only allowed to communicate outbound to. Well, it's allowed to communicate outbound. Obviously the only. Like I have it basically ACL'd on what devices can speak to Karn. Now obviously if Karn is getting prompt injected because it read a website that has a prompt injection, that, that is a problem. But I'm also from a data governance perspective, very compartmentalized on what Karn has access to. So there's a lot of things that I'm managing is like two separate data sets and one is like sanitized. And Karn sees that One, not the unsanitized version. So yeah, maybe Slack. We, we could possibly use Slack. Phil Stafford says, let's say I have a new open source project I just released. What's the best way to promote it without look like I'm shaking? Shamelessly plugging myself. Phil Stafford DM me in chat right now and I will bring it up. We could talk about it. I will shamelessly plug you also. And this is a standard practice for everybody. And I know Phil has heard me say this a thousand times. Phil, share it on LinkedIn. Like, help people experience the journey. One pro tip that everybody should learn. You shouldn't. Like, say, this open project that Phil has, like, don't, don't wait until you get to the end and reveal your big project. Like, show the steps along the way. Get people on the, on the boat with you. Get people hyped with you and do all those things. All right? Don't, don't wait till the very end. Because the journey is oftentimes as valuable as the, the destination. The journey is just as valuable as the destination. Thank you, Chris Frazier. How you guys doing? Good to see you, Chris. I'm good. All right, here we go. All right, we're taking a quick look at Phil Stafford's open project. This thing looks hotter than a three dollar pistol, you know what I'm saying? This is the trust layer for AI tools. I'm going to drop a link to this in chat. Phil, give us 30 seconds on what we need to know about this AI tool from Phil Staffer. All right, I just dropped that in chat. I'm actually going to pin it. This is the pinned comment so everybody can check it out. All right, we'll come back. All right, this is a vulnerability scanner and attestation registry for AI tools, starting with Open Claw and MCP servers. Phil, tell me how to get started with this. What's step one? Like, it's cool. It's cool what it is, but tell me, like, make this operational for me. In fact, if we do this, Phil, I'll just make a YouTube video for it. You know what I'm saying? And then we can really light this candle. All right? Continuing to look at people's questions. If you got a question in chat, drop it in there. Let's see. Real learn. I am the real big says drop a script for assembling one to members. I've looked over the prepper disc at the 80 over. The cost of hardware isn't unreasonable to save time. Yeah, you know what I actually thought about? I actually Thought about selling these things. Like basically I'll get, you know, like I'll give you all the stuff, you can build it yourself. But like if you want to just push an easy button, I'll send you one. The problem is it's not a problem but like it takes time. But yeah, script might not be bad. I'm still finishing building it. You know what? Actually the last thing I need to do, I want the wallpaper of the tablet to be interesting. And I'm trying to decide between like Morse code, ham radio frequencies etc or like knots and visualization of knots. Let me ask this crew right here if you had a prepper tablet, right. The wallpaper you can see without unlocking it, the wallpaper is always right there. So to me, instead of having a stupid flower, it would be very valuable to have some information that would be like very useful. You'd want to see it often looking like and just be able to tap the tablet and see it. I would love what people's thoughts are on this one. Velvet band and certain WGU next month. Congratulations. Richard Duff cleaned up his LinkedIn. Gotta make a GitHub. Currently building a full enterprise grade, fully locked down AI business server. Damn, dude. Yes, Richard, that is absolutely good for the portfolio. And Richard, don't, don't wait until you've built it fully. Right? Public accountability is one hell of a way to keep yourself accountable. So announce that you're doing this and then tell people if they want to follow your journey to, you know, subscribe or follow or whatever because you're going to be sharing updates every Monday or whatever and then do it. Does Jerry have his own YouTube separate from simply Cyber? No. I mean I had, I had an idea once of, of a separate YouTube channel. It was simply Cyber Cafe. It's this channel right here. Okay. You can see there's a lot of retro synth, wavy stuff. Maybe I could, maybe I could use this channel. The thing is, I'm like, with all due respect, I'm like ridiculously busy so to like running a YouTube channel. I know, I don't know. You know, according to Marcus Kyler, it's easy, but I'm telling you right now, it's, it's not it to do it to do it well. And I don't even do it well to do it well. It's very, very time consuming. So to run a second channel, it's just difficult for me to do that. But if there was one here, I'll drop a link in chat if you guys want to like and subscribe or subs or whatever. I will maybe at some point do it. I will tell you there's not a lot of spam happening on that channel. Okay. Starting wg you. Yeah. Professor Messer is awesome for SEC plus period. Full stop. I'm look, I'm scrolling chat right now. It's Lavinia. I'm working for Healthcare. I wanted to know if you have any tips for standing out on the vlog vulnerability management team. I'm curious if you have any team. As if you or team Se have ideas. Yeah, so you know I did vulnerability management at least in part at a medic, academic medical center. You know, I think Lavincia having metrics around like medical devices, maybe having vulnerabilities around legacy systems because there's a ton of those running around. Like calling those out would be valuable, right? Like so almost kind of compartmentalizing vulnerability management. I'm talking about reporting right now. So standing out that way also if you want to really stand out, being practical in your risk reduction suggestions. Okay, so like I'll give you a perfect example at. At Musc, we had this absolutely mission critical custom solution that was stupid. It was like an absolutely ridiculous app. The company, listen, the company that wrote this app went out of business 15 years ago and we had hired the lead developer as like a 1099 contractor to be available to just like basically turn a wrench every once in a while when the thing broke. Okay. And then that contractor after 15 years was like, I don't even want to work anymore. I want to retire and just be done with it. So like this thing was not going to get any more updates, but it was so custom that the, the, the business was like, we're not getting rid of it. So like I was like, all right, how do we manage risk? Right? So we built like a little Raspberry PI firewall, stuck it in line so that like it was a choke point. You could only get to this app if you were, you know, from a certain IP address, certain users. The, the use cases were specific. The time you could use it was specific. So like coming up with creative solutions to enable business operations to help to happen while managing risk. Also from a vulnerability management, you might want to start thinking about third party risk access from those third parties, not giving them full, you know, all, all access to your entire IP range, that is Attack Surface. You maybe want to even do a side project, spin a side project up where you're evaluating the access that third party vendors have and what they have access to and starting to Lock that down. What kind of weak password? What kind of is a weak password for a certificate used to send push notifications? I don't understand this question. I'm sorry, a weak password. If you're interested in weak passwords, this is a great little resource. This is from 2023. So for sure it's slightly outdated but this, this is a great little graphic right here. Okay, I'll drop a link to this in chat. So cut the real Kyle Kyle or at Kyle. I can't send this, the link is too long. Just Google password crack graph and you'll see it. But anyways you can see here depending on you know what you, what your needs are. You know the more complex the password. So you know 3,000 years for number upper lower letter case letters and 13 character length. So there you go. Anything I, I would say this, anything that has instantly crackable. The purple is a crappy password. All right, we are at 9:30. I'm now gonna speed run because I, I hate leaving you guys hanging but at the same time I, I'm trying to make this a 30 minute show. Let's go. All right, Phil Stafford, thanks for sharing your tool and clarifying. All right guys, we are at the end of the show. I want to say thank you all so very much for being here. Definitely appreciate you guys. I'm Jerry Guy. I'm Dr. Gerald Ozer from Simply Cyber. Today's Wednesday the 18th. So just remember tomorrow is Simply Cyber Firesides. We are doing a all female takeover. Kathy Chambers is wrestling the microphone away from me and she will be hosting Simply Cyber Firesides. Do I belong here? Imposter syndrome in cyber security. This is not just for the ladies. It will be an all lady panel. But this is not just for ladies. If you deal with imposter syndrome you will get value from the stream. Come on down, support the channel. Have fun. I hope you got value from today's episode guys. Have a great Wednesday and until next time, stay secure.
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Main Theme:
A high-energy daily rundown of the top cybersecurity news, blending serious analysis, practical takeaways, and a welcoming, community-driven vibe. Dr. Auger not only distills key headlines but also provides actionable insights for practitioners, students, and those seeking to advance in cybersecurity.
Community Notes:
[12:51]
[17:41]
[25:04]
[30:15]
[35:05–40:53]
[40:53]
[48:39]
[52:22]
[56:57]
[59:36]
[60:50 onward]
| Segment | Start Time | | --- | --- | | Anti-Government Protesters Targeted | [12:51] | | UK “Lock the Door” Campaign | [17:41] | | Cellebrite & Kenya | [25:04] | | Pentagon vs. Anthropic | [30:15] | | Identity-Based Attacks | [40:53] | | Dutch Police Data Mishap | [48:39] | | Kinadu Android Malware | [52:22] | | Phobos Ransomware Arrest | [56:57] | | Apple RCS & Security | [59:36] | | Q&A & Community | [60:50+] |
For cyber pros and newbies alike, Dr. Auger’s podcast provides a daily shot of wisdom, practical perspective, technical learning, and community spirit.