A

All right, what's good everybody? Good morning. Happy Friday. How are you? Welcome to Simply Cyber's daily Cyber Threat Brief podcast. I AM your host, Dr. Gerald Ozier, coming to you live from the Buffer Ocean Flow studio. If you want to stay current on the top cyber security news stories and do it in a way that absolutely makes you a boss cyber security professional while expanding a professional network of like minded, really, really great professionals in your circle, then you are in the right place, my friend. We do it every single day at 8am Eastern Time. Today, February 20, 2026 is no different. Buckle up, get your coffee, get ready because we're about to cook like a bunch of Swedish chefs, you know what I mean? Bjorg. Bjorg. Bjork. Bjorg Bjork. Yeah, that's right. Swedish Chef reference in the house. That's what we're doing. Good morning everybody. Hey, DJ B sec. Coming in from H Town, Ross the Boss, Dennis Keith the Osint master, Marcus Kyler, Marcus from the Detroit Yeet Crew, of course. I'm sure somewhere in here Toasty Pops in the Kansas City connection are representing, of course, Phil Stafford, Elliot Matice and the San Francisco Sound Machine. Coming in hot, Steve Young. Not coming in hot, coming in ice cold. But the curling is delightful. Guys, we are going to be going through eight of the top cyber stories of the day. And what I give you is additional insights beyond the headlines with the intent of giving you value that you wouldn't get anywhere else. You're not going to get in a textbook, you're not getting in a classroom, you're not going to get it in a 240 character tweet. Nope. We go hard into the paint here on Simply Cyber and that's what we're doing. And I got news for you, of the stories we're about to review, I didn't research or prep for any of them. Ain't nobody got time for that. So if you think that I've like curated this deep dive of knowledge expansion based on the stories I got up at 6am and like been working in the dark like, no, that's not what's up. I'm a live wire. I'm an expensive exposed nerve and I'm just coming full steam ahead with hot take Scalore. So get ready for all that now. One, one thing that you might not believe is that I am a qualified cyber security professional, which means I can run instructor led webinars, which means this particular show is worth continuing professional education credits. Which means, and here's the payoff, right? What's the impact of all this crap you're saying, Jerry? The impact is that you get a half a CPE for being here and being part of the show today every single day. So you can get up to 120 continuing professional education credits a year for $0. Okay? No registration required. Just show up, say what's up in chat. Grab a screenshot, there you are part of the show. Include the title of the episode because it has today's date and today's episode number and you are locked and loaded. Now, you regulars here, you know what's cracking. You know the routine, you know what we're doing. But we are always welcoming newcomers in the chat. So yeah, haircut fish, I actually woke up at midnight and 3am and 6am My other dog is having a little bit of tummy troubles and we're working through that. But hey, listen, all my friends, old friends and new friends alike, Hashtag first timer in chat. If. Listen up. If today's your first episode, whether it's your first episode live, you've been Team Replay. It's your first episode video, you've been on audio podcast apps of choice. It's your first time in a long time. You went away for a bit, now you came back for whatever reason. Everybody's got their own bag. Drop a hashtag first timer in chat. We love welcoming our first timers. And, and if you're a regular, you know this, you know the routine. And by the way, first timers, it's not to call you out. It's not to make you feel anxious or nervous. It's not to activate your imposter syndrome mechanism. It's literally to welcome you and make you feel comfortable and understand that this is the baseline vibes that we are doing here at Simply Cyber Ryu. Sex says first time today. We'll count it. Welcome to the party, pal. Hey, There we go. USS Raycraft first timer. Welcome to the party. USS Raycraft squad members, if you can drop John McLean emotes USS Ray Craft. You're about to see John McLean welcoming you to the party, pal Lionheart 33. I'll repeat it again. So everybody listen up. If you missed how to get the CPEs, this is an instructor led webinar. I do not send a certificate out because I don't make you register for it. I'm not capturing your demographic data. I should be, but I'm not. Maybe we'll. We'll put a system together where I can. You can register and I'll email you certificates of completion. But that's. That's hard. And we're. We're looking for smooth here. Okay, Lionheart, say what's up? In chat. You will appear directly above my head in the chat. Okay? Say hi. Grab a screenshot. Push the print screen button on your keyboard. Take a screenshot that's large enough to include you saying, what's up? The show title here. And on YouTube, you see where it says the title of today's episode? February 20, 2026, episode 1072. I think it is. 1073. Yeah. 1073. That is a. A graphic. I mean, it's a screenshot, right? It's a jpeg, png, whatever, gif. Put it in a folder on your desktop every day. Do it at the end of the year. You might have 200 photos, 200 screenshots. Whatever it is, count the number of files you have. That's how many episodes you attended. Each episode's a half a CPE. So divide by two. If you came 200 times, you have 100 CPEs. Then you submit to the C certification body that you have a certificate with. Right? Like if you have sec plus, if you have cisp, if you have system like whatever, you submit your credits. And then if they say, we don't believe you provide evidence, that's where the screenshots come in. I hope that's crystal clear for everybody. All right, so we got the. Oh, hey. Every single day of the week has a special segment. And Fridays is James McQuigging jokes of the week in the dad variety Japanese arcade here for the first time. Welcome to the party Japanese arcade. I love it. I love it. All right, so stay tuned for jokes at the mid roll. Of course, we have jawjacking panel at the end. Only a half hour. I am keeping the. I'm keeping the jawjackings to 30 minutes. There's just it. We got to keep it tight. Well, before we get into the show, I do have to say thank you to the stream sponsors because, you know, I don't make you register. I don't make you do any of that stuff. I don't charge you. I don't pay while I don't gatekeep. But I do need to fund this program and the generosity of the sponsors is how I do that. Now, I personally vouch for these sponsors. Good people, good products. Worth looking at. Foreign. Let's start with anti siphon training. Many of you know that they're a sister organization to Simply Cyber. We do a lot of things together, and I want to call your Attention to cyber security foundations. Now this is a 4 day, 4 hours per day, 16 total hour training next week. So it starts on Monday and goes through Thursday. You can take this training live for as little as 25. If $25 is too much for you, that's fine. No one's going to judge you. You can take this course for $0. John Strand, who is the leader at Black Hills Information Security, runs this course. This course uses VMs. You get practical hands on skills. This is not classroom talking, talking head stuff. This is lecture practical skills hands on explanation of why it impacts you resume bullet onto the next month module. You do get a 16 CPE certificate of completion. And you can do this all for $0. Okay, go check it out. I'm telling you whether you're trying to break in and just started or you're trying to like just like refresh your skills, this is a great course. Plus John's a lot of fun. And bonus, you'll never see this in the ad copy for the landing page here, but there's tons of people who are taking the course with you. You can make new friends, you can build your professional network, you can build relationships. So don't sleep on that. I also want to say holla to Flare. Flare. Simply Cyber IO Simply Cyber IO Flare. Give me one second, I gotta bring up a. A video. I have to do it through Google Drive so I can play it in a Chrome tab. Come on computer, I don't have time for this. All right, here we go guys. Flare, Flare, Flare. Threat intelligence platform. Come on, dude, I'm getting like a. All right, here we go. Flare. Threat intelligence platform provides you access to dark web material. Telegram channels, info, Steelers key loggers, all the information. Threat intelligence. For you as an analyst, dude, this is a force multiplier. If you would like to check this platform out for two weeks absolutely free. $0,0. Commitment,0. All the things just pure value. Go check this out. It. If you go to Simply Cyber IO. Flare. Simply Cyber IO Flare. Get this landing page. This is a page to fill out so you can be verified when I tell you that this platform is sick. What I'm telling you is the in the, the information in here is leg. This is real threat information. This is real dark web information. This isn't playful fufoo stuff and speculation. This is what the bad guys see. So obviously Flair wants to make sure that wannabe punk bad guys don't get access to this stuff because there's like real passwords, real compromised domains, real everything, Valid session tokens but dude you can find out that like you're hey Carl in accounting his computer's got an info stealer on it that we had no idea but we found it on Flare. And part of the thing is Flare's value is that not only do they do all the dark web crawling and telegram channel crawling, they got all the information. Their interface is wicked intuitive so you can quickly pivot. I'm telling you right now you get a two week trial. I trialed it for three days and I was sold on it. So two weeks is more than enough. Go check it out. I know several of you in chat are using or have filled out the form to check out Flare. I know one of you has been verified. So I'm looking forward for his particular, I guess opinion of it without any influence of me. So definitely all about that. Guys final sponsor before we hit the mid roll. I mean before we get into the news. Threat Locker. I'll be at Zero Trust World alongside Kimberly can fix it. Kathy Chambers, James McQuiggin, FedEx. I think real Bilbo is going to be there. Dennis Keefe, you were there last year. I don't know if you're going this year. We got a lot of people going to Zero Trust World. The food is great, the parties are cool, the knowledge is awesome, the training is amazing. And we're doing the daily Cyber Threat Brief live from the show floor. But let's hear from Threat Locker and then I'm going to melt your face. Japanese Arcade I want to give some love to the Daily Cyber Threat Brief sponsor. Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero Support Team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com dailycyber. All right, all right, all right. Well hey, do this for me everybody. Mara Levy. Sorry. Mara. Mara Levy. Dennis Keefe. Find the true two port Zero Mondo Avilia. I need you guys to do me a favor. Japanese Arcade here for the first time I need you to do me a solid. I need you to lean back, relax and just let the cool sounds of the hot news wash over you in an awesome wave. I'll see you all. Ah, you got a Patrick. That was a misfire. Sorry. The button I needed to push was directly above that computer. Give us the news. From the CISO series. It's cybersecurity headlines.

B

These are the cybersecurity headlines for Friday, February 20, 2026. I'm Steve Prentiss. CISA orders urgent patch of Del Flaw. Following up on a story we covered yesterday. CISA has now ordered government agencies to patch their systems within three days against a maximum severity del vulnerability that that has been under active exploitation since mid 2024. This CVE numbered hard coded credential vulnerability in Dell's Recover Point, which is a Solution used for VMware Virtual machine backup and recovery, is being exploited by a suspected Chinese hacking group tracked as UNC6201. It is being used to deploy several malware payloads, including a backdoor called grimbolt, which uses a compilation technique that makes it harder to analyze than its predecessor, the brickstorm backdoo Android mal. Where are you?

A

Brickstorm? More like Storm. Huh? Am I right? Am I right? I do want to say what's up to all the kids in the chat. For those of you who don't know, we do have many cyber professionals, but this is a family friendly show and several of you are actively in the kitchen right now, whipping up some eggs and toast, maybe getting your coffee going, filling up the kids water bottles and it's a family experience, listening to the daily cyber threat brief. So for the kids in chat, shall we play a game? All right. Hey, so check it out. See, so orders all federal government agencies to patch this Dell flaw. We did talk about this Dell vulnerability yesterday. Dell makes a lot of products. I've never heard of this product before, but it's Dell Recover Point. Okay, Dell Recover Point. I think it's like Veeam, which is a very popular kind of backup. VMware or not VMware, like a very popular virtualized backup solution. I. I've used Veeam. It's very nice. So if you're running Recover Point, absolutely gotta patch it. Number two, they know the malicious payloads that are being deployed once exploitation occurs. So if you, if you do have this tool and it's not been patched and you patch it since it's been actively exploited for two months, you. You do owe it to yourself to do a little bit of threat hunting. Go look in your environment, see if you have the indicators of compromise, also referred to as IOCs, for this brick show or Whatever. It was. Brick. Brick Grimble. Brick. I think it was Brick Show. Brick Storm. Yeah. Sleigh Style. And Brickstorm. Jesse. Jesse Johnson might be behind the UNK 206201 threat actor family with the Sleigh style malware. But anyways, you want to go look for these, you don't have to exhaust yourself because it's impossible to prove a negative. So if you're not infected, you know, you could look forever and not find anything, of course. So, like, so obviously patch it. Ah, you gotta patch it and then do a little threat hunting. Now this guidance for CISA is directed to all federal agencies because CESA can't tell a private business that they've got a patch it. You know, there's been like, only ones that I ever know. Did the federal government ever intervene? And it was like a few years ago, you can Google it. But the FBI went out and patched like, everybody's exchange server, which was a very dicey. What? Hold on. No, no, no, no, no, no, no, no, no. Okay, so DJ B SEC fact checking me live on stream and nailed it. This has been actively exploited for two years. So now let me. Okay, so let me tell you guys two things. Everything I said is accurate. But. But going threat hunting is going to be difficult because chances are, unless you have money for days, right? Unless you got straight cash, homie. Unless you got straight cash, homie, you do not have logs going back two years. Believe that? Okay, do you? Like, if you've gotten the butcher's bill from Splunk on your log size, there's no way you're holding two years worth of logs. Okay? So go threat hunting as best you can. Of course. That's gross. What? I will. The one thing I want to point out here that like, again, my big. My big claim here is that I will give you insights and that you're not going to get from a textbook or a classroom or whatever. This right here is very interesting to me. Very interesting. And I hope it's interesting to you as well. SISA ordered them to patch within three days. Okay, listen, in the world of federal government, three days is unbelievably fast. Like, I have never seen that come out that fast. Right? Like, normally, normally they give him 30 days. Okay? Like, Sisa found something gross. They have 30 days to comply. Even Joe Biden's presidential executive memo a few years ago about, we're going to secure all the things like zero trust architecture, this, that, and the third, and add MFA even. That was like 90 days to plan 180 days to implement, which is at the time it's like ridiculous. You cannot implement a zero trust architecture in 180 days. But, but the point is they were giving them months and months and months. This right here, three days. If you want to read between the lines, what this is saying is that China, allegedly, okay, or, or China Nexus related threat actors, whatever, it's probably China, right, Is actively crashing doors. Like, this is the equivalent, okay, this is the equivalent of like there is an active Bonnie and Clyde running around robbing banks. Like right now, banks are getting robbed. Again, this is a analogy. They're not robbing banks. Like, I'm just making a point. Like there's like an all points bulletin for a very active threat actor that is very successful in exploitation and obviously they're getting deep. So you gotta patch it in three days. I, I, I'm telling you, I've never seen this, I've never seen this quick of, of a requirement. Now, I do want to point one final thing before getting off this story. I also want to note that like sisa, I've never seen SISA have any teeth whatsoever. So let's just pretend that I'm the Environmental Protection Agency, right? I'm the EPA personified. And I'm walking around talking about Captain Planet and how, you know, oil, you know, like oil spills are gross and everything, EPA for days. And I'm running this Dell recover point and I don't have time to patch it in three days. Ain't nobody got time for that. What, what's, what is CESA gonna do? Like, I've never ever seen any type of punitive or civil criminal. Like, I've never seen any punishment ever come from not complying with this order. It says CESA orders. Now, that doesn't mean someone doesn't get fired. But, but what I am saying is

B

I've never seen it uses Gemini to navigate infected devices According to researchers at eset, the first Android malware strain that uses generative AI to improve performance once installed has appeared. But this may just be a proof of concept. The goal of the malware named Prompt Spy, is to deploy a VNC module that hands hackers remote control of infected devices. End quot ESET says it comes with capabilities to instruct Google's Gemini chatbot to interpret parts of the device's user interface using natural language prompts, which allow the malware to examine the user interface. This then informs the gestures it needs to execute on the device in order to keep the malicious app pinned to its Recent Apps List eset found versions of PromptSpy uploaded to VirusTotal in January with the Gemini assisted strains submitted from Argentina.

A

All right, hey. All right. Hey, really quick. If you didn't know this, I'm sorry. This is awesome. I. I learned this just the other day. I see a lot of people in chat singing the Captain Planet song. Allow me. Because it's a Friday. Allow me, like, five seconds on this. This is Captain Planet, okay? This was like a TV show in the 90s. I learned this fun fact recently, and Jay Crypto is probably gonna talk to me about this one. All right, so this is a cartoon. It was. It basically was kind of imaged as, like, you know, hey, let's get serious about climate change. And like, all the bad guys were like, oil tycoons and, like, you know, fracking guys. Like, they weren't like, arch nemesis with superpowers. They were just industrial, greedy, corporate, you know, scumbags, right? And each one of these kids was like, all about, like, you know, Earth and. And climate change. This show was literally designed. This is what happens when wealthy people get spiteful. Ted Turner started Captain Planet because he lost $300 million to an oil lobbyist, and he's like, you know what? To heck with the oil industry. I'm going to make a cartoon that just absolutely dumps on them and gets everybody really angry at oil barons. Like, so Captain Planet did you know was a, like, literally designed as a spite show? That's like, I'm. Dude, I can be spiteful. That is next level. Okay, so Android malware. Hey, Gadget doc with the 20 gifted subs. Thanks, Gadget Dog. Did we just become best friends? Yep. All right, so listen, Gemini AI, it doesn't matter if it's Gemini today or tomorrow, the next day, they are getting smarter. They're able to be multimodal, which means they can see, they can interpret, you can send them screenshots, and they can read the screenshot. No longer need to, like, translate everything to text. Malware's using it, dude, for. For devices that are just all screen. That was very difficult to. To navigate with malware. Not anymore. Again, this is. It looks like this is early research. So, you know, kind of contained limitations, contained situation, contain use cases to demonstrate it. But I would argue that this is an indicator of a direction that malware could go. I'm not surprised. Dude, AI will do whatever you ask it to do, and you can easily kind of trick it or dupe it into breaking through its guard rails. Also, dude, you can roll your own LLMs. It's not easy to do, but you can spin your own and then you just remove the guardrails and then it'll do whatever you want. This is just one of the dimensions that I'm, you know, concerned about in this brave new world where AI is like, basically in everything. Android malware relies on taps, coordinates and UI selectors to execute tasks. This particular malware submits natural language prompt to Gemini with an XML dump of the device's current screen settings, and the chat bot returns JSON instructions for what it's to do as far as what to click on on the screen. Very interesting, very cool. I would say this is a fascinating area of research to do. If you're. Look, if this, if this particular story piques your interest, like, if you could get passionate about it, you could spend hours and hours and hours and hours on it. I would recommend checking out this because this is definitely like a new. It's not a new wave of malware, but it is a new capability that will make malware more effective. Phil Stafford saying they did find a distribution domain, so it may not just be research. Yeah, I'm not surprised, you know, but guys remember this too. Like, I'm not taking away from this, but like, malware, even today, like, or let's say 2020, right before AI became like the rage malware in 2020. Just because you get malware onto an endpoint or a phone or something doesn't mean it's going to detonate successfully. I've had malware, I've had IT administrators in my environment download malware and execute it, and the malware did not fire correctly. Okay. So, like, there's a lot of complexity, you know, like every endpoint's kind of configured differently, different settings, different, all these things, different versions, the malware. This is why, like the NSA and like, you know, the Chinese top level, like NSA equivalent operators in the Russian GRU operators, it's why they're so effective. They can write malware tooling that is very robust and can handle multiple failures and situations. That's what makes them so good. So again, like, I'm not saying that you should ignore this. I'm just saying that, like, you could have this on your device and it could still crap on itself and not work correctly. But it's an interesting area to give consideration to and one that you might want to just casually drop in a job interview. Oh, did you see? Did you hear about this? Because everybody talk. Here's the thing, everybody's talking about using AI to Like basically facilitate the, the kill chain faster. This to me is like a kind of a novel way of using AI to help the kill chain. That's different than just like making you do the regular things you do faster.

B

Half of all cyber attacks start in the browser, says Palo Alto Networks. According to their 2026 Global Incident Response Report, which analyzed 750 major cyber incidents across 50 countries in 2025, 48% of cybercrime events involved browser activity. The report identifies, quote, phishing, malicious links, credential harvesting pages, spoofed websites and even click fix, end quote as browser enabled tools. Among its 10 recommendations. Use a password manager and an ad blocker. Switch to an anonymous search engine like DuckDuckGo and be wary of AI browsers.

A

New all right, two things. 1/2 of all cyber attacks start in the browser. Yeah, dude, this in my opinion anecdotally it's because like Everybody is using SaaS apps. Sassy. Sassy, right. SaaS apps which are browser interfaced. I mean you can do APIs and write your own scripts. But let's be real. Carl, my aunt Dorothea, my cousin Pat, you know, your kids, your aunts, your uncles, your wife, your kids, hide your wife, hide your kids. They're all using browsers, man. That's the way that the Internet is used today. Think about vibe coding. People are vibe coding web apps all over the place, right? Office 365, Google Workspace. They're, they're browser based experiences. So of course a majority or you know, 50%. I would, I would argue it's probably higher than 50. They say 48 involve the web browser. Half of them are in the start in the browser. It's, it's a huge attack surface. I'm telling you right now, like whatever is hot, whatever's hot that Hansel's so hot right now, whatever is hot is where threat actors are going to be because it is better for them. From an economies of scale perspective. If I can spend one hour making a tool or malware or you know, researching or whatever and I'm researching some obscure real time operating system or I'm researching Windows, which one do you think I'm going to get more value from? The Windows one, obviously. So because there's so many people using browsers, threat actors are, you know, looking at browsers as a attack surface. Now they said some of the best practices here don't use AI browsers, et cetera, et cetera. I don't know about that. That's still early. I would argue like AI browsing I'm not ready for AI browsing. In fact, Karn back here, my Open Claw instance, he doesn't get access to my sensitive things. Everything's compartmentalized. But you know, there were some best practices in there, including using password vaults. Oh, by the way, as an update. As an update. Well, number, number two, just be aware, half of all attacks start in the browser. This is so true. It's just because the browser is the attack surface. Make sure your workforce keeps their browsers updated. If you could centrally manage updating and patching the browsers on the devices, do it. If you can do posture checking of devices before they connect to your environment, if you have that control in place, it's a little bit more advanced. But essentially you plug into the network, you get on the wireless, and it evaluates your policy or your configuration. And if you're not, you get shunned to some type of like guest network. And if you're meet minimum requirements, you get put on the main network. These type of things are good. Maybe you can include the browser version there. Just educate your end users. All right, number two, they mentioned password vaults. As a follow up from yesterday or two days ago, there was re a new story about how Bit Warden. How about a bunch of password vaults got evaluated and bit warden had 12 vulnerabilities and it was the grossest one. Okay, I run Bit Warden, so I obviously did some research on it. Okay. Number one, the TLDR is. Bit Warden's fine. Okay, Bit Warden's fine. Number two, just to double click into this, Bit Warden hired the researchers to evaluate the tool itself. So it wasn't like some threat actor found it and they were like, oh my, my hospital gown isn't tied in the back. Like, they literally brought him in for pen testing. Number three, the conditions were set up in such a way that the threat actor or the pen testers had access to the environment. Okay. Four, they weren't able to get into the. They weren't able to get your passwords. Okay, so like, on balance, Bit Warden's still fine in my book. Okay, do your own research. But for me, I'm okay with Bit Warden.

B

Commercial grade phishing kit bypasses MFA named Starkiller.

A

But really quick. Starkiller. That's such a cool name. Original name for Luke Skywalker. If you did not know fun Star wars fact today on Friday, the original script called for their names to be Starkiller. So Luke Starkiller, Anakin Starkiller. It's actually why they named the the second Death Star in The like the new series Starkiller base, it was a. A nod to the original work related

B

to the Red Team penetration testing tool of the same name. This kit is distributed on the Dark Web in a software as a service model, including subscription updates and customer support. Whereas most other phishing kits use HTML clones of a victim's login page, starkiller launches a phishing site through a proxy operated by infrastructure it controls, which makes it indistinguishable from the real login portal being used as a template. Because starkiller proxies the real site live, there are, quote, no template files for security vendors to fingerprint or block list, end quote. This also enables it to bypass MFA because, quote, the targeted user is authenticating with the real site through the proxy, end quote.

A

All right, so this is cool. They didn't say it, they didn't say it in the story. I don't know why they didn't say it. But this is, this is man in the middle attack. This is adversarial in the middle attack. Basically you're logging into the base. The base, you're logging into the website and the, the person is standing in between you. Okay, that's it. And all the traffic's flowing through them. So the equivalent of this is like you go into the ATM and putting in your PIN code and money coming out. But the threat actor is standing there and you're telling the threat actor the pin. The threat actor is typing the PIN in and then the threat actor is basically telling you what the screen says and you're oblivious to it. This is pretty, this is pretty good. It says MFA bypass because essentially it's not really bypassing multi factor authentication. I feel like that, that's a bit of a misnomer. What, what it's doing is you are basically using your username and password and your multi factor authentication, and they're in the middle and they're going to steal your session token as it passes through them. Also, I mean, for what it's worth, that MFA token is going to be valid for 60 seconds. You're, you're giving them your username and password and your MFA credentials so they could quickly log in themselves into the app anyways and get their own instead of stealing it. I'm not entirely sure how you protect from this, by the way. They, it's so funny. There's certain things they just said differently. So the tool is distributed on the dark web as a software, as a service. Yes, it typically, they refer to this as malware as a service. But malware is just software. It's just designed for evil intents. It's called malware. All right, getting into the technical details, it's launched as the headless Chrome instance and gives the user no reason for suspicion. So it starts with a phishing email to look like a legitimate alert coming from a Google or Microsoft. I would assume there's a little bit of an opportunity here that the phishing email domain name, of course like you, you might not see it, but the domain name is not going to be the legitimate site. It's going to be the threat actor controlled infrastructure which will then like, you know, 301 redirect you to the legit infrast, the legit website. But you do have an opportunity there for a hot minute. Yeah, again, I don't know what a Headless Chrome instance looks like, so you probably don't get the app in your docking station, but you do see a process which you're not necessarily going to get. This one's a tough one. Educate your end users on. Basically what I would do here with this one is number one, you got to protect people from phishing emails if you can. If you can find out where the domains are for this infrastructure, the Star killer infrastructure, you could block it from being even delivered to your workforce. Then if it gets delivered to the workforce, having them educated on being concerned about phishing emails, emails that are delivering some level of urgency or alert or concern, something that's designed to emotionally charge you to take action. Number three, you know, once they get into your account, you're screwed. Right. So there's that. Hopefully people from a detection. So everything I've said so far is protection. If you want to get onto the detection side, having alerts set up around anomal anomalous logins because the threat actor is going to log in. Right. Just because they're standing there doing their thing and you're logging in, they're going to get your credentials and your token and your MFA or whatever. If they're going to log in, that, that's going to ca. Unless they do some type of VPN and they're coming from where you are, which is like over the top, there might be opportunity to detect an anomalous login. If you guys get emails where like you're like, you get a new computer and you log into all your stuff and you get all these email alerts like suspicious login or new device login, have those configured and look out for them. But this isn't good. This, this seems like One of the ones where like law enforcement's gonna have to get involved. So Roswell you. I mean BW5542 is asking if pass keys would help prevent this particular attack. That's a good question. I do believe a passkey would a pat. I like pass keys in general because they're not passwords. But just my initial thought on this, and if anyone in mod chat or chat has a thought on this one, I don't think pass keys would block this because you are effectively you are logging into the website, the victim is logging into the website and the person is just in the middle so they can grab your session token after authentication occurs. So that's not good. They're not really. The point of this attack isn't to steal your password in your mfa, it's to steal your session token and have an authenticated session into like whatever the, the, the SaaS app is. Netflix, Chase, bank, whatever. So I don't think a passkey is going to do you any good on this one. And no one's doing like IP explicit logins for like Netflix or something like that. You know what I mean? All right,

B

Huge thanks to our sponsor, Conveyor. Most of what Conveyor automates is boring. Like really boring. Security questionnaires, customer requests for things like your SoC2, all of their follow up questions, answering tickets from your sales team. But you know what's not boring? Alteryx using Conveyor to support over half a billion dollars in enterprise deals with a small four person team. All they did was set up an AI trust center and use Conveyor's AI agent to complete the questionnaires. You can learn more@conveyor.com that is C O N V E Y O R.com

A

all right, let's do it. All right y'. All, we are at the Mid roll. May I welcome you to the mid roll. I am your host for the mid roll, Dr. Gerald Ocean. Guys, shout out to all of you. I love seeing the helping, love seeing the support, love the simply cyber community and what you guys are doing for the community. I, I may have, you know, kind of built the, the foundation but you guys are building the buildings on top of that foundation. Shout out to the stream sponsors, Threat Locker, Anti Siphon, Flare and Material Security. Now if you haven't heard of Material Security, I'm glad that I get to introduce you to them. Cloud Workspace is more than just email. So why does your security stop there? Material delivers complete protection for your Google Workspace and Microsoft 365 instances which are two very popular options. And it goes beyond perimeter defense to secure your email, your files, your accounts across your entire environment with advanced AI detections and automated threat response material. Correlates signals across the workspace to identify risks that others are going to miss. It protects sensitive data in your inbox and shared files. It monitors account access and third party apps. That sounds like it would be pretty good in certain situations looking at you. The result? You mature your security posture and scale protection without adding headcount. All at the cost of traditional email security. So you get more protection, better value. You don't have to add an FTE or make a case for a labor increase, but you get more secure. So if you're ready to secure your workspace or at least evaluate it, go to simplycyber IO material and learn more links in the description below. As I mentioned, as I mentioned, stream sponsors, go check them out. I. I do vet these groups. I gotta tell you, as a real quick aside, now that we've done the ad read, I had, I had a sponsor reach out to me yesterday. I was like, no, no, zero. Nope, nope, nope, nope. Not gonna name them. I'm not gonna. Shame on them. But no. All right. Hey. Every single day of the week has a special segment. And Fridays, I'm very pleased to announce, has long been, probably going on two years now, James McQuiggin's dad jokes of the day. James McQuiggin, at 35, 000ft, is a fixture in the Simply Cyber community. You can see him at conferences all over the place. He'll be at Zero Trust World in early March if you want to get a sighting, maybe take a picture with him. He's a good guy. He's bubbly. You can't miss him. He radiates energy like the sun. And he delivers us jokes every Friday. Now get ready to groan. Okay, you might want to hold on. You might want to stretch out. You know what I mean? Get. Get a little stretch in because the groans are going to be real. I don't read these jokes in advance. You're getting them with me in real time. Here we go. Here we go, James. All right, so I guess this week's jokes has to do with farm apparel. Farm apparel. Here we go. What do you get when you cross an angry sheep with an angry cow? You've got an angry sheep over here and an angry cow over here, and you mush them together. What do you get? Two animals. All right. Okay. You get two animals in a bad mood. I got lightheaded from that one. Okay, two animals in a bad mood. Why did the farmer try a career in music after an unsuccessful harvest? Listen, farmers in America right now are pretty upset with the tariffs and like, soybean futures and all that other stuff. So some of them are looking to for a career in music. Do you know why? Because a lot of farmers have some sick beats. Oh, wow. I wish I had the DJ horn thing. Nice job, James. And finally, why is running a dating service for chickens? Things I never thought I'd say. Why is running a dating service for chickens a bad idea? Do you know why running a dating service for chickens is a bad idea? Because you will struggle to make hens meat. I. I have a couple buddies who tried running a dating service for chickens. They could not make hens meat. Could not make hens meat. All right, ladies and gentlemen, that is your James McQuiggin at 35,000ft jokes of the week. He's got dad jokes for days. He stays, he stores them in his dad a base. And if you're not sure, check with James. He will gladly share as many as you want. Also, honorable mention from Michelle Khan, who has a kilobyte of dad jokes book that he doesn't talk about often. But yeah, he's got one too. All about good times. All right, guys, let's finish strong, shall we?

B

France's national bank account database suffers a cyber attack. French authorities have confirmed that a malicious actor illegally accessed a portion of the country's national bank accounts file known as FICOBA F I C o B A, which records all bank accounts in the country. The bank account database consists in general, of more than 80 million individuals. And in this attack, it is believed that 1.2 million accounts were impacted. It is said that the hacker impersonated a civil servant whose credentials allowed access as part of interministerial information exchanges to query part of the database. A representative said that the file contains a list of bank account details, but does not provide access to the accounts themselves, nor to account balances, nor to transactions.

A

All right, so, all right, two things here again, because of time, I'm going to fast track this one a little bit. Hacker impersonated somebody, got in, dumped a bunch of metadata of French bank accounts. 80 million bank accounts. It wasn't account balances, it wasn't passwords. People are not stealing money. This is recon for very successful, potentially very successful phishing attacks. Guys, the reason that people rob banks is because that's where money is. If I was going to be a criminal, this is a great recon. Right, Find out who's set up bank accounts, find famous people, find their bank account number, send them a phishing email, rinse, repeat. Okay, so it sucks. Be on the lookout. The thing I want to point out here is in 2026 I'm stealing this line, but I'm gonna start using it all the time. Threat actors are not breaking in, they are logging in. You have to protect the identity. Identity is the new perimeter. Like this is not new. This is like been the deal for years, right? You have to protect the identity. You have to use Access Control 6 from NIST 853, which is least privilege. Do not give people full access to all the things. Now this particular account did need access to that. So how about conditional access on this guy? How about MFA on this guy? How about all the things on this guy? Okay, if. Listen, there's a reason that Identity and Access Management has branched out as its own team at larger organizations. Why? It's its own discipline within cybersecurity. It is vitally important. And if you are dragging your feet because it's hard, I got news for you, buttercup. Once, like machines get identities and agent agentic AI gets identities and non human identities are running around doing workflows, it's just going to get harder. So may I recommend you get on top of the user identities now. Protect, implement the best practices. They are well documented. Because criminals are just going to log in and basically impersonate an insider threat. You can't, you can't delay, you can't kick the can down the road anymore. You can't delay the upgrade from Server 2008 R2 because database schema upgrades are hard, which has nothing to do with identity. But it's an example of what I'm talking about. Like dude, news flash, working in cyber security is hard. That's it. If you got here because some boot camp sold you on six figure job for, you know, a four day boot camp, that's. There's no easy button. There's no easy button. It's hard. Once you get in, you like, you basically learn how to climb the mountain and then you get in and guess what? You're faced with a mountain. Get climbing. Identity is the new perimeter. Identity is where it's at. People are, criminals are just logging in because it's easy to get people to give up their creds. We literally just covered a story about starkiller malware that can get your. Where is it? They can get your creds, bypass your mfa, get your tokens, you know, so if they can just log in, how are you catching them? Right.

B

Jackpotting on the rise due to malware stuffed ATMs. Not a new technique in itself, but the FBI says this technique is on the rise across the United States. O ATM Jackpoting is a technique where physical and software vulnerabilities in ATMs are exploited to deploy malware that instructs the machine to dispense cash on demand without bank authorization. Plautus malware that is P L O U T U S which is commonly used in these attacks, exploits extensions for Financial Services XFS, which is an open standard API that ATMs point of sale terminals and similar devices that run banking applications use the Department of Health.

A

All right, so Jack, this is called jackpotting. So if you haven't heard the term jackpoting, get familiar with it. Jackpotting is, it's a very like, sexy niche thing in cyber security. Like there was a talk at defcon, I think years ago, the original jackpotting and the ATM machine was just like spitting money out. Okay, Very cool. I mean, it's straight cash. It's, it's, you know, it's, it's cash, right? So this isn't the, the, the outcome of the attack is very visceral because everybody can understand walking away with a fat stack of cash. ATMs are all over the place. You can just walk up to one. What I want to point out in this story is FBI is involved, so that's great. They've been doing a bang up job lately of investigation, so hopefully they've got their top, top talent on this one. I want to share a reality with everybody, okay? Because yes, this is jackpotting ATMs and yes, you do have to be clever to have the malware and stuff like that, but when you get physical access to a computer, it's game over. This is why it's important to have locks on doors. And I mean, if you lock your Windows screen when you go to the bathroom at Starbucks, if someone steals your laptop, you know, there's things they can do. But, but if you have like data at rest, encryption, they try rebooting the computer, you can't get in, they pull the hard drive, it's encrypted, etc. So if someone can get physical access, it's bad because they can start plugging things in. They can bypass a lot of the technical controls. In this ATM jackpotting story, the way it works is the criminals have a key that can unlock the door of the ATM and then they can physically touch the computer. So this isn't some clever thing where there's like, you know, in Terminator 2, when the kid has the ATM card, he pops it in and like, and then like it just gives him money. It's not that he's literally opening it. They have access to the computer, they remove the hard drive, they put malware on it, they replace the hard drive and now they can control what the computer does. Now this does require a lot of sophisticated understanding of how the ATM computer is configured, like operating system, application, all that stuff. So this isn't just a, you know, walk up, insert special code, dispense money. But I want to point out if the physical security isn't compromised in this instance, it doesn't happen. It doesn't. The attack does not work. Okay, all right, let me see. Terminator 2, John Connor ATM thing. Like this, this thing right here. Okay. Like he's got this little, this is like so 90s, okay. But like, I mean this is not the, this, this, this like McGuffin device he had could like open anything with a pin, right? This is what it was basically John could walk up with and just plug this card into anything with a pin and like it gave him like God mode access. Right? What's up, Zach Hill? So anyways, Terminator 2, easily the best movie in the franchise. I, I do like Terminator 1 because the 80s vibes, but Terminator 2 is seminal, classic. Anyways, this device doesn't exist. Getting physical access to an ATM and then putting malware on it. Getting physical access to anything and doing any. Like dude, you could walk up to a device and put an info stealer in it.

B

USB human services to learn more about third party vendors in healthcare, the HHS said on Thursday that this uptick in attention to the security of third party service providers is a result of the 2024 CHANGE Healthcare Cyber attack, considered the biggest ever in the sector.

A

Biggest ever.

B

The Change Healthcare attack began with hackers exploiting the lack of multi factor authentication set up on a remote access portal. This according to

A

Let that sink in. One of the largest healthcare third party provider organizations with a third party access portal into all their sensitive things. No. MFA

B

cybersecurity director Charlie Hess at a recent conference she said, quote, we realize there are third party risks lurking in our health care system and we don't even know they are there. End quote. Massive Android banking.

A

I mean, what are we doing here? Like, all right, I'm going to tell you something objective and then I'm going to tell you Something tinfoil hat. All right, first the objective thing. Yes. Change HealthC Care was a nasty, nasty bit of consequences for the healthcare industry. For those who don't know, early I think it was January 2025 or maybe it was 24. Anyways, change healthcare, which is a company no one ever heard of, got hit by ransomware. I want to say it was the ALF v. Black Cat ransomware gang which actually disbanded right afterwards because they got such a payday and then sold off their assets to Ransom Hub in a fire sale. Anyways, Change Health, quick, Change Healthcare was used by many businesses. A lot of smaller doctor practices. Think of like a 3 physician 15 nurse dermatology clinic or whatever uses Change Healthcare to manage their scheduling, billing, etc. Etc. A lot of large hospitals use Change Healthcare for handling their prescriptions and pharmaceutical dispensary stuff, right? So when Change Healthcare went down, it, it absolutely hobbled. Many, many, many organizations. Some organizations were using Change Healthcare for doing payroll. So you're not even able to pay your staff. It seriously screwed up A lot of people's lives that just are, are like dependent on healthcare services. Right? So like you're on Dorothea trying to get her medicine for lupus. Nope, not happening today because the, the machine's down. We don't know. Even though you come here every Thursday and get your medicine, we can't dispense it to you because the system's down. That was the problem. So in response, apparently a year and a half later the Department of Health and Human Services has decided to look into risks with third party vendors. So great, good job. I hope something beneficial comes out of it. Now let me give you a tinfoil hat. Okay, first of all like a year and a half later, like great. This is the speed at which federal government moves. Which is why earlier today when I was like three days to patch CTEL's agencies I was like Jesus, that's incredibly fast. You don't see that third party risk I it. Dude, it doesn't matter if it's health care, okay? Look at the salesforce breach, the sales drift. Look at the which impacted AT T and Ticketmaster and other large entities. Look at when you know, Microsoft or Solar Winds gets hit and like hundreds and hundreds of Fortune 500 companies as well as federal agencies are impacted. Third party risk has been a thing since 2000. I don't know, 2021. Like as all the SaaS apps get out there and all these B2B start cooking everywhere that your risk exposure is all over the place and the whole thing that they're selling it on is don't do it in house. You can do it out of house at a fraction of the cost without the overhead, without the specialized staff on hand. No problem. CFOs love it. CEOs love it. CIOs love it because they're moving faster without overhead. Okay, well when you depend on all those things and they fall down and you haven't thought through business continuity, you are going to get punched in the mouth. So like for HHS to be in, interestingly, looking at it. Looking at what? Just literally Google third party risk 2020 HHS. And you could pull a report from five years ago that will explain to you exactly why this happened. To change healthcare. So I don't know what you're doing. Trying to reinvent the wheel. Having said all that, my t. And that isn't even my tinfoil hat. The reason I think they're doing this is security theater. Hey, look everybody. We're doing something that change healthcare was a real kick in the pants we're going to be getting after this. We are on top of it. Like, like get back to me when HHS issues their findings and then I'm gonna do a diff on that and something from 2021 and we'll see what happens. If I had to guess, I'm just gonna save HHS $3 million right now. Here's what you need to do. HHS. You're going to tell people to patch their things. Ah, you gotta patch it. Implement mfa. Implement strong passwords like do business continuity to understand where your third party critical dependencies are. Make sure that you decommission user identities that are no longer needed. I. I don't know. I just. I'm taking crazy pills over here and coming up with wild novel ideas where

B

poses as an IPTV app. The researchers at Threat Fabric have named this new Android banking malware massive. That is massiv. It poses as an IPTV app that is Internet protocol television to steal digital identities and access online banking accounts. The malware quote relies on screen overlays and key logging to obtain sensitive data and can take remote control of a compromised device. The researchers observed. MASV Target, a Portuguese government app that connects with Portugal's digital authentication and signature system. Such a procedure could be used to bypass know your customer verifications or to access banking accounts and other public and private online services. All right, it's Friday, but let's start

A

thinking about how to get for the sake of time. I'm not going to get after this a little bit so you know Android malware is Android malware looks like IPTV app, if I had to guess. This is like basically being pitched as you can get access to all the channels without paying for any of them. Download me now and then you get your bank account ripped. I love the Android malware artwork. Tldr like you can look at this story if you want, but it's the, it's rinse and repeat of the same things. Don't download Android APK files from random places. Install them if you think you're getting some type of like cool, you know, hack workaround so you don't have to pay a monthly subscription fee for Netflix. Guess what? You're probably going to lose more than 20 bucks a month from the criminal robbing your bank account. So you do the risk calculation. I'll just go ahead and either not watch Netflix or pay for it. Here we go. Here's a look of the landing page. You can obviously tell here it's in. Hold on one second. Yeah, I mean it it. They all look identical, right? Overlays used by Massive. The overlay is a clear screen. This is a common attack technique by Android malware developers where basically you're typing in stuff and you can't see that. You're basically typing it into the malware app because you have a transparent application in front of you. Master provides two remote control modes for operators. That would be the criminals live streaming mode that leverages Android's media protection ABI in a UI tree mode that you could see their structured data. So you can basically look at the underlying folder structure or you're going to straight up look at their, their screen and see what they're looking at. Yeah, I guess here's what I would do. I would. This is the, the call to action. Then we're going to go to Jawjacking. Educate your end users. Tell them that stealing like don't even, don't, don't call someone out. Don't be like I'm talking to you, Carl. Right. I would just simply send out an email and say, hey listen everybody. It might like, it might be appealing if you hear about these opportunities to get free streaming on your Android device through IPTV apps. It's, it's malicious and you're going to lose money. That's what I would say. With communications to end users that are not technical, you can't talk about Android overlays and man in the middle attacks and APIs and UI tree mode structures. You just have to tell them if you try to, if you try to download a, like a, a free streaming service that you know, or like something that's going to allow you to get access to things that you should be paying for. Criminals are going to steal your money, like out of your bank account. News at 11. All right, let's go. All right, we're 907. Went a little long, but there was a Terminator 2 reference today. Oh, yeah, that was a good one. Guys, I want to say thank you to all of you. Definitely appreciate you coming today. Remember, stream sponsors, Threat Locker, Anti Siphon flare material. Anti Siphon's got that training next week that's definitely worth checking out. Flair's got the two week trial to an amazing platform, you know, Threat Locker, Zero Trust World coming up in early March. I'll be there doing the show live from the show floor. In fact, I just bought a new computer to make sure that we do go off without any issues. I'm Jerry from Simply Cyber. Don't go anywhere because we're going to be doing Jawjacking. Have it. Having a hoot answering questions and sharing stories. Until next time, Stacy. Oh, actually I want to remind everybody. Jesus Christ. I want to remind everybody. Next week, next week we've got a skill stream. We're doing these monthly Tim Papa coming on, hacking the hacker guys. If you want to get deep into the the meta and the emotions of a ransomware negotiation, not the technical execution, but dealing with the kind of, the non zeros and ones of ransomware negotiation. You want to learn that skill. 1 hour. Free to sign up, free to come on down, go check it out. I'll drop a link in chat. In fact, actually go to this one. Go to Simply Cyber. Simply Cyber IO schedule. Simply Cyber IO Schedule. And you'll see, it's right here. If you click on this, you'll actually get a calendar invite on your calendar so you won't miss it when it comes by. A lot of people want to go to these things and then they miss it because they're like, oh, I didn't know it was here. So we figured out a way to get you a calendar invite. All right, I'm Jerry, your chat next time. See you Scare. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some Jawjacking. What's up, everybody? Welcome to Jawjacking. I'm your host, Jerry Guy. Jerry Guy is my alter identity. I'm just having fun. But we do jawjacking on every day of the week from 9am to 9.30am I don't have the ability to do one on one coaching which is what a lot of people want from me. So the jawjacking is the compromise that we do. Try to provide answers, try to provide motivation, mentorship, etc. If you have questions, drop them in chat. Today was a good day. Like Ice Cube said, clean my glasses really quickly. If you have a question, put it in chat with a queue. Otherwise I will just talk to you guys. Super excited. Hey Cyber Risk Witch is in the house. Good to see you. If you guys missed it yesterday we did a live stream simply Cyber Firesides on Imposter Syndrome. Kathy Chambers did a Firesides takeover. She hosted the Fireside so that was a lot of fun. Let me know if you guys have questions. I want to answer them as best I can of Z. Anybody going to the anti siphon training next week? I'd be curious to know about that. All right, let me look at chat here. Scrolling chat yeah, Triple double. All right, I'm super pumped. I will let everyone know. In case you care. I did buy another Legion computer, Lenovo Legion for my mobile studio setup. I I had the Legion 5 for three or four years. It's basically run its life and I bought the legion 7. I Sapphire Harris says anyone know how to get credit for watching? Yep Sapphire and if you ever forget I'll tell you right now. But if you ever forget, I say it every episode in the intro exactly how to get credit for watching. Say what's up in chat. You will appear in the chat over here or I'll see how you're on screen right now Sapphire and take a screenshot of your computer screen. It will have the episode title February 20th Top Cyber News. Now it'll have the unique identifier for the episode number 1073 is today. File that away in a folder somewhere safe. Do it every day. At the end of the year you will have X number of screenshots. Let's say you came to 200 episodes. When you submit for your CPEs, that would be 100 CP. So you could say I got 100 CPS daily cyber threat brief, instructor led webinar, etc. Etc. If you get challenged by the certification body that says wait, wait a minute. What is this? We don't believe you. You can say here are 200 screenshots showing me attending the day. The episode number. This is the evidence that you need in order to verify that I am telling you the truth or validate that. The reason I tell you to take the screenshot is because it would be absurd for you to try to go back to 200 episodes and find your name in chat. This is the best I can do. If we want to enter into having people register for the daily cyber threat brief so I can email them a certificate of completion every single day, we could explore that. But that's probably going to cost time and cost money. Not, not necessarily to you to pay to register, but for me to pay for some type of infrastructure to set up for for registration. Maybe I could vibe code it, I don't know. But hopefully that helps you. Sapphire continue to look through Chad here. Cryptic roses. If local tech hubs tell me apply online despite having no open roles, is it still worth visiting in person to seek all opportunities to volunteer? How should I approach it professionally? So, you know, for what it's worth, I will say that when I was 24, I did just walk into a business and ask them, you know, I was like, oh, you guys a cyber security business? It was a two guy business. And they're like, yes. And I'm like, oh, I want to work in cyber security. Like can I just ask you some questions? Because I'd like to learn more about the industry. So I wasn't like, can you give me a job? I asked them questions, spent some time with them, they gave me some feedback, I went and did it. I came back a week later, showed them that I had taken their feedback and I asked more questions. And then like a month later they called me because they had want to work one a project and they wanted me on it. So that I'm not saying it's not a good idea to walk up and start talking to people, but I mean if it's a local tech hub, I mean you might be able to meet these people at local meetups, B sides, you know, if they have like open events and stuff like that. I personally, even though I've done it, I don't know how well it will work out for you. Just walking in and being like, hello. So I mean I still would apply online since that's what they're advising you to do. All right, all right, drop your questions in chat. I will answer them to the best of my ability. Let me know if you can hear me. Okay. I'm trying to get the microphone further away from my face here. Yeah, no, no, I'm not talking about putting the stream behind a pay wall. I'm Talking about people voluntarily registering, it would be like, almost separate from. You'd have to be honest that you attended the talk at that point. So when I learned podcasting, I was told to keep my face, like, near the mic, so that's what I do. But I think it's blowing the mic out. So let me know if this is good. I'm trying to get used to this as a normal. Let me know. Space taco says, how's the thumb? Well, I will tell you, Space tacos, I'm not wearing a band aid anymore. Just for the sake of everybody's stomach. I'm not going to show you my thumb. But it is, it is healing. I slept without a band aid on it last night and bump it while I slept or anything like that. So that's certainly good. I think it's got another month of healing. It's. It's definitely sensitive. All right, looks like Eric's joined us in the panel. Camera's not working yet, so we'll wait on him. All right, let's continue looking at chat. Thank you, space Tacos, for the question. It has been an ongoing thing, man. If you can block, if you can go back 15, 20 years and give yourself a key piece of advice, what would that be? From Eric Taylor, I assume at Barricade Cyber Solutions. The number one thing I would tell myself, and this is like without a question, is business America. It's not a meritocracy. It doesn't matter how hard you work. It doesn't matter if you're the biggest brain. It matters. Like, you have to. Okay, thanks, Eric. You do have to be good. You do have to be. You do have to be good. But you like relationships and network matter. Because I used to operate, Listen, I used to operate thinking, like, I don't need, I don't need other people, right? Like all of my friends, my whole social network, none of them were computer science majors. None of them work in I T or cyber. They're just my friends. They're people I like, so they're people I spend time with. So I was like, I don't need to develop relationships in I T Because, like, I'll just be really good at I T. And I was really good at I T. And when I graduated, I went and friggin laid bricks and made cement for four or five months because I couldn't get a job. I literally thought, you graduate and then you get handed a job. Especially because I graduated right during the dot com boom. So as a computer science major with a software engineering Focus. Nope, nope, nope, nope, nope, nope. Jerry, you doing Simply Cyber meetup at Threat Locker? She chain? Yeah, kind of. I mean, there'll be a lot of us there. It's kind of hard because they have the Zero Trust World at a resort. It's at a new location this year, so I don't know exactly what we could do. Let me talk with the team and see because like normally when it's like at RSA or at Black Hat or at, you know, defcon, it's like at a city where you, you can kind of like get a bar or get a, a brewery or get a location. At Zero Trust World, it's like at a resort. So like I'm certainly into it. Honestly. Honestly, it actually kind of feels like it's like a meet up the whole time because lots of people are just bumping into each other. But Shane, if you're gonna be there, let me know. Let's use. Listen, there's a con chat channel on the Discord server. There's a con chat channel on the Discord server. We can use that to coordinate. Matthew Rogers says what proper way to decommission legacy server without disconnecting it from infrastructure. It depends, Matthew, like what's the needs of it? I mean like why can't you disconnect it from the infrastructure? I guess the only reason I would ask is like, I mean, if you can. Here's what I would do. If you can limit what can access it, right? So use firewall rules or host based firewall, IP tables, what, what Windows firewall, whatever. To limit what can access the device. First of all, number two, what user accounts can authenticate or you know, access the device if there's sensitive data on it. Like let's say it's an older healthcare system. I've seen this as an example in the United States healthcare records you have to maintained for seven years for legal reasons. So if you just are leaving it online to keep it so you can access it as an archive, then maybe you archive that data off so you have it as like cold storage and then you limit, you know, who's able to access this. Maybe, maybe you even have just one special account and someone has to request that account to access it and then finally have a plan. Like when can it be disconnected from infrastructure? Matthew Rogers, like treat it like an overall project. I hope that helps. Dude. All right, continuing to question. Oh, we got Eric Taylor is pinning. So this is great. Berlinda, how to roll back the free streaming tv? Do you just uninstall? Well, I mean it's an Android malware, so I don't know. I, I didn't go deep enough into the story to see if it like establishes persistence and rootkit and stuff like that. You may be able to just uninstall it, but for me personally, I would wipe the device and start fresh. Space Taco says, how's the thumb? We already asked that one local text, we asked that one threat locker meetup, we got that one. How's Callan feeling? Thank you legrat for asking. He is on the mend. He did go to school yesterday and today I think he's doing well. Yeah, it's just like a kind of a sickness ran through all the, the youngs here in the low country. Angular. My company's cutting about half the text. I get home, I get home, don't want to do anything. Not really a question. More me griping. Okay, so I don't understand angular. Like were you part of the half that got cut or are you part of the half that is still working and when you got home you don't want to do anything, let me know. I'm not sure which cat like which. I'm not sure what camp you're in on that one. Buffalo. What's the best way to convince an IT illiterate owner of a company that having 8 servers and 75 desktops users, being a 15 million dollar per company per year company, that security is important? I mean, obviously if they're IT illiterate, don't, I mean, don't speak I t to them, number one. Number two, speak money to them. You know, I guess I would just show them, like, I would show them some of these attacks that are coming through phishing that have led to multi million dollar down times and just say like here's what I would do, like hey, owner or whatever. Like here's what happened. Like very simple, one sentence. Like, you know, employee got phishing email or employee, you know, employee got tricked into installing bad on their computer. It cost the company $2 million if we put in the like, if we enable multi factor authentication or if we enable this, if we enable this control. So when a user logs in, they have to do an extra thing. We would be protected from this. Like make it simple but basically say here's the pro. I mean this is marketing. Like literally, this is marketing. Here's a problem, agitate the problem, give them the solution. And if you want Buffalo, you can say, hey listen, you already pay for this, right? Fifteen million dollar company, they probably have Office 365 or Google Workspace or some like that. Just be like, you're already paying for it. We could just enable it. Let me help you. Like present yourself as a value add. You know, don't say, hey, idiot. All right, All right, all right. Continuing to look through Chad here. Cryptic Roses. As a cyber grad. Six months into the job hunting and financially stable. Congratulations, Cryptic Rose. Should I keep focusing on upskilling and pursuing security roles or take a non IT job while continuing the search? I mean, if you are financially stable, I would continue re, you know, searching for what you want. You know, if you take a non I t job, I feel like you might be, you know, taking, taking a side step. You know, the only other way I could see it is if like when you're talking it depends what non IT job, but you could, you know, if you're in an interview for like a marketing job or whatever, right. If you have that skill set or, or you know, you could say, oh, like, you know, say it's a smaller business. Be like, yeah, I can do all your social media. Like I can crush that. And I actually have a, a degree, a technical degree. So I'd love to help you with your IT stuff as well. So you can kind of like shoehorn yourself into getting IT responsibilities in the role that you're interviewing for. Don't position it as, yeah, I'll do the marketing, but I'm really going to do it here. Position it as like why you're even a better candidate again. Now you're signing up for like kind of two hats but you can pivot your way over to it if you're financially stable though, I mean, what's the, what's the motivation? I would just continue to upskill in whatever niche you want to work in. Spend a ton of time looking at AI AI security. That is so hot right now. I'm trying to do that. I'm actually, I'm like hyper motivated to do a lot of new content for simply cyber on the AI and AI related security. I got open claw spun up. I've got quad code skills for days. Like, dude, like, did you know, here's a fun fact. Did you know that like prompt engineering is dead and like skills is the new, like the new hotness. And if you don't know what skills are. That's what I'm saying. Like, and hey, for everyone who's in chat right now, 300 plus people, if you didn't know, because I don't mention it all the time, like, yes, I do the lives every morning. But like I have 2, 000 videos on Simply Cyber's YouTube channel. The YouTube channel you're watching right now has 2, 000 videos on it. Everything from like how to go from A K through 12 Teacher to working in cyber. So like career transition stuff all the way to like, here's how you do a risk assessment, here's how you build a sock lab. Like I love cyber security. I love helping people. Don't be shy to look at the catalog of content because it's there for you. All right, let's continue looking at the chat. Cyber Risk witch. Got to meet her at simply CyberCon 2025. Says mere she's mid career and interested in supporting other women enter in the field. What platforms or orgs exist to connect with high school or college students who are actively seeking mentors? That's a great question. Cyber Risk, which right away, off the top of my head again, I, I try not to, I, I support and champion women in cyber security and stuff, but I also try to like be real that like I'm a man. So like I'm not trying to like get in there and like man like manage those things. So I would suggest two things. Cyber Risk, which number one, wixis and if Kathy or Kimberly are in the chat, Alpha Sierra, like Jenny Housley, Shamir, Chimeria Gonzalez, if she's in the chat, there's several women in the Simply Cyber community who are way better informed on stuff like this. But Wixis is a good one. I would start there. So Cyber Risk, which this is Women in Cyber Security, this conference is actually coming up in just a few weeks. Not saying you have to go to the conference, but the Wixis organization, which is Women in Cyber Security, is designed just like for what you're talking about and much, much more. So my suspicion is they probably have already developed channels inroads to high school students, two college students to these programs. So let me drop this in chat for Cyber Risk, which. All right, go check that out. Also, I don't know if this is a Internet. I don't know if this is a national program or not. Cyber Risk, which, but I went to Dakota State University. I know that they're big into this. Cyber, Cyber. This is another like women Empowered, you know, organization. Go check this out. It's, it's CYB hr.org okay? It's pronounced whis. Okay, thank you, Brian. Cyber Risk. And also by the way guys, someone told me the other day that like the, the, if you're Watching on replay, you can't get these links. So like I do try to like show you what it is and tell you what it is. I would just tell people, like listen, if, if you're watching the show and I'm talking about like Phil Stafford's tool or Whisis or Cyber Girl Cyber, like maybe you don't have the link but just Google it. Google what I'm saying and it will come up with the first result. Okay. All right, continuing to look cyber risk which thanks for wanting to give back to the community. All right, how are we doing on time? Couple more minutes. So we're going to speed run the last couple questions here. Japanese arcade says I filed a police report against someone and they did all that in retaliation. I'm not sure what you're referring to, but that sucks. Oh, hold on, here's the first part. I got a situation where someone has all my info and has been deleting things at random. Replaced hardware and it keeps coming back. I mean definitely filing a police report is a good idea. Japanese Arcade, it's difficult to solve your problem. The fact that it keeps coming back after replacing hardware is quite interesting. I mean obviously change, change all your creds, right? If you're replacing the hardware, that means you got clean instance. They're not there. Sounds like you might have like an infection somewhere that you're not cleaning up. Yeah, good point. So definitely check your ICLOUD account or your Google one account. They might be in there. So that sucks. Japanese arcade people are jerks. All right, couple quick questions. Speed running. How many times should you follow up with the target company employee on LinkedIn and how long should you wait between attempts if they do not respond? I mean I wouldn't follow up with them more than twice. I typically like 3 days the first time and then 7 days the second time. Bad child Cat I need cyber experience. What are some ways to get to get that without going broke? Okay, I'll give you one and then we're going to end the show. Bad Child Cat. I'm not going to make any assumptions about your pre existing knowledge. This is happening next week. Today is February 20th. This is happening February 23rd, 2026. So like this is the answer to your question and it's being served to you as fast as possible. This is John Strand who's a legend in the industry, Cyber Security Foundations. So it's step one. You can take this class for $0. It's 16 hours. Bad child Cat. This will give you cyber experience. Okay. Also, I don't really talk about this very often because I'm a terrible marketer of my own stuff, but also worth noting. Simply Cyber Academy My school academy. Simply Cyber IO this is my online academy. Drop the link in chat. We have free courses over there too, right? I think Cyber Career Launchpad you can get for free. Break into GRC for free. We have several free classes over there and free digital downloads and tools and follow alongs and crap like that. So you can do a lot of learning for $0. Okay? Also, don't be shy. Go look at Wild west hack infest 2025 talks or simply CyberCon 2025 talks on YouTube. Right? Attend conference talks for free. I think the thing you're going to run into Bad Child Cat is that it's not going to cost you money so you won't go broke losing money. Great cash homie, but you do have to spend time and showing up for the Daily Cyber Threat Brief every single morning 8am to 9am eastern time weekdays like you did today, I assume. Bad Child Cat. Multiple people have said it was instrumental in their success getting into cyber security. Okay guys, I'm gonna get out of here. Got a lot to do today and me and the family are actually going away for the weekend so I've got a speedrun a bunch of work so I can leave on time and get to where we're going. All right everybody. Thanks Eric Taylor for putting questions in chat or comments or you know what I mean, Eric and Simply Cyber Community. Thank you for all you do guys. You keep crushing and have a wonderful Friday. We'll be back tomorrow or Monday at 8:00am Eastern Time. Until next time, stay secure. See ya.