Summary7 min read

Daily Cyber Threat Brief – Ep. 1064 (Feb 9, 2026)

Podcast: Daily Cyber Threat Brief
Host: Dr. Gerald Auger, Simply Cyber Media Group
Date: February 9, 2026

Episode Overview

Dr. Gerald Auger delivers his trademark mix of insightful cybersecurity analysis, career advice, and community engagement, covering the top eight cyber news stories most relevant to professionals and business leaders. The episode stands out for its authentic, unscripted breakdowns—going “beyond the headlines” to reveal why each story matters. With a light, conversational tone peppered with pop culture references and relatable humor, Dr. Auger helps listeners understand both technical threats and strategic implications.

Key Discussion Points & Insights

1. Openclaw (Claudebot) Integrates VirusTotal for Skill Marketplace Scanning

[12:01]

Issue: Openclaw (formerly Claudebot) has been abused to deliver malware through its skills marketplace. In response, its founders now partner with VirusTotal to hash and scan uploaded skills.
How It Works: Each skill is assigned a SHA256 hash and checked against VirusTotal’s database.
Limits: This provides only baseline protection. Polymorphic malware or new, unreported malicious skills can evade detection.

Quote:
"This is better than nothing, but it's not great… Just like WordPress plugins, anybody can make a skill, and you're just downloading and running it. You have no idea where it's from.” (Gerald, 13:30)

Value Added: Dr. Auger recommends a new hardening guide for Openclaw released by respected expert Thomas Rocchia, and advises anyone deploying such tools to rigorously review hardening standards.

2. CISA Directs Agencies to Remove End-of-Life Devices Within One Year

[17:33]

Directive: CISA mandates all federal agencies decommission vulnerable edge devices (load balancers, routers, etc.) within 12 months due to ongoing exploitation, mostly by nation-state actors.
Compliance Reality: Budget limitations, logistics, and operational impacts make immediate replacement unrealistic; federal compliance often lags ideal security.

Quote:
"Unfortunately, compliance is minimum security, borderline security theater... No environment is ever 100% compliant—I promise you." (Gerald, 21:45)

Insight: While frustrating, a year is a practical timeline; the story exposes the persistent compliance gap even among high-profile organizations.

3. Russia’s APT28 Targets Maritime and Diplomatic Entities with Office Exploit

[23:43]

Attack: Russian APT28 (Fancy Bear) leverages a Microsoft Office exploit (CVE-2026-21509) to spear-phish organizations across Poland, Slovenia, Turkey, Greece, and UAE.
Tech Details: The exploit can install backdoors simply by opening a malicious document—no need to enable macros.
Geopolitical Note: While primarily targeting regional government and military orgs, UAE’s inclusion may be collateral rather than deliberate.

Quote:
"Once opened, the exploitation just happens... this campaign is highly targeted, not a broad threat most listeners need to panic about." (Gerald, 25:50)

4. Chinese-Backed “Salt Typhoon” Espionage Campaign in Norway

[30:19]

Summary: Norway accuses China-linked Salt Typhoon of espionage intrusions into multiple organizations; US officials call group an "epoch-defining threat."
Lack of Details: No technical details released. Impact, targets, and persistence are unclear.

Quote:
"This story could have been a tweet. Norway says Salt Typhoon broke in—no info on what, how bad, or if they're still in there. It's a nothing burger." (Gerald, 31:15)

5. Dknife Malware Targets Chinese Routers and Edge Devices

[38:54]

Discovery: Cisco Talos uncovers “Dknife” malware, active since 2019 and targeting Chinese-speaking users’ routers with deep packet inspection and adversary-in-the-middle (AiTM) capabilities.
Technical Note: Dknife’s ability to manipulate traffic is limited if proper TLS encryption is in use—but governments can still prompt cert acceptance to man-in-the-middle.

Quote:
"If you're interested in nation-state threat actors, the Cisco Talos report has actual meat. Screenshots, scripts, even assembly code—it's a great technical read." (Gerald, 43:22)

Practical Insight: AiTM attacks at the gateway level pose serious privacy issues, especially when the targets are domestic users.

6. BridgePay Ransomware Disrupts US Merchants (Payments Outage)

[47:45]

Incident: US payment platform BridgePay crippled by ransomware, forcing many retailers (e.g., restaurants) to revert to cash-only—and exposing business continuity weaknesses.
Advice: Having alternative payment tools like PayPal or Venmo can serve as quick patch. Tabletop exercises and redundancy planning are essential for small businesses.

Quote:
"This is a perfect case for tabletop exercises—mission critical downtime means no money for the business or the staff." (Gerald, 50:54)

7. AI-Assisted AWS Attack: Full Compromise in Under 10 Minutes

[53:22]

Finding: Sysdig Researchers watched an attacker, using AI automation, escalate from S3 credential theft to AWS admin in less than 10 minutes via LLMs (Large Language Models).
Core Issue: The real problem wasn’t AI, but basic operational failure—leaving credentials exposed in public S3 buckets.

Quote:
"Don’t get wrapped around the axle that this is about AI moving fast. The lesson is: if you leave keys out, you're owned—whether it takes 2 days or 10 minutes." (Gerald, 54:47)

Takeaway: Apply fundamental cloud hygiene: no public credentials, restrict permissions, and regularly audit attack surfaces.

8. Sophisticated Phishing Targets High-Profile Signal Users in Germany

[58:01]

Trend: Attackers phish high-value individuals (politicians, journalists, diplomats) on Signal, not by malware or Signal flaws, but by impersonating support and tricking users into adding a rogue device.

Quote:
"Signal is secure—the only way in here is to trick the human. Spread this to your execs: nobody from Signal support will message you on Signal. If they do, it's a criminal." (Gerald, 59:25)

User Guidance: Encourage organizations, especially those with VIPs using Signal for sensitive communications, to train on social engineering risks.

Notable Quotes & Memorable Moments

On Federal Cybersecurity Compliance:
“Compliance is minimum security… it’s borderline security theater.” (21:45)
On Cloud Credential Leaks:
“If you stop step one of the attack chain, steps two through 30 don’t happen.” (54:47)
On Community Engagement:
“Showing up, being consistent—that’s half the battle.” (33:45)
Comic Relief:
Recurring pop culture drops—Wu-Tang, Lord of the Rings, Billy Big Mouth Bass, “Ain’t nobody got time for that,” and “That Hansel’s so hot right now”—lighten the technical deep-dives and reinforce key points.

Important Timestamps

[11:01] – Start of top stories
[12:01] – Openclaw x VirusTotal integration: supply chain/hardening advice
[17:33] – CISA's one-year legacy hardware directive
[23:43] – Russia APT28's Office exploit phishing in maritime/diplomatic fields
[30:19] – Norway blames Salt Typhoon/China for espionage (few details given)
[38:54] – Cisco Talos and “Dknife” router malware analysis
[47:45] – BridgePay ransomware attack impacts US merchants
[53:22] – AWS environment fully compromised in 10 min via AI-assist
[58:01] – High-profile Signal phishing campaign (no malware, pure social trickery)

Community & Career Mentoring Segment (Jawjacking)

[1:02:47+] – Open Q&A on career development, GRC vs. SOC, leveraging LinkedIn data for interview prep, certifications (WGU vs. traditional universities), and more.
Advice Highlight:
“Whatever the skill gap in the job description—spend an hour learning it the day before your interview so you can show proactivity and initiative.” (1:07:40)
Fun Fact:
“The beard is a cybersecurity time optimization—ain’t nobody got time for shaving.” (1:16:10)

Tone & Takeaways

Dr. Auger’s approach is candid and encouraging, focused on teaching listeners the “why” behind incidents, not just the what. He injects practical lessons, frequent humor, and emphasizes real-world impact over technical hype (“Don’t get wrapped around the axle…”). The show fosters community—calling out wins, first-timers, and promoting breadth of knowledge sharing.

Summary Table

| Story | Impact | Key Advice/Insight | Timestamp | |-----------------------------------------------|-----------------------------------------|------------------------------------------|------------| | Openclaw uses VirusTotal for plugin scans | Supply chain, AI security | Basic check only; review hardening docs | 12:01 | | CISA rips out end-of-life devices mandate | Federal agency exposure | 12 months justified, compliance lags | 17:33 | | Russia’s APT28 targets with Office exploit | Maritime, diplomatic sectors | Highly targeted, patch fast | 23:43 | | Norway: Salt Typhoon espionage | Critical infrastructure, few details | Monitor updates, little actionable info | 30:19 | | Cisco Talos: Dknife router malware | Chinese-speaking users, AiTM risk | DPI & TLS, read technical reports | 38:54 | | BridgePay ransomware impacts US merchants | BCP/DR for payment systems | Tabletop, maintain manual alternatives | 47:45 | | AWS account: AI-assisted rapid compromise | Cloud security hygiene | Focus on basics, not just AI threats | 53:22 | | Sophisticated Signal phishing (Germany/EU) | High-value target social engineering | User awareness: “No support will call” | 58:01 |

Tips for Non-Listeners

If you missed the episode, you’ll still get key technical context, strategic lessons for security and compliance, and relatable career advice—all in a style that’s educational, digestible, and often funny.
Frequent calls to participate (community shoutouts, questions, and celebration of member wins) make it clear anyone can both learn and contribute.

Further Resources

Openclaw Security Hardening Guide: Search for Thomas Rocchia’s “SHIELD.md” for practical implementation tips.
Cisco Talos Dknife Report: Refer to Cisco Talos’ blog for deep technical analysis.
Community Engagement: Join Simply Cyber’s Discord and morning briefings for interactive learning, job leads, or mentorship.

Key message:
It’s not the hype tech or the latest threat actor—risk comes from the basics left unchecked. Focus on fundamentals, stay aware of evolving tactics, and participate in the security community for continual learning and support.

Loading summary

Transcript23 lines

[00:01]
A
Good Monday morning, everybody. If you're looking to stay current on the top cyber security news stories of the day, while being entertained and educated and ultimately making you the best cyber professional that you can be, well, you're in the right place. Welcome to Simply Cyber's Daily Cyber Threat Brief. I AM your host, Dr. Gerald Ozer, coming to you live from the Buffer Ozier Flow Story. Ojier Flow Story. Oh. Buffer Ozier Flow Story Studio. And we're going to be going through the top cyber stories of the day. Welcome to the show. We're off and running on this beautiful Monday morning. All right, good morning, everybody. Hopefully you enjoyed the super bowl last night. Very entertaining game. Not the outcome I was particularly hoping for, but. But you know, you can't win them all. And I do celebrate sport at the highest level. So good game and well earned, Seattle guys. We're going to be going through eight cyber stories in the next hour, and obviously you can read the cyber news on your own if you wanted. So what's the value proposition here? We're gonna go beyond the headlines. I'm gonna give you additional insights. Value? Just lessons Learned from my 20 plus years of career. I want you to know that I haven't researched or prepped for any of the stories of the show. I have no idea what they're going to be. Ain't nobody got time for that. That's right. Ain't nobody got time for that. So it's authentic reactions and responses. I do want to say every single episode of the Daily Cyber Threat brief, including episode 1064, is worth half a CPE. So be sure to say what's up in chat. Right above me, right here. Dre Morissette, 1150 podcast knows what's up. Good morning. Great people say what's up? And the deal is WP Maestro Squad membership. Thank you very much, WP Maestro. The deal is every episode is worth half a cpe. So you can basically knock out your continuing professional education credits for the year by just being here every single morning. What's up, Alpha Sierra? Good to see you. Say what's up? In chat. Grab a screenshot, include the title of the show. You'll notice the title of the show right there on YouTube or LinkedIn. Says February 9, 2025, episode 1064. That's a unique identifier, so if you ever get audited for your CPE submissions, you'll have all the evidence you need. The screenshots are just in case you need it, not part of the requirements. But this is an instructor LED webinar. As boring and as dry as that sounds, if you peel back all the layers, if you peel back the sick Wu Tang MFA shirt, it's still an instructor LED webinar, so it qualifies for a half a cpe. Today's your first episode. Drop a hashtag first timer in chat. Hashtag first timer in chat. We love welcoming our first timers. We have a special sound effect. We have a special emote. And the squad members, all those with a blue. Excuse me, all those with a green name are have access to a special emote that's going to light it up for you. I just remembered something. One second. Zach. After show today. Okay, Cool, cool, cool, cool, cool. All right, guys. So did you stay up and watch the game? Let me know in chat. Did you enjoy the game? I. I do. Listen, I don't need a, a shootout. I don't need 75 to 67 score. While that is entertaining, you know, D I, I can appreciate defense long as it's the, you know, sport at the highest level. I'm all in. Right? And that defense was smothering, smothering last night. All right, guys, the show is not possible without the stream sponsors, who I genuinely appreciate. Thank you very much, stream sponsors, for enabling me to bring this show to the simply Cyber community every single weekday morning. People, people have. People are continue to be stunned when I tell them that I do this show every single Weekday morning at 8am it some people don't even believe me. I'm like, whatever. Like go look at YouTube receipts, receipts. All right. Hey, if you want to support the show, if you're getting value from the show, if you like what you're seeing and what you're hearing, then check the links out below. Click on them. Go check out the stream sponsors. They do support. It supports the show because obviously that's why they pay to be a sponsor. Right? Is so you know, people see them and click on them and check them out. All right, let's do the stream sponsor. Starting with anti siphon training. Many of you are likely heading to Denver this week for Wild West Hacking fast Mile high starting tomorrow, going through the week. If you are in Denver, let us know in chat. Sherry, share it in chat. If you're in Denver again, I won't be there. So I can't be officially, I can't coordinate any type of simply cyber meetup. But if there are simply cyber community members that want to meet up, definitely use the con chat in the Discord server. Again. Last year there was some issues I wasn't there and I did have to work through the issues the week after having multiple calls and recorded sessions and stuff. So please, if you are gonna hang out, meet up or whatever, do it responsibly. All right. Hey. Anti Siphon trainings Disrupting this traditional cyber security training industry by offering high quality cutting edge education to everyone regardless of financial position. And I gotta tell you there is still time to register for virtual training. So if your plans change this week you can still get some training. Go to wild west hackinfest.com the the. You know, basically the training arm. Excuse me, the conference arm of anti Siphon training. More of Anti Siphon training coming later this week but just different week. I. Let me know. All right guys, holla at Material Security. Guys, Material. I'm telling you I use Google Workspaces for my business. You know, back end, rear end. My back end infrastructure is Google Workspaces and I used Material Security to do a pulse check on my environment security configuration. Definitely valuable. They do more than that though. Listen, managing security in cloud workspace is difficult. Phishing's far from the only way in. But today's email security, it just stops at the perimeter. And new attacks are hard to detect. With siloed email data and identity security tools, Material protects the email files and accounts that live in Google Workspace and Microsoft 365 don't think this is a Google only solution. Because effective email security today needs to do more than just block phishing and inbound attacks. It needs to provide visibility and defense across the workspace. Threat Surface Material ingests your settings, contents and logs to provide holistic visibility into threats and risk across workspace along with tools to automatically remediate them. Guys, the easiest thing you got to do, go to simply Cyber IO Material and learn about how Material enables organizations to scale their security without scaling their team. Simple API based implementation, flexible automated one click remediations for email file and account issues. This is perfect if you are. If you are drowning in security because there isn't enough people to manage it, check Material out. They can help scale your team without scaling with people. Simply Cyber IO Material. I'm going to drop a link in chat for you guys to click on again. If you are the person who's responsible for all the things and you run Google Workspace or Microsoft 365, this could be the godsend you're looking for. As always we got threat locker me Kimberly can fix it. Kathy Chambers will be at Zero Trust World in just a few weeks Here if you're going to be there and sound off in chat. Definitely going to have a meetup in Orlando in a few weeks. Believe that. Let's hear more from Threat Locker and then I'm going to melt your face with the cyber news of the day. I want to give some love to the daily Cyber Threat brief sponsor Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCyber. All right, everybody hold on. I'm queuing the stories up. The website kind of was messed up today. Not messed up. It's just I misunderstood what they were doing here. So now again, like I'm being real. I don't research or prep. I, I literally have no idea what stories are going to be. All right, do me a favor, everybody sit back, relax. Let's let the cool sounds hot news wash over us. Awesome waves. Let's go. You have some thoughts on the news from today? Oh my God. One second. I. You know it's Monday. These things happen on a Monday, y', all, bruh. There we go. There we go. And here we go. From the CISO series, it's cybersecurity headlines.
[11:01]
B
These are the cybersecurity headlines for Monday, February 9, 2026. I'm Steve Prentice. Openclaw turns to virus Total to boost security.
[11:15]
A
Yeah boy.
[11:16]
B
Following up on a story we have been covering this past week regarding openclaw, the self hosted AI assistant formerly known as Claudebot and Multbot now being abused to distribute malware. Its founders have now announced that they are partnering with Google owned Virus Total to quote, scan skills that are being uploaded to clawhub, its skill marketplace, end quote. By essentially creating a unique SHA256 hash for every skill and cross checking it against VirusTotal's database for a match. The company warns that VirusTotal scanning is quote, not a silver bullet and that there is a possibility that some malicious skills that use a cleverly concealed prompt injection payload may slip through the cracks. End quote.
[12:01]
A
Yeah, of course. First of all, this is very cool. If you don't know what Virus Total is. I actually found about, found out about Virus Total later in my career. So I always pointed out like, dude, Virus Total, super sick. It's basically, it's not a search engine, but like, basically it's a free online web tool that you can stick, you know, a URL and a file, like a binary or something like that, a hash, and it'll, it's a lookup, it's like for security researchers to share. So the fact that claudebot now integrates with Virus, so basically it's an API key to send whatever over there. Honestly, I'm not entirely sure I get, I get it right. It's definitely integrated with VirusTotal because that's what the story is. But I'm not entirely sure what it is sending to Virus Total. Right, like, hold on, let's see if we can look at this. Really? All right, so the, what it's doing is it's not looking at your prompts, it's not looking at anything that claudebot is doing for you as an AI assistant. It's taking the skills and checking them against Virus Total to see if they're a known malicious skill. This is valuable, but as they say, and as everyone in this chat should know, it is not bulletproof. Okay, here's the reality. Threat actors have been putting malicious code into GitHub, NPM, PYPY, all the things, right? Malicious code everywhere, third party risk, right? Supply chain risk. It's, it's so hot right now, okay, that Hansel's so hot right now. And this is no different. So your Clodbot gets access to skills. Skills are awesome. Skills for Quadbot is like plugins for WordPress. Okay, that's like exactly what it is. WordPress plugins, anyone can make them, you can download them and integrate it with your platform as quickly as just clicking, clicking, but you have no idea where they're coming from. These AI skills add an additional level of concern because your you random skills. Roswell, UK, FedEx, Phil Stafford, you are not reviewing the skill. You're basically just telling claudebot to go pull it down and get busy with it. So claudebot's gonna be your best friend and be like, sure, sure, sure, I'll download all the things. Let's go, buddy. Shall we play a game? And you could be pulling down malware and claudebot will happily execute it because it doesn't give an F, right? So the SHA 256 hash of the skill is, is basically a minimum level of, hey, I'm a developer. I made this skill. Here's a hash to make sure that you're getting the same skill that I'm saying that I built. Now, having said that, I mean, if I was a criminal, right, I would just make a skill. Create a hash, have you download it, infect your machine. Once virustotal gets alerted to it, change the skill a little bit, get a new hash and you know, iterate. This is called polymorphic viruses, right? This is again, threat actors solved this like 25 years ago. So like this is better than nothing, but it's not great. What I will tell you as bonus again, I told you I like to go beyond the headlines and give you value that you're not going to get just by reading the stories yourself. I saw this this morning on LinkedIn. This guy right here, Thomas Rochia, I don't even know how to say his last name. He. This guy is like an absolute stud. I've tried to get him on Simply Cyber Fireside several times. He's always very polite and says yes, but like we never are able to move it beyond that. So I think he might just be polite. But what I want to tell you here is check this out. He has released or I. I didn't have time to look at it this morning because I had to shower. I did shower. You'll notice I do not have a hat on. And look at my thumb. The bandage gets smaller and smaller. All right, so check this out. He definitely did something recently that I think super sick. Let me see really quickly. He basically wrote a security hardening guide for claudebot. Here it is. Look at this, look at this. SHIELD md A security standard for open clot and AI agents. I haven't vetted this, but this is one of those ones. This is one of those ones where like, I didn't vet this or anything, but this guy has consistently pumped out awesome stuff like over and over and over. He's like DJ Collet of securities. Like another one and another one. So I. I still haven't rolled out my Mac Mini Quadbot because I need to. I'm gonna do it today. I need to focus like four hours to do it. But you can believe that I'm going to review this thing right here before I do it. So yeah, if you're going to run open claw, be careful. Lots of people are getting scammed. It's no, no surprise.
[17:33]
B
CISA gives federal agencies one year to rip out end of life devices.
[17:39]
A
That's fine.
[17:39]
B
This operational directive issued on Thursday is in response to ongoing and Widespread exploitation campaigns from sophisticated hackers. The devices, such as load balancers, firewalls, routers, IoT edge devices, and many more REM remain vulnerable, especially to those with ties to nation states, said CISA Executive Assistant Director for Cybersecurity Nick Anderson. He clarified that this directive is not a response to any one incident or compromise. Microsoft Office exploit attacks European hello, Computer Stop podcast.
[18:15]
A
Listen, even if it was tied to a attack, do you think they're going to come out and be like, oh, man, we just been getting our, you know, we've just been getting our, our face kicked in over here with this Oracle ebs. So end of life devices gotta go. Oh, the EPA has been rolling out sonic walls for years. We really, we're. We just threat actors have been absolutely curb stomping us up in here. We got to roll this out. All right, first of all, things like this absolutely upset me, okay? This upsets me for days, okay? Federal agencies have one year to get rid of end of life devices. So that means federal agencies running end of life devices have risk exposure for the next 12 months. Very good. No, this is for the uninitiated. You might be outraged by this. You might be like, ah, this is ridiculous, okay? And I would be right there with you. However, let me break this down to you. Replacing hardware costs money, okay? First of all, money. Where's the money coming from? You have to get budget. The US Government. There's no petty cash, okay? This isn't. Don't tell mom the babysitter's dead. Where Christina Applegate has access to a petty cash slush fund for buying things, okay? That's a deep cut. You can go Google it. So you have to request budget. You have to get allocation. You probably have to hire contractors to come in, replace hardware. You have to schedule maintenance because when you remove hardware, it typically disrupts production and operations, right? There could be military theater things. There could be, you know, oh, my God, like a outpost somewhere running end of life software. I could tell you for a fact down in Antarctica, National Science foundation, which is a federal agency, runs research stations and they're running some end of life stuff. So you gotta logistically get it. There's. It's a whole thing. So 12 months, I'm willing to accept. I'm willing. You know what, Zach Hill, you knew. Don't tell, don't tell mom the babysitter's dead reference. You knew exactly what I was talking about. You could see the same scene, okay, so 12 months is reasonable. Unfortunately, it's reasonable. Here's My thing. Okay, I'm just gonna. Just allow me, allow. Allow me to scratch this itch, please. NIST 853. Let me just. Let me just take a quick sniff here. I'm gonna whip up the nist853 rev 5. Let's see. No, no, I just. I can't even think of like, what. Hold on. I can't even think of, like, what control it is. Give me one second. Here's the thing. This is going to bother me. I want to say it's configuration management. Maybe I'm in the CM controls. Maybe it's under risk. Let's see. Configuration settings, least functionality. Yes, yes, yes. System component inventory. We're getting closer. Software usage restrictions. No, it's none of these. Listen, let me know in chat. It's not coming to me right now. I'm still recovering from the Super Bowl. Like the murder. Someone called the police because Seattle murdered the Patriots last night. Here's what I want to tell you. All federal agencies have been required to comply with Fisma since like 2002. Okay? Believe me when I tell you there's absolutely a control inside of NIST 853 that requires you to not run end of life software or end of life hardware. So for federal agencies to have a year to comply with this means that many federal agencies have not been FISMA compliant. Which just goes to show you guys, unfortunately, compliance is minimum security, borderline security theater. I'm a GRC professional, okay? I'll be the first one to like, champion grc and the C stands for compliance. But I have worked in FISMA environments. I have worked in HIPAA environments, I've worked in PCI environments. And I can tell you, no, I don't care who or what you are, how much money you have, no environment is ever completely compliant, I promise you.
[23:44]
B
Maritime and transport organizations. Following up on a story we covered midweek, Ukraine's Computer Emergency Response Team, cert ua and cybersecurity firms Zscaler and Trellix have reported that the exploitation of a newly disclosed Microsoft Office vulnerability linked to Russia's APT28. Fancy Bear Group is additionally focusing on maritime transportation and diplomatic entities in Poland, Slovenia, Turkey, Greece and the United Arab Emirates. The campaign consists of phishing emails with malicious Microsoft Office documents mentioning weapons smuggling alerts, diplomatic invitations, military training notices, and emergency weather bulletins that resemble legitimate government correspondence. So type.
[24:33]
A
All right, so Russia finds out about this Microsoft Office exploit. It's working. And you know what? Like, I don't. I'm not even Mad at you. Russia, they're getting as much value as they can out of this. So when there's a vulnerability, what's up W2FCP? Thanks for the squad membership. When there's a vulnerability, It can be exploited. Okay. And exploitation can lead to lots of things. Remote code execution, access, data leakage, you know, whatever, a bunch of different things. Russia's got a, an exploit for a Microsoft Office vulnerability. And before organizations patch it, ah, you gotta patch it. They're getting theirs. So Russia basically went YOLO like Aragon running after the, you know, or cord down the, you know the, that famous scene from Lord of the Rings. Okay, they're getting theirs. So 72 hours concentrated attack. They were working, you know, probably three shifts going after it. And they, they absolutely expanded, you know, success, were successful in several instances. They were able to successfully exploit, you know, basically diplomatic entities, government related entities in multiple countries. Poland, Slovenia, Turkey, Greece, UAE. All right, CVE 202-621-509 is who they got or what they're exploiting. So let's take a look at that one really quickly. There we go. All right, so you got a 3% chance of getting punched in the mouth this week or this month by yourself. 7, 8 out of 10. So may not even rise to your concern, but it's pretty nasty. 86% tile of how bad is it? Meaning this value means that of all the vulnerabilities in the EPSS database, hundreds of thousands, this one is particularly bad. It's in the 86 percentile of how bad is it? Since there is an exploit out there, there's some threat intelligence here on the EPSS lookup.com website. And if I had to guess, this is basically a phishing email with a Microsoft Office attachment that will exploit. You can see it exploits automatically without require user interactions. It says without user interaction. But I would assume, I have to assume you have to open the Office document. Okay, yeah, once opened. So that's annoying to me. Okay, this is annoying. Really quickly. It says without user interaction. Without user interaction. That's not true. The email comes in, the user has to open the email. You want to know what no user interaction is? Look at how Pegasus spyware detonates on mobile phones. That is zero interaction. It's annoying. Dude, that's like not true. Okay, now the exploitation just happens once the file is open. You don't have to click on enable macros or anything like that. But it does install a backdoor for persistence. I would assume APT28 is no joke, guys. Like there are certain threat actors that are highly sophisticated, highly well resourced and funded. APT28 is one of them. Of course they're targeting Ukraine. I mean, obviously I don't know why they hit uae, honestly, like Romania, Bolivia, Ukraine for sure those are Russian targets. But uae, like hold on, is uae, United Arab Emirates a, you know, rival of Russia? I mean, yeah, it's not a rival of Russia. The two nations maintain a strong, growing strategic partnership. Okay, so I just googled that. That's the one thing about this story that is confusing to me. Right. I almost think that the UAE thing is more of a collateral damage or a misfire than it is deliberate. Again, you personally, this doesn't change how you do your job today. Okay, if you work in Houston, what's up H town? If you work in Houston, like this is interesting, but not anything you got to worry about. If you work in Houston and you work in the transportation maritime industry like some of us do, this may be interesting to you, but for the most part Russia is spear fishing here. They know exactly who they're targeting and they're launching exploits and email phishing emails directly at those people. So this is like geopolitical interesting to stay on top of, but not really something that I'm like going to spend any more time worrying about as far as like protecting businesses that have paid me to protect them.
[30:20]
B
Phoon hacks Norwegian companies. The Norwegian Police Security Service on Friday accused the Chinese backed hacking group of breaking into several organizations in the country to conduct espionage. Their report did not provide many details about this campaign, but the Salt Typhoon organization was described recently by senior US national security officials as an epoch defining threat which has for years stealthily hacked into the networks of critical infrastructure organizations around the world.
[30:53]
A
All right, so Salt Typhoon, that is the Chinese backed APT that specifically targets energy sector industrial control systems. That's what I'm assuming they're doing to the Norwegian people. All right, so you can see here, it's just, it's ca. It's basically the story is updating that you know who. Volt, Salt Typhoon, actually. I'm sorry, Volt Typhoon is the energy sector, isn't it? Salt Typhoon, is that the, the ones who attack the Internet like ISPs? One of them, they came out, they came on fast. There was Volt Typhoon, Salt Typhoon and Flax Typhoon. I think Volt did energy sector and then Salt and Flax. One did ISPS and one did cell care. Cellular phone carriers. I can't, I get them confused. That's the whole story. What the hell? Okay, okay, so this is, this is, this is what we in the biz like to call a, Like a nothing burger. That. Like this, you know how you like the joke. Like, oh, like this meeting could have been an email. Like this story could have been a tweet. Like, there's nothing here. Norway says that they've got telemetry to suggest Salt typhoon broke into him. Not what they broke into, not the extent of the damage. Not if they're still in there. Not nothing. There's nothing here. This is a nothing burger. I hope, I hope you guys packed a lunch because there's nothing to eat here. Jesus, dude. All right, I guess I'll just have more coffee.
[33:10]
B
Huge thanks to our sponsor, ThreatLocker. Want real zero trust training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4 through 6 in Orlando, plus a live CISO series episode on March 6. And you can get 200 off with the code ZTW CISO26@ZTW.com.
[33:46]
A
Alrighty. Alrighty. All right, let's do this. I do wish that it could be. I do wish that it could be. Don't you forget about me. Or several other like 80s songs that we enjoy. But. All right guys. Hey, I want to say thank you very much. We are at the mid roll, just about 8:35 in the morning here on the east coast. Good morning everybody. Thank you so much for being here. Showing up early. I know it can be hard after the Super Bowl. I know it can be hard just in general to be consistent. But showing up every day, consistency and showing up is, is, Is half the battle. Okay? And I'm not being flippant like GI Joe, half the battle, like showing up is important guys. Takes effort, takes energy, takes commitment. Thank you to the stream sponsors, Threat Locker, anti siphon material and Flare. Guys, you guys know flair. I'm going to be adding a video here to show you the platform. But Flare is a cyber threat intelligence platform that is super dope. I've used it. I would continue to use it if I had a need for it if I was managing a larger organization. If you would like to check out Flare's threat intelligence platform for absolutely free, risk free, cost free, see if it can help your organization. Check out Simply Cyber IO Flare. Simply Cyber IO Flare. It'll drop you to this page right here. You sign up for it, they do have to vet you because the level of threat intelligence that you get access to is Unbelievable. And they cannot have criminals getting access to it. It would be too valuable, too valuable for people with criminal intent to get access to this thing. So go to Simply Cyber IO Flare. Check it out. Thank you very much. Flair. I will be getting a little video to show you a walkthrough when I used it and by the way, two weeks is more than enough time to see if it can deliver value to your organization. I used it for about three days and I was stunned, stunned at what I was able to get out of the Flare threat intelligence platform. So check it out. Simply Cyber IO Flare. Guys, every single day of the week has a special segment. And Mondays is Simply Cyrus Community Member of the Week. It is a sponsored by Threat Locker segment. Hold on. Someone got a job. Slevin. Wait a minute. Where is it? Where is it? Slevin X Kel Kel Kilra says good morning. Simply Cyber. Started my first cyber security job this year after getting my SEC plus Certs. Thank you for the help. Lovely, lovely, lovely. Congratulations, Slevin. And thank you so much for sharing your win with the community. Go crush it. My man. Pumped for you. All right. Every single day of the week is got a segment and Simply Cyber Community Member Week. Since it's sponsored by Threat Locker. Threat Locker takes a deny by default approach to application security. It's the same company that is hosting the Zero Trust World Conference in a few weeks that I will be at if you're interested. We're going to be doing the show live from the. The show floor. In fact, I was actually looking at computers today. I'm going to replace my laptop so we don't have the, the freezing obs situation. I. Listen, I have tried, I have tried, I have tried. Now I'm going to replace the hardware. Guys. You're Simply Cyber Community Member of the Week. I. I don't. I didn't. I can't pull up his LinkedIn photo because there's a million of them. But I would like to recognize Robert Hendrickson. Robert Hendrickson has been in the community for a very long time. Being supportive, sharing wins. Robert Hendrickson, congratulations. Thank you for being a community member and being awesome. Let me go. Let me tag him in chat. Robert Hendrickson. There we go. Congrats, my man. Hold on one sec. Congrats. All right, Robert. And again, sorry I can't bring up your photo. There's like a thousand Robert Hendricksons. You just happen to have a, you know, a name that's kind of common. So congratulations and again, thank you very much. All of you are amazing. Simply cyber community members. I just like to recognize some because here's the reality. I see you in chat every day, I show up every day. So I know what you're doing, I know if you're there, I know if you're helping and I see you. All right guys, let's finish strong and keep crushing. Foreign.
[38:55]
B
Malware targets Chinese based routers and edge devices Researchers at Cisco Talus made the discovery, which they describe as a fully featured gateway monitoring and adversary in the middle framework and published their report on Thursday. In use since at least 2019 and still active, D knife, I.e. dknife, targets Chinese speaking users and the researchers express high confidence that it was made by Chinese nexus threat actors. It is a Linux based framework designed for, quote, gateway level attacks enabling operators to monitor, manipulate and hijack network traffic on compromised routers or edge devices. End quote. A link to the report is available in the show notes to this episode.
[39:43]
A
All right, so you know, when it does come up, I always point it out. Cisco Talos is a great threat intelligence outlet. I've done work with Cisco multiple times. I have worked with Cisco Talos multiple times. One of the people that I am a huge fan of at Cisco Talos is Joe Marshall. Just as a quick little aside, this guy, right? Hold on. Where is he? Come on, Joe, where is he? There he is. Look at this guy right here. I love this guy. If you see this guy at a conference, say hi to him. He is such a nice person. In fact, I'm going to be at RSA in a few weeks and I suspect I'm going to spend some time with Joe Marshall. I hope so. All right, so Cisco Talos, whenever you see something from them, it's worth looking at. They have, it looks like they've taken over some type of Chinese based C2 framework called D Knife. Okay, Make D Knife. It's so funny. It makes me think of like, oh my God. I knew like a rapper in college named D Canoe. D Canoe. What was, what was, what was the bad guy's name in Friday with Chris Tucker and Ice Cube. The, the, the one who stole the bike. His name was kind of funny too, but. All right. Seven Linux based implants that perform deep packet inspection. All deep packet inspection means is it's looking at the data layer inside of network traffic. So not just like IP address destination, but one layer above it. By the way, if you are using SSL or TLS to encrypt your traffic, Deep packet inspection. I don't care how deep you Go into the package, you can go all the way up. Debo. Yeah. Thank you. I knew so. I knew it. D Knife. Debo. Exactly. It's my bike, punk. It's more bike. D Knife can do deep packet inspection, manipulate traffic, I. E. Change the data. But again, if you are using encryption, you know what it can't do? Manipulate traffic or do deep packet inspection. I guess it can manipulate in the sense of denial of service, but. And it can deliver malware. All right, so D. Nice. Been around since 2019. Nice. You guys remember 2019, pre Covid. You remember what life was like then? Feels like 30 years ago. All right, so dknife attacks pretty much anything. PCs, mobile devices, IoT devices. If it's got an IP address, d knife wants to have a word with it. Okay. It delivers Shadow Pad and Dark Nimbus. Okay, those both sound like magic. The Gathering cards. All right, so DKNI targets Chinese speaking users. That's interesting. So I wonder if this is designed for espionage and spying on the, you know, Chinese citizens. This is a Chinese based malware. Very advanced, but it targets Chinese speaking users. So again, normally when we see espionage with. Okay, normally when we see espionage, it's country on country action, not country on its own citizens. But, you know, there's nothing to say it can't do that. Casually Joseph is chiming in, saying that DPI can unencrypt TLSSL with the right certs, essentially, man in the middle. Yes, that is true, but Lazaro Rivera, three years, Blue Badge. Love it. Thanks so much, Lazaro. Okay, so here's the deal. It Let me stop really quickly. If you are interested in, you know, nation state level threat actor activity as much as like this story about Russia targeting Norway and how this story had nothing in it of substance, this Cisco Talos report's definitely going to have a lot of meat on the bone. So if you're interested in learning more about this alongside screenshots and scripts and all these other things, you can see they've even got an IDA disassembly here where you can see the actual assembly code. Cisco Talos always does a great job. Now really quick, what does this mean for you as a practitioner? So adversarial in the middle is not good. Casually, Joseph did mention in chat here that you can unencrypt and then re encrypt to do deep pack and inspection in the middle. Let me. I guess DPI is DPAC and inspection. Here's my. Here's my deal. Okay. If you make a connection. If you make a connection to. Okay, hold on. If you're, if you have a normal, if you have a regular computer, not one that was issued by a company that already had certs installed in it. Okay, so you're just a normal user and you hop on a website and you establish an SSL connection and then you're sending data encrypted across the Internet and someone intercepts you. Like China. China. Okay, they, they intercept you and they're going to do deep packet inspection. Two things have to happen. Number one, they have to get you to accept assert because essentially it's going to go as assert to the unencrypt it. Then they're going to do deep packet inspection and then they're going to encrypt it and send it to the site or the, you know, the IP address, the resource on the Internet that you're, you're, you're talking to. So at least in my world, the user would get some type of pop up talking about the cert that they're using. Okay, so the, the user is going to get some visibility into the fact that they are establishing a secure connection with the intermediary. Number two, and this isn't impossible. You've got to have some good hardware for performance of decrypting deep packet inspection, encrypting and having that happen all at once. Okay, again, not impossible. I'm just saying it's not like you're not doing this on a Raspberry PI. So when I say I see BW5542 saying SSL, no TLS. When I say SSL, I use SSL and TLS interchangeably because essentially it refers to the same thing. It's encrypted web traffic. Okay? Port 443. SSL is the old standard. Microsoft, you know, laid its, you know, laid it out on the table and did a measuring contest with either Netscape or Mozilla and crushed the SSL standard. But essentially TLS 1.2, I think is the current, like best one. Let me, let me, let me Google that really quickly. TLS current standard, I think, I think it's 1.2, but. Oh, 1.3. Hold the press 1.3. All right, let's keep going.
[47:46]
B
Payments platform Bridgepay confirms ransomware attack. The US payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. This incident started on Friday and spread nationwide across its platform. The company confirmed late Friday that the incident was caused by ransomware during the incident, some US Merchants and organizations were only able to accept cash from their customers. And BridgePay has not yet named the ransomware actor.
[48:22]
A
All right, so BridgePay, a payment platform I've never heard of before, kind of sounds like it's similar to Stripe was hit by a ransomware attack and you screwed. Right? So, yeah, this company, this company is a business to business solution and downstream businesses that use it to take credit card payments were impacted. You could see Jimmy's Roadhouse Bar and Grill tweets out that their credit card processing company had a cybersecurity breach. All credit card processing is down. I got to tell you, whoever's working at Jimmy's Roadhouse Bar and Grill on their socials, pretty good. I mean, I feel like a restaurant would just be like, we can't take credit cards. You try the fish. Or like, you know, like, you know, five dollar beers, 50 cent wings, cash only, right? Like Jimmy's Roadhouse and Bar looks like maybe Jimmy's son or daughter works in it and is like, I'll handle the socials. All I can say is two things. One, if you are a business that you know is B2C and you take credit cards like your Kona Ice food truck or your Jimmy's Roadhouse Bar and Grill, whatever, and you, you may want to either have a contingency plan or be prepared to take cash. You. I mean, I don't know, like here's I, I wouldn't have a second credit card processing facility up and running, but what I would say is for contingency planning, business continuity, it's very simple and trivial to set up a PayPal in a Venmo account. Again, I have a PayPal account for simply Cyber, right? Like for the business. So it's not impossible to do that. So having alternative payment vehicles for B2C solutions is fine in a pinch, right? Because honestly, I don't know about you guys, but dude, I don't really carry cash very often. So if I walked into Jimmy's Roadhouse Bar and Grill and was like, let me get, you know, let me get the heart attack, you know, a 64 ounce big boy beer. I'm trying to like forget about the Patriots game last night and Jimmy's Roadhouse is like cash only. I'm going to go to the next place. I'm going to go to Billy's Roadhouse Bar and Grill down the street. So all I can say is this is a perfect example of number one, business continuity, number two, thinking through redundancy and how redundancy would work. Because, listen, whatever organization you're responsible for protecting, you should think through what is mission critical. What's mission critical here? Well, like, Jimmy's Roadhouse Bar and Grill, right? Being able to make payroll is mission critical. Being able to, like, the point of sale system is. Is probably mission critical. So you should be thinking through again, I'm using this restaurant. It's just a silly example, but here's the reality, guys. Imagine the point of sale system goes down. What do we do? Turn customers away? No, there's pen and paper that we keep in underneath the hostess stand. Go grab that. And we're going to do paper checks. And you know, the kitchen's ready to take them. The wait staff is trained to use them. Things are going to be slower, but you can still take orders and get food out the kitchen. Okay, perfect. We can't take credit cards. Okay. We're. We have a PayPal account. We take cash. And by the way, just taking cash doesn't mean just taking cash. Like, can you make change for people? Do you have a. Like. And this isn't to dig on anyone, but like, say the check is 7832 and they give you a $100 bill. Does your staff know how to subtract 7832 from 100? Again, I'm not digging on anyone, but unfortunately, some people, you know, can't do simple math. So. Do you have a calculator available? These are silly examples, but it begs the attention of doing contingency planning and business continuity thoughtfully instead of just being like, oh, yeah, no, if things are down, we'll just reboot. No, no, Kevin, it's not as simple as just reboot. All right? Do tabletop exercises, think through these things. Because honestly, the last thing you want is, is to experience mission critical downtime, because then you'll be making $0. And you know who doesn't like $0? Whoever owns the business. They're going to be pissed. Also, for the restaurant example, you're not going to be getting any tips. You're not going to be making any sales. You know, it's going to be bad for everyone.
[53:23]
B
AWS intruder becomes admin in under 10 minutes with AI assistants, a digital intruder broke into an AWS cloud environment and in just under 10 minutes went from initial access to administrative privileges thanks to an AI speed assist. This is according to a research team from Sysdig Threat Research, who observed the break in on November 28 and noted it stood out not only for its speed, but Also, for the multiple indicators suggesting the criminals used large language models to automate most phases of the attack, from reconnaissance and privilege escalation to lateral movement, malicious code writing and LLM jacking. Using a compromised cloud account to access cloud hosted LLMs. End quote. The attackers initially gained access by stealing valid test credentials from public Amazon S3 buckets.
[54:18]
A
All right, here we go. Now, the story will have you believe that this is an AI problem. Shall we play a game? Okay, and yes, this threat actor was able to get domain admin effectively, right? Like, it's not domain admin. It's. It's like cloud tenant admin and an AWS infrastructure in under 10 minutes, using AI to move fast and break things. Okay, Having said that, I don't care if you have AI crawling out of your ears, right? You got like a clodbot. You go, you go so far as to like, get like a billy, A billy big mouth bass. Like the, the, the. The fish that you would mount on the wall and it turns its head and it's like, I keep on dancing. Oh, yeah. Like, it plays like 50 songs and you shove Claude Bot inside of that thing. So then the fish turns and it's like, hello, would you like to play a game? Right, I don't care what you do with AI. The story here is basic cyber hygiene. The threat actor was able to basically scan public S3 buckets that had credentials publicly available. Hello. Like, the fact that they were able to get in 10 minutes just means that they were able to go from zero to admin faster. They still would have got there because the credentials were still there. You have, like, I don't care, like, what your specific deal is personally. You have to be looking at your cloud surface, your attack surface, your exposure, and looking for credentials, looking for default configuration, looking for misconfigurations, looking for dev environments that shouldn't be publicly accessible, looking for API keys that shouldn't be publicly accessible, looking for certificates that can be used to log in with ssh, private certs that shouldn't be publicly accessible. All of those things. Crappy passwords, not behind mfa because a threat actor will get those. And whether it's 10 minutes because Claude Bots helping it move faster and break things, or it takes two days, it doesn't matter, because the threat actor will achieve the goal of owning you and your whole infrastructure because you haven't done the fundamentals. If you stop step one of the attack chain, steps two through 30 don't happen. Thank you. Okay, if you're gonna, like, it's just like, what are we doing here? I'm not saying, like, I'm not blaming the victim, okay? I'm not blaming the victim here. I'm not saying that. Oh, you shouldn't have. Like, you wouldn't have gotten robbed if you didn't go out last night. You should stay home and not go out. What would you expect? You got your wallet all fat with cash sticking out your back pocket. You should have been rob. No, I'm not saying that. What I am saying is, you know what cyber security is all about. Vigilance, consistency, best practices. Unfortunately, if you do all the things 99% of the time, that 1% of the time is going to lead to risk and risk exposure and ultimately attack and exploitation. And then you're, you know, basically walking around talking about how you got breached. So don't get wrapped around the axle that this story is about AI moving this threat actor from zero to admin in 10 minutes, because that's not what it's about.
[58:02]
B
German agencies warn of unusual signal phishing campaign Federal officials in Germany have issued a joint advisory warning. This attack focuses on, quote, high ranking targets in politics, the military and diplomacy, as well as investigative journalists in Germany and European. End quote. Interestingly, this campaign does not involve the distribution of malware or the exploitation of any security vulnerability within Signal, but the end goal is to, quote, weaponize its legitimate features to obtain covert access to a victim's chats along with their contact lists, end quote. And this is done largely by masquerading as Signal support or a signal support chatbot.
[58:43]
A
All right, do you. Okay, a couple things here. Number one, Signal continues to prove to be secure, like public service announcement. If you're going to use a messaging app, I strongly recommend Signal. Okay? Signal is epic. It's awesome. Okay? Very secure, Very secure. Now be mindful of this. You should absolutely educate your end users of this. This might be like, this might be the message of the day for you to send to your end users. This is a tried and true attack vector, okay? Criminals, nation state, threat actors, whoever. Tyler Ramsby, okay, Pretending to be a threat actor. Tyler Ramsby's good people. They will call you and say that they are IT support. They will call you and say that they're the help desk. They will call you and say there's a problem with your account, with your technology, and they are here to fix it. Now, this can be done a lot of ways. They can pretext it by sending you a thousand emails and then calling you and saying, hey, this is Tyler from The help desk. We're seeing an increase in email activity. Are you seeing it too? Yes, I am. Now they've established legitimacy. He could send you a thousand text messages and then call you and say, hey, we're seeing some activity. It looks like a criminal is trying to text message you over and over. Are you seeing it? Yes, I am. They're not going to say, I'm the one doing it. Right, but now they, they're like, establish trust, establish authority. Let me help you solve that problem. Signal is secure as a technology goes, so now all the threat actors can do is target the human behind it, the Carls of the world. So by doing that, they convince them that they are support from Signal and they're going to help the person do whatever it is. And they get the person to give them number one, their pin, which is their personal, you know, identity number, and get them to log in. And then I believe that they're registering a second device or an additional device as the criminal. They're establishing an additional device with the signal and being able to then, you know, get the messages. I will say anytime I've ever added someone to a Signal chat, they did not get access to the history of the chat. So I think that the threat actor would only get access to future chat. Right, you see, the threat actor will get access to victim's profile, settings, context and block list, etc, and they can use it to capture incoming messages and send messages as the victim. So your chat history is fine, it's just you're basically pwned at that point. So I would definitely. Here, here's the tldr. This is what you tell your users today. Hey, what's up everybody? If you're using Signal, no, no support desk, no help desk, nobody is going to contact you on Signal to help you with Signal. If they are, it's a criminal trying to, you know, basically exploit you, period, Full stop. Now remember, you don't need to explain what signal is. If I send my aunt Dorothea a message and say, hey, you're not going to get a message on Signal from a support desk person. And my aunt Dorothea goes, let's signal. Guess what? The fact that my aunt Dorothea doesn't know what Signal is means she doesn't use it. So she's not even. She, she's completely not going to be attacked or exploited for this attack sequence. Right? You see what I'm saying? So you don't have to explain Signal. You can just say, yo, if you know, if you're using Signal, this is something you have to be mindful of. Another thing that I want to highlight really quickly before we wrap today is federal guidance secure messaging. Okay, So this happened, this happened in January of 2025. Okay, so this happened last year this time. Okay, so it's been about a year, but if you remember, I don't know if you remember, but basically the federal government came out and said because, because basically China was attacking ISPs. This was right after the salt typhoon attack on all the telecommunication platforms. The federal government came out and said, hey, listen, what the hell are we doing here? Come on, man. I, I can't find it right now. Of course, mods, I don't know if you guys can do this, but basically last year the US government came out and said, hey, listen, for secure messaging you should use like Signal. Basically they didn't say Signal by name, but they basically said Signal. And I, at the time I made a big joke that like, know businesses aren't going to roll out Signal for this, but many executives are now like using Signal. Top level federal secretaries of state are using Signal. Like we saw. I'm not. Again, this isn't a geopolitical show, but we saw Pete Heth. You know, it got disclosed that he was like signaling with like, I don't know, somebody else and his wife, like pl, like military operation plans. There was like a big, there was a big thing over the summer of 2025 about, you know, top level federal people using Signal. So why am I bringing this up? It's because Signal is being used by all sorts of people and people who would be considered VIPs. Right? And honestly, those people are not the most. Again, in general, they're not the most tech savvy people. Right? They're business people. So they can fall for these attacks more easily. So this is why it's important to share this information with this user population. Because if a threat actor gets in here, you as a security practitioner aren't going to know it. This is an email where you can see forwarding email configurations. If someone attacks your bosses or the CEO or some government officials Signal, you will have no visibility into it and it will persist indefinitely until the victim recognizes it. Okay. Oh, it does say Signal. All right, hold on. Check it out. Haircut Fish with the W. Look at this was the guidance. From CESA, December 18, 2024. So it was even like more than a year ago. And they do say Signal by name in here. According to Haircut Fish. Somewhere in here. I don't know where it is. Also I want to point out iPhone specific lockdown mode. That's another mode worth checking out. Oh, my God. I'm here. All right, guys. I do like cloud flares. DNS Resolver 1.1.1. All right, guys, we got the W. All right, everybody. What a show. I can't believe that's the fastest hour in news. I'm Jerry from Simply Cyber. I hope you got. I'm pretty sure you got. I. I'm pretty sure I just. DJ B just. Buffer overflowed my brain. Listen, I hope you got value from the show. Thank you so very much. I'm Jerry from Simply Cyber. Don't go anywhere, because I'm about to melt your face in the most awesome way possible with Jaw Jack. And my boy Jerry Guy is going to come in here and absolutely rip it apart. But I am tooth. Well, 1.9 thumbs, Dr. Gerald Ozier. This has been episode 1064 on February 9, 2026. Until next time, stay secure. Don't go anywhere. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some Jawjacking. What's up, everybody? Welcome to the party. My name is Jerry Guy. I'm down with the woo. MFA forever. If you want answers to all of your cyber security questions. If you've been wondering about what certs or how to break in, what's a good pen testing strategy for career roadmap. If you're interested in what conferences to go to and which ones you shouldn't. Anything cyber security. I'm here for the next 21 minutes to help you. That is the point of Jawjacking. Welcome, welcome, welcome. It's all about good times. I also want to point out that in chat is the Simply Cyber community. And they are all incredibly helpful as well. Thank you very much. If you like my shirt. Thank you. Sean Washington. This is. You can't buy this shirt. I was able to put this in the merch store, purchase it within like a few minutes. It got pulled down for copyright infringement, but they still made the shirt and sent me one and sent Sean one. So it is a limited edition, limited run. This is a secret layer of Simply Cyber shirts. All right, here we go. Looking at chat. If you got questions, drop them in chat. All right, I'm going to flag these really quickly. Ray. Oh, wait, hold on. Ray says, how's the. Oh, my God, dude. Ray says, how's the thumb? Space Taco says, how's the thumb? Thumb's okay. Basically, I use how big the bandage is as my metric. So day one, I was wearing a glove because it wouldn't stop bleeding. Day two, or you know, second phase, full shield, you know, down to here. Now we're on day. Whatever. It's been. Actually it's been eight days, right? Because I did a. A week ago Sunday. Now it still hurts. This is beyond just a band aid. It still hurts. It's very angry. Fortunately, it has not gotten affected. So I got that going for me. But I still look like a third grader trying to ask to go to the bathroom while I'm in the shower. Because I'm basically, I shower like this. You know what I mean? Which is a pain in the a. All right, I do want to say what's up to Aiden in chat. What's up, Aiden? Good to see you, buddy. Hope everything's going well with you here on this beautiful Monday morning. All right, All right. Looking for questions in the chat. Thank you all for your kindness about my thumb. Code Brew wants to know how the open claw setup's going. So Code Brew, thanks for asking. I do have the Mac Mini completely wiped. I did the network layer over the weekend with my ubiquity setup. Today I'm going to be setting host based firewall and basically IP restrictions on the Mac Mini and installing openclaw. I did think about for a minute getting like a VPs up in like digital ocean or something really just to completely separate it. But I want it localized. So today the big. The big push for today is getting open claw set up and my ability to text it back and forth. Those are my goals for today. So we'll see how it goes. Thank you. What's the name of the Warren G song you use without the Police Swarm reaction? Doom Kraken's asking. It's called Regulators. Regulators. So if you aren't familiar with Regulators, let me just show you really quickly. You can Google regulators. Warren G. Don't listen to the lyrics too closely, but yeah. Warren G. Regulators. Warren G. Nate Dog. I'm pretty sure Nate Dog is Snoop Dogg's cousin. Okay, let's go. Cryptic Rose has got an interview for a web dev. Some of the skills I only have knowledge of. The interview is tomorrow for the internship. Any advice? Having a mock interview this afternoon? Yes, I have advice. This is not an easy. Well, it's actually. You probably don't have time for it. I'm going to give you two answers. Cryptic Roses. Because I Want everybody to have these answers. What I would do is for the web dev role, I would look at what you have in your experience that is a win or W, right, that you can lean into. Secondly, secondly, and this is going to set you apart from the other candidates, whatever they're asking for in the job requirements that you do not have. What I recommend you do today is spend an hour, like, turn off notifications, turn off distractions, turn off all the things, and spend one hour learning about whatever that skill is that you're missing. Watch a YouTube video on 2x speed so you can like, get more value, whatever it is, right? That one thing on there that you don't have. And then when you go into the interview and that inevitably comes up, you can say, you can say, oh, yeah, like, that's actually a, a gap in my experience. But I'm excited about this position and I've actually started learning or developing myself in that skill because I know how valuable it is. And they, they might say, like, well, how. And you could say, oh, like I, you know, I consumed this content. I did a little lab, like, whatever it is that right there is going to show initiative, proactivity, and that you're hungry or thirsty. If you're Gen Z for the job, for the role, you're taking effort and initiative. To me, that's going to be a way. Instead of saying, like, oh, yeah, like, I don't, I, I don't have that. I don't know, can you teach it to me? Like, you're gonna look like you can take action and understand how to get to the next step on your own, which is very desirable by employers. So go get that. Second thing I want to point out for people who have time, and Justin Gold knows this, all right, What I would say is, check this out. Go. Hold on, let me show you. This is so sick, guy. Check this out for real. LinkedIn. Go to LinkedIn. Hold on one second. Oh, my God. Go to LinkedIn. Click on your profile face. Go to Settings and Privacy. Go to Data Privacy on the left. Go to get a copy of your data right here. Download larger data, archive. This button right here, you want all of it. And then request Archive. It does take about a day, which is why cryptic roses I had to give you a different answer. Request this archive. All right, then what? Jerry, check this out. You will get about 50 CSV files. It's huge. And it's basically your entire LinkedIn history. All your connections, all your messages, all of you. Everything, everything about you on LinkedIn. Why is this valuable? You can take a job post like this web dev role you I used Claude code, so I'd recommend Claude code. But you can use Google Notebook LM or whatever, it doesn't matter. You can take the job post and then you can take this and basically you take the archive and upload it to Google Notebook lm. Or you tell your Claude code bot to look at that directory where all those CSV files are. Okay? You can take the job wreck and say hey listen AI, this is the job I want based on everything you know about me from LinkedIn. Tell me where I'm strong, tell me where I'm weak and for the areas I'm weak. How can I use my network to help me get this job? And AI and I have a whole video coming out step by step in a few weeks that shows you exactly how to do this. But it's going to tell you exactly where you're strong, how where you're weak and what to do about it. And who in your network can help you get the job. Both from a relationship network perspective as well as a skill development perspective. So go check that out. Speaking of awesome networking and skill, check this out. This is gonna get ready. This is a trigger warning your face may melt. Check this out. Did you know Bo Bullock from Black Hills Security? This guy right here, Bo Bullock did a guest simply Cyber Media Group video talking about your Microsoft 365 tenant has a hidden back door and you put it there. This video is popping off 2500 views in less than 17 hours which is good. Dude, check this out. I promise you this is worth your time. This is absolutely worth your time. I promise you that. All right, Continuing to look through the chat. Listen, Justin Gold put a a statement here. Hey all new here on the live. I'm a career changer decided to go to the university route Michelle my bell Currently in a CS degree with a cyber focus but thinking to transfer into WGU the ability to move faster through the program. Thoughts on which would set me up for success on graduation? Michelle My Bell 99. Welcome to the party. Welcome to the party. Michelle. You can see Luke Canfield's in chat casually Joseph when he wakes up. We have a lot of WGU people here. Strive rabbi to cyber WGU is is has a strong cyber security alumni network. I know many people that have gone the WGU route for the explicit reason of speed running a degree. I know employers do not look down on it as far as I know I haven't heard of a single employer or Interviewer saying like, oh, Jesus, WGU now. No, thanks. So I think it's a good idea. Again, I didn't go to wgu. I haven't. I can't speak to it, but there are a lot of people in chat who have. So. Michelle, my bell. Definitely check it out. Simply Cyber. I don't know why I said Simply Cyber. The Simply Cyber Discord server can definitely help you too. All right, continuing to look through chat. Thank you. Do you have your own code for Zero Trust World? No, Kyle, I don't. But I can try to get one. I could try to get one. Roswell asks, how's the dog? The dogs are back to normal. They are. They're cute wiggly butt selves. How great were both of those defenses yesterday for three quarters? Yeah, dude, it was amazing. It was amazing. New England's offensive line. Here's the thing. I'm optimistic because New England's young right. Drake May is young. That left tackle is young. Christian Gonzalez is all world corner. That's exciting. Mike Vrabel is like, you know, got, got. I like, I like where we are. And honestly, congratulations, Seattle. I mean, they won that game. It's not like New England lost it, you know? You know what I mean? Like, obviously New England lost on paper, but my point is like Seattle earned that win. Yeah. I mean, so Marcus says it wasn't a well played game offensively for sure. I mean, it was just sloppy play. You know what the crappy thing is about the Super Bowl? Like, it's, it's, it's, it's vaulted and elevated to such a degree and treated like such a, you know, you know, life event that I, I really feel like the, the players are, are all jacked up. You know what I mean? The rarest heart asks, what's the difference between Sock and grc? Great question. So Sock is security operations center. Usually you're. I assume you're thinking Sock analyst and GRC analyst. You didn't put that, but I'll answer. Both SOC and grc. And SOC analyst. GRC analyst. So there are two different roles within cyber security. GRC analysts. And GRC in general typically interfaces with the business. So, you know, talking to end users, getting budget, delivering a cyber program to a business, that's grc. Also remember, like, no business is going to give you infinite dollars. You're going to get a budget, right? Here's a hundred thousand dollars. Do whatever you can to reduce risk, right? So that's what GRC does. Like you could spend 100 grand on a DLP solution instead of MFA or data loss prevention versus multi factor authentication. But DLP is not going to give you as much risk reduction as mfa. So GRC people are the ones who get to decide where to spend the money. Sock is the person like, like watching the business operate, watching packets move, watching data come in and out and identifying, oh, that's bad. Ooh, they clicked on a fish. Ooh, threat actors doing this. Ooh, like the cloud's been breached or whatever. Okay. That's what a sock analyst does. So socks are typically dealing with like active incidents. That's why a sock analyst can get called in at 2am on a Saturday. Right, and a GRC person won't. I hope that answers your question, Nate. Dog about to make some bodies run turn cold. Yeah, honestly, I'm not even talking about that part, Marcus. I'm talking about, you know, the ladies. Okay, T strong 60, can you provide a step by step template on how you're setting up your open cloth? To be honest, I trust you are set up more than anybody's. Yes, T Strong, I can do that. It would make a great piece of content as far as like being helpful as well as like going viral. So I can do it. I can do it. Just like, let me. Here's the thing, like when I'm making content like, like a step by step template on setting up open claw, I can't document as I'm going because I will do things and then be like, oh, that's not the best practice or that's not good or that's a bad idea or that didn't work the way I thought it was and I'll back up and then I'll do it again. So like I have to do it and then I have to like document it. So I can certainly take, take it for action. And by the way, thank you T Strong for the confidence that you would. You. You appreciate my, I guess, recommendations. Simply cyber. I have a question. I want to set up a pen testing lab on a small machine. How do I do so securely so I can test out the lab without affecting any surrounding machines? Well, I mean, number one, you could make it. You could air gap it. Pocket Pixie. That's definitely a good way to do it. So I mean you could technically set up a machine. You could put a vul, like you could use a VMware or something. You could set up a vulnerable Windows machine and you could have like a Kali Linux all on the same computer, no Internet activity, no Internet access. And you could attack it. Right. So that's definitely one way to make sure you couldn't affect any surrounding machines. You could also. I mean, realistically, Pocket Pixie just being real for a second, since you're going to be in complete control of the system, even if you have a computer on your home network that has access to every other computer on your home network, you're the one doing the pen testing. So you have complete control. Like, you're not. You're not really doing anything dangerous. Like, the only time that you really want to be careful and air gap or make sure that you've got all your things configured is when you're handling malware or doing malware analysis, specifically dynamic analysis of malware. That's where you have to be really careful. Now, AI agents and open a in this Clawbot. Like that's another time where you need to make sure that you're secure. But for anybody who's asked, wondering about this question, remember this. There's the network layer and then there's the system layer. So on the network layer, protected in the sense of firewalls, VLANs, subnets, whatever you want, right? Controlling what it can speak to and what can speak to it. Okay. Both ingress and egress at the host layer. Making sure again, host based firewall, what can it talk to, what can it not talk to? Make sure that like for the Clawbot, I'm like. As another example, I'm not giving it the main admin account to the Mac Mini. I'm creating a second account for it that is less privileged. And I will administer the box. Clawbot will do its own thing because I don't want the AI agent to administer the Mac Mini. Okay. Okay. All right, here we go. Continue to look through chat. Michelle, my bell says I'm new here. Oh, okay. We already talked about that. All right, so I got two minutes. I'm gonna speed run. Can a signal jammer block out Flock cameras? Probably not. I mean, I don't know. Here's the thing. Are the Flock cameras wireless? If they're wireless, then yes. If they're not wireless, then no. Pocket Pixie says Claude code's okay, but if you want something responsive, stick to the GPT. You know, I. To me, that's a personal preference. Claude. Code is the terminal command line. Instance of anthropics. Claude. Not that. That's not, you know, the text in input field thing code where you've been watching Curling. I have not. I have not been watching Curling. We had a busy. See. All right. Pocket Pixie says she doesn't understand the whole beard thing. I think the beard thing is more. Because cyber security is awfully demanding and men and women don't have time. Ain't got time for that. Ain't nobody got time for that. So it becomes easier to just not shave because it takes less time. All right, that's just a working theory. Looking at chat. How's the 3D printer, Luke? I did the part replacement. I have one part left. The, the, the, the thing that screws into the extruder has like the tube that goes into it that the filament goes into. I. I have to replace. Like the, the screw in part is fastened inside of the 3D part I replaced. But I, I'm not sure yet how to replace that tube because right now the tube is going into the old screw bit part and I have to take that part off and then stick the tube into the new bolt thing. But I gotta look up how to do that. Thank you for reminding me. That's on my list of crap to do today. Callan is super excited. I'm just failing as a dad that I haven't fixed it full yet. T Strong hebra. Oh, you already asked that question. All right, so we're at 9:30. I'm gonna now speed run. Speedrun, please. No more questions. I'm gonna speed run. Oh, press in and pull out. Oh, okay. What are some warning flags and what advice would you give to somebody who's looking for stable employment? There's a potential startup interested in them. I mean, if they're looking for employment, you know, and the startup wants to hire them, get after it. I will tell you, tech, typically working in a startup, you don't work a 9 to 5. You're working a lot. You know, make sure that you, you, you talk through what's the plan? Like, is the Startup's plan to 10x revenue and get acquired is the plan to build a business? Is it What? What's the plan? Right. Talk to the founders, make sure that you are like philosophically aligned, like the vibes with whoever's already working there, and make sure that your compensation package is well defined. Is it cash? Is it options, is it stock, whatever. As far as warning signs go, I will tell you, I worked with. I work. I'll tell you this. I worked for a small business at one point and it was straight cash for the compensation. And I ended up having to quit that job because I got called on my cell phone and the CEO of the company said, how long can you go without a paycheck? And that was absolutely crap. That was absolutely crap. In fact, I'm so mad about that for other reasons that that person actually still owes me $8,000, which I'm never gonna see. And it annoys me to this day. So what I would say is not so much the money in the cash flow, but like it. What's the CEO like? Who's the one who's the shot caller? Meet them, Ryan, and make sure that you, you kind of get on board with them. All right? And catch me outside. Catch me at a bar. Catch me in person, Ryan, and I'll tell you more, or anyone in chat. I'll tell you more about. What's the word I'm looking for. I'll tell you, there's certain behaviors that I've seen in first person now that is an absolute red flag, deal breaker. I will not work for you if you exhibit these red flags because it's obvious you don't like, you're more into like being the CEO than you are like actually doing what it takes to run a successful business. All right, I'm going to give it two more minutes here. Currently in PCI role, looking for best strategy to ensure I keep my PCI compliant all year. Outside adherence with time based controls. I mean, Kelvin, as far as PCI compliance, my best bet would be to minimize the in scope technologies as best you can. Limit, limit, limit. If you can reduce that attack, reduce that scope of what is in scope for PCI compliance. Would a GRC analyst also need a financial training background? Absolutely not. Who are some threat intel people you follow? I know Dennis Keefe, Tammy H already threat intel people I like. Oh boy. I like Kevin Beaumont, AKA Gossie the dog. I think he's pretty dope, you know, like Cisco, Talos, Google Tag. Tavis Ormandy is another good one. What advice would you give to someone in the sock analyst role and is looking to grow into a manager role within the sock? Yeah, I mean, make your, make your leadership know that that's something you want to do. Make your leadership aware that's something you want to do. That would certainly help. How else would you do this? I mean, if you want, I, I know this is kind of ridiculous, but you can kind of ask to either start running a meeting, like, say there's a meeting, like, I don't know, like daily stand up or whatever, something that your boss does that you can do. You could say, hey, listen, I'm, I'm wanting to develop my more manager skills so I can work towards being a sock Manager, I know that you run multiple meetings. Like, I can run the morning standup or I can run the weekly thing. Like, can I. Can I run that for you? That it'll give you time back. So maybe that works. Or, you know, maybe. Maybe they're territorial and they're like, you're not taking my job. You could just say, hey, can I run it once a month? Can I run the meeting once a month to get some experience? Right? And, you know, basically, management's going to see that you're doing this. So then when a position opens up or the sock manager leaves, you're the obvious next choice. Okay. Also, if you want to start looking. If you want to start looking at, you know, like, leadership training, budget training, like, the things that a manager would do. I just want to warn you, be careful because, like, if you become a manager, you basically are getting away from the keyboard. That's hard for some people. All right, guys, I gotta get out of here. I'm Jerry from Simply Cyber. Thank you all so very much. I hope you had a great time today. Remember Bo Bullock, Microsoft 365 tenant. This guy, I know it looks messed up on the stream. It's because my. I don't know why, but, dude, he's. He. This guy. Basically, if you don't know Bo Bullock, this guy right here, he only knows how to do things one way. Awesome. Everything this guy does, he does it to the ultimate level. He makes music. It's awesome. He. He hacks things. He does it. Awesome. He plays Magic the Gathering. He crushes it. Go check this video out. It's pinned in the YouTube comments right now. And remember, this Thursday, This Thursday, live at Simply Cyber Firesides, we are having shadow AI. We're talking AI Governance this Thursday with Pratik Dosha Doshi. Would love for you to come support that as well. I'm looking forward to this. AI Governance. I'm leaning into AI Governance. It's so hot right now, that Hansel. So hot right now. All right, for real, though, I'm Jerry from Simply Cyber. Thank you all for being here today. Go forth, do things. I'll be back tomorrow at 8aM Eastern Time. Until next time, stay secure.