B (10:14)

Yep.

A (10:15)

All right, so let me tell you about material security. Your cloud workspace is more than just email. If you didn't know that. So why does security stop at the email? Material delivers complete protection for Google Workspaces and Microsoft 365 environments, going beyond the perimeter defenses to secure your email files and accounts across your entire environment. Don't be shy, everybody. Secure all the things. And with advanced AI detections and automated threat response, material correlates signals across your workspace to identify risks others are going to miss. It protects sensitive data in your inboxes and shared files. It monitors account access, third party apps, automates remediation. I like that. From phishing responses to user report triage and what's your results from this? You mature your security posture and scale protection without adding headcount. All at the cost of traditional email security. So if you're ready to secure your entire workspace, go to simply Cyber IO material and see how they can help you today. I gotta tell you too guys, if with really quickly with the these AI and stuff like that, you know, if you're giving them access to email and all that, having visibility for automated remediation, if it does something silly, not on purpose or not malicious, just silly, it's there. All right, let's hear from Threat Locker and then we're going to get into the news. I want to give some love to the daily cyber threat brief sponsor Threat Locker. Do zero day exploits and supply chain attacks keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com dailycyber. All right my friends, do me a favor J. We do this every day. Sit back, relax and just let the cool sounds of the hot, hot news wash over us in an awesome wave. I'll see you at the mid roll. Security luminaries for the department of note. Hold on. Whoops. Hold on. You know I thought we were going to do it. I thought we were going to have a perfect show and then it was like AI was like, wait a minute bruh, you're, you're simply cyber. You got to have like one technical difficulty. Here we go.

B (13:19)

From the CISO series, it's cyber security headlines. These are the cybersecurity headlines for Thursday, February 5, 2026. I'm Sarah Lane. Ukraine tightens controls on Starlink terminals Ukraine introduced a mandatory whitelist for Starlink terminals, disconnecting any unverified devices after confirming Russian forces are using Starlink equipped drones for real time control. Officials say the move implemented with SpaceX is meant to stop Russian UAVs that are harder to jam or intercept, with added restrictions limiting terminal use to stationary or low speed operation. More than 50,000 Starlink terminals are active in Ukraine and authorities say the measure is currently the only way to prevent Russian exploitation of the network.

A (14:16)

Hold on, wait a minute. What? Hold on one second. So listen, Starlink is very popular in Ukraine right now. Like, the Russian government kind of not nuked, but that's definitely not the right word to use. The Russian government disrupted traditional Internet access and Internet connections when it first started the war back in 2023 or 2022. It's unbelievable. 2022? Jesus, man. They've been fighting for four years, but. And Elon flew Starlink over, and there was that. And he was like a hero for a day and then started charging, I think, the US Government for the Starling for Ukraine. So Elon's not. Elon's getting his okay as far as the Starlink situation goes. But now drones have become a big thing as far as, like, weaponizing. They're. They're making, you know, kamikaze drones. They're making, you know, they're doing all sorts of things with drones because they can send them. And the way that you would screw with them is by jamming their signal. Right? So if they can't get their signal, they can't operate. Believe me, there's been a lot of advancements in drone technology. So now sometimes they run a drone and it's like, connected, still on a. Like a very long tether, so you can't disrupt it. They have just straight up final, like kamikaze final orders if you lose connection. So the Ukrainian government is whitelisting, which I don't even know if this is considered a politically correct term anymore, but essentially this is exclusive allow list. So you must be on this list for the terminals to work correctly. And those terminals would be verified and registered to operate in the country. Essentially. This is like, you know, this is no different than, you know, an application allow list that you're. You run on your computer. Kind of like what Threat Locker does. Right? Let's see what the Russians are doing here. Russian UAVS are being controlled in Maria time via Starlink connections, making them harder to. Okay, so this actually makes a lot of sense. So Russia is using Starlink just the same as Ukraine's using, except Russia's doing it to control the drones, which is, you know, wow. I mean, I, I don't know if they have infinite budget, but, you know, if you're. If you're blowing up the drones every time, you're like, like destroying a Starling terminal every time. That's kind of crazy. Anyways, this is their. This is their solution. They're making it so that the drones can't use Starlink. If I was a threat Actor or a Russian soldier, Military. I mean, obviously the next step is to attack the verification system that allow list and either disrupt it or you know, change the Mac address on your drone or your StarLink to match one that is on the allow list. Again, I don't know how that allow list is being handled. Is it serial number, is it Mac address? Is it geolocation? You know, I don't know, but obviously there, if I was going to do this, that's what I would do. I would attack that or get some alternative or just pay Elon a lot of money to let Starlink work. You know what I mean? Like, that's the crazy thing about this being a private, private sector tech oligarch owned critical service, right? Like Starlink isn't a Ukrainian service that Ukraine can say Russians can't use it. It's a for profit private company that offers space based Internet connection. Guess what? Guess what private companies do? I'll give you a hint. Cash, homie. They make money. Shareholders like getting increase in stock, right? I mean, is Starlink publicly traded? All right, it's a subsidiary of SpaceX. SpaceX. Excuse me. There is potential that it's going to IPO this year. Okay, all right, so let me see like SpaceX really quick. Oh my God. SpaceX. I. I say this all the time, guys. You got to follow the money. SpaceX isn't publicly traded. It's privately controlled by Elon. Okay, so here's my thing. It's controlled by one person. They get to decide. Now, as a, you know, human, like, obviously you wouldn't want to support this, but if you're like a Lord of War and it's all about straight cash, homie, you can profit off of both sides, right? Go watch Nicholas Cage's movie Lord of War. You making money on both sides. Except instead of weapons now it's. It's Internet service. I'm telling you guys, man, the Internet, it's a battlefield.

B (19:34)

VMware ESXi flaw now exploited SISA said Wednesday that ransomware groups are now exploiting a high severity VMware ESXi sandbox escape law, which Broadcom patched back in March of 2025 after it was used as a zero day. The bug lets attackers with VMX level privileges write to the kernel and escape a virtual machine and has been linked to earlier sophisticated attacks attributed to Chinese speaking threat actors. CISA has added the flaw to its known exploited vulnerabilities catalog and is urging immediate patching. Solar Winds Web Help.

A (20:16)

Oh my God. All right, so VMware ESXi, this is a hypervisor chassis. So if you're running your own, you know, VM setup, you know, at your organization, you may be using VMware's ESXi, very popular enterprise option. All of the VMs in your environment would be in here. So I always think of it this way. Think of it as like, think of VMware ESXi as like the drying rack next to your sink. Okay? By itself it doesn't really do much, but then you wash a plate and you stick it in. You stick it in like a, like, like an up and down blade, then you wash another plate. Up and down blade. Wash a plate up and down blade, right? So now each of those plates is a different server, right? File server, mail server, whatever. DNS server, you know, AD1, AD2, okay? Or DC1, DC2 domain controller, okay? So the plates are the different systems. The drying rack is the ESXI chassis, okay? Now the chassis itself. And this, this analogy makes perfect sense, even though it's a stupid example. The chassis provides all of the power, the hardware, the memory, the computer for those plates, for those servers. And if you're on one of the plates, like that's your world, like, I live on this plate. I'm flat Stanley, running around on a plate, okay? And if you're on another plate, you don't have access to any of the other plates. So if there is a compromise in the chassis, the ESXi, that means the drying rack has been compromised and the threat actors down, down there and the threat actor can jump into any server, right? This, this is why it's so serious and such a problem. On top of that, you May, I mean, VMware ESXi runs on hardware, right? It's not like you're not going to virtualize ESXI on another hypervisor at some, at some point. This is on hardware, okay? So if you compromise that, you can begin screwing with all of the other servers and you may not have, you know, anti malware solutions security controls on the chassis itself, right? So you have like Windows Server, Windows Server, Windows Server, Linux Server, and you put your crowd strike on each of those, fine. But if the underlying chassis gets compromised and you're not, you don't have visibility detections, logging EDR on the chassis. You're not going to see it, okay? So this is why it's a big deal. So if you're running VMware ESXi, you want to make sure that you are getting this sorted out. You have to patch it. Thank you. Broadcom. Broadcom, are you, you still happy that you bought a VMware having to patch all this stuff. So you got to patch it. Ah, you gotta patch it. Okay. And let's see. So this, this vulnerability is from last year. The, the, the threat actor needs privileges already to the box. So I mean not that that's not impossible, but this is, this is harder than you know, one button nuke option. It is affecting VMware ESXi Fusion Cloud, VSphere Workstation Telco Cloud. So be mindful of that. But the attacker does need a privileged admin account or root access to this to the chassis server. So like, I'm not saying it's not possible, but there does have to be some other compromises happening before you, the threat actor gets this. CESA is saying that threat actors that have ransomware as their payloads are hitting this. So again, it's not impossible for this to be executed. You just have to want, you have to want, you have to want it. Basically you have to get that privileged access to the box. I mean if you have crappy passwords or you allow everybody domain admin all over the place because it's easy. If you're not doing privileged access management because it's hard, then yeah, you're going to get punched in the mouth. And the fact that CESA is reporting that this is being actively exploited in the wild by ransomware based threat actors, you should be mindful of that. So TLDR, if you're running VMware ESXI, chances are you yourself are not managing is. Although unless you're, if you're DJ B sec, you might be managing all the things. That guy looks like a, you know, like an octopus with eight arms, you know, managing all the things. So TLDR Patchett, I do not want anyone in the simply cyber community to be a ransomware victim.

B (25:26)

Ah, you got a bug under attack. Attackers are actively exploiting a critical SolarWinds web help desk flaw just days after it was patched, prompting CISA to give federal agencies a three day deadline to apply fixes. The 9.8 rated untrusted deserialization bug allows unauthenticated remote code execution and affects SolarWinds web help desk versions prior to 2026.1, which was released on January 28th. SolarWinds says it hasn't seen widespread exploitation, but is urging customers to patch immediately.

A (26:07)

All right, SolarWinds web help dust bug under attack. We saw this one earlier in the week, we've talked about it, we said what needed to be said. Ah, you gotta Patrick and now you know, in classic F around, find out. If you do not prioritize patching this, you now have an increased likelihood of experience and exploitation. Guys, at the end of the day, I like GRC is not brain surgery, okay? There's likelihood of exploitation and there's impact of exploitation. And when you put the two together, you get a risk value. And of course, it's subjective. That's why we use color heat maps. And, you know, 1 through 5, 1 through 10, 1 through 100, it doesn't matter. It doesn't matter. What does matter is whatever your risk is, right? So you do your calculations. My risk is 5, my risk is 7. My risk is 30. I. I don't. My risk is yellow. I don't care. The reality is the impact hasn't changed. And today the likelihood has increased. So whatever value you had for risk on Monday, the likelihood's gone up. That means your risk has gone up, period, full stop. I don't care if it went from 3 to 4 or 30 to 75, the likelihood is up because now it's actively being exploited in the wild. Threat actors have a tool, a weapon, and they're deploying it. Solar Winds, guys. As we saw very clearly a few years ago, Solar Winds is deployed in lots and lots of Fortune 500 companies and US federal government agencies. So if you are one of those, and you're running web help desk, which I've never heard of before until this week, but I would have to imagine based on the name alone, it is Internet facing and designed to offer support so it has access to things. Web Help Desk. Like it literally, it's in the. It's like simply cyber. It's very clear what we're trying to accomplish here. Daily cyber threat brief. Very clear. We're not even trying to make it puzzled. Okay? So US Agencies told the patch by Friday. Buddy, I hope you patch. I hope you're already patched. And like, this isn't good, yo. All right, so see it, it says a 9.8 rated flaw. I've. I said this a million times. It's at 10.0 now. When it's actively exploited in the wild, it goes from nine, eight to ten. All right. It does allow RCE remote code execution of an unauthenticated attacker. Those two things together are the worst. Unauthenticated attacker. Rce, burn that into your brain. That is the worst thing a vulnerability can allow or enable. So SolarWinds fix the hole so it's. You can patch it, you can fix it, you can do all the things Solar winds can't patch your stuff for you, all right? You have to do it, so make this a priority. Today is Thursday. You don't want to do this on a Friday. Ain't nobody got time for that. Ain't nobody got time for that. You know what I'm saying? Nobody. Nobody's got time for that. I do want to tell you really quickly, just kind of a fun fact, in case you did not know. I just said SISA cannot patch this for you. Solar winds cannot patch this for you. You have to patch it yourself. Now I do want to point out one exception to that rule. A couple years ago, I believe it was the FBI and I believe it was Exchange servers. Yeah. April 2001 or 2021. There was a situation and I just want to share this because if you didn't know because maybe you just got into cyber or you forgot about this. In 2021, the FBI like literally went around. There was like a of course exchange. There was an exchange vulnerability so nasty and getting exploited so rapidly that the FBI just said, effort, we'll do it live. And the FBI started hacking people's exchange servers and patching them. Ah, you've gotta patch it without telling them. Without telling them. They're like, listen, our options are have all these people get compromised and our adversaries, nation state adversaries, have a foothold in our infrastructure. Or we patch all the things and we ask for forgiveness. FBI went with option two. Do you guys remember this? It was wild. No one really. No one really got pissy either. That's an interesting thing.

B (31:01)

US Used cyber weapons to disrupt Iranian air defenses. Recorded future news sources say the US Used cyber weapons to disable Iranian air defense systems during 2025. Airstrikes on nuclear sites at Fordo, Natanz and Isfahan preventing Iran from launching surface to air missiles at U.S. aircraft. Officials claim Cyber Command backed by NSA intelligence targeted upstream network nodes rather than hardened facilities, marking one of the most sophisticated cyber operations against Iran to date.

A (31:40)

Oh my God, this is awesome. Like straight up, dude, I'm such a fan and like student of cyber security. I just love cyber security and this is awesome. Okay, now I like take the war part out, take the military part out. I'm sure you know, when the United States air force dropped payloads like physical munitions on these sites, you know, there was casualties and you know, like serious consequences. Right? All the cyber did was disrupt the surface to air missile capability so that the U. S. Pilots could fly over without any risk to the U. S. Pilots. Drop their payloads in return. But what, what gives me like pants off vibes on this one is they didn't attack like back in like 2000. Whatever. Hold on. What year was Stuxnet was that 2007. Hold on one sec. What year was Stuxnet? 2010. All right, way back in 2009, 2010 Stuxnet happened, right? And you know, the, the government, U.S. and Israel, you know, joined forces to do 70 days and malicious USB payloads and attack an air gap system and destroy a bunch of uranium enrichment capabilities. Okay, Very sexy, very cool, super awesome. As far as like a sophisticated cyber attack. In fact, I think that Stuxnet and Solar winds are the 1 1A 1B most elegant cyber attacks in history that we know about, right? Okay, so now they do the same thing and they disrupted Natanz again. They named three different nuclear facilities including Natanz. The people who work at Natanz must feel like a punching bag at this point because they get up and running and then the US just comes in and like re hits the reset button. But what makes this so wild is that they attacked upstream capabilities. Every. Everybody everywhere, okay, is using third party vendors for things, right? Including I would never have guessed it, military installations that are part of a country's nuclear program somehow using upstream third party services. A map note on a computer network like a router or server or some other peral device bypass. What would have been a more difficult task of breaking into a military. Let's see. Trying to see really quickly. So they didn't specify in the report what kind of definition device was attacked. Oh, they call the operation Midnight Hammer. I do like the Midnight quite a bit. And I think Midnight Hammer's pretty boss name. It's too bad. So obviously they don't, they don't explain what's in here, what the attack was, but basically they attacked, they attacked network devices though. Here's the thing. The whole, the whole thing with, with Stuxnet in 2009, 2010 was that it was an air gapped system. Guys. In 2026, operational technology, industrial control systems, you know, OT stuff. The things that you would see at, you know, energy plants, like a nuclear program, nuclear enrichment plant. They, those type of OT devices are getting IT interfaces to make it easier to manage and maintain those environments. That's happening everywhere. Go look at Volt Typhoon. Volt Typhoon. China's one of China's apts that's attacking American energy sector. It's the same thing, dude, with all this IT stuff you can reach out and touch someone on the Internet. And I think that that's the key difference here is that Natanz and other sites are now it enabled not air gapped. And you know the US is one of the most advanced military and cyber capabilities on the planet. And if you have, if you've got an ounce of attack surface, we're gonna find it and we're gonna exploit it. Right. So there you go. Midnight Hammer. Sounds like a romance novel. I will say also final thing. I was firmly in the camp. I'm gonna own this one. I was firmly in the camp that the next, you know, major geopolitical conflict would be fought in cyberspace. Of course I'm biased because I love cyber security. It has actually come to be proven out that cyber is just a complementary capability. Very important to the success of the mission. But it's a, it's a complementary capability. Russia disrupts Ukraine's Internet be to disrupt communications before invading and crossing the border of Ukraine in 2022. The United States disrupts Iranian air defenses surface to air missile capabilities before flying in and dropping kinetic payloads on targets of value. So again it's, it's. I love myself some cyber but it's been proven out how. Where it fits in the pecking order of the, of the. I hate to use this term but of it's the right term to use of the kill chain.

B (37:32)

Huge thanks to our sponsor, Strike 48. Strike 48 is the agentic log intelligence platform that actually puts AI agents to work maximizing log visibility without blowing your budget. Find threats, your siloed tools mess. Get started today with pre built AI agents and workflows that investigate, detect and respond 247 or build your own at strike48.com security. That's strike48.com security.

A (38:08)

All right, let's do this. Come on. All right, here we are at the mid roll. Really quick. The, the YouTube copy White gods did not like me playing the cars yesterday. If you were here for the show yesterday we rolled out a new Wednesday segment. I'm, I'm still workshopping it. We're going to call it way back Wednesday. Just as an update for the entire community. I, I consulted with mods and, and kind of workshopped. I think what we're going to do is way back Wednesday we're going to look at a deprecated piece of technology and, and kind of like guess what it did right? Kind of like a fun little trivia game. Kind of like this old house where they have like weird old tools from the turn of the century. And you got to figure out what the hell it does. We're gonna do that with old tech, so it's gonna be way back Wednesday and less of a millennial Gen X boomer grab fest. Okay? So stay tuned for that. Listen, hey, thank you to the stream sponsors, Threat Locker. See you at Zero Trust World in March. Anti Siphon, See you at Mild West Hack and fast Mile High next week. I won't be there, but many of the Simply Cyber Community members will be. Shout out to Flair. Love myself some flair. And that makes me think of office space. Like, come on, Jennifer Aniston. You only have the minimum amount of flair and material. Security guys, every single day of the week has a special segment. And guess what? This guy right here, this beautiful man, my friend Dan, he makes a custom meme for us every week, and today is no different. Guys, I gotta tell you, maybe you've seen, if you're a regular of the show of. Of Simply Cyber Community. You know, oftentimes when I run into technical issues, I yell at my computer, like, computer, play the podcast, or, computer, turn the light off, or computer, play my anime sound effect. All right. Something like that, right? Well, you know, I have disclosed that I have no AI going on over here. So when I say computer, do that, I'm manually doing it. And chances are I'm saying computer because I'm frustrated that whatever it is that I'm telling, I'm trying to make it do, it's not doing. And I'm from Boston, so I have, like, I go from zero to unbelievably pissed off, like, instantly. The good news is I go from unbelievably upset to super cool, super chill pretty quickly, too. Although I'll. I'll leave that to the. To the. To my friends in the Simply Cyber Community to confirm or deny that that is an accurate statement. However, Dan took this as inspiration. So, ladies and gentlemen, I give you your Simply Cyber meme of the week. There it is. Computer, do the thing. So it's me from Star Trek yelling at it. I do want to say that Dan always hides himself in the memes. This one's a little hard to see on stream, so I'll just go ahead and give it to you. There it is. Dan is one of the buttons. Thank you, Dan. All right. There you go. Computer, do the thing. All right. Don't worry, though. I. I will let everybody know really quickly, just as a little fun fact to stay tuned to. I. Actually, you can't see it, but I have a Mac Mini that I've plugged into this tv. This TV was making me very angry yesterday. So I've decided I'm repurposing that TV. You get no second shot with me. Okay? This TV's been repurposed as a display. I'm wiping a Mac Mini today. I'm vlaning it off so it only has access to the Internet. And I'm going to install Open Claw on it, give it its own email address. I might even open. I might, on the way home, open a bank account and give. Give it, you know, put 500 bucks in it or something and give Open Claw access to it. And we're gonna see what happens. This freaking Open Claw. Everybody's talking about it. I figured I. I'm going to. I'm gonna. I'm gonna figure out what it's all about, right? It's easy to me, it's the easiest way to understand it. It's just start messing with it. But, hey, computer, do the thing. All right, let's keep going.

B (42:37)

Ayette Gallo back to run cybersecurity at Microsoft. Microsoft is bringing back former executive Ayette Galo to run cybersecurity while current security chief Charlie Bell moves into a new role focused on engineering quality. Galot returns after a stint at Google Cloud and. And will serve as an executive VP reporting to CEO Satya Nadella. Charlie Bell joined Microsoft from aws back in 2021. Microsoft developed.

A (43:08)

All right, you know some of the stories. Yes. For those who are regular, like, longtime simply cyber community members, Code brew mentions. I'm going to end up with 500 worth of NFTs. Yes. So very similar to what I'm doing with Open Claw, the whole NFT thing. I was like, what is this all about? Let me figure this out. So I actually was pulling it up. I do own two NFTs that are absolutely worthless, but. But it's only a loss if I sell them, right? Isn't that the. Isn't that the shtick? So they're, they're investments. But you know what? I do understand rug pulls. I do understand scams and crypto scams and NFT bull crap because of that. And I'm gonna understand Open Claw when I'm done. All right? So, hey, listen, I want everybody to get value from the show. Microsoft's bringing this guy back to run. Or woman. I don't know the name Hyatt is male or female. They must have given him a ton of money because they like, Hey, hey. Galat went to Google for a hot minute, dude. This Per. Hold on. Whatever, dude. This is like big five tech companies just moving pieces around the chessboard. If I had to guess, they're giving this guy a truckload of money because he was just at Google. He's probably bringing some of the insights from Google's Gemini AI programs over to Microsoft. Microsoft Copilot is like, use it or don't use it. I don't know. I, I don't use it. I, I don't know why. I just choose not to. I don't like it. I think this is it. But whatever. They're going to run cyber. Great. Good, good on you. This doesn't listen, this does not change how you do your job today or tomorrow or next week. Microsoft's bringing someone in, paying them a boatload of money and they're going to run cyber. Yay.

B (45:17)

Scanner to detect back doors. In other Microsoft news, the company says it's developed a lightweight scanner to detect back doors and open.

A (45:27)

All right, so TJ Sayings definitely a female and Code Bruce saying it's a woman. Okay, so thank you. So they're bringing back a woman. It doesn't matter to me. It's like they're bringing back a professional who just was at Google and they're going to pay him a bunch of money and they're going to run cyber. Like I don't to me, like, okay, like right, like right now if I told you that like Google is, is changing someone in leadership over their AWS North American region, does that do anything for you? No, it's just like, okay. To me it would only be groundbreaking if like they were acquired or spun off because now you've got new leadership like with new direction and stuff.

B (46:14)

Weight large language models using three behavioral signals to flag poison models with a low false positive rate. The tool can identify trigger based sleeper agent behavior without retraining the model or knowing the backdoor in advance. It needs access to model files and it doesn't work on proprietary system. Microsoft says this is part of a broader push to integrate AI specific threats like data poisoning into its secure development processes.

A (46:45)

All right. I was interviewed yesterday and they were, we were talking about AI and AI governance and what you should learn about AI. And, and I said and. And I need to do this too. I mean this is part of the reason why I'm installing Open Claw. But like at a base level, you know how we say, oh, in order to work in cybersecurity you have to understand it fundamentals like how's networking work, how do computers work? Right. I'm not asking you to, you know, develop a piece of Java software that can run multi threading on a, on a processor, right? I'm just saying, like, do you understand how, you know, memory works and how things get put into memory and then how the they get put on the processor and processed and instructions and frames and, and page files and stuff? You know what I mean? Like, like just basic stuff. Same with AI. I'm telling you right now, guys, you, you, I, I, I'm trying to do this myself. But you should understand, like how an LLM works. Like, what is it? Like, what is an LLM? You should be able to answer that question. How is AI work? Probabilistic determinism, right? Like how, like what is motif analysis? I don't know, but we gotta find out because this is where we're going, dude. And it's, I'm telling you, this bus is not backing up. This is very much we're going AI and I don't want anyone to be left behind. But there are ways. Back doors are so typically, back doors are thought of as persistence mechanisms that allows a threat actor to come and go as they please. In the context of this particular story, I think the term backdoor is being used in a different way. In this way, it's like more of a logic bomb that you can trigger using keywords. So what they're saying here, in fact, I'm going to argue that this is a logic bomb, not a back door. But what they're saying here is that you can poison a model and then by giving it essentially like the Winter Soldier keywords, right? Where you're like, Duncan Boat triangle colonoscopy. And then like the, the AI is like, like, I'm activated, right? Like that's what's going on here. They're talking about poisoning it and hey, whatever, dude, Microsoft, great work. You developed a scanner that can detect back doors. If, dude, if I have a rootkit installed, I want to know. If I have malware, I want to know. So this right here, it's a new tool for a new threat. It doesn't work on all of them. It doesn't work on proprietary models. If you're, if you're building your own LLMs or whatever. This could be worth checking out if you're looking to learn. This could be worth checking out if you're looking to, you know. I guess, yeah. I mean, the logic bomb to open a back door, possibly. I don't know if it allows you to connect Ryan or if it allows you to extract sensitive data from the system have it tell you, like, what prompts it's getting, who's using it, or whatever. But. But my point is this could make a great blog post or security research paper on, like, how does this. How does this tool work? Right? Like, this tool is cool, but, like, there's a lot between downloading this tool and getting results that you can do something with. That would be a great, like, video or blog post. Right? All right. And Phil Stafford brings out a really important note. It's only open models. How many users even know an open model? An open weight model? Exactly. Like anthropic open AI or anthro Claude and Chat GPT. Those are closed models. Right? So. But. But hey, if you don't know the term. If you don't know the term open model, if you don't know the term open weight model, if you don't know the term LLM, like, these are fundamentals that you should learn.

B (50:47)

Epstein files leak sensitive data, victim info and credentials.

A (50:52)

Oh, my God.

B (50:52)

US Authorities have retracted thousands of records tied to the Jeffrey Epstein files after inadequate redactions exposed sensitive data affecting around 100 victims. This was first noted by AP News on February 2nd. The leaks included photos, names, emails, banking details, Social Security numbers, and in some cases, full credit card information. Cybernews now reports the release exposed multiple passwords, some reportedly still valid, for accounts including outlook, Gmail, Yahoo, LinkedIn, and Apple ID system BC found.

A (51:36)

All right, we. I try to keep this apolitical. Keep it on cyber. So let me. Let me do what I can with this story. All right? I will tell you. All right, so here's what we can do with this. Whenever you do data disclosure, for whatever reason, you have to make files public. You have to share. Even if you're sharing data internally with like a business partner or something, you should be only sharing the data that needs to be shared. Data layer security is critical in 2026. Okay, I have a. I just have. I just have a video come out. Jesus. Like, hold on. Look at this. Please look at this. I have a video that came out Sunday. This video right here. Your analysts are uploading customer data now. What? Right, you're uploading to AI now. What? This video right here, literally, I show you how to install a free tool that you can use for data layer security. What's data layer security? Tokenization, redaction, masking, synthetic data generation. This tool does it all for free, and it's wicked easy to set up. And where can we use this for? If I need to give AI data Hey, Open Claw. Here's all my sensitive data, right? Here's my financials for 2025. If I don't want it to have my data like my Social Security number, I listen, I don't want Open Claw to know my wife's name or my kids names. Okay? You. I still need them to know that I have a wife and that I have two children. Okay? You can use tokenization to swap that stuff out and still maintain referential integrity. All right, go here. I'm gonna drop this video in chat right now. I don't know why this video is not even performing well. It's like literally an awesome free tool for data layer security. Okay, so check that out. Now let's. So basically, if you're going to share data, do that now. Let me tell you something really quickly, okay? I, I typically try to keep this apolitical. I am personally very, I'm following the Epstein file story very closely. I think, I think this guy's a monster. And I don't think just because he's on Alive that closes the case. It like and all these file disclosures and everything. I love that the Internet is downloading these things and doing all the analysis. Coffeezilla. I love Coffeezilla and the work he's doing. Many people are doing these things. And just really quick, the redaction that's being done is horrible, right? So if again, this is not about this particular person or story or the data that it is, but if you're going to redact data, you must be consistent. Now I know that there's redactions being done that are inappropriate and, and wrong. But my point is there are several examples where this, these files have sensitive information passwords that still work. That is insane to me. And, and secondly, why don't you have multi factor authentication enabled on your things, especially when you are committing horrible heinous crimes. And that's not even allegedly, because he definitely was in jail and definitely convicted of these heinous crimes. So don't come at me with allegedly. So you gotta, you gotta put MFA on for sure. And if you're going to redact files, you have to be consistent. Meaning, Meaning there are multiple files where like the name is redacted and then like layer layered down in the file. Like there's a reply to the email and the whole email is there with, with all of the sensitive data. You know what I'm saying? So data layer security people, this is what you need in 2026 where everybody's sticking everything in AI, right? You can use, like someone even said it, you could take all of the Epstein files and drop them into an AI tool and say, go through all of this and tell me the interesting things, right? Which is not a problem because like, we don't need to redact anything. It's not art. It's. It's public for, you know, public data. But if you want to take your own sensitive data and stick it into an AI tool for economies of scale, you must be doing data layer security.

B (56:22)

Or risk exposure across infected systems. Researchers at Silent Push say the system BC Botnet is still active and linked to more than 10,000 infected IP addresses worldwide, often appearing early in intrusion chains that later lead to ransomware attacks. The proxy malware was first seen back in 2019 and turns compromised systems into soxpy relays and has been found lingering for weeks or even months, largely on data center infrastructure with infections concentrated in the U.S. researchers also identified a previously undocumented Linux focused variant with no antivirus detections and found compromised systems tied to government websites in Burkina Faso and Vietnam. If you have some thoughts on all.

A (57:13)

Right, so you know 10,000 infected system botnet? I mean, okay, like for real man, like, like every other botnet on the Internet says hold my beer. Again, like if you don't have perspective, 10,000 might seem like a lot. Broseph Isuru, which just did the largest denial of service attack ever this week, has something like 1.5 million infected systems on it. So like 10,000 is cute. Like this global system BC Botnet is like playing in the sandbox right now. Again, I don't have a botnet with like five endpoints, but just, I don't know. As far as like newsworthy goes, let's see what they got here. So the System BC is deploying additional malware. So botnets are often used for denial service attacks, but you can use them as like kind of forward facing soldiers in the sense that like, let's say that I am a bad guy and I compromise Code Brews computer. So if I want to deploy malware on Luke Canfield's system, I do it from Code Brew's computer. Because then if Luke Canfield gets mad, he goes and yells at Code Brew and I'm left laughing all the way to the bank. Right? So having those 10,000 nodes as kind of infrastructure to deploy future attacks is good. It's good. Okay. Remember though, for, for 10, 000 systems, you have to have an interface to manage all those systems. You can't just be like randomly jumping into one. Looks like they're all. This is a great heat map. Looks like. Look at this. Ridiculous. All of the infected systems, I guess, are in the United States. That's really funny. What's the point? Why did they show the whole world? Like, just to confirm that, I guess. Germany is showing a little bit of heat. Ooh. System BC is written in Pearl. One of my, one of my first programming languages ever, actually. I'm, I'm really old. My first programming language was Pascal. Jesus. Let's see. Okay, so here's the deal. You may, you may be infected by System BC Botnet. I mean, just do all the normal things. It doesn't matter if you're infected with System BC Botnet or Redline, Info Stealer or Trickbot. Like, if you've got malware running on your box, you don't want it there. Use edr, put in detections, clean your systems, keep it above board, and don't have your users click on silly things. Okay, cool. No, no, Fortran up in here. Pascal, Pascal and then, and then Java. So Pascal was before I went. Well, Basic and Pascal was before I went to college. And then when I got to college, I went through UMass Amherst Computer Science program and Java had just come out. That's how old I am. Java had just come out and the program was all about Java. So we did Java, Java, Java. And then when I graduated, we got into workforce and basically the first job I got after I was slinging bricks was as a developer. And they, they, they ran Pearl at their company. So I learned Pearl over a weekend and got the job. All right, guys, thank you so very much. I'm Jerry from Simply Cyber. We had a bit of a. We're still trying to get the jawjacking sorted out. So no jawjacking today. I've got to go to Citadel and teach, teach the cadets. But I do want to say have a great day. Reminder everybody. Please remind her. You're gonna love this. Okay, check me out now, today at 4:30pm Eastern time, we're gonna be joined by two legends. Wade Wells, Hayden Covington, Wade's mustache. The three of them are going to be on stream with me if you want to take your security operation skill set to the next level. If you're sock curious, if you want to know what detection engineering is, these two guys have an unbelievable amount of knowledge and they're really great people. So they're going to. Come on, we're going to kick it. Come join us. I'll drop a link in chat, guys. Thank you all so very much. Again, please. Here. Simply Firesides. Please remember, the links to the show sponsors are in the description. If you click on them, it does help support the show. So go check them out. I'm Jerry from Simply Cyber. Until next time, stay secure.