Loading summary
Dr. Gerald Ozer
What's. Good morning, everybody. Welcome to the party. Hope you're doing well. This is simply Cyber Staley Cyber Threat Brief Podcast. I'm your host, Dr. Gerald Ozer, coming to you live from the Buffer Oer Flow studio. Welcome to the show, guys. If you're looking to stay current in the next hour, your top cyber security stories are going to be broken down by myself and I'm going to go deeper and further past the headlines to give you additional value and insight or that you will not be getting anywhere else. This is simply Cyber's daily Cyber Threat Brief. I can't wait to get into it. Let's get cooking. All right, good morning, everybody. You got to give me a second. I forgot to connect the live chat into the front end. So all of you guys who are chatting right now live in the studio are not being seen. There we go. Now I've cast a magic spell and chat is on there. Let's cook, baby. Guys, I. I'm super pumped. It is Thursday. We're almost through the week. All about good times here. Stories have been popping off. You guys have been popping off. It's all about good times. I hope we had several first timers who should. I just realized I don't have my coffee, bro. I. Listen, I'll tell you what. When I run the threat locker ad today, I'm going to try to make an Olympic sprint to go get my coffee and back. No one will ever know. Guys, hey, if you're a first timer here, for your first time, drop a hashtag first timer in chat. I'm all interested in welcoming first timers so they know that this is a safe, awesome spot to be asking questions, getting resources, and generally everybody in chat is pretty much pre screened as good times. Not spam, not bots. No one in chat's going to be asking you about do you need an AI developer or go to. Let's go to DM so I can tell you about my sick crypto project. Ain't nobody got time for that. Ain't nobody got time for that. Well, we do have time. Larry Shervington Jr. What's up, Larry? Heck. Yeah, listen, I gotta tell you. Oh, wait, hold on. Why is my name on the screen? Dude, we're doing all sorts of things today that are kind of wacky. All right, hey, listen, if you're a first timer, drop a hashtag first timer. I want you to know I don't research or prep for any of the show because I don't have time for it. And it's just Disingenuous. No one does that in. Ain't nobody got time for this in practice, so I don't know what we're going to be talking about. Long timer here. Good to have you, Neilana on the chat, guys. Every episode of the Daily Cyber Threat Brief, by the way, just for production note, I'm trying to speak further away from the microphone. I've been watching on replay a little bit for Q quality assurance, and I've noticed that my audio kind of sounds a little like. What's it called when it. When you like, blown out? Like I'm peing djb. Second. Am I using the right terms here? So I'm trying to speak further away from the microphone in hopes that it sounds better. Let me know in chat, I guess, if it sounds better or not. Angular 777. I'm drinking Starbucks French roast. It's pretty much my only speed. For better or for worse, that's what I do. And I French press it because I'm extra like that. All right. Hey. Oh, my God. Telegram. Can we. I don't know if you guys are hearing it, but, like, can I. I don't want tell. Can we quit? Telegram, bruh. Give me one second. I gotta. Okay. All right, first. Hey. Every episode's worth half a cpe, so it's very simple. Say what's up in chat. Just like it's. Lavinia. BW5542 is doing simply. Cyber Community member Robert Hendrickson is doing. It's very easy. Say what's up in chat. Grab a screenshot. Once a year, count up the number of screenshots, divide by two, and that is how many CPEs. And if you might be like, oh, why? Why is this a cpe, dude, we're gonna go through the top news. I'm going to be educating on lessons learned and just check. This is like a threat intelligence briefing. Okay, so I'm a qualified instructor. You know, this is cyber focused. So this will qualify as an instructor LED webinar. Nerd. But hey, you know what? It's better than sitting through like a crappy webinar and being like, ugh, ugh. Can I share this right now? Haircut Fish? It seems very timely to share this one. Let me know. Dude, Haircut Fish is out of control. I gotta tell you guys, I got something for you if he allows me the right to share this. Okay, so, hey, every single day of the week has a special segment. And Thursdays is. What's your meme? Thursday. This guy right here, Dan Reardon. AKA the Haircut Fish. If you know him, you know him and if you don't, you want to get to know him. He puts up a piping hot fresh meme every week for the channel and for the community. And he's very good at it. He's been doing it for like over a year, maybe two years. Dan. And I just said, I just said, oh, I'm so up on the mic, I'm trying to not be so close to it. Let me know in chat. And Dan, within, like, I don't know, 45 seconds, just like produces this thing. Lady and the tramp. Me and the microphone having a moment, getting closer, like, just short of like me in the microphone, like. All right, thanks, Dan. So you get a double shot of. You get a double shot of memes today. All right, guys. Hey. Every single episode of the Daily Cyber Threat brief, including this one, is worth half a cpe. I already said that the show is sponsored and I'm very, very grateful for the show. Sponsors, don't sleep on them. If you want to support the channel, if you like what we do here and you want more of it, the channel has to be funded. I mean, like, let's just be, you know, adults about it. So the sponsors, they help. Clicking on the links in the description, you know, basically shows some love to me and to the sponsors who are generous enough to support, support the channel. Let me tell you about material security guys. Easy peasy lemon squeezy. Go To Simply cyber IO/ material. Simply cyber IO/ material. All right. Stop email attacks, Protect sensitive data, all the things you want to do. Listen, your cloud workspace is more than just email, obviously. So why does your security stop there? Good question. Material delivers complete protection for Google Workspace. Microsoft 365 going beyond perimeter defense to secure both email files and bonus account across your environment with advanced AI detections and automated threat response. Material correlates signals across the workspace to identify risks others miss. It protects sensitive data in inboxes and shared files, monitors account access and third party apps, and automates remediation from phishing response to user user report triaging. And what's the result, everybody? What's the impact statement? You mature your security posture, which is a win, and you scale protection without adding headcount, without adding FTEs, without adding labor, without adding additional expense. Ready to secure your best friends?
Co-host or Guest
Yep.
Dr. Gerald Ozer
Ready to secure your entire workspace. Learn more at Simply Cyber IO Slash Material. We got a super chat coming in. Thank you very much for the super chat king victory with A five euro, maybe. I. I don't recognize that currency symbol, but five something. Thank you. King Victory. Jerry, I've watched Sibley Cyber for years. Just landed my first AIM role. Grateful for you in the community. Hell yeah. I'm telling you, I don't. I don't. This is all in real time, guys. I don't futz around. I'm reading this with you, dude. King Victory, I am so happy for you, man. Oh, I'm so happy for you. Congratulations, well earned. I'm glad that Simply Cyber could play a part in it. But I'm telling you, this is your victory, your win. You put in the hard work. I know. I don't know exactly what it. It was King Victory, but I know you made or King Victor, I know you made sacrifices. I know you put a lot of time, effort and energy into yourself and your career. And my friend, you are reaping the benefits. I love it. I love it. I love it. I love it. Okay, you know what else I love? Anti Siphon training. What? Yes, yes. Anti Siphon training. You know that organization that's disrupting the traditional cyber security training industry by offering high quality, cutting edge education everyone, regardless of financial position? Yeah, that one. Guys, if you're available next week, John Strand, himself, the leader over at Black Hills, Information Security legend og you know, kind of Mount Rushmore style dude for cyber security, leads this course. It's four days, 16 hours. Four days, four hours a day. I love this format. It allows you to get into work, do your email, meetings, whatever, then train for four hours. Then bing, bang, boom, you get to close out the day. No muss, no fuss. If you need to get foundational cyber security learning or hey, let's be real. Maybe you just want to refresh yourself. Maybe you just want 16 cpes in a cool way. Go check it out. Anti siphon training. I'm going to drop a link to this in chat right here. If you do go, let them know Simply Cyber sent you. You can take this course for free if you want. They do ask for a minimum of a 25 commit, but there are very simple ways to take this for free. With Anti Siphons awareness, it's not like you're stealing. They. They have it set up that way. All right, let's hear briefly from Threat locker. And then I'm going to get. We're gonna get into the news. Okay. I'm gonna try to get coffee. Let's go. Threat Locker. I want to give some love to the daily cyber threat brief sponsor, Threat Locker. Do Zero day exploits and supply chain attacks keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber.
Co-host or Guest
January 21st
Dr. Gerald Ozer
I did it is. I did it is. There we go boy. Love it, love it, love it. All right, here we go. All right, we are cooking babies. So do me a favor everybody, we are off and running. I got my coffee. You've got your part. If you didn't know. If you're here for the first time, I need you to sit back, relax and let the cool sounds of the hot news wash over us all in an awesome wave. I'll see you at the mid roll. From the CISO series. Here we go.
Sarah Lane
Cybersecurity Headlines
Co-host or Guest
these are the cybersecurity headlines for Thursday, February 19, 2026. I'm Sarah Lane. Microsoft Copilot Summarizes Confidential emails Microsoft says a code bug in Microsoft 365 copilot caused the AI to summarize emails marked confidential since late January, bypassing sensitivity labels and data loss prevention policies. The issue was detected on January 21 and affects the Copilot Chat work tab, which incorrectly pulls and summarizes emails from users, sent items and draft folders, including messages explicitly restricted from automated access. Microsoft says this is a code error and began rolling out effects earlier this month. Shiny.
Dr. Gerald Ozer
Yeah, I mean, okay, yeah, it's a, it's a code error, but it's one of those ones where, dude, if you squeeze toothpaste out of a tube and you're like, oh, it's a, it's a code error. We fixed it. Guess what, all the toothpaste is out of the tube already. Like, you know, now I don't know what the, I don't know what the impact does of this. Okay, so this is obviously like a confidentiality security concern, low key, a data governance issue. But did it just summarize confidential emails within the context of the viewer? Right. Who already had access to the confidential emails? You know, did, did Microsoft Copilot save it offline? Did it, you know, ingest it into some training? Yeah, like training or whatever. You know what I mean so like when you see something like this before we start screaming witch and like looking for logs to build a pyre and, and stick Microsoft copilot on and dude, you're not going to find someone who's more like pro let's burn co pilot to the ground than me. But, but you know, I do like to be fair, so I don't know exactly what the exposure was here. Okay? So if anything, to me, to me the story is, you know, maybe you had some confidential emails that were leaked or somehow breached in some way. But again like it's not like a threat actor stole your files off your file server and is publishing them or sending them to your market competitors like Microsoft, you know, I guess got some and ingested it or whatever. So like to me the blast radius is, you know, managed and they've fixed the problem. So it's, you know, ah, you gotta thank you co pilot for patching it. So what I would say is this is a learning opportunity right here. This is a learning opportunity. I am going like, by the way, I'm going pretty hard into the pain on AI security over the next few months. All right. It's just too important. I'm seeing a lot of signals from you all basically from the audience that that's a topic that people are very interested in. I also feel like it's an area that doesn't have a lot of, there's a lot of like market hype and you know, crap out there, people saying stuff without any background or context. And I, you know, not that I'm an AI security expert, but I'm working on it and I'm trying a bunch of stuff in the lab back here. So to me what I would say is for those who need to get smarter on AI security, which I recommend everybody gets as smart as they can on it, it's going to be incredibly valuable. This is a learning opportunity. The AI got access to these emails. So the question becomes, number one, did we even like, did this organization even want co pilot to have access to things? Right? Like, so I used to run Office 365. If I have all my things in OneDrive and I didn't opt into Copilot and Microsoft's just scanning and like, oh, we accidentally scan confidential emails, then that's, that's bull crap. And now I have a shadow AI third party risk, data sovereignty concern, you see what I'm saying? Like, so I want people to be thinking about those type of issues with AI. Yes, prompt injections, a thing and a Threat actor can make my AI do something and you can, you can burn my tokens. But I'm, I'm trying to think about it at a higher level around like moving forward like four years from now or you know, maybe, maybe two years from now. Did you see that AI video of the Chinese soldiers, the robot soldiers? What is AI deployed deployment look like in your environment? What is the data sovereignty concerns? Are you doing data layer security basically right? Because you know, we've, we've hardened the app, we've hardened the network, we've hardened the endpoint, we've educated the user, but we, we're not really doing a lot at the data layer. Yes, we encrypt in transit. Whoopee, right, that's fine. But when the data gets to where it's going and some pro, some processing happens that's outside the scope of our environment, then that's a problem because you can't claw it back. All right? So I want everybody to think about that.
Co-host or Guest
Hunters takes Cargurus records. The Shiny Hunters cybercrime group claims it breached CarGurus and stole 1.7 million corporate records, threatening to leak the data if the company doesn't respond the by February 20th. The gang says this includes personally identifiable information and internal corporate data. Cargurus has not confirmed the breach, but this is part of a broader spree attributed to Shiny Hunters and affiliates who have recently posted alleged breaches involving investment firms Mercer Advisors and Beacon Point Advisors, as well as companies including Canada Goose and figure Technology Solutions, Texas.
Dr. Gerald Ozer
All right, shiny hunters, you know, the 18 to 24 year old ransomware threat actor group that's you know, very good. They are brash and you know, young. They're also, even though this says Shiny Hunters, they, you know, I don't have intelligence on this, but they are the ones who are like trying to partner with other, you know, young, hip, Gen Z threat actor groups, specifically Lapsis and Scattered Spider. They had like a little crew called the Comm. So I don't know, you know, just because they've formed an alliance, just because they're like Macho Man, Randy Savage and Hulk Hogan as the Twin Towers does not mean that they can't wrestle independently. Right. Like Macho man can go have a one on one bout with Ted Dibiase or something like that. So like Shiny Hunters doing its own thing is not ridiculous. Right. And they went for car gurus. I forget who car gurus is. Is that one of those ones like carfax? Yeah, like unbiased car reviews. All right, so they Stole a bunch of corporate records and gave him a deadline of February 20th. So tomorrow. Oh my God. If I'm the CISO at CarGurus, I'm like, oh, like I, I can't, I can't brush my tongue enough to get the taste out of my mouth of like what this tastes like. The breach happened on February 13, so right before Valentine's Day. Must have made for a nice weekend over at the car guru's house. Yep. So here's the TTPS for shiny Hunters. Okay. They do it a different. Couple different ways, but voice fishing, which by the way, shout out to the register for not using the term vishing. Thank you. Voice fishing to obtain single sign on codes from users of Okta, Microsoft and Google Services. So they had. Sounds like they had creds and then fished the end users to get that second factor. Now it says single sign on codes. I don't know, maybe, maybe, maybe I'm out of touch or something like that. I wouldn't, I don't think of, I don't think of these as single sign on codes. Right. Single sign on to me is more of like a session token that you authenticate using a federated identity and then you can sign on to multiple services without having to re authenticate each time. That to me is single sign on. What I think they mean in this story is one time passwords, OTPs or you know, expiring six digit pins that go away after 30 seconds or whatever. That's what I think they mean. But anyways. Hey, it's Jerry from IT we noticed that you've had some problems. We're trying. Hey, we're, we're, we're doing a massive Car gurus upgrade and we just need to confirm that your OTPs are accurate. Can you please open your Microsoft authenticator app and confirm the next six digit pin? We're just looking to make sure that we're in sync with everybody because we're doing a big, we're doing a big production upgrade this weekend. Yeah, no problem. Here you go. Okay. They log in, by the way. They log in as a general user. Right. In this case. So the story was yesterday in the news. Remember? Threat actors are not breaking in, they're logging in. You h. If you are still operating your security detection stack like it's 2007 and you're looking for like, you know, some type of elite level next hacksaw attack, you should be looking for that. But dude, conditional access detections around abnormal behavior identities, doing things they shouldn't, logging in at Times they shouldn't. Logging in from places they shouldn't. Inconsistent patterns because dude, that's what's up. Here's the reality guys. To put it even more bluntly and clear, threat actors are basically taking the risk of insider threat and weaponized it because they're logging in as insiders and then just going yolo. Which is why I know it's hard, but this is why you should do. Wait for it. AC6. What? Hold on. AC6N853 not to be confused with AC Slater. Here we go. Oh, hold on. I think it's AC6 least privilege. Oh, I know it's hard guys, but this is the control, by the way. This is in the moderate and high baselines. Not in low, not in low. So if you're, if you're. If your system doesn't have. Has low confidentiality needs, low integrity needs, low availability needs, then you can skip this one. But for the rest of us, least privilege my guy, when new in person starts at the company because Ed is retiring after 30 years with the company and Johnny's gonna replace Ed. You know what you don't do? Hey, Johnny just started. Why don't you give him all the access Ed has? Because he's going to be doing Ed's job. Well, yeah, Ed's accumulated 30 years of barnacles and access from all these systems and stuff. Sure. Just give Johnny, who's been here for a cup of coffee, access. Broseph, you are so dumb.
Sarah Lane
You are really dumb.
Dr. Gerald Ozer
For real. All right, so anyways, least privilege AC6 shiny hunters kept car gurus. We'll see if they pay or not. It's all corporate information. I don't know. And then the story goes on to list a ton of other Shiny Hunter victims as there were. We'll see.
Co-host or Guest
Sues TP Link over Router Hack Texas Attorney General Ken Paxton sued TP Link Systems alleging it deceptively markets its products as secure while allowing vulnerabilities that Chinese state sponsored hackers have exploited. The Lawsuit cites a 2023 report linking TP link firmware flaws to activity by the Camaro Dragon hacking group and argues because many components are sourced from China, the company could be subject to Chinese intelligence laws requiring cooperation with state authorities. TP Link denied the allegations. Honey.
Dr. Gerald Ozer
All right, so TP Link, remember, is the Chinese backed manufacturing company that was getting all sorts of crap because they were flooding Amazon with like ridiculously low priced technology. And the argument was, oh, like China, like China, right. You know, as, as the President of the United States Likes to put it was like basically rolling out quote unquote infected devices to allow for like essentially a botnet to be activated at a moment's whim. Like maybe, maybe not. I don't know. Remember, with any device. Hello. Like, once you have the hardware, you can do things like dump the firmware, reverse engineer it, stick it in a lab. You can span the network traffic coming off the thing to look for. Is it reaching back to some odd C2 node? Right. There's a million things you can do. So like, to, to be, like, to just be like, oh, no. This entire business is a sleeper cell for the Chinese government. Now the state of Texas, who always does everything big, my man DJ B and the H Boys or the H Town Crew or H Boy, whatever it is. Ghetto Boys, Shamira Gonzalez, also in the Houston area. Who else is in big Texas? We got, we got Carrie. Texas is huge, right? So Texas is always doing their things. They're gonna sue TP link, by the way, like, how does this even work where like a state sues a country that like, I mean, can China just be like, bro, like, we don't recognize you, Texas. Like, I don't, I don't even understand how this works. All right, so, Jen. Attorney General Ken Paxton announces the lawsuit. High sense and tcl, which again, this is interesting. So, like, here's my thing. Like, is China just so good at manufacturing that they can produce these, you know, quote unquote, high end technologies at incredibly dirt cheap prices? Because like, I went to Walmart the other day and I, my son was like, dad, it was like, I'm not even exaggerating. He's like, dad, I can afford this. My 13 year old who it doesn't have a job, okay? He's like, I can afford this. And it was a 65 inch high sense TV for like 290 or something like that. It was like insane. And I was like, oh my God, like, price check on aisle four. So the same thing with the TP link. Like, maybe, maybe the country is just good at producing technologies at, you know, dirt cheap prices. I mean, there's a reason why up until it became socially unacceptable, most large companies had their manufacturing done out of China. Like your, your iPhone. Spoiler alert. It was made in China because it's cheaper to manufacture technology over there. Or it was until the, until the world started getting into a pissing match with each other. All right, so what does the TP link actually do besides being from China? So this guy's argument, Attorney General Ken Paxton says with Nearly all of its products imported from China. TP Link's deliberate deception towards Texans regarding the nationality, privacy, and security capabilities of its networking devices is not just legal, it's a national security threat. I guess, man, here's my thing. As I just said, here's my thing on this one, and then I'm going to move on. Okay, number one, we, like, I, I always forget that. Like, we, we like us, me and you, right now, we are in technology. We are in security. We are. We have access to knowledge and information that most mainstream people don't have. And it's not that they don't have access, it's just that they don't care. They don't consume it. Right? They're watching the Olympics, they're reading the blogs that they like. They're scrolling on Instagram, whatever. You and I, we're consuming this crap all day, every day. So I'm going to give you a tinfoil hat hot take on this story and a justification for my hot take. Where's my tinfoil hat? Here it is. Here we go. Number one, as a technologist, we can definitively look at the firmware on these devices and, and test them in a lab dynamically to determine with a pretty high level of confidence if it does have, you know, malware backdoors, espionage, info stealers, data exile, C2 cap. We can do all that. We can do all that. So we can, we can tell if this is true or not. Now what I think is happening is political, right? So, like, it's, it's easy to just throw out a lawsuit and point to, you know, China and be like, national security. And, and now China has to, like, defend themselves and prove that the TP link things are not, you know, weapons effectively or, or lose market share, TP link loses business, etc. So that's what I think this is. Honestly, this, this feels more like political theater than necessarily national security issues.
Co-host or Guest
Well, CCTVs vulnerable to auth bypass. CISA says a 9.8 severity vulnerability affecting multiple Honeywell CCTV models could let unauthenticated attackers take over device accounts and access camera feeds. The flaw stems from an exposed API endpoint that lets attackers change the account's password recovery email without authentication, effectively enabling account hijacking and some critical infrastructure environments. CISA is telling organizations to limit network exposure, isolate devices behind firewalls, and use secure remote access methods.
Dr. Gerald Ozer
All right, I mean, okay, like, from the office of like Shocker comes this story of an IoT device that has gross security vulnerabilities that can allow for authentication bypass. Okay, number one, like 2015 called, they want their hot take back, they want their black hat talk submission topic, you know, CFP back. Okay, like vulnerable IoT devices has been a thing for quite a while and webcams or Iot cams is right up there now. I do want to point out one kind of ironic, you know, Alanis Morissette, isn't it ironic kind of situation. The acronym CCTV stands for closed circuit tv with, with. I want to emphasize closed. This is supposed to be a off network air gapped system. That's why it's called CC right now. That term has now just been appropriated and it's almost colloquial at this point where it's not closed circuit. You know, people are pushing DVR vid off prem and saving it to a cloud storage and remoting in from wherever so you can look at your cameras and all that other chat. So you know, it is what it is. Okay, so here's the deal. Number one, you might look at this story and be like, okay, so what's the big deal? Well, there's two things that are concerning. The first one's less concerning than the second one. The first one is threat actor. You know, gets, finds your camera online and is able to off bypass it and get into your camera and then they can mess with it, turn it off, turn it, you know, a pan, tilt, zoom, whatever. Okay. And maybe if you want to get insidious, maybe. You're gonna, you're going to kidnap somebody or rob a bank or break into a, you know, a, an animal testing laboratory and free them. Free the monkeys or free the mouses or whatever. Mice, right? So you shut the camera off, right? There's that. Okay, fine, more realistic. And as far as like my world goes as a ciso, like I would be like, okay, so here' problem. Those cameras are definitely on the same network. Now if the network team hasn't, you know, basically isolated those off on their own segment, then it's probably on a flat network. Someone gets in there, it's a foothold where they can now pivot and, and you know, scan the internal network, find other vulnerable devices, get into those and now you've got a real problem. You've got a, you know, a, a growing like issue in your environment. Right? So it's, it definitely as a foothold. Okay, so there's that. Now here's a couple things I would say when it says vulnerable auth bypass. Another thing to give consideration to is, is it only bypassing into the Web admin portal of the T of the camera or are you able to get into like the command line like can you reverse shell into the machine? Because if you guys didn't know this, a lot of IoT devices basically run a very stripped down version of Linux. If you Google busy box you'll find what I'm talking about. It's like, it's a very lightweight Linux distro but normally it, it will have like SSH and networking capabilities. So if you can get into the, you know, the operating system, well then now you're really cooking because then you could start doing more advanced things besides just pan tilt in zoom. All right, the, the other thing I would point out. Oh here. Yeah the story says, you know, the threat actor can change the recovery email address. Sure, why not? Account takeover. Unauthorized access to camera feed. So it sounds like they can't get into the thing underneath. Here's my thing guy. If you're, if you have closed circuit tv, like say you're a hospital and you have these things or you're like a warehouse and you're like got the loading docks camered up or whatever, you're a, a bank, you're, you're a city office building, whatever. Like you should not have these cameras with Internet facing access. If you absolutely need to have your team access it over the Internet, then have them remote in like have them get on a VPN and make a VPN connection and then route over to the device. It's just lazy. Like dude, I, I've said this a thousand times. Security, it's like a slider. Security is on one side and usability is on the other. And the more usable you make something, the less secure it is. And that's not necessarily a bad thing in some instances. But like you have to have, you have to do the risk analysis on why you're making these choices. So yeah, if I can just access the cameras from the Internet by typing in just an IP address. Yeah, that's super usable, but it's super insecure. And if you think for a minute that because you don't have a domain name, it's just an IP address. 197.13.2.4 like no one's going to know that that is not security. That is, that is stupid is what that is. So if that's your strategy, you're going to get crushed because the Internet threat actors are scanning the Internet all the time. I also want to call your attention to. Like you know, auth bypass. A lot of these devices are Just deployed anyways without actually configuring the security on them in the first place. So you, you know what, you don't need an off bypass for default creds. If you have a default credential on the camera itself then you can just log in and screw with it. Here we go. Here's a camera in Nagano, Japan. You guys remember the Olympics in Nagano? This looks like it's a dorm room hallway, multiple doors, probably going to bedrooms if I'm not going to do this. But like the IP address on this one is like shown in the. You can't see it on stream but like if I click on this picture right now I will go directly to the webcam itself and very likely I can see. Yeah, it's a hotel. This is a hotel. Okay, I can see pan. It's a Panasonic HD camera. Panasonic default creds. This is not a threat. Actor academy training. But look dude, Panasonic's default creds vary by product but common defaults for Panasonic cameras. Admin 1 Username Panasonic Password Admin 1234 Admin Admin Pass. Okay, I'm not saying let's, let's do this but like if I was so inclined that's exactly what I would do. Right? So don't. I mean yeah, auth bypass is tough but if you, if you haven't even enabled the authentication mechanisms on it then who gives a
Co-host or Guest
huge thanks to our sponsor Conveyor. Every fast growing company hits this one moment. Sales wants to close bigger enterprise deals. But this means the security team is buried in security questionnaires. Alteryx avoided the deluge of questionnaires by using Conveyor to automate their customer security Reviews.
Dr. Gerald Ozer
The result?
Co-host or Guest
AI completes questionnaires. 40% more customers are supported through a self serve trust center and more than half a billion dollars in security influenced revenue. If you're trying to scale without adding headcount, take a look at conveyor@conveyor.com
Dr. Gerald Ozer
Alrighty. Welcome to the mid roll. Do we have any first timers in chat? If you're here for the first time do drop a hashtag first timer in chat. We love welcoming our first timers and I I haven't been able to look at chat. Things have been popping off today. I want to say thank you all of you. All you first timers, all you long timers, all you audio only that you're here for the video today. All you who were are regulars but had to take a break because you got a job that Conflicted or school started and you're driving your kids or you're moved. Whatever, whatever your situation is. If you are a long timer but you James McQuiggin. All right guys. Hey, I want to say thank you again to the stream sponsors, those who enable me to bring this show to you and do all the fun research that I get to do to share with you guys, including my work with Open Claw. I had a call yesterday with John V community member John V. And I'm telling you right now, probably middle of next week, I will be rolling my own in house LLM. I'm very excited about that and I will be making a lot of video content around AI security. Right. I'm still going to keep it Simply Cyber. It's not going to be simply AI but a lot to learn. Threat locker anti siphon material. Thank you for what you do and let me holler at you about Flare guys. If you go to Simply Cyber IO Flare right now, Simply Cyber IO Flare, I'm gonna drop it in the chats. Simply Siren. Remember clicking on the link does help the channel and I stand by these sponsors. I don't take sponsorships from people that I don't that are dodgy. Okay, listen to this. Let me get this Flare threat intelligence platform. If you hadn't had a chance to use Flare, let me tell you what it is. Once you get authenticated into the environment, you can see here. You can look for compromises in your environment data collections. You can look for infected devices that are in your business's domain. You can look on telegram channels for chat from threat actors. You can see if potentially you are an upcoming attack victim. You can find out if they've got your endpoints, compromised reporting in info stealers, etc. Like dude, the cyber threat intelligence platform flare. There's two things about it that I love. Number one, they go, they go wide and deep on threat intelligence telemetry. Two, and this is the best part, their platform allows you to query that information in a very intuitive way. So there's like a very low learning hurdle to get over. So go to Simply Cyber IO Flare. You'll be presented with this form field. They do not give access out to everyone. You do have to validate and verify that you are an actual professional who has, you know, a legitimate use case for Flare. This information is too valuable to give to threat actors. This is basically a threat actor starter kit if they did that. But you can check out a two week free trial. I guarantee you you will not be disappointed checking this platform out at a minimum. Especially if you're like a small mid sized business, a solo operator. It's good. All right, enough. Thank you, Flair guys. Every single day of the week has a special segment and we did a double shot today. What's your meme Thursday? Dan Reardon, AKA the Haircut Fish, shared this meme early on and this was just an amus bush, an appetizer if you will, to wet the pallet as Dan finished putting the garnishes on the entree. Well, he has finished the entree and he's bringing it out. Ladies and gentlemen, I'd like to present you with the simply cyber meme of the week this Thursday. Now, there is some context I do want to say. As a disclaimer, let me pause the music. As a disclaimer, please listen to my voice right now before I show this image. Anybody that is pregnant or has a heart condition should look away. If you are pregnant, believed to be pregnant, are trying to get pregnant or have a heart condition, please look away. Now that I've put the disclaimer out there, ladies and gentlemen, this is your meme of the week. Now, if my last name is Ozer, Bruise and Hacks pointed out that my name sounds like Ogre. And we have a Shrek Ogre, Gerald Ogre meme here. You can see Dan has self sacrificed by making himself donkey. All right, so there you go. This is your meme of the week, ladies and gentlemen, Ogre, Shrek and Donkey, Dan and me. Thank you so much, Dan, as always, crushing it and appreciate the double shot. Let's finish strong, y'.
Co-host or Guest
All. Fraudster HACKS hotel system pays $0.01. Spanish police arrested a 20 year old man accused of hacking a hotel booking website to manipulate its payment validation system, letting him book stays for just one cent per night. Authorities say the suspect repeatedly exploited the flaw, including during a four night, €4,000 stay in Madrid. The scheme initially appeared to process full payments, but when funds were transferred to the hotel, it revealed that only $0.01 had actually been paid. Chris.
Dr. Gerald Ozer
All right. Oh my God. So welcome to the Wayback Machine yester year. So this is, this is cool. I mean, again, this is crime. That's not good. So like let's not, let's not sensationalize or celebrate crime, but this individual hacked a hotel to stay in the hotel for a penny. So probably he probably did it for a penny so there would be some transaction. I will say that was actually, I don't know, like, I feel like a penny is going to get noticed as like odd Maybe I would have done a dollar. See, hacked a hotel booking website, luxury hotel stays. He raided the mini bar, didn't settle the tabs. All right, let me see. 20 year old Spanish national, of course. Like, dude, tell me, tell me this hacker was young without telling me they're young. Four night reservation for $4,700. Let's see, I'm trying to figure out here. Let's see. By the way, well, I don't know what the drinking age is in Spain, but he may have been underage drinking as well. There's no information here on, there's no information in here on how the hacking happened. He hacked a third party site like, you know, booking.com or one of those and basically manipulated it so the transaction was a penny instead of whatever, you know, like, dude, all of us use online tools for booking. I booked a flight yesterday, I booked an Airbnb like two weeks ago. Like it's, here's your balance. Do you want to pay yes or no? We all use online payment systems, so I don't know how this dude hacked it, but whatever, he got caught. I mean, fun story. I, I just, I want to spend 30 seconds on this just because it's fun. Back in the early 2000s, when you know, the.com boom and you know, online websites were getting up and E commerce was like a term, I know Phil Stafford remembers this, E commerce. But anyways, there was like absolute trash for validation. People were just spinning up websites and trying to do things. And what you could do was people would do this all the time. You would like put like, you'd put like a, you know, Sony PlayStation 1 at the time, right? Sony PlayStation 1 in your shopping cart and then you go to checkout and then you would just open up, you know, the, the, the, the code, right, the source code, because it's brow, you know, client side source code. And you would just change the price of the item from 200 to 1 cent and then hit refresh and it would come back and it would be the product and the price, one cent. There was like no validation. People were like wholesale stealing all over the place. And this, this kind of reminds me of that. Obviously they started doing server side validation, which is how you correct these things. But yeah, just. What, what a, what a kick, what a throwback.
Co-host or Guest
Harvest campaign targets Iran protest supporters. Acronis researchers have identified a campaign dubbed Crescent Harvest targeting supporters of Iran's protests with rat malware delivered via malicious shortcut files disguised as protest media. The malware uses DLL sideloading through A legitimate Google signed binary to evade detection and can steal credentials, telegram data, browser information and log keystrokes. The activity is likely linked to an Iran aligned threat group and reflects ongoing state backed surveillance of activists and dissidents threat.
Dr. Gerald Ozer
All right, I mean this was in the story yesterday as far as cell Bright being weaponized in a Iranian protest, right? No, no, it wasn't that. It was like a. It was a. It was a. Was it Kenyan? Yeah, it was the same guy. So this story was actually covered yesterday. This guy is a presidential candidate. Boniface Mwangi. Wait a minute, hold on. Born identity, movie president guy name boat. What was that guy's name? Oh, Nikwana Wombosi. You remember the guy that James Jason Bourne like lost his mind on when he was on like a hit mission. Nikwana Wombosi. Not the same name. Bonaface Mi Kenyan pro democracy activist. Guys, I. I don't know what else to tell you. We covered this story yesterday. You know, if you're, if you're a high profile person, if you are challenging the status quo, if you're an activist fighting against a system, then you know if they get physical access to your device, they don't need your fingerprint, your face, your thumbs. If they have access to tools like Celebrate again lockdown mode on Apple, I do not know if it covers, I don't know if a Celebrate can get through the lockdown mode but you know, it's better than nothing. You know it sucks. I mean this is what surveillance police state is like again. Who knows, maybe this presidential candidate is a bad guy, right? And he's just being smeared in the news and we're, we're rendering opinions based on that. But, but on the surface it looks like he's challenging the current authority and the current authority is weaponizing law enforcement to figure out what's on his phone which I. E Would be like people he's contacting, messages, all these things. So not good actor exploits Dell zero
Co-host or Guest
day Researchers at Mandiant and Google say a suspected China linked threat group has been exploiting a critical zero day in Dell recover point for virtual machines since at least mid 2024. The hard coded credential flaw allows unauthenticated attackers to gain root level access, move laterally, maintain persistence and deploy malware. Dell has issued remediation guidance. Google has offered recommendations to help organizations assess potential compromise.
Dr. Gerald Ozer
Bro, lawsuit claims this is kind of like low key. Gross dude. All right, so check this out. First of all, Google Mandiant. Way to go. I love myself some Google man. This story I'm gonna drop it in chat. The, the thing that's kind of low key grosses, there is a hard coded credential that remote allows remote access to a box. That sounds like a nightmare combination. All right, So not only is that vulnerability low key gross, but Google has observed exploitation, which means the vulnerability has been exploited and you know, businesses are, or governments or businesses entities are being impacted by it. Of course it has a score of 10.0, 10.0 being the highest on the CVSS scale. It basically means, you know, these, it's, it's, there's criminals out there running around exploiting it, right? There's like, it's like the bank robbery scene in the movie Heat 10.0. So they're not attributing it to any specific threat actor at this time. It is Chinese, you know, adjacent apparently, but they don't have enough telemetry to confirm that, you know, it's apt 41 or it's any of the, you know, specific Chinese based threat actor. The malware they're using Sleigh style, Brickstorm, Grimble, I feel like, like again, I don't know. Different threat intelligence groups use different naming conventions not just for the threat actors but also for the malware payloads. So you know, slay style might be something else. FireEye has a pretty fun like malware naming convention as well. So let me see this really quickly. Dell hard coded. All right. Google says they analyzed a bunch of Tomcat manager. I don't even know what that is. Like tomcat. When I think Tomcat, I think of Apache Tomcat web server, which I think is designed for running like Java Java pages or something. Yeah, default creds for admin are in this home. Tomcat Tomcat users XML file and since it's hard coded, it's probably the same on all systems. So what machines are worried, should we be worried about. This looks like a pretty, this looks like a pretty serious threat actor thing. Like if you have this particular technology. The thing is, it's, this story is like long. I like, I don't. Okay, here we go. They do have IOCs in here that you can look at. The thing is, I don't understand fully like what technologies are at risk right now. It's not like all Dell computers, you know what I mean? It's. There's a very specific Dell recovery point for virtual machines. I don't know, I guess if you're using Dell virtual machines, which I'm not even aware, like what the heck that is. Oh, oh, it's a piece of technology for the Dell. Hold on. Dell recovery point. Okay, so it's data protection software for your VMs. All right, so here. Okay, I've gotten to the bottom of it. Okay, here's the deal. If you are using Recover point as your VMware recovery solution, right? It sounds like maybe it's like Veeam, like a competitor to Veeam, then, you know, then you should look into this, okay. Because it is a little gross. I would go threat hunting with the IOCs. Again. This is a sophisticated attack, but because it's hardcoded creds and they're seeing active exploitation, and it is China who is very good at espionage and exploitation, you should take it seriously. If you're not running Dell Recover Point, if you just have Dell computers in your environment, this does not affect you. Okay?
Co-host or Guest
Feds used gross mischaracterizations. A former federal election official told a court that the FBI misrepresented key facts and omitted public evidence in its affidavit used to justify last month's raid on Fulton County, Georgia, election offices. The affidavit cited alleged issues with ballot image storage and vote tabulation to suggest a conspiracy to favor. Joe Biden. Researcher Ryan Macias, who tested and certified the county's 2020 voting machines, said these claims have already been investigated and found baseless. Macias noted standard practices, prior state investigations, and minor discrepancies mischaracterized with the affidavit containing factual errors on vote counts and reporting timelines, undermining its basis for probable cause.
Dr. Gerald Ozer
I'm sorry, why? Hold on one second. Give me one second. I can't believe we're still looking at 2020. Okay, Okay, so. God, man. First of all, like, why is this being covered in Cyber Scoop? First of all, second of all, this is. This is election security related, but I would argue this is more about, like, the. The meta of election security, not like election cybersecurity. Part of the argument they're making. I'll just spend a minute on this. Is that, you know, the ballots, the machines didn't have, like, forensics images taken at the time of the investigation. They passed a law a year later that stated that forensics images had to be captured when something like this happens. So, like, the law didn't exist. So of course they didn't do it at the time. But, you know, when you say, oh, the. There weren't images taken despite. There's a law in the books that says it should. This is very much. If you've read the wheel of time. And you know what I said I are. And how they can't lie, but they can say the truth in various ways. This kind of seems similar to that. This is like 99.8% not a cyber story and absolutely a political, like story. So we're just gonna skip. What a bummer. That was like such a wet fart of a way to end the show. Like, gross, dude. Like, I want to end on like, no MFA or something crazy. You know what I mean? Oh, like, how about this? How about this? This is a fun one to end on. Let me just, let me just end on this one really quickly. Okay. You know how, if you don't know, I feel like I, I, I hear that there were no first timers in chat. Okay. But if there were first timers, I say this all the time. If you're a long timer, you know, I say this and many of you have actually taken my suggestions and it's proven out that it works. I tell you, you know, you got to make a personal brand. You gotta deliver value into a network and it can help you lead to a job, lead to an opportunity. Okay, I just want to bring your attention to this, this guy, Peter Steinberger, who like basically op. Created Open Claw right within like a couple weeks of open claw deploying. OpenAI basically wrote this guy a blank check and said, come on in here, buddy. We love you. I mean, I can't promise you results like this, but to me, this is a classic, obviously curated example of what I'm talking about. This guy. Open clause. It's open source security. It's, I mean, open source software. It's a GitHub repo. This guy throws it out there. Everybody loves themselves some Open Claw. And now this guy's got himself a, you know, probably a seven figure check or seven figure salary. Dude, there's so much money being dumped into AI, it's stupid. All right, guys, now that we've corrected the narrative and given everybody good vibes as far as ending the show, I want to say thank you very much. It is Thursday, so I'm going to go teach the Citadel cadets. Actually, for those, some of you have been interested, I, I kind of like tease what I'm doing at the Citadel. I'm going to be teaching the students today how to brute force attack an SSH connection. And we're going to be using N crack to do it. So come check it out. Hold on one second. Let me just confirm that because I, I feel like, yeah, I'm definitely using N crack. I just Want to make sure maybe I'm not using it to. To break into ssh. I feel like that's the lab today, but we definitely are using NCrack. Yeah, yeah, yeah, yeah. So anyways, it's gonna be fun. You know, get. Get your hacker hat on, if you will. It is Thursday. I know that typically Zach Hill is doing the Thursday. Jesse Johnson's been dabbling. They are unavailable, but Eric Taylor from Barricade Cyber Solutions is available and he has slid into the jawjacking chair. So we do have a Thursday jawjacking lined up for you. I wish you all the very best. Remember, later today at 4:30pm Eastern Time, simply Cyber Firesides is having a takeover. Kathy Chambers is taking over Firesides with an all female panel talking about imposter syndrome in cyber security Value for everybody in the community. Always go to Simply Cyber IO schedule to see all the upcoming webinars. Firesides Skill streams, live streams, all the things all about good time. All right, I leave you in the very capable hands of Eric Taylor, ladies and gentlemen. Until next time, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer burning questions about the cyber security field. Live, unfiltered, and totally free. Let's level up together. It's time for some jawjacking.
Sarah Lane
What's going on? Good morning, good afternoon, good evening, wherever in the world you are. Look at. Look at this. It's a new layout. That's right. I've been messing with obs. We've got. It took me like an hour to figure out the plugin and everything, but look at that. We've got. We got the chat. We got the chat in there. That is so cool. I am so stoked. I've been waiting. I was like, man, I can't wait to really show this to you guys on Tuesday. But, you know, kind of. Thankfully Zach is busy, so I get to show it up today. So I'm pretty stoked. I'm loving it. How's everybody doing? Hope everybody's doing well. I am going to see something because I think I was pasting or I was doing this. Let's see, let's see, let's see. If I did that. There's enough room. Yeah, perfect. I like it. I like it. Oh, gotcha. Okay. Yeah, Jerry, let me. Can I take care of that real quick? Okay, we can just. Yeah, I'll get it taken care for next time. No worries. Jerry just gave me a programming note because this literally. So I've got Multiple. So anybody who uses OBS and was catching me on stream yesterday. This actually is a. Several scenes that I have just built for this cyber, Simply Cyber podcast, so. Oh, so let me, Let me. I figured this out as well. It's not as elite as Jerry and DJ B. Second stuff. And while we're doing this and I'm just kind of messing around a little bit, please, if you have questions, put them in the chat. Put a Q colon in the chat so that way I can be able to find them and I can start answering your questions. Why goof off for about 30 seconds? So again, I gotta mess with streamlabs because I. I guess OBS integrates with streamlabs or whatever, but y' all know it. Did y' all hear it? Did y' all hear the dolphin? I don't got the audio back feeding into me, so hopefully that. That came through. It wasn't too loud. All right, do we have any questions yet? Do we have any questions? Let's. I'm not seeing anything. Yeah, so find a way through. He was on the stream yesterday just watching, you know, an old man trying to figure out new tricks. Oh, you didn't hear the dolphin? No way. Oh, no. Okay, so I'll have to go back and figure that one out. Thanks so much for letting me know. I knew when I was streaming it online it was working directly from my obs when I was going straight to the. To YouTube and I was messing with it yesterday in like, zoom and it wasn't pushing it through. So thanks for letting me know I'm almost there, so. And I do need to get the host slash DFIR expert on my name and just put Jawjacking Host or JJ Host or something like that. We're getting rid of Restream for the most part and going over to a different platform. So I was definitely trying to import a lot of that stuff, so. But yeah, I got that. Got where? I'm coming down to the bottom left. Probably need to adjust that just a little. Oh, the names are showing up. That's good. But yeah, I'm. I'm really, really digging it. Just got a little bit of things to iron out. And these scenes are good. I did want to. Again, nothing is yuri. I was looking at the co pilot stuff for 365 and Microsoft is pretty much just like, it's a problem. We'll get around to fixing it. So there's no fix for copilot. You know, breaching. I use the word breach very, very loosely. Let's say ignoring your DLP policies and just going through your files and doing what it wants to do and archiving it. I don't. I'll have to go back and look. There was a couple other articles and was looking at the stuff. I don't think it's like sending out like you know, you could be able to data exfil from like command injections or anything like that. So it'll be interesting to see how this all plays out. Feedback the chat window the text is small and not easy to read. Okay that's good feedback. Thank you so much. I do greatly appreciate that because see on my screen it looks fine but over on YouTube. Oh yeah, I see that on YouTube now. Thank you so much for that feedback. I greatly appreciate it. Oh, got a question. The. That OBS setup must be pretty demanding. Gotta. What kind of laptop or desktop are you using it. It's not really demanding at all to be honest with you. I just needed to figure out how to freaking set it up to be honest with you. But I run a Lenovo like all of my just about all my stuff. It's either Lenovo or a Windows Surface. So. But the Lenovo workstation that I got. Sorry, I got. I got all the puppies up here today and the Frenchie is loving getting in trouble. He likes to get it. No, stop. Sorry. But the Frenchie loves getting into the 3D printer of 3D printer poop. That's what they call it. The discard from the 3D printer. But no, I mean resource intensive. It's not. It's not resource intensive at all. At least not. I have not found it. I have not found it to be resource intensive. OBS is pretty light. Pretty light. But the UI is a bit much. It's. Once I figure it out it's actually pretty good. But yeah yeah, I do like the. Oh, you want to see the pup. Thank you. I. I'm a very simplest individual so let's see while we're doing this real quick and I'll. I'll try to find the pup real quick. Let me see if I can fix the what in the world. Somehow another I queued up music on my phone from my I watch let's see YouTube chat overlay unlock that properties. What if I did 400 by 400 if I did that. I did that and I did
Dr. Gerald Ozer
my
Sarah Lane
camera so I meet over. Let's try to make this a little bigger. All right, let me know what you think about that. I'll look at it on my other screen here as well to See how it pans up, but let me know. Hopefully that's a little bit more readable. So let's see. Are there any other question? Oh, here we go. Another question. Come in. Oh, how big is your obs install footprint? Not big at all. Roswell, uk. Oh, can we see the French? Come here, buddy. Come here. All right, here is Frenchie. Oh, and I think one of the English potatoes. No, sorry, they're still going through training as well. The Frenchie likes to try to be dominant. Go, lay down. Go, go. We'll just let them be. You still can't read it. Okay, we'll work on it. We'll try to clear it. But I do appreciate the feedback. So, yeah, I definitely got to work on the. The font and gotta work on getting rid of the barricade logo at the bottom there. And work on the name change there for Jawjacking. I should say probably like jawjacking co host or something. I'll get with Cambodia. We'll figure it out. But seriously, guys and gals, if you're here, I'm seriously here. Just killing time. Oh, here's one that I missed. Let me just star these other couple ones from Taiwan. Gong. Hey, man, what's going on? It's been a while since I talked to you. It feels like. Anyway, is it normal to be in a role for three years and still make mistakes? Are you kidding? I mean it playfully. But dude, we all make mistakes. I made a mistake this week. To err is too human. The pro. The thing you must always remember is to make sure you learn from your mistakes. Okay? Seriously, that's what you need to do. If you're not learning from. From your mistakes, you're not growing. But yeah, we. I'm sure Jerry will tell you the same thing. He's made a mistake this month. This week maybe. Right? So, I mean, I don't want to speak out of place for him, but, you know, we're all human. We all make mistakes. Obs studio mode, live adjustment. Cool. But I do see on YouTube, word is blurry. It does look better, but is blurry. Yeah, exactly. Roswell. I mean, the Frenchie definitely has some attitude issues. He is the youngest of the pups. Oh, we got some more questions here. Awesome. Where would one start to figure out if digital forensics is their thing? Be honest with you. I would say get to be a system admin. Network admin. Because you're looking for logs. You're looking in the logs a lot. Lot to find what in the world is not working. And that would be very beneficial because if you are able to get into that and you find interest in literally digging in logs and figure out what in the world happened, then digital forensics may be a thing for you. So, I mean, going through again, system app being, system admin, network admin, things that nature, because you're going to be pulling Windows forensic logs, Linux, Mac firewall logs, things of that nature. So knowing that stuff and being able to read it without a gui, because you're reading a lot of text, right, and being able to grep and, you know, powershell your way through a bunch of stuff. So. We actually got some questions coming in. This is cool. This is cool. Let me question. Have you been. Been pretty good. Been staying. Very, very busy. Very, very busy. Growing a business is not for the week at Week of Heart. Say, answer that one. Answer that one. Oops. Who is your Mount Rushmore of cyber security? Like, I assume you're. You're asking like, who are my idols or who I look up to in cyber. I don't. I unfortunately don't look up to anybody. And I'm not saying that to like, oh, my face should be on Mount Rushmore of cyber by Ain't. No, not at all. I got. I'm always learning. Right. I have to say, there's not, there's not a whole lot of people that I can just pick out of a lineup and be like, these are the three, these are the five, whatever. People. To be honest with you, I mean, I would say, like, instead of people, you know, I do like the folks over at unit 42. I like to watch what they're doing. I do like to see and watch what Red Canary is doing. I mean, we'll have to see how, how much the talent's still there after some of the latest acquisitions. I do like to see what the folks at Mandiant are doing. So there's groups, there's other organizations. I like to watch and see what they're putting out, if that's an acceptable substitute. So I do like that. But to say an individual, We'll kind of go. I like to say the organizations, if that's an acceptable replacement for you. Steve Young. Thoughts on the YouTube outage the other day Drove me nuts. I know you posted about the X D dos, but I did, but I don't think. But I doubt it's related. Yeah, it wasn't related. We still haven't seen or I haven't seen as of yesterday when I looked. I haven't seen the. Any sort of release of postmortem from YouTube here. Let's actually, let's actually dip this thing down. Let's see. Go to google. Outage
Dr. Gerald Ozer
summary.
Sarah Lane
Let's see YouTube restores after suffering outage yesterday Tuesday night. Yeah, just a bunch of people. YouTube later. Regarding Alge, if you're having trouble asking YouTube right now, you're not alone. Teams are looking into this and I've seen this. Let me, let me know, is the video or the web page showing up decently for you guys again in obs looks good. In restream it looks good. I don't know in YouTube how well it looks in YouTube land and LinkedIn lands. Let me know in a file share issue with our recommendations have been restored and all your platforms blah blah blah. Yeah, it doesn't look like there was any notification of exactly what caused it. Will we see something? Who knows? Unfortunately, But it was very far. I mean we use YouTube TV a lot in our household. Question from space tacos. Are there any threat actors that really, that really impressed or surprised you with our tactics? So the newest one, the goof heads over at 0apt, just posting like madman and just doing whatever they wanted to do. They literally just posted anybody's name that they wanted and there was no real intel. Let me actually try to find that real quick. See you later, dom kraken. Well, if I was spilling it correctly just over here on my other screen on LinkedIn trying to find something real quick because me and some other folks put got together and put the. That was weird. Sound like somebody entered the room and then my video went down. Yeah, the ransom ISAC from the real Kaka. I'll talk about that in a second. I can't find the post very quickly. 0apt. That's that one. Come on. Here we are. Yep. Let me just copy this link. Copy link to post. Let me drop over to here. I'll post it here in chat as well. See if it shows up. No thanks. All right. Oh come on, stop. Cancel. All right. In chat. Here we go. So, you know again, you know, self promotion a little bit. But I'm part of the ransom ISAC with a bunch of other really, really talented individuals like super, super smart. But we kind of went through and just kind of disclosed what's going on. The, the real interesting thing about this threat actor group is their timeout mechanism that was being used is showing, you know, they had a timeout of like 5 days anytime you wanted to download something or not 5 days, but 5 hours when you wanted to download something. And all these files Being so freaking large, you know, you just couldn't freaking do it right. So being able to, you know, get the data to prove that they are actually exfiltrating these folks, these organizations, was nearly impossible. I do see where I'm going to. Once I get that fixed. I'm going to move my camera over to the right so I'm not in there since that video or the chat needs to be a little smaller. So. Okay, some notes, some notes, some notes. We are coming up on the bottom of the hour so I can find one more quick question. I've already answered that one. Forgot to star it. Start, start, start, start, start, start. Forgot that. One last question. As we talk about growth, how do you see barricade cyber solutions evolving over the next two years and will and in which areas of cyber security? Best wishes always. That is something that's going to take a lot longer than we have time for at the present moment, but I will take that and maybe do a one off video on that one. So, Yes, I do use open cti, but that is not a sort, that's not a threat intel, that's a collaboration platform. So you're pulling from like DFIR reports, you're pulling from Alien Vault. You're from just everybody and putting it together into one platform. So you're, you're truncating. Not truncating. Your. The proper word is escaping me at the moment. Aggregating. You're aggregating all the data from your various different sources into one platform. So I essentially pull in from like 13 or 14 different feeds. But the open CTI is a very good platform that I do thoroughly, thoroughly enjoy. All right, ladies and gentlemen, thank you all so much for tuning in. I do greatly appreciate it. It, like I said, it is the bottom of the hour. It's been a pleasure join stepping in and chatting with y' all for 30 minutes. I will see y' all on Tuesday. I won't be here for jawjacking on Friday. Got some other items going on, but I do greatly appreciate it. Again, if you enjoyed this, please, please, please, please go out there and tell somebody about everything that Jerry's doing. The rest of the community is doing. Bring a friend, you know, bring a friend with you tomorrow, like, hey, come check this show out, right? And help the, help the channel grow a little bit. Share it out like it, subscribe it. If you're feeling extra generous and you're on. I see you driving down the road listening to the audio version. Can you Give this thing 5 stars on the audio. Can you do that? Greatly appreciate it. It'll help the platform go a lot further. Until next time, stay curious.
Dr. Gerald Ozer
Hey everybody, I hope you enjoyed that content. Keep the cyber security train going by connecting with the other Simply Cyber community resources. We have the Discord server that's lively and always keeps the conversation going. You can connect with me directly on LinkedIn and also every single weekday morning on the Simply Cyber channel. We're doing live daily cyber threat briefings 8:00am Eastern time, as well as Thursday at 4:30pm we're doing live stream interviews with industry experts and we produce videos that we push out every Wednesday morning. I'm Jerry from Simply Cyber. I hope you enjoyed the content and we'll see you in the next one.
Date: February 19, 2026
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Co-host/Jawjacking Host: Eric Taylor
Main Theme:
This episode delivers the day’s top cybersecurity headlines, offering expert insight, community engagement, and actionable discussion targeting industry insiders, analysts, and business leaders. Dr. Auger breaks down technical news into lessons on risk, governance, and practical defense while blending humor and encouragement for cyber practitioners and newcomers alike.
Community Building:
“If you're a first timer here... drop a hashtag first timer in chat. I want you to know this is a safe, awesome spot.” (03:27)
CPE Credits:
Sponsors and Promotions:
“The channel has to be funded... the sponsors help.” (06:29)
Theme Segment:
Summary:
A bug in Microsoft 365 Copilot was found summarizing confidential emails, sidestepping sensitivity labels and DLP policies.
Analysis:
“All the toothpaste is out of the tube already.” (13:00)
“We’re not really doing a lot at the data layer... if some processing happens that’s outside our environment, then that’s a problem.” (16:40)
Key Takeaway:
AI features introduce new risks—evaluate what systems and data you expose to them.
Summary:
Shiny Hunters claim theft of 1.7M corporate records from CarGurus, threatening data leak.
Analysis:
“Voice phishing to obtain single sign-on codes from Okta, Microsoft, Google users... they're not breaking in, they’re logging in.” (18:31)
“If you’re still ... looking for next hacksaw attack, you should be looking for that. But... look for conditional access, inconsistent patterns.” (21:00)
“Least privilege, my guy. When a new person starts... don't give them 30 years of accumulated access!” (23:37)
Key Takeaway:
Modern breaches often exploit login, not break-in—focus on identity monitoring and least privilege.
Summary:
Texas alleges TP-Link routers, manufactured in China, enable exploitation by state actors.
Analysis:
“We can definitively look at firmware... so we can tell if this is true or not. Now what I think is happening is political.” (29:29)
Key Takeaway:
Scrutiny of supply chain security is increasing, but technical evaluation should drive conclusions—not just politics.
Summary:
A 9.8 severity flaw allows account hijacking and camera access via an unprotected API.
Analysis:
“This is supposed to be off-network... Not anymore.” (32:14)
Key Takeaway:
Always segment IoT devices and never expose them directly to the internet.
Summary:
Spanish police arrest a man exploiting a payment system flaw for near-free luxury stays.
Analysis:
“You would just change the price in the source code... there was no validation. People were wholesale stealing.” (47:00)
Key Takeaway:
Payment system validation must be server-side to defend against tampering.
Summary:
A campaign uses RATs hidden in protest media to surveil supporters and activists.
Analysis:
Key Takeaway:
Dissidents globally face advanced malware; secure communications and device hardening are critical.
Summary:
Mandiant and Google report a hardcoded credential flaw exploited by a China-linked group, yielding root access and persistence.
Analysis:
Key Takeaway:
Critical to patch promptly and hunt for compromise if using the affected Dell solution.
Summary:
A court is told the FBI affidavit for a high-profile election office raid was based on mischaracterized and outdated claims.
Analysis:
“This is 99.8% not a cyber story and absolutely a political story.” (58:58)
Key Takeaway:
Not every “cyber” headline is truly about technical security—don’t get distracted by noise.
Host: Eric Taylor (“Jawjacking” co-host, Barricade Cyber Solutions)
OBS/Stream Setup:
Engages with the community about his streaming and technical setup.
Imposter Syndrome & Career Growth:
Addresses questions about making mistakes after years in a role:
“We all make mistakes... The thing you must always remember is to make sure you learn from your mistakes.” (73:24)
Getting into Digital Forensics:
Suggestion:
“Get to be a system admin, network admin. You're looking in logs a lot... If you find interest in literally digging in logs, digital forensics may be for you.” (75:40)
Mount Rushmore of Cybersecurity:
Rather than individuals, Eric follows strong organizations (Mandiant, Unit 42, Red Canary).
Recent Notable Threat Actors:
Calls out 0apt for attention-seeking tactics and Ransom ISAC for contributing threat intel.
Tool Mention:
Endorses OpenCTI as a threat intelligence aggregator.
Dr. Gerald Auger (AI/Confidential Data):
“The AI got access to these emails... Did [the org] even want co-pilot to have access to things? ... I want people to be thinking about those type of issues with AI.” (16:40)
Dr. Gerald Auger (On Shiny Hunters TTPs):
“Threat actors are not breaking in, they’re logging in.” (21:00)
Dr. Gerald Auger (IoT Security):
“Security is on one side, usability on the other... the more usable, the less secure.” (34:57)
Eric Taylor (Mistakes in Cyber):
“To err is human... If you're not learning from your mistakes, you're not growing.” (73:24)
The episode provided both solid technical news breakdowns and practical risk mitigations, especially regarding AI security, credential theft, supply chain risk, and IoT exposures. The informal, community-driven style, peppered with humor and pop-culture nods, makes for an inclusive and energetic daily cyber run-down.
Key Takeaways:
For full community engagement and bonus content, tune in live at 8 AM ET or participate in chat at https://simplycyber.io/streams.