Jerry

Good morning, everybody. Welcome to the party. If you're looking to stay current on the top cyber security news stories of the day, while getting what some might argue expert led thought around those stories, going deeper beyond the headlines so you can be more impactful as a cyber security professional. Whether you're just starting in or you're our senior practitioner, you know that you need to stay current on the top cyber news, doing it here in a very fun way every single weekday morning alongside the entire simply cyber community. Holler at you. Good morning. I hope you are ready to cook. We're off and running on this Beautiful Wednesday morning, episode 1045. All right, good morning, everybody. Hopefully the audio is crispy today in a good way, not staticky like yesterday. I couldn't quite discover what the problem was yesterday with that, so hopefully it was just a restream issue. Good morning. Space tacos. Devin Grady, Code Brew Ad tech SC S Cole. Excuse me. Marcus Kyler in the Yeet crew. So many familiar faces. Gary Sergiottis down in Louisiana. Guys, I hope you're having a great day. It's a good week. We're on hump day, which is already. Oh, wait. Oh, crap. Today's Tuesday. Hold on. Is today Tuesday? Today's Tuesday, isn't it? Oh, God. Gross, dude. Oh, it's Tuesday. So this is a real time look. This is a real time looking at me realizing it's Tuesday, not Wednesday. Oh, brutal. Damn it. All right. All right, guys. We're off and cooking on a beautiful Tuesday morning. Guys. Every single episode of the Daily Cyber Threat Brief. We're going to cover eight cyber security stories that are relevant and timely in nature. I don't know what those stories are going to be because I don't research or prep for any of them. Nobody got time for this. That's part of the social contract I make to you as the host of the show. Now, I do want you to know every single episode, as many of you know, is worth half a cpe. So a continuing professional education credit. If you have cyber security certifications that need maintenance. CPEs and straight cash, homie, are the two things that you need to keep them maintained. And I can't pay for your certification annual maintenance fee, but I can get you some cps. I'll do that part. You bring the cash. You know what I'm saying?

Eric Taylor

Great.

Jerry

Cash, homie. So say what's up in chat. Every episode's half a cp, which basically half an hour of cyber content. This qualifies as an instructor LED webinar, even though we make it much cooler than an instructor led webinar. Believe that. Say what's up in chat. Grab a screenshot. You'll notice the title of the show has today's date and the unique identifier today 1045. So you guys can do that. You're not required to have the evidence and screenshots, but as a former auditor, I'm telling you right now, you stick a bunch of evidence in my face, that all checks out, and I'm done investigating that particular area and just moving on to the next one. James McQuiggin at 35,000ft digging my, my shaving situation. Here's the reality for anyone who's like, got a beard or whatever. I, I, I don't shave, mostly because it's annoying. I, I don't, I don't have time for it, basically. Ain't nobody got time for that. So what I do is I just let it grow until it becomes ridiculous and I feel old or like I try to kiss my wife and I'm like, poking her with hair and then I take it down. Not all the way. I take it down and then just repeat the process. It's like I'm mowing the lawn or it's a Chia Pet drink space. Tacos Chia Pet. Am I right? All right, let's see what else we got. Hey, if today's your first episode, drop a hashtag first timer in chat. Hashtag first timer in chat. Hashtag first timer in chat. We have a special sound effect. I'll give you a little teaser. That's right. Welcome to the party, pal. We got special emote, special sound effect. Come on down, Let us know it's your first time. And it could be your first time live, your first time on video, your first time stopping, getting ready in the kitchen with the kids and the family and going over to the keyboard and typing in first timer. Listen, I know there are a ton of you listening to my voice right now are hustling and bustling around the kitchen getting the kids going for school. I'm with you right there. We'll just pretend that you came over because I know how busy it is for all the moms and dads and grandpas and grandmas and uncles and aunts who are responsible for the kids. Welcome to the party, pal. All right, guys, what else we got? Let me say shout out and love to the Stream sponsors. Okay, just a reminder that we have a Skill Stream today. Skill Stream is a new. Skill Stream is a new, like, format podcast thing that I'm launching in 2026 skill stream. You will leave with a new skill. One hour today is me and Mike Miller. It's absolutely free to attend at 1:00pm Eastern Time. 1:00pm Eastern Time. Basically what I recommend you do is bring your web browser, pop open a Pop open the stream on one tab and your LinkedIn profile on the other and we are going to absolutely shred believe that. All right, let's get some quick words from the stream sponsors. Those who enable me to bring the show to you every single day, rain or shine. I'm like the U.S. postal Service of cybersecurity podcasts. Your leadership team is demanding AI automation. Your employees are already using it. Hell, you're already using and you know it's true. The tools you're using, did anyone approve them? I don't know. Shadow AI is sprawling all over the place. It's on your mobile devices, your endpoints. It creates security vulnerabilities, compliance risks, data governance concerns, your sales teams using one tool, your marketing teams using another tool. The reality is, guys, it is reckless AI usage all over the place. Because we're in the wild west right now of AI. Go look at the market shares for AI companies. There's like a million of them. But what if AI became an advantage instead of your biggest risk? What if your teams could innovate? Yes, teams like innovation bosses love innovation while staying completely secure. Now that's what we like. Well, that's exactly what area does they deliver. A unified platform that combines AI security, governance and orchestration. So you don't have to choose between breakneck innovation and actually securing your environment. Take control today. Turn your AI stress into AI success. Ready to embrace enterprise? AA Come on down. Visit area Enterprise AI platform for secure and scalable solutions. Go to Simply Cyber IO Air I a. Oh shoot, I almost knocked my coffee cup over. Full cup. That would have been a double whammy because one, I wouldn't have had my coffee, which would have sucked, and then two, my desk would have been covered in coffee, which is. I don't know how we do the show with that. Anyways, go to simply cyber IO/air I a go check it out. It is an AI Secure Secure Governance orchestration tool. It's pretty cool. I also want to say shout out to Anti Siphon training guys. Antoine, did we just become best friends?

Sarah Lane

Yep.

Jerry

Antoine with the Super Chat. Thank you. Thank you for the super chat. Guys. Check it out. John Strand and the team over at Anti Siphon are absolutely killing it. He does this class once or twice a Year. So this is your time, man. He's hitting it early in 2026, clearing out that bingo card. If you don't know who John Strand is, this is a picture of John Strand. John Strand's a friend of mine. John Strand is an epic educator and a legit cyber professional. And this active defense and cyber deception course I have taken, it is also exceptional. 4 hours, 4 days a week, 16 total hours. You can take it for $0, or if you want to put a little skin in the game, as low as $25. You will learn ethics, you will learn tooling, you will learn token honey Tokens, Honey pots, Hack back, dude, you'll learn it all. This class is sick. For me personally, everything I learned in this class, I don't apply in my day to day job, but it was still amazing to learn. Go check it out. Anti siphon training. This is January 19th, so you only have a few days left to make your decision. Don't make a bad choice. If you got the time, you know, you got some time off. You're in between jobs, you're doing whatever you're doing. Check it out. All right. Also, let's hear from Threat Locker. While the video's running, I'm actually gonna go grab some paper towels and clean up the mess that is my desk and then we're gonna rip into the news. I want to give some love to the daily cyber threat brief sponsor, Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker worldwide. Companies like JetBlue Trust threat locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action on allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right, thank you Threat Locker. Of course you may be hearing about Zero Trust World. That is Threat Lockers conference. Very practical, hands on classroom type stuff happening in early March. I will be there as will Kathy Chambers as well. Kimberly can fix it. We will be doing the show live from Zero Trust World. So if you've ever been interested in attending a live taping of the show and you can't get out to Deadwood, then Zero Trust World could be your bag. All right, everybody, do me a favor, do me a favor. Sit back, relax and let's let the cool sounds of the hot news wash over us all in an awesome wave. See you guys at the mid roll series.

Sarah Lane

It's cyber security.

Jerry

Oh, also it's Tidbits Tuesday, which I forgot about.

Sarah Lane

These are the cyber security headlines for Tuesday, January 13, 2026. I'm Sarah Lane. Instagram denies breach post data leak. Instagram has weighed in on what it says is a bug, not a breach, but let attackers mass trigger password reset emails after cybercriminals claimed data from more than 17 million accounts was scraped and leaked. The data set being shared includes varying combinations of usernames, emails, phone numbers, names and addresses, but not passwords. Researchers suggest it may compile older scraped data rather than stem from a new API leak. Instagram parent company Meta says it's unaware of any past API incidents, but users are advised to watch for phishing and enable 2fa. Sweden detained.

Jerry

All right. Hey, Instagram, instead of encouraging your users to enable mfa, why don't you require. Oh, I don't know. That's a crazy thought. So here's the deal. The Instagram kerfuffle that happened yesterday, not a breach, just basically API. Not compromise, but abusing an API. So APIs are application programming interface and essentially it allows you to programmatically query the data set of a SaaS application or a web application for reasons. So just to make this simple for everybody, like when you write a web app, right, you use a browser and you go to the browser and you click on like you type in yoga mats, right? And then Amazon shows you all the yoga mats and you're interfacing with a browser. Your browser is essentially interfacing directly with the the database on the back end through the controller. But Amazon or Whoever can write APIs or application programming interfaces. They are functions that are basically think of them as like the database itself is protected and then there's these special tabs that are sticking out that you can pull on or you can interact with. You can't touch the data necessarily in the back end. But these APIs are allow you to query in a certain way. And it's like, you know, get like, say there's an API query that you can pass it a string like yoga mats, and it will return you all of the instances of yoga mats. Okay? So APIs are powerful. This is why you can have people writing custom Twitter applications that do tweet decks and all these other things. Or you see these applications that help you programmatically post to social media, right? Like if you use Opus Pro or any of those. And you could post a TikTok, Instagram, YouTube threads all at the same time. That's because APIs have been made available so people can write custom programs that interface with those APIs. So that's what APIs are, and that's why APIs are so powerful and so useful, is because a platform can get much greater user adoption if they allow other people to write apps for it. Okay, so now that we all got that, what happened here? So Instagram, apparently, even though they're, you know, with Meta and It's a Fortune 5 company and everything like that.

Sarah Lane

You.

Jerry

Know, they have problems now it sounds like this was an API abuse situation. I didn't hear anything about a honey pot or a honey. Someone's saying that in chat right now. Honey. Yeah, I didn't hear or see anything about honey pots or anything. Honey tokens. What happened here is. Yeah, right here you can see unconfirmed 2024 API Instagram breach. So it's believed that this was just like a rehash of other data that had already been compromised. So it's not necessarily a new, new, new data. And if you don't put throttling on API calls like, so if you can write a program to query an API, you can have a query once a second, 10 times a second, 100 times a second. Right? That is, that is hammering that API and putting a lot of stress on it. So what a lot of application programming interfaces will do is limit you to say, 10 queries a second or 10 queries a minute unless you pay. And if you pay for a license, well, then maybe you can do 10,000aminute or whatever. Right? So that throttling is what slows you down. Now, comp. Like scraping a website through an API is still possible, right? So it, like when you log into Instagram and you're able to look at someone's profile and has their name, their handle, their last two posts, whatever, the link in bio, whatever, okay? That all has to be pulled from some database somewhere. So. So if you have the API pull it, you can have it iterate right in like say 001002003 and just pull all that data. And if you're not throttling, then you could pull 17 million records in a matter of minutes. Right. If you're throttling, say 10 a second or 10aminute, then it's going to take a threat actor years to scrape all that data, which is unrealistic and not going to happen. So throttling Is one additionally is like what. What is the permissions of the API key that you're granting. So if this person was able to scrape 17 million records, my suspicion is that they didn't have to be friends with those people. Now Instagram has hundreds of millions of user accounts. I believe so. Well, hold on, let me fact check that. How many users on Instagram? Three billion. Jesus criminy. Okay, so there's three billion. So getting 17 million accounts. These, these are probably public accounts. So again, the privacy was likely protected in this instance. And 17 million, again, that's a lot of accounts. But when you have 3 billion accounts on the platform, I mean, what is this, like 1%, you know, so, and again, the, the information they got was kind of what's available. If you log into Instagram and look at somebody's profile, username, user id, email, phone number, country. Now the phone number and email might be a little bit more sensitive, but so yeah, so the TLDR here is your. Your account was not compromised on Instagram. Just threat actors have information to be able to do phishing attacks on you. Your password was not screwed. If you are using the same password for Instagram as you are on other sites, there could be a credential stuffing attack that is done that would compromise your account. Even though your password was not compromised on Instagram because you're reusing it and it was compromised somewhere else, a threat actor will attempt to log into your account and take it over. So be mindful of that. Definitely educate people. Don't try to confuse them with your password wasn't included in the hack, but your account can still get compromised because that's definitely possible to confuse them, but it's important. And additionally put MFA on, because if your password sucks and you reuse it everywhere but you have mfa, you do limit the likelihood of having your account exploited. So don't I. Whatever. Man, I hope my MFA Wu Tang shirt does come through. It got it got hit with copyright, but I was able to purchase two shirts before the. They pulled it off the merch store. So fingers crossed here that I'm able to get that shirt and then represent like a boss.

Sarah Lane

Consultant suspected of spying. Swedish Authorities detained a 33 year old former IT consultant for the country's armed forces on suspicion of spying for Russian intelligence. Prosecutors say the activity occurred through 2025 and into the new year and May date back to 2022. The suspect previously worked with the military via an IT services firm and is listed as heading a cybersecurity company focused on Offensive operations with no recorded turnover. The case involves Sweden's Justice Ministry and comes amid a broader European crackdown on alleged Russian intelligence activity.

Jerry

All right, and the story, like, okay, so really quickly, I like the record, okay? Recorded futures news. I like recorded future as a company. Okay, so this is not a wide sweeping opinion. So I like that. This story, this story is trash though. Okay? This story has no information in it. Sweden detains a guy who they suspect is spying for Russia. How do they know he was spying for Russia? We don't know because it's not included in the story. All we know is he owns a cyber company and he, he worked on some, some military contracts. Okay? That's it. The story is vaporware as far as I'm concerned. Now he's already like senior prosecutor Matt's, whatever is involved. So, like, this is already at the court level, apparently. It makes sense. Guys, listen, I. I would suspect that, you know, many, many first world countries do this. Okay, like what? What? Why not? I mean, again, like, I'm just being real about this, okay? This guy has access to systems. And if in this case Russia finds out, instead of Russia hacking in APT28, running around doing things, they could just say, hey, listen, buddy, I'll give you $20,000 and you do, you're going to be in there anyways. Here's 20 grand. And don't worry, you won't get in trouble. We'll just say that we're one of your clients or your consulting company. No big deal. All right, so. So this is why. Listen, this is why insider threat is a real thing. And this is also why, listen, Kathy works with me, Kimberly works with me. I love Kathy and Kimberly, I really, really do. And I, I don't suspect them of anything. But that doesn't mean I'm going to give them domain admin permissions because they're great people. Like, you have to treat users like. You have to separate familiarity, friendship, camaraderie with just sterile best practices for identity and access. What do you need access to to do your job? There you go. Right, like, and by the way, like, thanks for the, the Christmas card. It was great seeing you and your family. Love it. You don't get domain admin unless you need it, right? Period. So this guy was an IT consultant. So he's a power user by default. He's got access to things. I will say good on Sweden for figuring this out. A IT administrator is a difficult insider threat to suspect. You do need tooling, obviously. Cyber operations, you do need tooling for you know, data exfil, dlp, logging around, anomalous behavior. Are they logging in at weird times? It's. It's not easy, though. I mean, they said that they suspect that this person's been doing it since 2022. Last time I checked, it's 2026. It's not Wednesday. I got that wrong. But I do get the year right. So they think that this dude's been doing it for years. So think about. Think about what he had to have been doing for them to catch him. All right, so, again, love everybody, but, you know, at work, I. I'll be the first one to tell you, dude, at work, it's not a family. You can be like, oh, my God. I've been here 20 years. I got the watch to show it. I went on the.

Eric Taylor

The.

Jerry

The. The holiday vacation. Dude, a company will lay you off in a hot minute. There's no. They don't. They don't care. Like, again, separate business from friendship. All right? And the same thing around insider threat. Okay, let's keep going.

Sarah Lane

And supply chain attack steals OAuth tokens. Threat actors uploaded eight malicious npm packages posing as N8N workflow integrations to steal OAuth tokens and other credentials. Security firm Endor Lab says The campaign targeted N8N's community notes, which act as centralized credential vaults for services like Google Ads, Stripe, and Salesforce. Once installed, the fake integrations captured OAuth tokens and exfiltrated them to attacker servers. N8N warned that community nodes run without sandboxing and can read environment variables, access files, and receive decrypted credentials, urging developers to audit packages or disable community nodes.

Jerry

All right, so, first of all, love this graphic. It's just short of getting the saxophone treatment, because one thing that, you know, I guess infuriates me. TechCrun. One thing that infuriates me, like, look at the font on this. Can you read this? Like, cool color scheme. Love the arrows. It looks like there's some intelligence in this infograph to. To convey information, but it's like Comic Sans meets graffiti font. And you know what I don't want? I don't want a popsicle headache trying to read an infographic. Okay? So for those reasons, the saxophone stays in the case. All right? If you're running N8N and you get into these community nodes, threat actors have already figured it out. Basically, they're writing info, stealing malware that you pull into your environment. The easiest way I could think about this is think about like, think about. You have, like, this is going to be ridiculous, but you're building like a, a shed in your backyard, okay? You're building a shed in your backyard. And you can hire some contractors, right? You can hire a plumber, an electrician and a carpenter, all right? And, you know, and you have them in house, all right? Or you can use community contractors, right? So you go down to like Lowe's, Home Depot or the library, and there's just like a plumber standing there and he's like, I'm free to work with anyone. And the carpenter's like, I'll work with anyone for free. And you're like, yeah, community node, get in the truck, let's go. You have no idea who they are, what their motives are, right? It's kind of like that. Now. Now, another thing that you mean to be mindful of is these community nodes, I don't know how easy it is to review them. This is no different than using open source software and taking the risk of those. We've seen many instances of open source software being trojanized and, and then weaponized. Now, the question that DJ B Sec's asking, which is to me like the, the number one question you could ask is, is this affect local N8N or the online 8 and then.

Eric Taylor

Or.

Jerry

Third option? Both, I think, Let me look in the story. I think it would affect both because these are community nodes, which to me means you can pull them like open source soft and stick them in whatever you're using. So let's see here. All right, let's see, bruh. Let's see. Local. The word local doesn't appear. The word cloud, I think, I don't know. Until further notice, I would think that this affects both. All right, so if you're integrating untrusted workflows into your own N8N workflow, you are taking on risk. You're recommended to audit packages before installing them and scrutinize metadata for any anomalies. All right, now here's the interesting thing. Here's the interesting thing. Okay? This is def. This is definitely going to increase. Tons of people are using N8N. So threat actors are going to be targeting that, right? If there's a higher attack surface, then there's more value for a threat actor. Get in there. What's interesting is, unfortunately N8N makes it so anyone can set up workflows. Click, click, click. It's. It's a WYSIWYG, right? Like, if you haven't seen N8N WYSIWYG is what you see is what you get. Okay, so you just drag and drop workflows, right? It's very cool, right? Let me see if I can show you one. And if you're listening on audio, I'm pulling up a visual of an N8N workflow. So you just drag and drop your things, right? Well, here's the problem. This is designed to make designing AI workflows easy for everybody, right? So maybe not my Aunt Dorothea, but certainly Carl cool right? Now here's the problem. If the recommendation on handling the risk of this is to tell people to audit packages before installing them and scrutinize metadata, do you know how many people would know what to look for? I, I suspect Carl in accounting doesn't even know how to open the community node package to audit it or review it. So this, this guidance right here on managing risk isn't going to happen. You're just going to get more YOLO and more risk. So I honestly, I think this is going to be worse before it gets better. And N8N I, I don't know who controls these community workflows. I don't know if, I don't know these community nodes where they're hosted. I don't know if this is something you install in GitHub and then you just link to it or if N8N has some type of community node repository. Let me know in chat if you're an N8N user. But if it is N8N hosting it, then I hope N8N does something around automatically reviewing code or looking at it because this is going to be gross, dude. And when they steal your oath tokens or your oauth tokens, your MFA doesn't matter here anymore.

Sarah Lane

CISO Red teamed an AI agent to run an info stealer on an employee laptop block. CISO James Nettisham told the Register the company is treating AI security like self driving safety, arguing that agents must be safer and better than humans. Block's Goose agent is used by almost 12,000 staff and and connects to internal systems in internal red teaming. Block successfully used prompt injection hidden in Unicode to poison a workflow recipe, leading a developer to execute an info stealer on a laptop. Block has since added recipe warnings Unicode detection and is testing adversarial AI to evaluate prompts and outputs before execution.

Jerry

Yeah, so first of all, let me tell you this. I have worked in the financial services industry in it. I will never work there again. Dude. Financial services, I mean that's where the money is, right? It is high stress, High stress. I ain't got time for that level of stress. Nobody got time for that. Okay, so you know this guy right here, using AI agents to red team. I guess we've just, I guess we've just. 2025 was the year of human in the loop. And I guess 2026 is human. Get out of the way.

Sarah Lane

So, shall we play a game?

Jerry

I mean, what I'm hearing in this story is that the AI agent was able to successfully execute a cyber attack and deploy a malicious payload that does info stealing. If I was a threat actor, I.

Eric Taylor

Would read this story like, ooh, AI agent's gonna do my job.

Jerry

Come on down. Right? Like that's what I would read in this one. Now this, this CISO is doing what we in the industry use penetration testing for. Identifying where the gaps are, identifying where the risks are, and then in a kind of a purple team fashion, putting controls in place to address that. He said that they're implementing Unicode detection and some other things. I don't know if this is necessarily for their environment. And he's trying to do like a thought piece on how you can use AI agents to help protect yours. But this is not, I mean this is great but like also financial services typically have huge budgets. Financial services companies like Chase, you know, Capital One, bank of America, not only can they hire Jennifer Garner to fly around and talk about her rewards program, but they can also hire a fleet of penetration testers to be in house people. So they are always the tip of the spear when it comes to the private sector on cyber. You know this, this kind of thesis statement of it's not enough for self driving chart. It's not enough for self driving cars to be just as good as humans. They need to be safer and better than humans. So yeah, let's, I mean in a perfect world, sure, let's say AI is, is better than humans. Of course I think you're starting to lay the seeds of like dystopia, like AI run tech oligarch fueled AI world famine and workforce displacement. All right, let's.

Sarah Lane

Huge thanks to our sponsor Threadlocker. Want real zero trust training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4th through the 6th in Orlando, Florida plus a live CISO series episode on March 6th. Get 200 off with ztw ciso20sixTW.com oh.

Jerry

Yeah, hey, and by the way, Roswell UK bringing some great insights here, talking about if you're Building your own internal AI agents. Then hire a red team to come in and try to do prompt injection. This is no different than hiring penetration testers to come in and attack your infrastructure or attack your source code, etc. And if you're looking for a penetration tester, may I introduce you to Kairosec, a boutique penetration testing firm run by myself and Tyler Ramsby. So small firm, so if you want, if you want us, you got to get in line because we can only do one project at a time. All right. Hello. Way to go. Kairosec.com here. I'll drop a link in chat in case you're curious. I want to check it out. We are booking for summer if you're looking into that. All right. Got the music coming. All right, all right, all right. Hey guys. Shout out to all of you. Thank you all so very much for being here. I see I t career question. Zach Hill in the chat. Hello to you too, sir, and your family. Hope everything's well. Cyber Deputy, good to see you. Sage the professor. What up? Hey, listen guys, I want to say thank you again in the stream sponsors. We have a great time here every single day. But, you know, not being mysterious or, or vague about anything. The sponsors fund the show, right? They are the ones who pay money so I can have this light, this microphone, this cup of coffee and flip out. They allow me to be able to give merch to the community member of the week every week and, you know, fund the CTF last year and stuff like that. So anyways, thank you to the stream sponsors, companies that I do appreciate and believe in. Threat locker, anti siphon layer and area. I want to remind everybody I posted it on LinkedIn yesterday. Let me actually bring that up right now. We're doing a watch party. I'm pretty excited about it. Where is it? Hold on one second. There it is. I don't know if you guys saw this or not. Get out of here. I don't know if you guys saw this yet or not. Right here, check it out. On January 29th, Flair is doing a two hour free webinar called Inside the Life of a Ransomware Operator. Now this picture may suggest that I'm the ransomware operator, but I'm not. I am not. I am just a big fan of cyber security and wanting to learn about ransomware threat actors. Because you know what? I don't want to put on a sock puppet account and go muck around in the dark alleys of the cyber criminal underground. I'd rather flare, do it and then bring me back a two hour webinar. So that's what they're gonna do. If you'd like to come hang out, I will be like live in chat, kind of like unofficially hosting a watch party. Come do it. I'm all signed up. It's awesome. Here. I'm gonna pin this in chat. Let me know if you are already registered and plan on attending. I'd love to know who's going to be there and you know, kind of get hyped for it. Thank you very much. Flair for sponsoring and not just sponsoring, but Flair signed up for the whole year. I really like that company and the people behind it. Nick Escoli, Jason Haddocks was there. I've met the CEO of the company. I had dinner with him. Very cool guy. All right. Every single day of the week has a special segment and Tuesdays is tidbits Tuesday where we share a little bit about ourselves, each other and see if we vibe. Let me, I guess, let's see what would be a good tidbits Tuesday today. All right, I got one because you know, Mrs. And I have been like swapping on and off sleeping on the couch with the dog because the do my dog had surgery. He gets the stitches or the staples out today. So that's a big win for us. If you've been following that storyline, if you're a first timer here, I'm not going to back brief you, but we got a little insider history here. But welcome to the party anyways. I just want to vibe with everybody when I sleep at night or when me and Mrs. Sleep at night. Couple things have to happen. Number one, fans got to be on. I don't know if you're a fan person in chat. The fan has got to be on. It's hot under the covers, but it's cold AF on the outside of the covers. I'm looking for that. I'm looking for that kind of contrast. Hot under the covers. Wicked cold above the covers with a fan. Okay. Number two, it's got to be sweatpants or shorts, like for pajama bottoms. For me, if we're just, if we're just riding boxers, it's, it's not going to work. Okay. It's got to be sweatpants in the winter, shorts in the summer. And I travel with these things, by the way. Okay. And if I'm on the road, since I don't have a fan for whatever reason, I wear like a hoodie hoodie shirt to bed. So these are just, this is just some of those, Some of Those, like, nuances. I feel like the way people sleep. We spend a third of our life sleeping, right? So we. We have our creature comforts and we really dial it in for me. Number one, it's got to be the fan. Okay. Looks like a lot of people. A lot of people are into the fan. I didn't really realize the fan was such a. I didn't. I didn't realize the fan was, like, such a thing. Wow. Okay, Okay. I see you, fan. Damn, Dude, I gotta tell you, when I sleep in a hotel room and there's no fan, I'm like, oh, bruh. All right, all right. Oh. Rhonda travels with a portable fan. Nice. All right, guys, hold on. Let me. I'm gonna run a poll here. I didn't realize the fan. I didn't realize the fan was, like, such a popular thing. Jeez, man, I thought I was pulling out something unique about me that maybe a couple people vibed on. Do you prefer to sleep with a fan on? All right, yes. No. Starting to pull. Holy crap. While that pole's running, I've got to take the sweatshirt off, which means I got to take my earpiece out. So just bear with me for a moment. Getting. It's getting hot in here. Was it R. Kelly or Usher? Who. Who sang the song? It's like, it's getting hot in here, so take off all your sweatshirt. All right, hold on. All right, we're going. All right, let's keep it cooking here, everybody. All right. Jesse Johnson, whitey tidies. Oh, my God. DJ bac double dips with the fan, two fans sailing and nightstand fan. Good God, bro. I guess H town is spicy hot. All right, guys, let's finish strong, shall we? And that was your tidbits.

Sarah Lane

Tuesday, University of Hawaii Cancer center hit by ransomware attack. The University of Hawaii says a ransomware attack on its cancer center in August. Encrypted systems tied to a single research project and led to the theft of study files, including 1990s era documents containing Social Security numbers. Uh, paid for a decryptor and for the purported deletion of stolen data and is still notifying affected participants once contact info is confirmed. Operations and care were not disrupted. Uh has since replaced compromised systems, reset credentials, added endpoint protection, and conducted third party audits.

Jerry

Okay, hold on. Really quickly. U. Hawaii. Jesus. I mean, if you got to get sent to a on site for a ransomware attack, I think you Hawaii greater than Memphis. Am I right? Hey, listen, listen. Outkast was around in the 90s. I don't know when Nelly came on the scene, but I'm not a Nelly guy. Even R. Kelly, I missed that whole train. Usher was kind of around, but I was starting to get out of the situation. So please don't, don't throw shade at me for not hitting Nelly on this thing. Right? What about that? Who sang that song? Everybody in the club get tipsy. Everybody. And who sang that one? I don't know that one either. I know the song. Okay. My heyday was golden age hip hop, okay? Jazz influence, hip hop, Tribe de La Soul. Kind of like that whole, that whole New York scene. Okay. U Hawaii gets hit with ransomware Cancer center participants data stolen from the 90s. Ugh. All right, who hit them again? This is just a data Excel Clinical operations was not impacted. So it looks like it's one of those ones where they just steal the data. They don't necessarily encrypt the systems and brick them. Jquan. Okay, Was Jquan considered a one hit wonder? Okay. All right, so this is good. Hey, so just know whether you're university, your healthcare, your manufacturing, your retail, wherever you are, you are supposed to be protecting and preventing ransomware attacks. But you have to be real that a ransomware attack could be successful at some point. So you should be also considering and practicing resiliency. And you can see here at U. Hawaii, once they discovered the affected systems, they were immediately disconnected. Immediately disconnected. Disconnecting is great because it it reduce or eliminates the opportunity for lateral movement of infected systems to infect other systems. Plus it allows technically, you know, it doesn't absolutely stop a system from wiping itself, but they engage with the threat actor in order to protect individuals who information may have been affected. I what does this mean? So to me, when you say made the difficult decision to engage with the threat actors, to me that's what they're saying is they decided they were going to pay. Oh, there we go. They paid to get a decryption tool and secure destruction. Now the University of Hawaii, according to federal law in hippa, they are still required to notify these individuals even though the data was technically deleted. As we saw in the Uber attack. When a threat actor says hey listen, pay me and I'll delete your data, you're taking it on their good word that they've deleted the data. It duplicating data is trivial. Trivial. Everybody here is duplicated data at some point. Control C, Control V, you duplicated the data. So for a threat actor to say, oh yeah, no, we're securely going to delete it. You know, I hope so. Secondly, they gave him the decryptor key. I just want everybody to know that decryptor keys do. Don't always work. You're not guaranteed to be able to decrypt your data. And guess what? You can keep your receipt. The threat actor is not going to give you your money back if the decryption key does not work. Okay? So just know there's no there. This is not a legit transaction where, like you, the client will be happy. Ransomware threat actors, for some reason, call their victims clients. But believe me, if the decryption key doesn't work or they don't delete your data securely, they don't care. They're not looking to get five stars on Yelp. So anyways, University of Hawaii. They paid. They paid. I don't know how much they paid, but they paid. Usually the amount paid isn't. Oh, you know, it's not always disclosed. I don't know. Eric Taylor from Barricade Cyber, he regularly deals with these type of incidents. So it would be interesting to get like. Derek, if you're in chat, can you provide some type of, like, I don't know, range of where ransomware payments currently sit in 2026? Are we talking like 50 grand a key? Are we talking a million? All right.

Sarah Lane

Separate campaigns target exposed LLM services. Researchers from Gray noise observed nearly 100,000 probes against exposed LLM services between October of 2025 and January of 2026, split across two campaigns. The first appeared to be gray hat researchers exploiting SSRF for outbound callbacks. The second generated more than 80,000 sessions in 11 days from two IPs that methodically mapped 73 + OpenAI compatible and and Gemini style endpoints across major model families. Gray Noise says the activity indicates growing interest in fingerprinting enterprise AI deployments to enable future attacks and recommends blocking OAST domains, watching for enumeration patterns, tightening egress, and monitoring. JA4 fingerprints.

Jerry

All right, so let's stop here on the fan. Looks like two thirds of us sleep with the fan on. Very cool. All right, this is Recon. So really quickly, if you didn't know, the Cyber Kill chain. Cyber Kill Chain is basically how a pen tester threat actor will execute an attack. This is a gross oversimplification of it. I'm bringing a graphic up. If you're listening on audio, just Google Cyber Kill Chain and you'll see a bunch of graphics. Okay. From top down, it recon is the first step. Okay. And then you get all the way through exploitation and then C2 and all that. One of the reasons I don't like this graphic is because it's linear and cyber kill chain is actually iterative because once you pop a box, like say you pop up a sales engineer's laptop, you're going to start using that and move and like trying to iterate and execute the kill chain deeper into the environment. So you don't get that in this linear graphic. But anyways, I digress. Reconnaissance is step one and this is like OSINT and fingerprinting and running, you know, like looking at Shodan or running NMAP on things. And that's all this is doing. Some, some threat actors out there, nation state probably, if I had to guess, are scanning the Internet looking for open AI compatible API formats. Now if you've been following the the episode today, I gave a full classroom Explanation of what APIs are Application programming interfaces and why they're so valuable. Well, if you have APIs open to the Internet, which most APIs, not most, but many APIs are, they can be queried, enumerated and recorded. And that's what's happening here. Somebody out there, some group out there is collecting reconnaissance on AI compatible API, you know, interfaces likely to be used later in a campaign. So what can we do with those? Well, maybe you find some type of, you know, open session or some way to query that AI and allow it to do AI things for you. Maybe you can weaponize it using some type of injection attack and have it attack the company that it is being hosted by. Perhaps it allows you to steal like not sessions, but like if you're using AI, you have to pay for sessions, right? Maybe many of you are paying for a Claude token or a open AI token. Well, guess what, those cost money. So if you can steal them and have someone else pay your bill, like go for it. So I don't know what the, the end goal is. Reconnaissance is step one though, and that's all that's happening here. So what do you do? Listen, if your company has, if you're developing software or whatever and you have some type of open AI compatible AI API facing the Internet, you should secure it. Who's allowed to query it? We talked about throttling before. Throttling is not going to stop this by the way, because all they're doing is querying it and getting a fingerprint and then continuing on. This is identical, okay? This is absolutely 100 identical to scanning the Internet and looking at like web server versions. If the year was 2005. Right. Getting fingerprints. Oh, Apache. Oh, Tomcat. Oh, look at all these web servers. Oh, IIS, right. That's all you're doing here. Now it's 2026, and it's AI all over the place. See you later, Jesse. Cosmic Cowboy out. All right. They do offer some suggestions here to harden your environment against it. Let me see if I can find it. Here we go. There's a list of o callback domains and IP addresses to block. Okay. All right, so thank you very much, Gray noise. This is great information. However, if you are familiar with David Bianco's Pyramid of Pain. Again, I still can't believe I. I shared an elevator with this guy and didn't know it was him until I got off the elevator. David Bianco's Pyramid of Pain. The. The higher up you go, the. The more frustrating it is for a threat actor. Right. You'll notice IP addresses and domain names are in the lower half of the pyramid. IP addresses are easy to change and domain names are simple to change, especially if you're a well funded threat actor. So when we see the story here. Where is it, when we see the story that your defense is to block domain names and IP addresses? I mean, you're just rearranging deck chairs on the Titanic. Okay. Like, I mean, you should do it, but it's not. This is not solid. Okay. Because they can change their IP address and domain. Okay. Oh, all right. So just be mindful. Threat actors out there, they're going to query these things, they're going to enumerate them.

Sarah Lane

DESA discloses data breach. And desa, Spain's largest electric utility, disclosed that hackers accessed its commercial platform and pulled customer contract data. The company says exposed fields include identity details, contact information, DNI numbers, contract information, and ibans, but not passwords. And DESA notified regulators and is contacting affected users, adding that it sees no evidence of fraud, but warns of phishing risks. Separately, a threat actor is advertising what they claim is 1 terabyte of Andesa SQL data covering 20 million records allegedly matching the breached fields.

Jerry

All right. Buenos dias, Spain. This isn't good. Largest utility company in Spain gets hacked. What comes out? Basic ID payment details, including iBands, which is the banking numbers, passwords not compromised. Sure. All right. I mean, this sounds fine. They blocked access to the compromised accounts, which you should. Right. Disable accounts. Hold on. Do we get a first timer up in this piece? Berlin DAB9694. Welcome to the party. Welcome to the party. Also, shout out to the Squad members. Thanks for John McLean in it. I. It does catch my eye. You can see they. They did. Listen, if you have an account you know is compromised, just disable it. Right. Kneecap that account. Second of all, they dumped logs for analysis. Sure, sure. I mean, in reality, you should been pushing logs to your sim anyways, but we'll just let that slide and then notify customers. Okay. I mean, pretty aggressive. You might want to. Might want to figure out all who was compromised first. But then elevated monitoring has been established. This is like going from DEFCON 5 to DEFCON 4, right? More hands on deck, shields up, whatever you want to call it. More people report to duty and let's monitor. This is a temporary post, right? Once you kind of think you cleared up the issue, you got a root cause analysis, you fix the initial problem, then you can, you know, resume normal operations. Okay, I hate when they do this. Okay, you know what? If my company was compromised, I'd probably do it too, but I still hate it. Okay, as of the date of this communication, no evidence of any fraudulent use of data has been detected. No kidding. Do you know what threat actors don't do? They don't take out a. A billboard on the 405 announcing that they've used, you know, Roswell UK's PII to commit credit card theft or. Or take out a mortgage in space tacos. Like threat actors, they don't do that. So, like, yes, this is a true statement, but if you look beneath it, it's totally horse crap. This is like PR spin. So there's no evidence of fraudulent use. No kidding. Threat actors, they try not to give you evidence because that would be disclosing their operation. But whatever. If this is. If this is a, you know, if this statement is a teaspoon of honey to make the medicine taste better than fine. Enjoy your theater. Okay. Oh, and then the databases for sale. Look at this guy with his really nice car. I don't know if anyone knows cars, but I don't know what that is, but my kid probably knows. Whatever. There's a ton of SQL data. Database data. 60 gigs, 200 gigs. Whatever. This guy says in his post, he's only going to sell it to one person, bruh. I don't know why you'd sell it to one person. Again, I'm not a threat actor. I'm just thinking.

Eric Taylor

You know, data is.

Jerry

The new gold copy paste. Sell it to two, sold to three, right? I mean, dude, the car. You got to put, you know, 93 premium octane into a car. Like this. What are you doing limiting yourself? Selling it to one person? Bruh, whatever. You know what? I don't know. But do you know what I'm going to do? I'll tell you what I'm going to do. Why would this guy only sell to one person? I'm not sure. But you know what I'm going to do? I'm going to attend Flare Academy's webinar on the 29th from 11am to 1pm and learn inside the life of a threat, a ransomware operator. So like literally, I'm hoping that this webinar gives me insights into why this dude is making those choices and drives a McLaren. Again, simply cyber IO flair. If you'd like to attend this webinar and join me for the watch party.

Sarah Lane

Dutch court sentences cocaine smuggling hacker A Dutch appeals Court sentenced a 44 year old hacker to seven years for compromising port systems in Antwerp and Rotterdam to move cocaine shipments. Investigators say he used malware planted via USB to gain remote access to container and gate controls, enabling Traffickers to import 210kg of cocaine between 2020 and 2021 Intercepted Sky ECC messages showed him directing the intrusion and helping falsify transport paperwork. Judges cited risks to port security and also convicted him of attempted extreme distortion.

Jerry

All right. Hey. Yeah, I don't know if Ben is in the chat, but this is awesome. Ben Wilkins. If you guys attended my talk with Ben Wilkins a couple weeks ago, the cyber multi million dollar pistachio heist. If you didn't go check it out, this is like classic cyber dude. The guy used a malicious usb, plugged it in so he could smuggle coke or, or, or blow or snow or cocaine white powder, whatever you want to call it. Just a classic drug smuggler. All right. I feel like, I feel like 1986 is on line one. Okay. 44 year old, sure. He hacked a major port company in Belgium. This guy went, you know, around his elbow to get to his butt in order to do this. All right, so he imported 210 kilos of cocaine through one of Europe's largest ports. Now for those who work in travel or, or shipping and logistics and maybe live in H town, I am kind of curious your thoughts on the story around compromising this port. This dude definitely had to have insider knowledge of how port operations worked. You don't just. There is no magic app that you just install and it, and it. You know, this isn't a Mission Impossible movie. All right, so the defendant persuaded a port employee. I'll give you a Hint how. He persuaded him to plug a USB stick in. Created a back door, then hacker got remote access. Okay, All right. Okay. Yeah, I love it. The defendant provided step by step instructions on how to deploy the malware. But then they go one step further and kind of like ruin the, the pageantry of this next level hack. Quote, simply double click it and wait 15 seconds. Oh my, oh my. Does this guy get issued a black hoodie with this USB stick? All right, so forensics show the malware remained inside the system for months. Of course it did try to get admin privs didn't get it. Okay, so this guy's in trouble for multiple things. The 210 kilos of cocaine is more just like icing, icing on the cake more than it is the main story. He was doing all sorts of nonsense in the port operations, creating fake transport orders. I gotta tell you, this was a very elaborate scheme. Very elaborate scheme. I don't know. I. I will tell you, I don't know much about smuggling drugs or anything. Like this guy really went complicated in order to solve this. I mean, I, I'm sure there's a solution for this. Maybe the coast guard figured it out. But like cigarette boats in the early 80s seem to have solved this problem. They just don't go through the ports. Again, I don't know anything about anything, so I don't know. This is a fun story to end on. The good news is this guy effed around and find out he's going to go to jail, very likely for seven years for smuggling cocaine. Who knows how much he got paid to do it. He'll be 51 when he gets out of jail and probably have a, you know, a bunch of money. So choose your own adventure. All right, let's cook. All right everybody. Hala, hala, hala, hala, hala. Thank you everybody for being here today. We're a couple minutes over. I hope you enjoyed the daily cyber threat brief episode 1045. Had a lot of fun tidbits Tuesday. Sleeping with a fan. I guess there's a majority of us that also vibe that way. Very cool as always. Shout out to the stream sponsors anti siphon with their active defense and cyber deception next week. Don't miss that threat locker. With Zero Trust World coming up here in March, my show will be done live from the Zero Trust World conference floor three days. You can come attend in person. Hell, you could sit in on the show if you like. It's all about good times area with their AI, security and governance. Allow your teams to innovate while also protecting them. And flair. Where we're doing the flare academy watch party here on the 29th. Come check out all that. Of course, simply cyber IO flare, simply cyber IO area, etc, all about good times. I'm Jerry from Simply Cyber. Don't go anywhere because one Eric Taylor from Barricade Cyber Solutions will be doing Jawjacking, which is a 30 minute AMA. Eric, you put a question in chat, Cyber career questions, certifications, where to learn. And Eric and the team will do their best to answer your questions. I'm gonna get out of here. We'll see you at 1pm today. Please don't forget this is a skill stream, an opportunity to learn and crush it on personal branding. Okay, listen, please, please, I'm asking you to attend this. Not so I get numbers or metrics. I don't care about that. I'm asking you to attend this because if you get rift, if you get laid off, if you get redundant workforce things, if whatever happens and you lose your job, you want to have already been doing this before. You need this, believe me. Invest in yourself. Come hang out for an hour, pick up some, some tips and tricks, get your LinkedIn sorted out. All right, I'm Jerry. Till next time. Stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some jawjacking.

Eric Taylor

What is going on, people? Welcome to jawjacking. As Dr. Geraldo said. My name is Eric Taylor. I'm the CEO, Chief Forensic Operator here at Barricade Cyber and I'm here to answer your questions. If you are new here, this is kind of what we do. I kind of ramble for about 30 minutes unless there is a, there is not a, a show after this, which I think there is a 9:30 show. And so if the questions are popping and you have, you know, we're having good vibes, then, you know, we'll definitely run long. Jerry normally gives me the, the, the, the benefit of doing that when it's not conflicting with the other programming. So that's always good times. If you are new here and want to know how, how do I get Eric's attention on a question that's pretty easy. Put a Q and a colon. Not a period or a semicolon or anything like that, A Q and a colon. So that way when I search through the chat, I can be able to easily find Your question while we're waiting on that. I'm not sure if anybody has seen it. I'm going to do a little bit of a self promotion if you don't mind. Pretty happy about this little update. Share screen 2. Do not share audio because I haven't turned off all my, my noise boxes yet. Let me switch. Rotate this. Let me do this, let me do this. All right, so if you're not following Barricade Cyber, why you should be, I'll post this in chat. But we, if you haven't, if you kind of knew, you may not have heard of it. But we do have what's called an EPSS lookup tool. Been working on it for a little bit of time now, but just released version 2.0 and already knee deep into version 2. And I will show you behind the scenes of what that looks like in just a second. So we've been talking about it internally, I think I mentioned it in mod chat a couple times. But we have introduced the lev, likely exploited vulnerabilities as part of the EPSS lookup tool. Right. So you know, we kind of go through it, we made some, we added some trending charts over for the past 30 days to it. We're adding some search analysis, we did some back end UI improvements, CBSS 4.0 support, things of that nature. So let's go, let's take a look at what it is. So like when you bring this up right away and I'll drop this, but you'll see, you know, right here at the bottom there's a nice little change. So anything that you've done, any searches that you've done recently, you can automatically, you know, just re click that. It's like, oh crap, you know, I, I've been searching about three or four but I need to go back and get some other stuff. Right? So we've added the recent tab to, to here. So once you've added this in or I click this recent one, you know, you, you'll see the VPSS score of 76, 74.66%. The LEV analysis is here. So we have the left score over the last 30 days and the composite probability recommended for prioritization per nist guidance. Right. So we definitely added that. Now you want a little secret, you know, a little tidbit in the back end. So I'm like, all right, this is cool. You know, we still have the, the heat map. We've added the EPSS threat score threat. So pulling from the first.org API we're looking at A trend of lookups and everything like that for this particular CVE over the last 30 days. Plus, we're like, okay, this is probably just for me, but I'm kind of curious, like, when you know, how many other people on the EPS lookup site is actually searching for this as well. So this one is just for this specific cve. Probably all these are me because this thing just released last night, but I can see, like, there's potentially seven other people that looked up this one. The copy results is still kind of the same for the most part. So if you just copy and let me just open up a fresh notepad here so it will output everything as before. You know, it gives you your CV score, your EPSs, your percentile. We did add left score and the composite, composite probability into the paste as well. So, you know, easy for you to exfil that data and you'll be able to use it in your own metrics now. Now, ladies and gentlemen, for the big reveal of 2.5 that's getting ready to come out, we'll do the same cve. We are adding Threat Actor Intelligence, ladies and gentlemen, Threat Actor Intelligence, to the EPSS lookup tool. So it's going to show you, you know, who arbitration is, what botnets are going on, things of that nature. So you'll be able to get that. We're going to. I got some bug fixes to still do, but it is in the works and we are hoping to release this within the next couple of weeks. So strap in, ladies and gentlemen. We, I think after Threat Actor Intelligence is done, then we may be done with development of the EPSS lookup tool for the time being. But I definitely wanted to add love, I def. And while I was in there, you know, I was like, well, we really should have some intelligence around the cve. Like, who's actively targeting this cve, right? So again, go over here. Do me a huge favor, if you're not following Barricade Cyber, please follow us and share this post out. You know, help. It literally is a free tool, as I demonstrated on here. You don't have to log in to use it. It's free. We're posting it out there, so please share it. I want people to be able to use this, be able to get value out of this, because there's a lot of times that organizations have a hard time prioritizing what they should be doing, what they should not be doing, things of that nature. So I think this is a very, very cool aspect of things. All right, let me know what you thought, what your thoughts are on that in the chat. Oh, no. Do. Do me a favor. Go over to LinkedIn, post a comment. There's something that you want to see on there. Go to LinkedIn, post a comment. The team is watching that thread to see if there's any comments, request features, things of that nature. Like I said, I'm looking at 2.5. I've. I think in HubSpot we've got it queued up to post out a teaser today or tomorrow. I think I may change that. In fact, while I'm doing this mods, I've talked about it before. Pocket Spill today. Do we have a 9:30 call? Do we have a 9:30 show? I'll look to mod chat. Jerry's already gone. Let me see if the. I'm just checking the. The posting engine called HubSpot. I probably need to push out. Oh, it already went out. Okay, whatever. Oh, no, it didn't schedule. Yeah, I'm going to push that out to next week. Okay. I just see that screen up. So that way it reminds me. All right, let's look for your questions. Ladies and gentlemen, enough of me rambling again. Let go to LinkedIn. Let me try the tool out. Let me know what you think of that. If there's something that's not working, if there's something that is that you think. You know what? Before you kind of stop development on this thing, just kind of let it run its natural course. You know, I would love this feature and we'll take those into consideration. All right. From Raza uk. Do you sleep with fan on? Yes, I am fat and I need to be cooled down. Are there any resources available for breaking into GRC space? Yeah, the. Let me share my screen again. You're going to. You're gonna. You're gonna love this. You're actually at the right spot, my good man. Simply Cyber IO courses, latest initiative. Let's see. GRC analyst master class. Here is the academy. Here is the training for that. If you go to even YouTubey. I know for a fact Zuri's got so much of this, let's say Simply Cyber. Yeah, don't videos and grc. All right, so I'm post this whole query up here in the chat there. As you can see, there are a ton of videos already there, so you can pick up some of the free stuff. You can sign up for the academy and that will be beneficial for you. See. Let's see. From James McQuiggin. Well, coming in with a dad joke, I think. Did you hear that? Data Scientists have discovered a new way to store data in ice cubes. They call it frostbite. Love it. I do love me a good dad joke. Thank you so much. James McQuiggin, Is there a charge you use to all the EPSs? No, I've already answered this. But just for clarification, there is no charge for the EPSS lookup tool. A. It is free. We don't even ask you. It's not even gated by, you know, email request. Like, like you have to log in or anything like that and we're collecting that information, it's just wide open. So you just go to epslookuptool.com and use at your leisure. The other thing I do is I ask that you share the tool out and if it's beneficial to you and you need help with your environment, consider us. Let's see. Any chance you can roll this up in a Docker service? I can host locally? Roswell UK? No, there's too many external APIs and SQL databases and all that stuff. Putting together a Docker image would be a nightmare for me to do. Just to be completely honest with you. I'm not saying I wouldn't collab with somebody who really knows Docker to get something done, but right now it's just, it's just there. Nice. What language is this written in? We've got some, a lot of Python on the back end and it's PHP and I think there, yeah, there's some rust in there as well. There's, there's a lot of automation in the back end that runs on this thing. A lot of cron jobs because you know, as CVEs are being published and you know, we're pulling from the Miter attack framework now we're pulling for external APIs, things that nature. So to make it run very, very as fast as humanly possible, you know, we're pre staging a lot of data in the, in the SQL database. So if it was reliant on just making a metric ton of external API calls on every request, this thing would crawl. I know, I tried. I'm like, we'll just make it do API calls all over the place. And that was just. You would literally wait for three minutes for a result to come back and it just, it's not a feasible solution. So start building out cron jobs, start pulling everything in to local JSON files and into the SQL database. That's kind of some things I'm working on now before I release 2.5 is I still got about 4 cron jobs or 4 parts of my Python cron job that puts exports everything out to a JSON file. So I am working on shifting that data into the SQL database. Hopes to make it a little bit faster. So again, it's. It's still pretty fast now, but if I just get a little bit better, a little bit faster. That'd be nice. Can always be done better, right? What? Stop. Have you ever played the Moral Machine? It's an ethical programming exercise game. I have not the real Kaka. I've never heard of that game, but I will check it out. But to be honest with you, I'm not a massive programmer. I'm really not. That's kind of why it took me several months to get this going. Because I suck at Python. I suck at it. So, so bad. So, so bad. I literally had to install PowerShell on my Linux VM that runs this thing just so I can get stuff done. Like I can get a lot of stuff done in PowerShell. Like a lot, a lot of stuff, right? So it just takes me like it was taking me so long. I'm like, I'm just gonna install PowerShell and I'm gonna do what I need to get done just so I can get this next version out. Because Python, it kicks my behind. It really does. I can read it most, I can read most of Python, but for me to actually translate that in code in Python, you know, making sure you bring it in your dependencies and everything like that, I just, I learned a long time ago to realize where my strengths and my weaknesses are and Python is a weakness of mine. For some reason I cannot, I cannot get my head around it. Neither here nor bad, but for some reason PowerShell just makes so much more sense to me. I can easily grip through it. I can easily. You know, I could do a lot of things with PowerShell and it just makes a lot more sense to me and I don't know why. Is there someone to provide resume feedback? If I'm not mistaken, I've got in. Oh, thanks. Haircut. Fish. Haircut. Since you're in there is another thing I really suck at is discord Search. Simply cyber. I think there is a resume group, right? I'm looking, I'm looking. General Live chat Live chat. General General Live chat. General DRC Mafia Chat. Let me just scroll over here. I. But I'm just looking. Bear with me, ladies and gentlemen. Just bear with me a moment before I tell you to go external. I guess it's not here. Just double checking Just double checking. For some reason I thought there was a community channel or something in the Simply Cyber discord specific around resume. And it may be job posting is what I was thinking of. Maybe, maybe I. I don't know. But I will say two things. Let's go back to you YouTube. I promise this is not just let's just puke everything. But if you go into Simply Cyber, I know Jerry has resume, all right. He's got several videos here just around personal branding and doing resumes. So I'll push that cure that Q or that query in there. And there's also Jason Blanchard. I think that's. Yeah, Blanchard hack. Was it job hunt like a hacker? Let's just do job hunting. That one's one year ago. This is a playlist. Don't do that. That's five years ago. How old is this one? Five years ago. I mean this would still be good. You know, sometimes going back to your root causes is a good thing to do. And if you don't know that guy right there, Jason Blanchard. And let's see now you're gonna start laughing at me because my LinkedIn is a hot mess Express right now. I don't know if he does it on LinkedIn or if it's just in. Let's see, that was six months ago. One year ago, 10 months ago. Yeah. So. Where did the filter go on this stupid thing, let's say past week. Oh, follow this dude, Jason Blanchard. He's over at Black Hills Information Security. What's this one here? Four months ago. Yeah, I would say just follow him, read up on his stuff that he's done in the past. Go over to the Black Hills Information Security Discord. They may have moved it all over to Discord. Now again, I've been so heads down on so much stuff lately and just really focusing on my entire in my world. But I know Jason Blanchard does a lot of stuff. But take go through Jerry's stuff, look at what he has put out there. You know, give it, you know, a good recursive review and kind of go through that and then go through Jason Blanchard stuff and you know, get over to the, Let's see, continuous lesson course. What? Oh, I just noticed this. So looking at his post, he's got Jason Blanchard's also got a. A class coming up for under the pay what you can. I just posted it in chat January 20th at 10am Eastern. 4p through 4pm Eastern. It's a live training virtual. Sorry, the. But yeah, definitely look at that. Hopefully that's enough resources to get you on your right path. And here co Fish is confirming he doesn't see anything either in the Discord chat. All right, when doing an assessment on an embedded system, what is the first thing you look at? Network traffic. Literally what is this thing doing on the network? Like what is it talking to and who is talking it to. Gives you a lot of insight of what the function is and if there's potential unauthorized network traffic coming from the device. Yeah, I'm looking at what's it talking to and what's talking to it Anytime anything is on the network. Let's see, I entered that. Jason Whacker. I missed your entree ID identity protection webinar. Well, shame on you. Shame on you put so much work into it from last week. Is there a way I can watch it? Yeah, it will be on the YouTubes. So if you go to back to share, I probably just keep the screen up. What do you think? So if you just go to YouTube.barricadecyber.com I can even spell our own company name. That'd be great. How about that? This is in chat.

Jerry

Come on.

Eric Taylor

It will prompt you to confirm if YouTube is going to freaking load for. If you come over here to playlist and then the Fortify 365 is right here. Don't play. The last one uploaded is session nine. Kimberly's working on session or last one uploaded session eight. I know Kimberly is working on session nine and session ten. But everything get lives here in the YouTube world. So go over there, follow us, follow me and you know, tune in for that stuff. Let's see. A lot of great questions today. Thank you all so much. I haven't heard anybody yell at me. So I guess we are approved to go a little long. I may have answered all of the questions. Let me just research. Yep, I think we've got it. What's everybody talking about right now? Let's scroll down to the bottom. What's up? Ms. Kathy Chambers, media. Gotta catch up with you and see how things are going for you. Yeah, I feel like I'm in my own little bubble. Just check it up on chat. There's nothing really to talk about. That's cool too. We're just gonna leave it, Let it go. Well, yeah, Powershell are just commands. Exactly. But you know, being able to create the modules and everything in Powershell and just to get, you know, things going, it just, it just makes sense to me. Powershell is mega easy. You just need Python, PowerShell and a framework. Okay. I do not subscribe to that opinion. But opinions are like ears. Everybody's got a couple. Nothing's good or bad. Question have you ever used Cisco Packet tracker? Dude, I haven't touched a Cisco in at least 10 years. If so, what packet capture do you like to use and why? Typically, most firewalls these days have their own packet capture tool in there. As long as the only downside to the firewall packet capture is the traffic has got to be seen by the firewall. Let's just say this so if you. Let's see, don't get. Don't keep your minds out of the gutters, ladies and gentlemen. We're going to use two black balls here. We're going to say these are two computers. Okay? Okay. If they are talking to each other directly, AKA by IP address like I'm transmitting information back and forth that between those devices it's not going to get to the firewall for the packet capture nine times out of ten because it doesn't go upstream, it's just a direct connection. So. Depending on what you're trying to capture, it's either going to be the firewall is my first go to see if I can capture the the information I need from there. If not, then I just use Wireshark and get it that way. What are some top trends you see for 2026? AI, AI, AI like everywhere. This is not. This is not supposed to be a political show. However Cali Wireshark. Get out of here. Just throw Wireshark on your Linux. Don't install Kali Linux VM Anyway, sorry. The following statements are mine and mine alone. They do not represent Dr. Geraldozer or anybody else other simply Cyber Community team with that disclaimer. This is not a pro or against current administration. Like I said before, a lot of cyber is political. So you talk about the the topic itself versus the administration as a whole. For the most part let's just complete dumpster fire. But that's for a different talk in a different show. What we are seeing from the current administration as it relates to cyber is go. There's a lot of dismantling from three letter of three letter agencies in early detections and communication and collaborations in the cyberspace for protecting the the quote unquote homeland not to sound like Russia but all the organizations in there. You know I talked about it here just a little bit ago. Let me actually. So unless you're living under a boulder right now there's and again this is not a political show but if you're looking and keeping an eye on what's kind of going abroad. You know, Iran's got some troubles going on right now. Right. And there's something to be said about that. You know, as things between our government and the Iranian guard over there is heating up. We know ATP threat actors are in Iran. And going back to the old days, where there's a will, there's a way. And let's just say, hypothetically, I'll post this link here in chat. Actually, I think I gotta copy it a different way. Copy link to post. Let's just say hypothetically, things go sideways in communications and things get really, really bad on the communication front. As a cyber professional, you should be looking at those, at the ATP threat actors of old and determining, you know, are any of these guys potentially impacting the industry that we are in? Right, we know, because history shows us desperate times call for desperate measures. You can. When people get desperate, they're going to do things to become undesperate. One of those things is going to be cyber to get money, both pro and con. So just do your due diligency. And that's what I'm saying.

Sarah Lane

The.

Eric Taylor

There's going to be a lot of keeping your head on a swivel and keeping your eyes peeled. Try to keep. Again, try to. It's very easy to input topic name here, even in 2026. Put topic name here and to instantly assume a narrative instantly. The key thing to remember is anytime news information comes out. I mean, take Instagram. You know, the story that's being discussed today that we were talking about on LinkedIn last week and over the weekend, that's still a developing story, right? Is this a breach? Is this a reuse of old information from 2024? We don't know yet. It seems very suspicious. So as things unfold for the year, just keep an eye, Accept, Not criticism. I'm trying to think of the word. I know chat's on a delay and we'll say it and scream it at me. Speculation. No. Drawing a word on the pro. I'm drawing a blank on the proper word. I think you guys know. But the. Just do everybody, do yourselves a favor and take a step back and keep a watchful eye as stories unfold. Don't get married to a narrative or a. An outcome, because that's what you think. All right, we have to see like, like I used the use case before of Instagram. We gotta see where things shake out. Things look bad. Absolutely. For Instagram, even, you know, as Jerry mentioned it before in the show, you know, being able to implement Rate limiting and things of that nature. What can you do as the, as time progresses, just educate your entire organization, say, hey look, this is what we're seeing based off and put in there based off the information we have at hand. Our current analysis is X, Y and Z. Please stay tuned as we further, as we learn more and advance our analysis on a said topic. And that I think that's one thing, you know, that we could take away. Sorry, I think I just went on a massive rant and didn't even raise my voice. Let's see, I'm still learning. So I was wondering why a company has ransomware, has a ransomware tech, why would they pay the bounty if they are doing backups? Oh, good question. All right, Let's talk about backups. This is gonna. Welcome to my TED Talk. You just got me on a soapbox. All right. Company gets impacted, they, they may have backups, but you know, depending on the backup rotation there, they may be weekly or monthly backups or whatever, or they've may not have been working properly for some time. You may go restore your backups and it just doesn't freaking work. Right? It's corrupted, it doesn't restore properly, things of that nature. So just because you say you have backups, have you tested your backups? Like I said, we're gonna go down a TED talk here, so strap in, ladies and gentlemen, we're gonna go freaking long. This part is part of your disaster recovery plan. How much time does it take to recover from backup? Let's say, hypothetically, you have your backup in Azure Wasabi. It takes time to pull from wasabi because it's typically a cold storage bucket in aws. So it's designed for long term storage, not to be quickly accessible, which is great because it's freaking cheap as crap. But when it comes from time for restoration, you're paying out the nose and it's throttled like nobody's business. So you'll have that situation. You also, I think as of sometime last year, maybe the year before, within the past couple years, I was just say, AWS has given you the ability to switch a bucket from wasabi to an S3 bucket, so that way you can quickly download the data. Now that migration takes time. Depending on how much data you have, that may take a whole lot of time. So knowing that and going through those scenarios, it may be cheaper to get restoration efforts underway by paying a ransom for the encryption tool versus actually doing the restoration. See where I'm going? Those are business things to consider. There's Also data suppression as part of the threat, as part of the negotiations. You may, your backups may be working fine. Everything's hunky dory. You're able to restore no problem, no foul. But the threat actor stole very sensitive information. It could be intellectual property, it could be pii, could be phi, it could be a number of things. Or you know, the executive team's like, you know what, I just don't want this freaking data leaked. There's just so much financial information that I feel that we are going to be as an executive team, we're going to be a target and we just don't want that data out there. So as part of our threat actor communications that we go through, we will change our communications. Like, look, we don't need a decryption tool. You suck. You didn't, you know, our backups are fine, but we just need data suppression and we need to prove that you deleted the data and we'll go through those conversations. So it's a lot lower of a price point than what their first initial offer is. But you know, data suppression is a valuable thing to do. So there's many, many things that you can go down that rabbit hole on to be able to get down that path. Hopefully that answers your question to some degree. But I could, I could literally spend like three days just yammering about that stuff. We are coming up to the top of the hour and I do have unfortunately a business to run, ladies and gentlemen. So if you have any last minute questions. Get them in, get them in, get them in, get them in. Let's see. Ivan. All right, I think we've got everything. That many people are talking in the chat at the moment with that. I hope it's all good day. It was really good hanging out with each and every last one of you definitely. Please keep an eye out on the Barricade Cyber Channel, LinkedIn and YouTube for the Fortify. We do have another series I'm working on developing right now. It. I think what we're gonna do is try to come up with some like a mini episode of Fortify365 to help comply with insurance. So we're a lot of our organizations that we do incident response for are going through those questionnaires right now into Q1. About 30% of our client base goes through it all at one time. So it gets real busy for us. But you know, I think I'm going to take like of all the top questions that these insurance companies are asking and how it applies to the Microsoft 365 tenancy. I think I'm going to put a mini series together for that. So let me know if that'd be interesting for you. Trying to figure out a way to report to get generate a report on that. I I don't quite know yet. Trying to figure that out. But anyway, with those who have sung hung around 156 people of you on YouTube.

Jerry

Yay.

Eric Taylor

We're gonna do the sea shanty and we'll put Bell out. I I'm going to pencil in another panel visit for Friday. Everything looks hunky dory for that at the moment, so if you're there, I'll see you. If not, I'll see you next Tuesday. And until then, stay curious my friends. There once was a kid whose passwords laid across all sites they were the.

Jerry

Same criminal then found their fame by.

Eric Taylor

Taking that data to go.

Jerry

Soon may a criminal come to steal.

Eric Taylor

Your pictures and data and run.

Jerry

One day when the crime is done.

Eric Taylor

They'Ll steal your account and go.

Jerry

Hey everybody, I hope you enjoyed that content. Keep the cyber security train going by connecting with the other Simply Cyber community resources. We have the Discord server that's lively and always keeps the conversation going. You can connect with me directly on LinkedIn and also every single weekday morning on the Simply Cyber channel. We're doing live daily cyber threat briefings 8:00am Eastern time as well as Thursday at 4:30pm we're doing live stream interviews with industry experts and we produce videos that we push out every Wednesday morning. I'm Jerry from Simply Cyber. I hope you enjoyed the content and we'll see you in the next one.

Eric Taylor

Get out of here you filthy animal.