A

Hey, what's up everybody? Good morning. It is me, Dr. Gerald Ozier. This is simply Cybers Daily Cyber Threat Brief podcast episode 1046, coming to you live from the Buffer Osier Flow Studios. If you are looking to stay current on the top cybersecurity news stories while engaging in a network and community of like minded, supportive cyber security professionals, you are in the right place. Because over the next hour we are going to be going through the top eight cyber stories of the day. And I will be using my 20 plus years of experience to go beyond those headlines, give you insights and additional value for you to be the best cyber security professional you can possibly be. We're off and running on this beautiful Wednesday morning. Let's go. That's right. Good morning, everybody. I hope you're doing fine. Welcome to the party. As I said in the little intro there, my name is Jerry. It's all about good times, A lot of good friends in here. On the regular, every single weekday morning we're doing this show. This is episode 1046. So we've got a little bit of time in the saddle, as it were. Now, if today's your first episode, I hope that you have a good experience and if you're here for the second time, maybe third time, I know Brown Coyote came for the Mike Miller personal branding course last night. Seemed to be a relative newcomer to the show. So welcome to the party. Ms. Julian's in chat. Good to see you, Ms. Julian. Guys, whether you're a first timer or long timer, it's great to have you here, putting in the work, having a good time. But if you are a first timer, drop a hashtag, first timer in chat. Hashtag, first timer in chat. As always, ad tech reminding me if you are a solo operator, you're a one person shop, one man shop, one woman shop. You're responsible for cyber and I t maybe small mid sized business, you're asked to do more with less. Just know that the cyber simply cyber community is your extended work workforce or your extended work mates. Right? Don't go it alone. Don't think that you got no one to turn to and ask a question like does this make sense or have you, do you have any ideas on what might work with this? We are one community. That's what simply cyber is. It breaks down geographic barriers and, you know, generational barriers and all those things. It's all about support, inclusion and empowerment. Just so everyone knows, I got the hat on. We are operating at a business continuity plan. I've got the puppies in in this Buffer Osier Flow studio with me, they're trying to make a breakout right now. But we are in week two of puppy recovery operation. We're near the end of it, which is great. So drop a hashtag. First timer, if it's your first time in the show or it's your first time live or it's just your first time commenting, whatever. Give me an excuse to use the buzzer, please. We have a special sound effect, special emote. Now, did you know that every single episode, including this one, is worth half a continuing professional education credit? A cpe? So if you have a cyber. If you have a simply. Oh, my God. If you have a cyber security certification that requires maintenance, then you need CPEs. And this right here, the show instructor, le webinar. Half a CPE a day. If you show up every day, just say what's up in chat. Grab a screenshot, include the episode title, which has the date and the unique identifier, file it away. Once a year, count up those screenshots and divide by two. You will get way more than enough CPEs to maintain your certification. Up to 120 CPEs a year is possible. Hey, get out of there. Gotta keep the dog honest here. He can't be licking his wound. We have a cone form, but he absolutely acts like you've cast, like, a stasis spell on him. When you put the cone on him, he's like, oh, very unusual. So, you know, that's what's up. What else we got? We got CPEs, we got first timers. It is Wednesday. We have Worldwide Wednesday. I'm going to be retiring Worldwide Wednesday because of the Daft Punk copyright issue. So maybe, maybe we'll do Worldwide Wednesday one last time today. Want to say what's up to Mad Destroyer in chat. Stones fan in chat. Guys, definitely appreciate it, y' all being here. We got some first timers, I guess. I, I, I'm not sure who all the first timers are, but. Welcome to the party, pal. Welcome to the party. Looks like Space tacos is letting it rip. All right. Hey, Title X. Don't, don't be throwing stones at me, bruh. No, no. Yesterday was staple removal day. They got it out. Just one of the, one of the staples spots in is still a little inflamed. So now he's on antibiotics and some type of, like, ointment. But he can't be licking his junk, you know what I'm saying? All right, all right. Hey, before we get into it, let me say shout out and thanks. To the stream sponsors. Those who enable me to bring this show to you. Those who. Those who allow me to bring the show to you. Start with area guys. Everybody's leadership team is like straight up, hey, we need AI. You can't go to a cyber security conference and not get hit in the face with AI Everything. Employees are using it, management wants it. It seems like you spend a little bit of money and you get a huge returns on investment. Shadow AI is sprawling all over the place. Sales teams using this one, marketing's using this one. Let's be real with you. You're probably using a couple different AI tools at work, but this obviously introduces AI sprawl attack Surface can lead to data sovereignty issues, data governance issues, IP theft, regulatory fines. Dude, you are walking through a minefield just by going whole hog with AI. But what if AI could become an advantage instead of your biggest risk? What if teams could innovate while staying secure, which is our job, right? You basically would be the all star. You'd be the smash mouth MVP allstar of your business if you could allow innovation while being secure. Well, guess what, that's what area does here. Unified platform that combines AI security, governance and orchestration. So you don't have to choose innovation or protection. Get both. Take control today. Turn your AI stress into AI success. Ready to embrace AI.

B

You.

A

Yeah boy. Visit area. Go to Simply Cyber IO AI R I A. That's simply Cyber IO A I R I A today go to. Yeah, and as I always say guys, I don't, I don't, I don't partner with businesses that suck. Okay, so it's pre qualified, but check these guys out. Click the link, it helps the channel. I do appreciate it. It's a, it's a nice little way to say hey, thanks. I like the work you're doing here, Jerry. Keep it up. Speaking of work, you know who's putting in some work? John Strand over at Anti Siphon. This guy, one of the hardest working men in cyber. Putting on a 4 day, 16 hour course next week. Still time to register. January 19th, you can register for as low as $0. I don't know if that fits your budget, but $0 if you got a couple shekels to throw. 25 is definitely the request. You know, kind of the requested minimum amount. 4 days, 4 hours active defense, cyber deception. I've taken this course. This course is phenomenal. You will definitely enjoy this course. Learning about venom versus poison, Learning about honey tokens. It's, it's just a really cool course. If you have the time. Also I want to point out John Strand course. John Strand is a great guy anyways to meet which you can do virtually here. But what I want to tell you about this course and and a lot of John Strand's courses what makes it really fun and simply Cyber Academy is adopted. This idea is they do the training 11am to 3pm Eastern time which means you can get to work, take care of your burning trash can fires, then do some training right through lunch and then finish by 3pm and then have two hours to respond to emails, deal with Kevin. Right. You know what I'm saying? And you know none the. I don't want to say none the wiser like you're trying to hide that you're doing training but you can do training and not have it be like you are out for a week which is always the problem. Right. So go to anti siphon training today, check out the course. It's definitely all about good times. Let's go ahead and hear from Threat Locker. Remember I'm going to I am going to the Zero trust world along with Kathy Chambers and Kimberly can fix it in March. So if you're looking for a really cool conference and you want to be part of the show, we will be doing the show live from the conference floor out there in Orlando. Come on, check it out. Let's hear from Threat Locker. I want to give some love to the daily Cyber threat brief sponsor Threat Locker do zero day exploits and supply chain attacks keep keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn. Learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com dailycyber. Yeah, speaking of that workshop we did. Hey really quickly Devin owens over on LinkedIn watching for the first time Devin Owens. Welcome to the party pal. Welcome to the party. Hey guys, this is a a workshop. So we're doing a couple new things in 2026 with Simply Cyber. We're doing the monthly SK streams which was the one hour thing that we did yesterday with Mike Miller that is going to be on YouTube live stream free to everybody and we're doing deep dive workshops. Now the f these are paid but Because I'm doing the first workshop, I've waved the, I've waved the cost because I'm horrible at capitalism. So if you're interested in a four hour long workshop, same 11am to 3pm, very anti siphon, like where basically you show up, I'm going to teach you, you're going to leave with a YouTube channel, content, ideas, thumbnail skill set and a couple other things to get you off and running to build a personal brand. Basically it's the playbook to how I built Simply Cyber. If you're interested in that. It's free. Free, Free, free, free, free. I'm having. I. I've capped it at a 100 students because I want to be able to actually support you guys. So if you're interested, it's free and it's 100 people get in here. Elliot Matice is going to be there. It was going to be 99. That's basically what we're doing with the workshops. It's like 50, 50 bucks an hour. But because it's me, I was gonna do four hours for a hundred bucks. And then I was like, you know what, eff it, let's just do it for reals. All right. Hey, really quickly, say goodbye to Wild Worldwide Wednesday. We got one more to do. This is gonna be our last one. I don't know what I'm gonna replace it with, but we're gonna do it. So you picked a good day. If today's your first episode, you have no idea that we've been doing this for years. Worldwide Wednesday, every single Wednesday, we see where the community is and just un. It's unbelievable to me how international and amazing this community is. It's way beyond east coast people, period. All right, so I'm gonna ask you where you are. You're gonna hear some Daft punk, set the clock to two minutes. Mods, get ready and we're gonna see if we can cover the world. Go. Let's go. Tell me where you're at, 99. Tell your mom I said hi. Get some scratchies over at Dunks. All right, here we go. Carrie's first in line at Texas. Dirty Jersey Nelson Rivera. Hotlanta. Down in the dungeon. Indiana, I like it. Ember. San Francisco getting up early at Elliot and Phil. Thank you. Flow Rider. The Philippines. Michael Vito bringing Asia Pacific Rim online. Bing bang boom. Steve Young's keeping it cool in Minnesota. Code Brew up in Greenville. Nazareth, Pennsylvania. The rich 464 bringing the Maple Leaf. 51st state, apparently online. What's up, Winnipeg? Hey, Kenyaki, Chai town. I like it. Casey in the house. Good to see you. Toasty Pops. I hope everything's well in your neck of the woods. Lake Elsinore, California. America's coming. Correct. Hey, Dr. Faza is in Cuba. Gonna have to use my cheat sheet to bring Cuba online. I love it. To Tip Top Clay in South Carolina. I love it. Palmetto State. It's my state, too. Ethiopia, one last time. What's up, Africa? Good to see you. Medine G. Montgomery. Alabama's in the hisy dream Logic. Philippines. We got a Philippines contingent starting to crop up here. Melbourne, Florida. I do like Melbourne. Wasn't that where. Who's that, sir? That was out of that space. Melbourne. Kelly. Kelly Slater, was it? South Africa's in the house. Good to see you. Oh, daycare. Somalia. I don't think that that's real. Number seven, Tampa, Florida. Good to see you. Left coast Florida, I believe, right? Gulf side Dirty jurors. Michael Andrews. He knows what's cracking. Do love my. I do love the grease trucks up in New Brunswick. If they still exist. Southeastern Tennessee. Alpha, Sierra. Good to see you. Looking at. We're looking at you. Gatlin, Tennessee. Gatlinburg. Is it the Up? Jeff Watala, Wu Tang. I don't know why the up makes me think of Wu Tang, bro. Where is South America, Australia and eight in, like, Europe. Guys, we just did two minutes, 250 people in chat, and we have a massive deficiency. For the last time that we're doing. For the last time, we're doing Worldwide Wednesday. This was a pretty rough go. No Europe, right? Where's Roswell, uk? Where's Face Doyle? Where's Dragos? Right? No, South America. Missing three continents. This actually, honestly. And I'm not. I'm not yelling at you, Dr. Jam. I don't know if you are in Australia or not, but, like, this is the worst performance we've ever had on Worldwide Wednesday. We've. We've never had three continents missing since the inception of this, so we'll have to revisit it. Nigeria. All right, thank you. All right, guys, so play the. Oh, Space Taco said she saw the uk. All right, thank you, Space Tacos. All right, guys, do me a favor. Sit back, relax, and let's let the cool sounds of the hot news wash over us all in an awesome wave. I think. I think DJ B Sec is at 35, 000ft, so I'm not entirely sure. But James McQuiggin, please look to your right and let us know if DJ B Sec is next to you. All right, let's cook, everybody. Okay, time to get to work.

B

From the CISO series, it's cyber security headlines. These are the cyber security headlines for Wednesday, January 14, 2026. I'm Sarah Lane. Go Brute Forcer targets crypto blockchain projects. Check Point reports an updated Go Brute Forcer botnet is targeting crypto and blockchain projects by compromising Internet exposed Linux services like FTP, MySQL, PHP, My Admin, and PostgreSQL. The malware leverages leaked or weaked credentials and is benefiting from AI generated server deployments that ship with default usernames and passwords, plus legacy stacks like xampp. Once in, attackers deploy a web shell and an IRC bot for remote control, along with modules that enumerate Tron addresses and move BSC and TRON tokens to attacker wallets.

A

Tron. Now, most people think. Hold on. I'm hearing that the Australians are here. We'll take it. Now, when most people hear Tron, I, well, I, I, I would think you're thinking of. Oh, my God. Who's the actor that played Big Lebowski? Jeff. Jeff Bridges. Was it the Jeff Bridges Tron? But I like to think of Detron. Hold on, where is, where is it Chappelle? Because Chappelle had a care. A Tron character. Yeah, there it is. This is Detron. So you might be thinking Tron, Disney Tron, the new Tron movie with Jared Leto. But this is where I go. Because this is where. Because I'm old, my kids don't even know who Chappelle is, dude. Oh my God. Chappelle's the best. All right, so this is Detron. But I guess this Tron is like some crypto bridge or whatever. Okay, so here's the deal. Go Brute Forcer is targeting Linux servers and scanning and brute forcing passwords. So essentially, there's two things here. Number one, this is going after crypto. It's going after crypto services, but it's targeting any service FTP. If you have postgres listening on the Internet, which would be like not the smartest thing, having a database listening service Internet facing, you know, just my thoughts. The deal is, guys, this is just AI enabled brute force scanning and attacking. Okay. Mirai Botnet made this cool. Back in 2015. Okay. So you can call it go brute forcer, but really, in my opinion, this is not, this isn't like sophisticated, okay? This is not the Russians putting their top talent on it. This is an NMAP scanner, essentially. That scans, looks for listening services and then tries the default credentials. The listening services have anonymous, Anonymous admin, admin password 1, 2, 3. And they're using AI to help deploy it. Okay, so AI makes things faster. But this is just, this is like bolting on AI to, you know, make the attack sequence efficient, not AI innovating a new attack sequence. Okay, yeah, exactly. DJ B puts it this way, which I would agree with. He says, this just shows me that threat actors are using AI, but they don't understand how to integrate it into their builds. This is not using AI to its full potential. Okay. This is like having, I don't know, like Gordon Ramsby in your kitchen and being like, yeah, can you just measure out the flour amounts into the measuring cups, please? That would be fine. Thank you. So TLDR as a practitioner, yes, they are targeting crypto servers or crypto services, but it doesn't matter. You could easily pivot this into attacking anything. And you know, a ransomware threat actor could use this to find listening services on the Internet and then punch through with default creds, take over that iterate over and then ultimately ransomware use. So like this isn't necessary. Like I don't want you to look at this and be like, oh, it's crypto, who cares? I'm on to the next story. This is a tool that can be have its, you know, it's action on objective modified. What you need to do here, what when you see this story, Honest, right? Hey, when you see this story, what you should think of is ooh, because, because you are a good cyber security professional and you don't have default creds on listening services on your Internet facing surface. You do regular attack surface visibility and scanning and vulnerability management. You know that this basic B attack sequence isn't going to work in your environment because you've already put in the effort, ripley, you've already done all these things. So like when you see this, you should go, like this is what you should do when you see this story, you're like, huh, you see the pats on Sunday. Jesus. That Drake may. Am I right? Right? This doesn't get you hot and bothered. Now listen, if you are not scanning your Internet facing service, if you don't know what's going on, if you're not using a tool like Shodan Monitor to find out if Carl has stood up a listening sir, some type of service like, like FTP or something, and you didn't know about it because that does happen. It's like shadow it, it doesn't go through change control. You could have your attack surface get modified. If you aren't looking for those things, well then my friend, then you might have a problem. Okay. But realistically this should not get you all hot and bothered and sweaty. All right.

B

Bug causes volume key issues Google confirmed a bug causing Android volume keys to behave incorrectly when the select to speak accessibility feature is enabled. Reports say the buttons adjust accessibility volume instead of media volume and no longer trigger the camera shutter shortcut. Google hasn't said how many users or which versions are affected and is directing those impacted to temporarily disable select to Speak until a fix arrives in a future update.

A

Verizon that's a great point. Sean Saylors yeah, so if you are concerned about your Internet facing service and you want to go ahead and get a pen test, you know you have a lot of options out there. But you know I Personally strongly recommend CairoSec Disclaimer I am director of strategy and Business development at Kairosec, so I do have a vested interest but it is a solid pen testing service. All right, so if you're running Android, you could have some issues here with the volume button. Okay, I. Let's see how this is a cyber security story. If you choose the. If you make the volume key. Hold on. According to support document user reports indicate that volume keys malfunction when select a Speak is activated. It's an accessibility service, which means not a lot of people are going to be finding it. Of course I'm not saying people who with disabilities don't exist. I'm just saying on balance I would argue that the majority of like greater than 51% are not using accessibility features on their Android device. But it causes a problem which obviously is an issue. Right? If you have a disability and you need this service and it breaks your phone, that's not cool. Not necessarily. Sure this is a cybersecurity issue. If you want to call it an avail an attack on availability you can. But it's just a software bug. Pressing the volume keys while using the camera will fail to capture photos. Okay. So if this is happening in your environment, disable select to Speak so for those people with the accessibility issues disability that require select to Speak I guess get an iPhone. Not, not a great answer but this. Okay, so here we go. Here's the tldr. If you're running Android you could have an issue with the camera. Maybe one in 1,000 help desk people are going to get this phone call. As a cyber security professional, I've got to tell you Right now I have. Hold on, let me, Let me check the math here. I have about 300,000 other things more important than this. Okay? So like, fine, if you do a risk heat map with likelihood and impact, this one is so in the bottom left corner that you have to zoom in three times before you see the pin in the corner of the graphic. This is like, this is like borderline. Don't, like, bother me with like, don't bother me with this. Okay. Or like, like, why, why are you brought like. No. Okay. I hate to be a pecker head, but here's the thing. In our line of work in cyber security, we deal with a lot of situations and we have to make a lot of decisions on what gets our time. This is why you can't reduce all risk because you only have so much time, so much money, and so many people to spend on reducing risk. This right here. If I could. If, if I could. If I had a graphic where I could just like, you know, the old, I don't know if, you know, the old pressure luck show. I think they made a. They re brought the game show back, but they have the whammies come up and then the guys with the. The sweepers come and sweep it off the stage. I would have that animation sweep this story off the stage.

B

To stop automatic unlocking of phones, the FCC granted Verizon a waiver letting it stop automatically unlocking phones after 60 days, replacing the rule with looser CTIA standards. That change lets Verizon keep prepaid devices locked for a year and postpaid devices locked until financing or termination fees are paid, making switching harder. The FCC framed the shift as a fraud and law enforcement issue, despite pushback from consumer groups. That said, automatic unlocking boosts competition, lowers costs, and reduces e waste. Existing devices are not affected. New activations follow the updated policy.

A

Who picked the story? This is not a cyber story. Either or, either. I don't know you, you vernacular. You know erudites in chat. Please let me know if it's either or. Either. Hey, Chad. Stanford. Thanks for the sub. Welcome to the party, pal. Welcome to the party. Okay, so here we go. When I see this story. Verizon to stop automatic unlocking. Oh, yes. It's a fraud prevention. Bull. Bull. I'm calling shenanigans. I'm calling lies. You know what this is? I'll give you one hint. Great cash, homie. If you are a squad member, if your name is green and Chad open, press the little, you know, smiley face on your phone. Go to the emo tray. Find Randy Moss and go. Where's Randy? Don't I have a. Oh, yeah, there he is. Just. This is straight Randy Moss. All day. For real, man. Okay, so here's the deal. Verizon doesn't want you to unlock your phone because if you unlock it, you can go to T Mobile, Boost Mobile, US Cellular, you know, Jerry's cellular service. But if it's. Hold on. What do we got here? Trey Black, 19 month squad membership. Thank you. Says Trey, says shout out to the folks who are still grinding to break into cyber. Stay in the community. Learn the lingo. It will happen. I love it. Verizon. Verizon doesn't want you to leave because if it's. If your phone is locked to Verizon, you can only get cell service to Verizon. So there you go. This is a money maker, and I. Verizon is very, very wealthy. Okay, Verizon annual revenue. Let's see how. How they're doing. Last time I checked, $137 billion in the last 12 months. Do you know what you can do for $137 billion? You can hire lobbyists. You can go to $10,000 a plate dinners. You can endorse candidates who make policy. So whatever. Man, I hope the next story is a cyber story, because this is just.

B

Like, oh, your military cyber operator removed from Russia task force.

A

Yeah, now we're talking Russian. Russian cyber threats.

B

Jason Gargan was relieved from Command of the U.S. cyber National Mission Forces Russia focused task force after disagreements with CNMF chief Major General Lorna Malik. Gargan has been reassigned within CNMF and is expected to retire by late 2026. This comes as Malloc is nominated to become Cyber Command's deputy chief amid a broader senior turnover at the command, which has lacked a Senate confirmed leader for more than nine months.

A

All right, so a couple things here. You know, I don't know, man. I. I hate. I hate to speculate here, okay? But Lieutenant Colonel, who is a lieutenant colonel in the Air Force, who was commander of the Cyber National Mission Force, had a disagreement with his boss, Marine Corps Major General Lorna Moloch. Now, a couple things here. I'm not military, but I did work with the militaries quite a bit. Couple things. One, when you get an order from your boss or an order from a commanding officer, you execute the order. You don't. You don't basically disagree. Now, you can, you know. Permission to speak freely, sir. Right. And have. Have a conversation. But I'm assuming if this guy got relieved of duty. He was like straight up or lady, I don't know if Lord. What. I don't know what Lorna is. But Jason was like, I, I can't do this or whatever. So relieved of duty, Lieutenant colonel is pretty high up, but there's a, you know, it's lieutenant colonel, then colonel, then general, okay? Or, or brigadier general. This Marine Corps is a two star general. So this person is like one, two, three layers of promotion above this person. And frankly when you get to the colonel level, like lieutenant colonel, you can get to by doing the things, getting to colonel and then especially getting to general. They don't just, you don't just do the things and get that promotion. There's only so many generals, you know, and they're not going to just like, again, it's not a participation prize. They only have so many generals now. The fact that this guy is being relieved of duty and then they say he's expected to retire soon. Something I want to point out.

B

At.

A

This level, there's only like, there's only literally so many jobs they can stick a colonel at or a lieutenant colonel, okay? So when you get relieved of duty, you're basically, you know, on the naughty list. Like you, there's no post for you to go. So your option is get out or go push a broom somewhere, you know what I mean? And like Lieutenant Colonel's not gonna push a broom. Same thing happens like when you see. I just want to point this out so everybody knows like when you see like General. Who's the general? General of NSA fired. This guy right here, Timothy Ho. This guy right here, Tim Ho. This was back in October of 2025. Four Star General Timothy Ho was like relieved of his duty of NSA US Cyber Command Director. His only option is to retire. There's nowhere for him to go. A four star general doesn't go work the cafeteria line in Scranton, Pennsylvania. You know what I'm saying? So I don't know what this disagreement was, but this Air Force lieutenant colonel definitely made a career choice when he pushed back. Okay, I'm not, I'm not throwing at lieutenant colonels. I'm just saying a major general is three levels higher. Okay, so you know, whatever this story is, it's cyber ish, but it's really about a roster changes over in a Russian focused U.S. cyber Command unit. I do find it interesting that a Marine Corps general relieved an Air Force colonel of his post. That's kind of interesting. But I'm sure at that level, you know, those generals are all, I mean they're basically politicians at that point, frankly. Oh, cool. So Lana Moloch. Holy crap, dude. Lana Moloch. Lorna Moloch is a two star general in the Marine Corps and a female. I wonder if she's the highest ranked female in the Marine Corps history. That's like an interesting pub trivia question. And she's going to be. Yeah, she's one of the ones who's going to be the deputy deputy of the National Security Agency, Cyber Security Directorate. Okay, so if I had to guess, okay, this is definitely politically motivated political right now. It's very divisive in the United States. There's, you know, are you on board with the mission or you. Are you not on board with the mission? And I suspect that this Jason Gargan had a. A view that was not aligned with, you know, whatever. So here we go. All right.

B

Huge thanks to our sponsor, Threat Locker. Want real Zero trust training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4th through the 6th in Orlando, plus a live CISO series episode also on March 6th. Get 200 off with ZTW CISO 26@ZTW.com.

A

All right, let's cook here. Okay, so, hey, fact checking right here. This is great. Josh Mason coming In chat says Lieutenant General Carol Mutter was the first three star Marine Corps female general to make that rank 1996. So, you know, we're. Hey, just so everybody knows here, I don't know if you know this, but fun fact, Simply Cyber is a very welcoming community and we have tons of female practitioners in our community. And I'm very proud to point out that if you look at like Simply Cyber's YouTube demographics, we have something like 2026 female audience viewership, which is. Which is incredibly high for a tech or cyber channel. So just pointing it out. All right, all right, hold on. Let's not get. I just let. I'm just tampering down chat right now. Let's not get. Let's keep it on cyber and not get too polarizing, please. Thank you. All right, let's keep going. Here. Little, little lo Fi to soothe everybody down. All right, guys. Hey, I want to say thank you all. Thank you all for being here and being open to learning and community service. Thank you to the stream sponsors. Again. They make the show happen. Guys, I can't do. If you enjoy this show and you enjoy getting up and being part of it or watching it on replay, you know, I Appreciate it. But I want you to know without the stream sponsors, I can't do this. So threat locker, definitely long time anti siphon that John Strand course. Go check it out. Zach Hill is in chat anti siphon zone area. The AI group helping you achieve AI success. And then flare. I posted this on LinkedIn. I posted this on LinkedIn a couple days ago. Flair is running an amazing free webinar on January 29th and I'm hosting like an informal unofficial watch party. Go to simply cyber IO/flare and you'll see it's this life inside the life of a ransomware operator. Guys, I am not gonna put on waiters and go truck out into the pluff mud to hang out with cyber criminals in the seedy underbelly of the criminal underground. I'm not going to do that. I got too much risk for me. But what I will like to do is sit down and have a cup of coffee for two hours with somebody who has trenched out into the CD underbelly of the criminal underground and learn from them. And I hope you can too. So come on down. Go to simplycyber IO Flare. It's free to attend. I will be running, I guess like an active discussion in the Flare Academy Discord server. Everything about this is free. Definitely. Very cool. I know several of you are coming to the watch party. I feel like we're gonna kind of take over Flair's Discord server, which is super sick. So come on, hang out. SimplyCyber IO flair. Thanks to Flair for hosting this particular talk on January 29th. It's going to be awesome. I'm looking forward to it. All right, let's keep cooking. See if we can get some cyber stories today. You know what I mean?

B

Flags actively exploited GOG's vulnerability. CISA added a high severity GOGS vulnerability to its known exploited vulnerabilities list after WIZ found attackers abusing it as a zero day to overwrite files and achieve remote code execution. The flaw affects gogs up to 0.13.3 and stems from symbolic link handling in the put contents API. Wiz says more than 700 instances were compromised with roughly 1,600 exposed online and no official patch yet. CSA told federal agencies to mitigate by February 2nd. Webs.

A

Okay, so a couple things. One, this is Gogs. Gogs is a service that I have never heard of, but it's for self hosting get get, right? So like if you're self hosting code repository service get and you're using GOGS as a service to help maintain it you may be at risk. So first and foremost, that's the first thing you should realize. If you're not running self hosted git instances for code management, then this story doesn't mean anything to you. And at best it's like an academic exercise. If you are running self hosted, look into. See whether or not you're running gogs. Now I do want to point out as a fun fact, this has nothing to do with David Goggins. Somehow that guy's blowing up right now. I think it's because of the Fallout show. I'm not sure. He had that Squarespace commercial during the Super Bowl. I don't get it. Good for him. He's got, he's like doing Walmart ads right now with cheese plates. But this is not related to David Goggins. Now if you are running that GOG service, you are. There is an actively exploited service exploit. Excuse me, actively exploited vulnerability out there, which I don't know the level of sophistication and setup required for exploitation. Some, some vulnerabilities can be exploited instantly, very trivially. Log 4J. And some are super sophisticated, like, you know, whatever, like some type of, you know, rock. Oh my God. What's the ICS system? Rockwell. Like, you know, like the Stuxnet attack. Right. Very sophisticated. What we will do is go to epsslookup.com this is Barricade Cybers tool. They have recently updated it. We'll go ahead and drop it in here. This is a free tool for everybody. So according to epss, which is like the exploit here, what does PEPS stand for? EPS stands for exploit prediction scoring system. Okay, so CVSS, the, the vulnerability scoring system, that is how bad the vulnerability is. But really what we care about is is it exploitable? That's because you can have tons of vulnerabilities in your environment if they don't get exploited, it's not a big deal, right? I mean it's, it's, it's a deal. It's just not one that you need to prioritize. So exploit prediction gives us more insight. Okay, so 2% chance that you're going to get exploited in the next 30 days. Remember, if you're hosting this service and it's not Internet facing, you have a lower chance of exploitation just because of visibility. If it does get exploited though, it is pretty gnarly. 85 percentile. So of the hundreds of thousands of vulnerabilities in the EPSS catalog, this one ranks up in the top 85% of. How bad is it? Now we've got some extra insight here. The LEV score likely exploited estimates backward looking cumulative exploitation. Since this one is in the known exploited vulnerability catalog, the composite goes to 100%. This 100% means that it is actively being exploited. There are threat actors with active campaigns right now. Like today, January 14, 2026. While we're doing this show, threat actors are actively exploiting this in the wild. Okay, so 100% exploit likelihood. I mean not likelihood, but if you have it and they find it, the tools are out there. Okay, there's some extra insights here. We have a breakdown on this. This you could. For me, honestly, what I like to look at on the spider graph is attack complexity. Not very complex required. It does require some user interaction which is. Okay, it says user interaction none. I don't know. Okay, so I guess little feedback for Eric Taylor and the development team over there. If user interactions none. I don't know why it gets a value at all. I guess it has to be undefined to. To be no value. Okay, Okay, so yeah, just a nice little tool here. Again, it's free. It gives you some insights for me. Here's the tldr. I bet you the story says you got to patch it, right? Ah, you gotta patch it. Let's take a look here. Is this the story? No. Is this the story? Okay, there's no official patch right now, so you're riding dirty. Hey, title X3. Thanks dude. All right guys, here's the deal. There's no official patch right now. So if you're running gogs and it's Internet facing somehow I would shut it down. If you're running gogs and it's internal only, I would keep an eye on it, maybe put some detections around it. Right. Increase, go from DEFCON 5 to DEFCON 4. Put your shields up. Whatever it is, be mindful of it. But you know, I wouldn't, I wouldn't shut it down. I wouldn't stop software development at work because of this. With a 2% chance of being exploited in the next 30 days, I would be stunned if the developers of Gogs are not actively working on a patch right now. So yeah, look at this. One maintainer indicated that once new images are built, they'll have a fix. Okay, so you're riding dirty. That's it.

B

Steals credit cards from online checkout pages. Silent push. Researchers uncovered a long running match cart style web skill scheming operation active since early 2022. Targeting checkout pages tied to major payment networks including Amex, MasterCard, Discovery, UnionPay, JCB and Diners Club. The campaign injects obfuscated JavaScript from sanctioned hosting infrastructure, detects WordPress admin sessions to self delete, and can render a fake stripe form to harvest card numbers, CVCs and personal details before restoring the real form. Stolen data is then exfiltrated and the skimmer sets flags to avoid rerunning on the same victim.

A

Hey, really quickly, Roswell UK has provided some great guidance on securing this gog instant until the patch comes out. This. Thank you very much, Roswell uk. If you are running this, disable open registration, right? So you do need an authenticated account. But if you have open registration, guess what? Anyone can register and account. If you can put it behind a vpn, sure. Definitely. It shouldn't be Internet facing, in my opinion. And then look for your repositories for random eight character names that could be an indicator of a super shell infection. So thank you very much. All right, point of sale systems, getting web skims, stealing credit cards. Dude, credit card theft used to be like the hotness back in the early 2000 teens, and now it's coming back. It's coming back like a rash. You know what I'm saying? Really quick. Ember Elks, I'm calling. I'm right there with you, dude. Diners Club Space Tacos. Is this. Does this warrant a drink? Is Diners Club even still a thing, man? Diners Club it is. Jesus. Wow. Okay. But they're partnering with like MasterCard. All right, so Diners Club is more of like a, you know, not its own thing. Fun fact. Diners Club was the original credit card. The original credit card. It was so you could go out to dinner with your significant other and not have to have cash on you. It was like, yeah. And then they're like, oh, this is great. All right. Digital skimming. Threat actors compromise e commerce sites. Basically, dude, anytime you put your. Your credit card in a website and hit submit, which we do all the time, like Amazon, all the time, your credit card gets sent over there. So if a threat actor is able to put something in place that can, you know, basically not key log, but like info steal, key log, copy whatever's in the text field, whatever you want to call it, they could steal your credit card, your CVV number, all that crap. Mage Card has been around. Like, I feel like Mage Cart is like the OG of credit card skimming, you know, web storefront cybercrime. All right, continuing to look here. All right, there's the campaign on a bulletproof hosting service. Stark Industries is the Bulletproof hosting service. Lol. I love it. Nice Iron man reference. And it's under the Dutch entity. Work Titans, huh? All right, so I'm just looking at this really quickly. It is sophisticated. It has detection, evasion, which is an extra feature. All right, let's see. It has self destruct sequences to remove itself if it's being analyzed. It checks to see if stripe was selected as a payment. It, it notes whether or not the victim has already been skimmed. So it doesn't collect the information twice. Having duplicate data for the threat actors. Wow. Okay, so this is a very robust, fully featured piece of credit card skimming malware. I'm. Listen, I, I don't say it often, but if you've been a regular of the show, you know that, you know, game recognizes game. Okay? I don't want any, like, I don't endorse or condone cyber criminal behavior, threat actor behavior. But I, but I will say, you know, hat tip, right? Think of Al Pacino and Robert De Niro and Heat when they have that cup of coffee at the diner. Okay, I'm taking a minute. Dude, you're stealing credit card numbers from websites. Shame on you. However you're detecting evasion, you have self destruct sequence built in. If you get analyzed, you are making deduplication of data nice. For the threat actors when they're analyzing their, you know, their, their loot that they've stolen. Like, this is a, you know, this is, this is a professional operation. This isn't just somebody who's like hamming and egging it together. I will say a couple things. One, bulletproof hosting, all that means that if you've ever heard that term, or if you haven't heard that term, allow me to introduce you to the term. It just means like, think of, you know, an EC2 server on Amazon or digital drop or whatever. It's called a digitalocean. A droplet. It's basically hosting a server in the cloud. But bulletproof hosting are service providers that basically don't care if you're committing crime or not. They're allowing you to knowingly host malicious infrastructure. And they're okay with it because you know what, you pay your bills. Great cash, homie. And they're typically in countries that don't play nicely with the United States or Western democracies. You see them a lot in Eastern Europe. I'm kind of surprised that this, it's a Dutch entity that is part of this, because the Dutch, as far as I know, the Dutch are like, you know, Team NATO, right? Hold on. Are the Dutch in NATO? Again? I'm not really. Yeah, dude, the Netherlands is one of NATO's founding members. So I'll just tell you on the surface, I don't research or prep for these stories. For sure, I am stunned that a Dutch entity is hosting. Bulletproof hosting. That's weird. What can you do about this? Not much, dude, if you're running an e commerce website, you know, obviously have code check in, check out, have tight controls, test your software, look for weird accounts. You know, I would say part of it. Like, you know, not to say that this is your best practice, but like, credit card companies are very good nowadays at detecting fraudulent behavior. So hopefully, you know, even if you screw up, the credit card companies are able to detect it. So. Yeah.

B

P. Morgan Discloses Law Firm data breach. JP Morgan is notifying investors about a data breach tied to an incident at law firm Fried Frank. The same intrusion that prompted Goldman Sachs disclosures in late 2025. An unauthorized party copied files from a shared drive containing names, contact details, account numbers, SSNs and passport or government ID numbers for 659 private equity fund investors. JP Morgan and Goldman say their own systems were not compromised. Freud Frank faces lawsuits but says it contained the incident, engaged external responders and involved law enforcement Confirms breach.

A

Oh my God. All right, so we got a couple minutes here. So check it out. Main Attorney General coming in. Dude, not all heroes wear a cape. Hold on, let me. We should put a face to this name. Who is the main Attorney General? All right, look at this guy right here. Dude, this guy deserves a lap. Not like, not like where your legs and your torso meet, but like a, like a victory lap around the stadium. This guy right here. Dude. Nice job. Nice job. We know about so many different data breaches because of the main Attorney General's office demanding disclosure. Fried Frank, which is by the way, Fried Frank, which is a hilarious law firm name. Sounds like a fish and chips place up in North Charleston. Come on down to Fried Frank. Fish and Chips Law firm got hit. Guys, I gotta tell you, number one, it stuns me to this day, if I was a threat actor. Listen, if I'm running flaming donkey, my targeted industry is going to be tax preparers and law firms, period. Full stop. I don't know why law firms and tax preparing companies aren't targeted more often. They have all the data on. On bad stuff people are doing and how much money they have. It's, it's, it's like a little bit of a prep work. Instead of going directly for the money, but it, it just stuns me. You don't hear about law firms getting hit that off. I mean, they get hit for sure, but not nearly as often as health care and manufacturing companies. So Fried Frank gets hit. JP Morgan is having to wear it. Here's another, here's another, like, reality that you should be mindful of. And I would recommend working this into your tabletop exercises as a, an inject. Okay, so an inject is where you're executing the tabletop exercise scenario and then all of a sudden you like throw like a, a wrench into the, into the scenario. In this particular instance, JP Morgan Chase, everybody knows this. They happen to be using Fried Frank's Law Services because Saul Goodman was busy. And now they have to come out and say, hey, investors, data was involved in a data breach. But JP Morgan Systems are clean. JP Morgan Chase did nothing at all in this. Yet somehow they're being dragged into the mud because they are a huge name. So if you're doing tabletop exercises, may I recommend, you know, like a third party scenario data breach or compromise where, you know, the, the, you know, whatever the H Vac company that you use, it gets compromised and the threat actors ride the rails into over the VPN to get into your H Vac systems and then use it as a foothold to get into your IT infrastructure. But at some point during that conversation, if management is there or the business side of the house, say, hey, really quickly, you know, whatever a. CNN or Fox News like, choose your. Choose the appropriate news outlet that doesn't get you in trouble with your bosses and derails the conversation. Hey, Fox News or CNN just reported that our company has been involved in a data breach. Now, we understand that it's a third party H Vac company, but it's our, you know, our data. Maybe don't use the H Vac company, but our data has been involved and now they're calling us for a comment. What do we want to say? Okay, so it's a really good inject something. Yeah, exactly. Target was the exact one I was thinking of. Thank you very much, tj as always. Tabletop exercises is great. You can use ransomware, but you know, whatever. Like ransomware is one great scenario you should be thinking of, but you can, you can use all sorts of different ones. Just a data breach is a good one. So Fried Frank released this update. They experienced a data security incident. They acted to contain it. Engaged industry leading external data security experts. Okay, yeah, man, I don't know. I don't know. Like I mean, I don't, I have lawyers, but like, I don't use them very often. They're very like special use cases for me at least. But yeah, you, you don't want the, the information that you give lawyers to be like publicly just dumped everywhere.

B

After crypto scam wave. Betterment disclosed a data breach after hackers abused a third party marketing platform to send a crypto triple your deposit scam from a legitimate betterment subdomain on January 9. The attacker accessed contact and personal details stored in that system, though Betterment says its core infrastructure, accounts and credentials were not touched, though later it said it was hit with a DDoS attack. Betterment has cut off the unauthorized access, warned users, and said it will publish a postmortem once its investigation finishes.

A

Jesus.

B

Are you subscribed to? Wow.

A

Okay, so check it out. Betterment, a platform I've never heard of that handles cryptocurrency, manages $65 billion. I mean, we're doing some fun stuff over here at Simply Cyber, but last time I checked the P L report, we're not at $65 billion. Holy Jesus. I will tell you, the Buffer Osier Flow Studio will get a few upgrades if we start, if we pass the 65 billion dollar annual revenue mark. Believe that. Okay, I'll be coming to you from the Buffer Osier Flow Studio live from Cayman islands. So on January 9, just a few days ago. So this is fresh reporting. Attacker gained access to third party software that Betterment uses for marketing. Okay, so this is a. This is a perfect scenario. Kind of similar to what I just mentioned for a tabletop exercise. A lot of companies use third party services for marketing. Salesforce, I'm looking at you. And then they used it to basically send out a bunch of phishing emails around a crypto reward scam. So this is what I mean. This is it. Threat actor got in, found a crypto client for this marketing company, and then used the marketing tools. Marketing sends emails, email sequences, nurturing campaign, whatever. They used it and basically sent up straight up. Crypto will triple your crypto limited time offer. Classic marketing. They put a little bit of urgency in it. Speaking of urgency, as an example, we're only taking the first hundred registry registered people for this free workshop I'm hosting on the 28th. So move now. You don't want to be left out in the cold if you're not one of the first hundred. Okay, like literally, that is a marketing technique. Scarcity. All right. It's true though. I'm only taking 100, dude. I can't believe. Hey, click here, get triple your crypto. Like, what business successfully runs like that? You know what I'm saying? People fell for it. Betterment. Here's the thing. Betterment systems weren't compromised. It's a service Betterment uses. But Betterment is now having to handle all of the bad pr. I'm sure they canceled their service with that marketing agency and are probably going to sue them. Yeah, I don't know, guys. This is a perfect. This to me, is a perfect case study. In fact, I would almost check this. Look at this story, learn this story, be familiar with this story, and then in a job interview, you can easily reference this story. But Betterment did nothing wrong. But because of third party risk, all of. Not all, but many of Betterman's clients suffered a crypto breach appearing come from Betterment. So listen, Jay Gold, AKA J Crypto, AKA J Mod, is in chat. He's got his. He's got his bitcoin, right? And he's using it with Betterment. In this instance, he gets a marketing email from a threat actor, gets compromised, and loses his bitcoin. Who do you think Jay Gold is pissed at? The marketing company? No, he's mad at Betterment because he believes he got scammed by Betterment, someone pretending to be Betterment. So all the phone calls and anger, animosity, vitriol, bad pub, you know, flaming Twitter comments, they're all going to go to Betterment. This is a perfect example of where you face all the brunt of the problem and you did nothing wrong. Betterment could have hired the best and brightest cyber security professionals in the world. Infinite budget, infinite people. Right? And this still would have happened 100%. This still would have happened no matter what. Because Betterment did nothing wrong. Okay, so use this as a tabletop exercise. And if you're a GRC person and the interview question has to do with like residual risk or risk you can't tamp out. This is a solid one. Okay. Jesus. That's gonna do it for Simply Cyber's daily cyber threat brief. I sound like Linda Richmond. Oh, my God. I hope you got a. Oh, give me one second. All right, I'm Jerry from Simply Cyber. I had to send my wife a text message. Don't go anywhere. We're gonna holler over to jawjack in a 30 minute AMA where I'll answer whatever questions I can. We'll have a good time. I'm Jerry from Simply Cyber. Till next time, stay there. Ever wonder what it takes to break into cyber security Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some jawjacking. Hey, what's up, everybody? It's Buffer Ozer Flow Studio. I'm on a boat. What's up? I'm Jerry Guy. Listen. What do I do? I answer your questions. Why? Because it's all about good times, helping people, educating. Level up. And, you know, that's what we do here. Now, I want to let you know, if you don't know who I am, I'm Jerry Guy. I work here at the Buffer Osier Flow Studio. I always come on after Dr. Gerald Ozier, that nerd in the daily cyber threat brief. Jesus. Got buddy. Why don't you calm down about the stories not being cyber stories, okay? Just roll with the punches, brother. Okay. Talking about Android bugs and Verizon unlocking phones. Chill out, dude. Like, literally red hulking over nothing. I'm the cool one. Dr. Gerald, not the cool one. Let's answer your questions. Put it in chat. Put a question. A queue in front of it. Hone oh. Honest impulse prod digging me. Thank you. All right, what's up, everybody? Let's answer questions. Got to let everybody know I'm going to a Magic the Gathering tournament pre release for Lauren Eclipsed on Friday. My first tournament in 30 years. I will say, the last tournament I entered, I did win with a red green aggro deck. So what's up, guys? Come at me. What? You got questions, I got answers. Let's do it. I see Zach Hill is in chat. Good to see you, Zach Hill. Big fan of Zach Hill. He and I are going to be working together on a video project soon. Should be getting released soon. All right. I don't have water to drink, Marcus Kyler. That's the problem. I came out to the studio at 8 7:55. So here's the deal. For those who don't know really quickly, many of you know my dog's had some surgery and now he's in the recovery phase. He's not allowed to lick himself. We do have a cone, but when you put it on him, he, like, loses his mind. So what we've decided here is no cone. He doesn't really lick that off. And. But if you catch him, you yell at him and he stops doing it. Which means that me or Nadine have to keep a constant eye on him. Which is fine because we love our dogs and we spend tons of time with them. Nadine takes Callen to the bus stop around 7:30, 7:45. And sometimes the bus is late and she doesn't come back. So I can't shower because the dog will lick himself. And then I come out to the studio. So the dogs are with me in the studio right now. So that's what's up. I didn't have time to get a. I didn't have time to get a glass of water. Oh yeah. So really quickly. I mean, Zach, I don't know. I don't know if, I don't know if you want to talk about it or not. But yeah, Zach Hill and I are working on something like I've basically like attached myself to Zach like a barnacle and forcing myself in the most type a way possible to, to some, some work that he's doing that we're going to be working on. So I'm happy to talk about it. I would love to answer cyber security questions. To me, listen, Jawjacking is about helping people in the cyber security industry. So anytime the conversation derails into anything not cyber related, personal stuff, projects, you know, magic, whatever, I, I'm happy to talk about it, but that's not the point of the show. So any opportunity to get back on track is valuable. Valuable to me. Okay. Because this is about you guys. All right. Devin says, did you see the new EFF list of worst data breaches of 2025? No. Let's take a worst data data breaches 2025. Let's take a look here. All right, Electronic Freedom Foundation. Let's see what we got here. Oh my God. This is kind of fun. The say something without saying anything award. Mix panel. A data analytics company collects information on users of any app which has their SDK suffer major breach. The service was used by Ring Doorbell, for example. They left reporters with unanswered question. Okay, whatever. This is interesting but unfortunately I can't read this while streaming because it's not entertaining or valuable for the audience. But I will drop a link to this story. Thanks for sharing it, Devin. And invite you audience to go check it out. Mara Levy says, is Yesterday's stream about LinkedIn available for Team Replay? Yes, it is, Mara Levy. So I will, I will share that right now. Let me, let me just do it live right now. So if you missed it, if you missed it, it's right here. Personal branding for your Cyber career in 2026. This was the first simply cyber skills stream of 2026. So if you didn't know Skill Stream is A new show that I am developed and in pushing out for 2026, we're going to give it a shot. It is a one hour live monthly show with industry professionals. I will not be in any more of them pending a big issue. I wanted to do the first one just to kind of work through some issues, if there were any. But we're. I am bringing you various industry professionals in their specific area of expertise to educate you on for an hour and learn a new skill. That's the skill stream. And Mara, I just dropped that one right there. Lots of value in the personal branding one for sure. Brown Coyote says, what Linux Distro do I like to use most? I guess Ubuntu. All right, dude, so many questions. This is great. Have you. Oh, wait. Is it still a good idea to have an emoji in your LinkedIn name to filter for automated messages? It was not mentioned in the video yesterday. Yeah, I mean, do I still have a emoji? So I got rid of the emoji. I got rid of the emoji. I don't know. I don't think it's a bad idea. I don't think it's a bad idea. What, what are the winning lottery numbers for next week? Okay. All right. Continuing to look through chat right now. You know, something I do want to do, and this is a fun one for Zach Hill to hear and everybody, but I want to change the layout of jawjacking like what we're looking at. So it is. Lends itself to being cut up into shorts on Opus Pro afterwards. Like right now, if I do Opus Pro on this for video shorts, it looks terrible. That's one thing I want to do. It's not going to look great to you guys because I'm going to have like a vertical of me here, another vertical of me here, and then something over here. But it will be good for shorts because I need to. I need to. Can the puppies make a cameo? Sure. Mara. Hey, come here, Ripley. Gibby's. Come on, come on. Oh, yeah. All right. This is Gibby's one Gibby Goo. You want to say hi, Gibbies. All right. There's Gibby Goo. Living Teddy bear. Come here, Ripple. Come here, Ripley. Come here. No Ripley. All right. And this is Ripley. This is our patient. Oh, yeah. What a baby. Okay, all right, so there you go. There you go, Mara. There's your minute of puppies. Okay, dj, DJ B sec has a solution. Any source of info. How to conduct a risk assessment for vendors implementing AI in their back end. Systems. Not really, unfortunately, ad tech. Because they're probably not even going to tell you. Not really. That there is a. There's a pretty good service here. MIT has the AI Risk repository. This is a pretty good. This is a free service. You can use this. There's two taxonomies in here. There's two taxonomies in here. Ad tech that you can look at and review. Hey, you can look at and review. That could help you. But really, like, unless you're like Amazon or the US Federal government, if you ask a vendor about their backend AI stuff systems, they're going to tell you to no, like, take a hike. They're. Or they're going to be super vague about it. You know what I mean? All right, continuing to look through chat, Modern Rogue says, where did the beard go? Modern Rogue must have missed it the other day. So basically, Modern Rogue and other men in chat with. With beards. Although Modern Rogue doesn't have a beard as far as I'm. As far as I know. I don't think he does. I let my beard grow like a Chia Pet and then I go in my garage with clippers on level two and I just go. And then I restart the clock. I don't have time to shave. I don't like shaving. So that is my solution. I basically have to. I basically shave like 12 times a year. Maybe, maybe 10 times a year. It's when. It's when my chin gets all bushy and gray and I feel like I'm an old man. That's when I cut it. Gotta look young for these. For these youngs. Modern Rogue, right? Gen Z's looking at me. They're like, oh, you old boomer. You don't know anything about anything. So then I trim up and they're like, yo, what's up, Skibidy Riz? Good to see your aura, son. All right, so quick question from Felipe. Hey, from Felipe. He says currently I T. Help desk. Got a Bachelor's in cyber sec +sc 900, 300, building a bunch of labs and posting. Trying to get into iam. What's the best next move? All right, great. I will tell you, Felipe, you're definitely doing all the things right. What I would say is two things. One, it sounds like you're doing projects and posting. That's great. Wherever you're posting them, if it's like a blog or your, you know, website or GitHub repo, keep at it. Make sure that you're regularly putting it on social media. What I would recommend you do is if you really want to get into iam, I would start focusing your energy, effort and public presence on IAM related content. Right? So write a blog post on 10 risks that, you know, you might. 10 misconfigurations that lead to compromise in Entra ID or, you know, review stories about, you know, there's a couple stories today that go buster. One that basically scans listening services for default creds. But like, make the focus on identity and access management. Talk about federated authentication, talk about okta, talk about mfa. Like, make your focus around identity and access management so people are associating you with that. And then, you know, if you can, I would try to, you know, none of your experience or background here necessarily ties directly to iam. Of course, you didn't mention what labs and projects you're working on, but just basically drill into iam. Also, when you're, when you're networking and talking to people, mention that you're interested in iam. Right? Start, start interacting with people who are working in iam. Right. Cyber. I think of IAM as like cyber adjacent or it's a subset of cyber. But you know, if you, if you let people know, they might say, oh yeah, like I don't really work in iam, but I know someone who. Or they say, oh yeah, yeah, I work in. I work in. I am. Let's talk. Right? So I think you're doing great stuff. All right. S07 what's the best way to prepare for an on site interview? It's been so long since I've done one. Hey, gotta keep my dog from licking himself. So on site interview, best way to prepare. Good night's sleep, get there early, feel good about yourself, feel confident about yourself. The way you're dressed, you know, make sure you feel feel good. Right? Because like that's going to translate into your attitude. Personally, I like to review my own resume before I go in just so I kind of. Everything feels fresh. I always like to have at least one or two relevant current stories that I can reach into and integrate into the conversation. You know, have it, have a good handshake. Right? No dead fish situation. Like it's a lot of the meta things. To me, an on site interview is not that much different from a virtual interview. But, you know, I guess it's more about the physical things. Right. Make good eye contact, speak with confidence, acknowledge people. Hopefully that helps. I know, I feel like that was kind of like. I don't know, I thought that was. Those are the answers I would give. I'm not necessarily sure if it helps you, but I wish you the very best. Also, just a reminder and S. Cole07 I don't know what you're interviewing for, but I just want to remind you everybody that I have this interview series that's come out. I'm releasing a video every day in 20 excuse me, every Sunday in 2026. And the first two videos are part of a series. I've got one coming out next week as well. I asked a person looking to break into GRC, a person who's a three years in GRC and someone with 12 years GRC experience, the same interview question. So this video is one interview question and the way they answer it, you can see here I'm breaking down her response. So like if you've ever job interviewed and then you don't know if you did good or not, you got no feedback. That's what this video does. This video literally will give you the feedback and interview and give you the definitely say this. Definitely don't say that. This is a great answer. Could have gone deeper on this. This is for grc, but I wanted to let you know we have penetration tester in the works. It's in edit right now. So that's going to be coming out in February and I'm currently recording Sock analyst ones as well, which will probably be in like April, March, April time frame. So check those out. All right. Who's hosting Jawjacking tomorrow? Oh, that's a great question. So Citadel starts up tomorrow. I want to let everybody know that your Thursday Jawjacking host will be none other than Zach Hill himself. I t career questions from anti siphon and IT career questions. The man helps people. That's his job. That's his passion in life, helping others. He's going to be here tomorrow and every Thursday from 9am to 9:30am Eastern time helping you out. Why are there not many entry level roles out there right now? I even heard someone say entry level jobs are not entry level in cyber. Zach Morrison Entry level jobs in cyber are not entry level. The term entry level may suggest that you don't any prior experience, right? Like entry level, like you just walk in and enter Cyber security is a specialized field. You do need, honestly, you do need some like background IT background. You should like if you don't know what a network is or what an IP address is or what an operating system is or you know, like how technology works at a very, very basic level, you're gonna not be able to do cyber security work. So what I Like to say is there is I. There are really no entry level jobs, except maybe an internship. There are junior level jobs in cybersecurity. All right, let's keep going here. I got a personal note. I'm pretty excited. My son Callan is being recognized again for academic excellence, and that is happening at 10:30am today. So I do get to do jawjacking and then slide over to that event. Silence poet. How do you remain focused in your career at moments when life events are happening? Yeah, I mean, here's my thing. Silence Poet. You. You can't really focus on all the things, right? So if you have life events that are occurring, what I personally do is, like, that's my priority, and I just maintain the. The career part of it. Right? So, like, let's say, for example, I'm focused on career, I'm working on labs, I'm doing all the things. And then there's a, I don't know, a life altering event. We're moving. Okay, well, the moving becomes the priority. But just like if you have something on the stove, I move. I move the career to the back burner. But I'm still. It's still got heat on it and I'm still stirring it. Right? So you still give it some time and some nurturing. You don't abandon it, but you've got to focus on the here and now. I'd also say, like, if your career is a priority, you will find time for it, right? Maybe it's not the back burner. Maybe it's the left side burner. For me, the front right burner is like the primary burner when I cook. So I would just say it really is not necessarily has to remain the priority all the time, but you can't just put it in the closet and put it up, because out of sight, out of mind. I mean, honestly. Silence Poet. I mean, I got a PhD. I got a master's and a PhD while my wife or while we were adding children to our family. So, like, pregnant delivery, newborn. I was in a PhD program during all that. Okay. So, like, it really is about time management and. And managing all those things. You know what I mean? So. And I know everybody's situation's different, right? There's socioeconomic concerns, there's financial impacts. There is, you know, you know, different kind of family dynamics. I get all that. I'm not saying my way is the only way. I'm just answering the question how I best can. All right, I got three minutes left. Thoughts on how to build confidence and demonstrate competence in GRC, especially after not working in the field. 3 years. Berlin DAB. Good to see you. Berlin Dam for me. Rebuilding confidence and demonstrating competency. Number one, confidence. Immerse yourself in GRC related stuff. Reading this cyber security framework. Read threat intelligence reports. Look at, you know, like architect some type of lab in your environment and then audit it. Like get cycles. Get not experience, but get back in the routine of doing these things. That's gonna rebuild your confidence because you're gonna be like, oh yeah, I remember all this. And then you'll be able to demonstrate competency because you've just been doing it, right? Audit your home network. You've probably got 50 devices on your home network, right? You can log into your router and look at all the things that have IP addresses assigned to them. Go run a vulnerability scanner, look to see, hey, do I have any default services with default creds? Do I have any devices I didn't know about? Can I patch or update things? Should I put my, here's an architecture one. Put my IoT devices on a separate LAN segment. Put my kids, Xbox and laptops, things that are a higher likelihood of running into compromise because my kids are children and they can be tricked easier. Put those on a separate vlan. Do we have EDR on the kids? Computers in my work machine. Is my work network on a separate vlan? Like these are things you can do and then you can easily talk about. So don't worry about the three years, right? It's just get back in and you know, what's the easiest way to build confidence and get better at riding a bicycle? Get on the bike and pedal. All right, All right, All right, let's go, let's go here. Here we go. Looking at chat. I got two minutes left. Crystal says if you're securing an MSP and still use casea, do you say one should be fine now or two? 20. 20 called, they want their remote management solution back. Yeah, I mean Cassey got compromised pretty gnarly. But I mean, Solar Winds got compromised too. Would you rip Solar Winds out? You know, I'm sure I don't know. Personally. Personally I would. I it. Here's the thing, Crystal. It really depends, right? Do you have a multi year contract? Is Cassette giving you huge discounts? You know, is there a relationship between the Cassia people and your business side people? I, I probably would, would transition. But remember, anytime you switch vendors especially for it, you know, managed services, it is a project to migrate off of what they're doing and migrate onto a new One, Right. They have agents, they have telemetry, VPN or. Yeah, VPN connections and stuff like that. It's a problem, but yeah, I'm right there with you. It's pretty gross. All right, continuing to look here through chat. We're at 9:30 so I'm going to speed run the last questions here. Don't call me an unk it. Career questions. Okay, so I am trying to spell out acronyms. I missed one here. IAM is Identity and Access Management. It's basically handling user accounts, provisioning, permissioning. And, and IAM isn't just about you get an account or you don't get account or you have this role. You don't have this role. It could be provisioning like inside of this application. What, what capabilities do you have access to? Right. All right, let's see. Space tacos. What kind of handshakes appropriate for ladies? We used to get the dainty lady shake, but sometimes get the man handshake. What. What is correct? I mean for me, I, I don't really, I don't know. I wouldn't say a firm hand crushing handshake, but also not the like, you know what I mean? I would just, you know, like, I would say like a little bit of squeeze. You know what I mean? It's a good question though. When will you submit a petition to permanently retire the term quishing? My, my, I've already submitted several. Find the Truth's favorite acronym I think is BGP Border Gateway Protocol. It's how the Internet actually works. Just no one talks about it. All right, continuing to run through, looking for cues. Really quick speed running here. Any other vending specific certs you recommend after SC300? Thinking about CyberArk?

B

Sure.

A

As someone who wants to get into identity and access management, Cyberark would be a great one for sure. That's a very popular enterprise tool. All right, all right, we're caught up guys. I want to say thank you very much. Shout out to Zach Hill. He'll be your host tomorrow for Jawjacking. Shout out to the entire mod team. DJ B. Justin Gold. Josh Mason was in there today rooting around casually. Joseph, when you wake up, have a great day. I'm Jerry from Simply Cyber. Until next time, stay secure.