A

All right, Good morning, everybody. Welcome to the party. If you're looking to stay current on the top cyber security news stories of the day, while getting expert analysis that allows you to go deeper, beyond the headlines, get insights, get meaning, understand the industry better, and ultimately be more effective and more marketable, frankly, as a cyber security professional. Well, then settle in because this is simply Cyber's Daily Cyber Threat Brief. I'm your host, Dr. Gerald Dozier, coming to you live from the Buffer Ozer Flow studio on this Beautiful Wednesday. Wednesday, January 21 Episode 1051 we're off and running. I hope you have a good day. Let's get cooking. All right, good morning to you all. Hey, Phil Stafford, Dream Logic BBB 8001 brute Marcus Kyler of the Yeet Crew. Man, no Avilia, guys. Yes, it is a beautiful Wednesday morning. It is cold here in the low country. If it's cold where you are. Coffee cup. Cheers to you. I hope you can stay warm. We're doing the best we can where we are, guys. Every single episode of the Daily Cyber Threat Brief, including this one, is going to cover eight cyber stories, maybe a couple more. I don't know. I don't know where the show is going to go. This is completely unscripted and live. But I will tell you this. The stories that we're going to go over, I have no idea what they are or what they're going to be about. I haven't researched or prepped. You know why? Ain't nobody got time for that. Ain't nobody got time for that. Come on, we're doing live shows up in this piece. The energy's got to be raw. Now, what is legit is that I have 20 plus years of experience and therefore we can qualify this as a instructor. Excuse me one second. We can qualify this as an instructor LED a webinar, which means we qualify for half a CPE per episode because even though it's an hour long show, we. We goof around and have some fun for half the time. So 30 minutes is on brand cyber security education development, which means half a cp. So all you gotta do is say what's up? In chat. Your chat is right above me. This is live right now. You literally type it into your phone or your keyboard and it appears on stream like magic. Say what's up? Grab a screenshot, include the title of the show. Because guess what? It's got the unique identifier 1051. It also has today's date, January 21st. And you get a CPU, get a CPE space tacos and the crew dropping Oprah emotes. I will drop an Oprah emote. Ding, ding, ding, ding, ding. Because I want you guys to get cps. I'm all about value, baby. Let's get the value train connected and off and running. Good morning to haircut fish in the chat. Good morning, Ms. Julian. In the chat. Good to see you. All right. Hey, if today's your first episode, welcome to the party, pal. You picked a banger. Every single day is a banger, really. But if you're here for the first time, however you found us, whether it was through a friend or referral or you stumbled in here, you are absolutely welcome in this circle. We will make it as wide as we can to include everybody that wants to be part of it. But let us know it's your first time with a hashtag first timer in chat. Hashtag first timer in chat. The. The reality is we have a special emote, a special sound effect, and we just want to welcome you and let you know how fun it is to have you here. So, Christopher, ICA says I don't know what to do with a cpe. Screenshot. Some people have said this in the past. Listen, the deal with the CPEs. If you have a cyber security certification, and only if you have cybersecurity certifications, do CPES matter. You are required to maintain your cybersecurity certifications by doing two things. One, you pay an annual fee. Ugh, great cash, homie. And two, you submit continuing professional education evidence. And you basically are required, I think it's 40 a year for three year cycles of 120. You basically once. I mean, you're not supposed to do it once a year. You're supposed to do it all the time. But ain't nobody got time for that either, right? Who? Ain't nobody got time. I mean, like, let me know in chat if you agree. Once a year, I do all of my CPE submissions and it's mostly conference attendance. But anyways, I digress. For Christoph, Christopher and anyone else who doesn't know what to do with the cps, just file them away. And then once a year when you submit your CPEs, you can just say simply, cyber Daily Cyber threat brief. 40 CPEs, period, full stop. Only if you get audited, where they come back and say, what the hell is this? Prove it. You can just right click. Well, not right click. You can just, you know, grab and send it to them and say, here's all the evidence. See ya. All right. That's what's up. All right, guys, so we got our first timers covered. Let me know in chat or chat. Please welcome. Let me know if we have some first timers. Thank you, Phil Stafford. It looks like lasting madness 941 is a first timer, so let me get my John McClane going. Lasting madness. Welcome to the party, pal. Hell, yeah. All right, guys, as always, I'll let you in. This is not. We don't have an emote or a sound effect for it yet, but if I do make an 80s or 90s reference and you catch it, scream out, drink in Chad. It's like a silly drinking game that we're not really getting hammered at, but it's kind of a fun. It's kind of a fun thing that we do. And believe me, there will be no shortage of 80s and 90s references because I basically stopped evolving culturally in 1997. Also, if you didn't know, I do use facial moisturizer. So my age belies my appearance, but I am old as dirt. Moses was in my graduating class. All right, guys, hey. This show is not possible without the support of all of you. And cracking. Welcome to the Jungle makes me think of the movie Waiting, which was like, grossly under. Under appreciated waiting with Justin, I think Justin Long or Justin whatever, and Dane Cook was in there. Welcome to Thunderdome. All right, guys, hey, the show's not possible without all of your support and the support of the stream sponsors. Let's take a minute and say thanks to them. Guys, it's January 21st, which means one thing. You have time to go to anti siphon training. They have a webcast today at noon Eastern. So in four hours, my friend, an amazing, amazing educator, Michelle Khan, is going to be doing his OSINT like a hacker. Now, he has done this talk a couple times. I have attended it more than once. It is never the same talk. His tooling is constantly changing. His ability to deliver value never changes. This is awesome. You still have time to register. Please don't, don't, don't. Don't sell yourself short. Don't miss this opportunity. Check it out. Oh, sit like a hacker. And by the way, by the way, even if you're not an offensive security professional, you can get value from this. Like, osinting is like a life skill, right? You know how to feed yourself and you know how to osint. These are core values. All right? So go. Thank you very much, Anti Siphon, for providing amazing webinars, amazing educators, and all at ridiculously low prices, including this one for free. 99 or $0. Yeah. And if you know Michelle, you know how awesome he is. Thank you. Thank you. Anti Siphon. I also want to say holla, Holla, holla at Flare Academy. Guys, Flare Academy is putting on these webinars two hours once a month. Go to simply cyber IO/flare, simply cyber IO flare, and you can register for this free webinar January 29th. Now, why would you want to do this? Two things. One, I'm hosting a watch party, so you get to hang out and high five with me, which I think is pretty cool. And like, secretly I'm hoping that you register because I want to hang out with you during this talk because I want to get everybody's thoughts and stuff, but also the value of this talk. Guys, under when in grc. What up, GRC Mafia? In grc, we need to understand, like, as much as we can from an intelligence perspective in order to do threat modeling effectively. Right? How are we spending our money? What controls are we putting in place? How can we get the biggest risk reduction for our time and our effort? Well, understanding the threat actor is a key element of that calculation and we're not going to be able to understand how these ransomware operators operate without understanding them. And I can't get into their cyber, you know, Criminal Underground CD underbelly. I don't know the password in the dark alley to knock on the door and get entered in, but Flair has done it. And who is it? It's her. Tammy Harper, Senior Threat intelligence research at Flair, is going to be bringing us two hours of spilling the tea on ransomware operators. This is sick. So go to simply cyber IO flare register. It's free. January 29th, 11am to 1pm Come hang out with the Simply Cyber community for the watch party. I'm super stoked about this, man. I really am. Simply Cyber IO Flare. I just dropped a link in chat if you're watching on replay. Simple. Simply Cyber IO Flare. All right, guys, we also got Threat Locker up in this piece again. Thank you to the stream sponsors for supporting the channel and allowing me to bring this show to you in all of its, you know, pink and retro synthwave glory. It is glorious. Quick note from Threat Locker reminder, Zero Trust Worlds right around the corner, myself, Kathy Chambers. Kimberly can fix it. We'll be at Zero Trust World and we'll be doing this show live from the conference floor. So if you want to see what it looks like, irl, come on down to Zero Trust World and Hangout. Let's quick word from Threat Locker and then I'm Going to melt everybody's face. I want to give some love to the daily Cyber Threat brief sponsor Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night, worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management, compliance, onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right, everybody buckle up, settle in, saddle up. What you know, whatever you got to do, Put your harness on, get your helmet, whatever it is you need to prep because we're about to launch this news all up in your face. All right? If you got socks on, you might as well take them off because they're going to get blown off. You got a hat on. Remove it because your hair is going to get blown back. I am ripping the lid off of this can now really quick. Again, I don't research or prep for this show. So, like, I didn't know that this story was gonna be behind a paywall, which is ridiculous. I mean, it's not really ridiculous, but it's ridiculous when you're trying to run a live news program. Cyber talks, lower tensions. Okay, all right, hold on. I gotta find. I gotta find one that is not behind a paywall. Let's see. I'm not going to Facebook for it. Oh, Jesus. Okay, well, I guess we are going to go to Bloomberg. All right, here we go. Oh, we've. Oh, that didn't work. All right, here we go. Sit back, relax, and let's let the cool sounds of the hot news watch over all of us in an awesome wave. I'll see you guys at the mid roll. From the CISO series, it's cyber security Headlines Foreign.

B

These are the cybersecurity headlines for Wednesday, January 21, 2026. I'm Rich Stofalino. UK and China try to ease cyberattack tensions.

A

China.

B

Bloomberg sources say the UK and Chinese governments created a forum called Cyber Dialogue to discuss cyber attack allegations, believed to be the first of its kind with China. This will provide a single mechanism for senior level discussions of cyber incidents directly rather than working through back channels or more diffuse methods. Sources previously reported on Chinese threat actors infiltrating UK government servers and critical infrastructure for over a Decade. This comes as China is in the midst of negotiations to build a new super embassy in London and as the UK government announced a total reset of its national cybersecurity policy. All right, Iranian State tv.

A

Hi, listen, whatever. You know, the UK has been going, you know, buck wild, by the way. Listen, the whole point of this show is, is to give you insights, value. You must stay current on the top cyber news in order to be an effective cyber security professional, which is why we do this. I was doing this for years by myself and then I just turned the camera on. Some of the stories are macro level geopolitical and they're not going to affect the way that you do work today. But we do have to talk about it. Some of them matter more to like other people, right? Like UK people care about this. I live in United States. This one's like less important to me. Okay, now that we've covered the, that, let me tell you, this UK has been going buck wild on increasing their cyber security capabilities. They, they launched like essentially like an NSA kind of cyber command thing maybe six to 12 months ago. They're putting people officially in leadership roles. The UK is cracking down all over the place on cyber criminals and for good reason. They're getting, they've been getting slapped around, punched in the mouth, etc. They're a first world power, I would argue, okay, they're small, but they're mighty. All right, China obviously first world power with insane cyber capability. And because of that, everybody is spying on everybody. This is like basically a real stakes version of CBS's Big Brother. Okay? Like it's all, it's all, you know, spy versus spy, espionage all over the place. China is amazing, amazing at espionage. So, you know, they're setting up a forum, okay, to be able to have open dialogue and open discussions in order to basically have a release valve on pressure being built up between the spy versus spy issue. Now here's the reality, guys, I hate to be, listen, I haven't been invited to these meetings, of course. Why would they want me there? But let me tell you really quickly. There's no way that UK and China don't have some type of like, you know, open dialogue that we don't, you know, like, like operatives talking to operatives or like the red phone. The United States during the Cold War, the United States had a phone that called like the President of the US could call the president of Russia, right? Like there's, there's no way that they're allowing, this is not the first time that like this is the solution A big open form. Now, remember these forms in, like, the Game of Thrones, there's a lot of, like, posturing and politicking and optics and all this other crap. So I don't know if this form is actually going to result in any type of, you know, effective stress or pressure reduction or, or they're going to solve problems with this thing. But it is good to know that both sides are willing to come to the table and have these discussions and openly admit that, you know, they don't. Neither one wants, you know, mutual destruction, effectively. So good. Good on him. Doesn't change. Like, I'm not doing anything different today because of this. Okay, hold on, hold on. Desola Amat in chat dropping news. Desola Amzat. Great news, everyone. All caps. I just got hired as a system and network engineer and started my new job this Monday. Desola Amzat. Hell yeah. Yes, sir. Yes, sir. Nice job, dude. Super pumped for you. Keep crushing.

B

Jacked. Multiple media reports claim that Iranian state TV was temporarily interrupted on January 18. Impacted channels were transmitted through the Bader satellite, which delivered content to provisional stations. Impacted channels began sending messages urging protesters to continue their demonstrations and included a call from Reza Pahlavi, the son of the last Shah of Iran. While Only lasting about 10 minutes, the move comes as Iran continues to impose a two week near total shutdown of the Internet and mobile phones in the country.

A

Jesus.

B

AI generated malware touches.

A

All right, so here's the deal. This is. I mean, it's crude, but it is what it is. First of all, this is like a, like 1990s style hack. So I love it. Not actually a drink, but, you know, drink. This is. This is definitely a 90s hack. Go watch the 1995 Johnny Lee Miller movie Hackers alongside a very young Angelia Jolie. And in the opening, you know, montage of how cool they are. Not the opening montage. After he gets out of, like, early in the movie when he meets Angelia Jolie, they're having like a. A battle of, like, controlling the local TV station. It's pretty cool. I didn't know this. Iran has shut down the Internet for two weeks. That is. I mean, that's like just straight up authoritative totalitarianism. Shutting down communication to keep the masses from being able to get news and find out what the hell is going on. I'm. You could wrap it in a package that says, oh, if we don't have Internet, then our adversaries cannot attack us. Remember the Internet where we watch, you know, the same Internet where we Watch Magic the gathering deck building tip. Videos is the same Internet that the NSA launches cyber attacks against United States adversaries. Okay so there's only one Internet. So if you shut down the Internet to the country you eliminate a lot of channels that allow, you know, attackers to access into systems. So they could wrap it around this. This is a what I mean this right here is a great way to get a message to the masses by hacking this Bonus points. They went through a satellite. That sounds like very cool, like very like Mission impossible, like rerouting through Friendster kind of thing. This is easy to fix obviously, right? Like you just go shut the signal down. So this type of attack is limited but it is very newsworthy because obviously everybody sees it, everybody talks about it. We the Internet down. People are probably touching grass and having in real life conversations with friends and neighbors. So. Yeah man, can you imagine for a hot second the United States imposing a shutdown of the Internet. There would be, it would be like out of control. I mean obviously businesses would be ultra pissed and not making money which would then that would cause people in power to change their mind. But I'm trying to see like what is going on. Like. Oh yeah, yeah, yeah, yeah. This is about. I, I have been following. We don't do politics or we try not to in this show. I will say Elliot matice at simply Cybercon 2025 did do a great talk. You can go check it out on the interwebs on using geopolitics to understand how to inform your cyber program. I'm butchering the title but that's essentially what it was and in non political ways. And this is, this is one of those ones. So my understanding here is that you know there was like a political coup or military coup back in the 80s and now the party that was in charge in the 70s wants to be reinstalled. And since, since that seems to be the the move du jour of removing leadership and replacing them with who you want by some countries maybe this, this Iran is seeing an opportunity here. Nothing to do here. This is a cool cyber attack of running your own media, but not really anything else. I do want to say if you're looking for a great late 80s early 90s movie that is similar in this vein, Christian Slaters pump up the volume. Not hacking a TV but hacking the radio waves. This was a good one. This is when Christian Slater was in his like a list. A list Prime. Such a good movie. 1990. So it was 80s, early 90s drink.

B

The void link. Last week we Covered an advanced Linux malware framework called voidlink which offers some sophisticated cloud focused tooling like custom loaders, rootkits and modules for evasion across cloud providers. Initially, researchers at Checkpoint believed this to be the work of Chinese developers due to its sophistication. However, in a follow up report they now say it shows clear evidence that the malware was produced predominantly through AI driven development believed to be the work of a single person iterating on it for about a week. That's because the dev accidentally exposed source code, documentation and internal product structure in an open directory on their server. It shows development started in November 2025 using an AI assistant in the IDE tray. This developer initially used the AI to generate a multi team development plan, then use that as a roadmap for further work. The AI initially estimated this would take about 16 to 30 weeks for a human team. But timestamps show Void Link functional by early December 2025. Telegram fraud front.

A

All right, so a couple things here. One pretty good piece of malware, Void Link. The story here, and this should not come as a surprise to anyone, is the human. The human in the loop. Yeah, exactly. By the way, the human in the loop is using AI assisted code development to develop malware. This was like literally, you know, in 2023 when OpenAI unleashed an input prompt into AI and changed the way that we do all of our like life. One of the very first things that was discussed was AI being used to write malware. Like we have known about this risk for years. Okay? So if this is surprising to you, you should definitely consider tuning into daily cyber threat brief more regularly. Okay. Because we've been talking about this for years now. This is a single human. Like the efficiency is out of control, right? So it would take a team 16 to 30 weeks. A single human did this in like I don't know, two months. Now you can't replace. I don't want to say replace. Stupid. You are so dumb. You are really dumb. Right, right. You can't replace that. So the AI did create this super effective piece of malware. The problem is the human and the AI isn't paying attention to, you know, best practices of, you know, the developers, management of their own system and configuration. The AI is just doing what it's told. So this individual exposed their own infrastructure because of just sloppiness. And you know, so to me this story is very good and very valid for cyber practitioners in the sense that number one realizes the re. It realizes the risk that we've been talking about for for years. A single person can write a very complex, effective piece of malware in a short amount of time, which is like all the variables that we don't want using AI. And AI, even if you put in like guardrails and don't let AI write malware and stuff like that, you remember guys, really quickly, malware is just software that does something bad. And I know that sounds super obvious, but think about it for a second. If I write a piece of software to help parents track their children so they can make sure that their kids are safe, AI will gladly help me write that. Because it is, you know, it's a business model. It's a righteous piece of, It's a righteous cause. It is something that can make money. It's good. I, I have software like find my phone on my kids right now. That same software installed on an unsuspecting, you know, individual, right? So like go to the club and then I put air tags on somebody and I could follow them home. Like that's malicious af, right? AI doesn't know the difference. And you can easily lie to AI. No, no, this is a business thing, right? Info stealers. No, no, it's a way like Grammarly, right? Grammarly. Everybody knows Grammarly, that's essentially an info stealer, right? I mean effectively it's copying everything you're writing and send it to Grammarly servers to be analyzed. So like this risk is quite real and quite easy to get around. This was a Linux malware, okay? So don't think that, you know, Linux is not, is invulnerable to malware. It is not indestructible. Okay? Even though the card reads Linux Tab 2 Indestructible, it is literally just an operating system that can have malware written for it. And this, this void link is. So the good news is all we have to do is continue to do all the things that we do as practitioners, EDR solutions, behavior analytics, looking for beaconing, right? Computers operate on a machine different than humans. And I assure you, until they start programming in a little bit of like salt into the AI to look a little bit more erratic, you can use these things to detect malware and bots running things on or agentic AI running on your machine. What I will say is also like to me talk about. Oh, Jesus. Okay, so yeah, this is, they're using AI agents to do different parts of it, right? They have a AI core team and AI backend team. They have, they probably have testers, they have developers, all the things, right? What, what I want to know, like, unfortunately, this story is not about Void Link malware infections. It's a. It's about the. The fact that there's going to be. To me, there will be a rapid increase in sophisticated malware development and deployment. But for practitioners in the room, what we need are IOCs for void link. Where's the IOCs, buddy? What are the iOS? This is annoying. There's only two IOCs, and they're both IP addresses. Gross. I'm looking if you're watching, if you're listening on stream. I've gone to Threat Fox's website to pull up IOCs. It's two IP addresses. IP addresses are trivial to replace. So, yeah, see more IOCs, whatever. Just make sure. If you're running Linux, make sure it has an EDR on it. I guess that's my tldr. If you work in cybersecurity, you know, you're not managing the Linux systems, your IT team is. It will. If I had a nickel for every time an IT administrator pushed back on me installing EDR on servers, I would. I would not need show sponsors because I would be. I'd be swimming in nickels, okay? I'd be like Scrooge McDuck in the. In the money, you know, vault thing he has where he's swimming through gold. I'd be swimming through nickels. Every IT administrator will tell you, oh, my God, edr. It slows my machine down. They like Napoleon Dynamite, they're like, go. And it's like, dude, no, it doesn't. Your machine's overpowered already and Linux is a pretty lean operating system, so shut up and install the edr. Don't say it that way, but in your mind you can say that. Make sure you're installing EDR on your Linux servers. And if they say, oh, Linux doesn't get infected by malware, you're like, stop it. Stop it. Okay. Also, this infographic, since we're not going to do worldwide Wednesday, I will recognize this infographic really quickly. That was a misfire. Hold on. Here we go. Oh, yeah. All right. If you're new here, I really have a thing for infographics. I'm not even joking. If you can say more by saying less. Oh, yeah. I'm all in. I'm all in.

B

Shuts down. The blockchain analytics company Elliptic disclosed that the Scam Marketplace toude Guarantee will shutter its operation on Telegram. Since launching in 2023, to do guarantee processed an estimated $12 billion in transactions and has become a staple of the Southeast Asian scam Economy. It provided crypto money laundering services, served as a PII clearinghouse, and provided fraud as a service infrastructure. The move comes after the US and UK impose sanctions on the operation, designating it a transnational criminal organization. It's unclear if the group is shuttering all operations as Elliptic found its gambling business still up and running. All right, and now.

A

All right, so a couple things. Number one, if you didn't know Southeast Asia, that's like where a lot of the scam call centers are operating from. And, you know, there's gambling, there's all sorts of stuff. I had never heard of this marketplace to do before, but essentially it's where you go to, you know, get your money laundered and, you know, other illicit things. They were basically a B2B service. Hey, you, are you committing crime but not sure how to make your bitcoin fiat. Come on down to Marketplace today where we are laundering money. Come on down Friday. Friday night's ladies nights. Two for one on bitcoin laundering. Come on down. So it's getting shut down. So the United states and the U.K. again, remember, the U.K. is really increasing their activity on cyber operations. Sanction this. What sanctioning means is essentially anyone doing business with them is going to be. Have their accounts frozen and be, you know, blocked out from doing business in the US and the uk, which is wicked scary. Now, again, most of the people using Market Marketplace to Know are committing crime. So, you know, whatever, like, who cares? But you, you, you know, if something's radioactive and you know it, you don't want to touch it, right? So that's part of it. Second of all, and I think that this is actually. Hold on. Actually, the reason that they're shutting down is not because of these sanctions. Okay, the sanctions are a cute thing, like, whatever. And I, I almost, if I had to guess, I think it's more, you know, whatever, best practice for the United States and the UK to sanction. But it also seems to me like government theater and more for optics than anything else. My hot take on this is that they're shutting down because you can see here, Where is it. The to do? Like the. The Marketplace to Know had one client called Juan guarantee, which did $27 billion. Oh, my God, $27 billion in 2025 or, or, or through the platform, and it was shut down in May of 2025. So here's the deal. Welcome to Business 101. If you're a business and like 90% of your revenue comes from a single client, and that client goes away, you're going to have some struggles, all right? It's like having, it's like working a W2 job. If 100% of your revenue for your home comes from one employer, that means you have one client and you get laid off. You, you now go to 0% revenue. That is devastating. Okay? It's the same thing. I suspect that this platform took a major haircut when their number one client basically got shut down. And it took them a few months. They probably tried to string it together, String it together. And now they're like, eff it. Like this isn't going to work anymore. Shout out to Telegram. Dude, Telegram. If you don't know Telegram, it's like a messaging app, but you can have channels and group chats and all this other stuff. Telegram is like loved by criminal enterprises for doing all sorts of operation things. Telegram has been getting a lot of pressure from, you know, Western governments to like clean it up and you know, whatever. So Telegram is doing that. Telegram shut down one of those channels. They're also shutting down the Telegram related stuff for this marketplace. So holla. All right, so hey, you know what, dude? $27 billion. I can't even wrap my head around $27 billion in. I can't wrap my head around that much money. Like $1 billion. I can't wrap my friggin head around 27 billion. Oh. I always tell my students, and this isn't, I don't say this flippantly, okay? Like I'm so glad that I have a moral compass. Because if I didn't have a moral compass, right? If I was just a broken human, I would be so up into cybercrime. It is so lucrative. Great cash, homie. Of course, I'd have to live in Eastern Europe. And I, I don't know, I, I like, I, I like, I like South Carolina. South Carolina is nice. Huge.

B

Thanks to our sponsor, Drop Zone AI. Remember yesterday's 2am alert. Here's how it ends differently with Drop Zone AI the alert fires within minutes, not hours. Their AI SOC agents have already correlated logs across your entire security stack, built a complete evidence chain and delivered a verdict. False positive or escalate immediately. Your analyst wakes up to answers, not a cue. That's autonomous investigation at enterprise scale. Experience it for yourself at Drop Zone AI. That's D R O P Z O N E AI.

A

All right, we are at the mid roll, everybody. Holla. Hala, hala, holla. Guys, I want to say thank you very much for just, you know, I took two weeks off at the end of 2025, those last two weeks, I came back fully refreshed, fully recharged, you know, got my priorities, you know, realigned and just loving it. And I'm so grateful to be able to share this community and this experience with you. So thank you. You know, the card says thank you to the sponsors and I definitely appreciate the sponsors, but like, literally, thank you. This show, this community, it doesn't happen without you. So thank you very much for making it amazing and showing up every day. Consistency is the key. It is hard to show up every day. It's awesome. Guys, let me say shout out to the stream sponsors again, thank you. Threat Locker, anti siphon, flare and Area. Area. Guys, go to Simply Cyber IO Area to check it out. Listen, everybody's leadership team is demanding AI automation. Give me AI, give me AI, right? We just saw a story where one guy did like basically an entire department's worth of work in about one tenth of the time to write software. Okay? AI automation, everybody wants it, your employees are using it, right? Marketing, sales, they're trying to. Everybody's trying to do their job better and they're using AI to do it. But the problem is, as a security professional, you have no idea where the data is. Data governance is out the window. People are installing things on their systems. It's all over the place. And really, one security incident or one failure and it's game over, right? IP theft, regulatory, fines, competitive positioning. You don't know what's going to happen, but you know it's going to happen quick because it's AI. But listen, guys, there are companies out there like Area that is flipping the script. What if you could have all the benefit of AI and not have the risk of AI? Boom, baby, boom. What if you could innovate while being protecting your data? That's what we're talking about here. That's what Area delivers. A unified platform that combines AI security, governance and orchestration. So you don't have to choose between innovation and protection. Literally, you get the best of both worlds. You don't have to make the the choice, right? You don't have to pick your favorite kid. Take control today. Turn your AI stress into AI success. Are you ready? Are you ready? Marcus Kyler to embrace enterprise AI? Go to Simply Cyber IO Area to check it out today. That's A I R I A again. It helps the channel, it helps me, it helps the community. If you at least go click on the link and take a look at it. I'm not asking you to purchase it. I'm just bringing it to your attention because it is solving a real problem, guys. Every single day of the week has a special segment and Wednesdays is Worldwide Wednesday. Now, we typically do Worldwide Wednesday. At the beginning of the show. I played Daft Punk around the world. I'm getting some concerns around music copyright, unfortunately, and obviously Daft Punk is a very expensive piece of music to play, so we have to solve these things. So we're not doing Worldwide Wednesday. I I We have an open slot here for a Wednesday event or a Wednesday special theme thing, so I'm definitely interested on any ideas people have, but just stay tuned. I I'll make sure that we bring you something fun. We always mix it up, right? My Mondays used to be my son's art of the week. Fridays used to be my other son's joke of the week, and we've evolved and kept it fresh. So Wednesdays is going to be doing that. All right, guys, let's slide back into the news finish strong.

B

Flaws Found in Anthropic Git Server Researchers at Sayada disclosed three vulnerabilities in Anthropic's Git Model Context Protocol, or MCP server. This server provides tools for accessing Git repos through LLMs. The researchers discovered two path traversal and one argument injection vulnerability that could be chained to allow someone to turn any system directory into a Git repository, opening the door to remote code execution through a prompt injection. In response, Anthropic removed the Git Init tool from the package and added additional validation path traversal primitives pen testing tools used in LinkedIn.

A

All right here, anthropic MCP GET server so MCP frig I forget that is that model context on MCP. It's model context protocol. Basically it's like allows kind of API calls into AI engines essentially. So it definitely. MCPs are definitely here. MCPs are definitely going to be used by lots of people and lots of software, so get familiar with it. All right, Sorry, I was reading Mod Chat making sure everything was cool here. So if there's flaws in MCP servers, you might be interfacing with, you know, vulnerable code or even malware. This particular get server would enable file access and code execution. Dude, you can have a piece of malware sitting on your file system, like on your desktop or whatever. No big deal. It's when the code gets executed, loaded into memory, that's when the problem is. Okay. Now, I mean, this isn't a terrible infographic. It doesn't warrant saxophones, but you know it is what it is. So you, through a prompt injection, which is like the number one way that AI compromises or happen, as far as I know, it does a get in it function, creates a new, a new script, like, you know, like a. Basically a little shell script and then it runs the shell script. Okay, Pretty straightforward. Here's the thing, here's another thing. You can't fix this yourself, right? This is, this requires whoever owns the MCP server to do it because like. Or like, hold on, let me show you guys really quickly architecturally, let me see if I can find a like an example here. So architecturally, this is kind of like how an MCP server sits in. Now this is an infographic that says a lot with not a lot. So you can see where it says MCP client on the left. This is like your code, right? You write a little script or a little agent or a little bot or something that does things. And you use the McP servers, these three blue servers, however many you want. And your client, by using the MCP server, like an API call, can access Google's tooling. It can access OpenAI or anthropic AI capabilities. It can access whatever resources you want. So like say you wanted to write a bot that would book hotel rooms, right? Like you write a little bot that like will book your flight and your hotel rooms for you or whatever. You might use an MCP server that's connected directly into like booking.com and an MCP server that's connected into like delta.com or whatever, right? So you don't have to, you know, manually write this functionality. It's like importing code or importing functions that are already been developed from other developers. That's what an MCP is and that's why it's super valuable because it basically saves you time, right? So that's what's up. All right, so going back to this, the problem is if there is a flaw in the MCP server, you're kind of like blindly accepting it, right? Go back to this graphic, right? Just imagine that this top MCP server has a flaw in it. You're interfacing with it, right? So it's almost like third party risk. The MCP server gets compromised and now you're touching it and things are happening on your your system because that MCP server is compromised and affecting you, right? So it's very much like third party risk, which is so hot right now.

B

That Hansel so hot right now.

A

So obviously Anthropic has to fix it. I would argue you Know, be careful with all these MCP servers. It's like WordPress plugins. Don't just like turn them all on and then don't turn them off if you're not using them or interfacing with them. Keep it clean, right? Keep it, keep it lean and clean. So fresh and so clean. Clean, right? Oh, looks like I'm frozen. Come on, bro. All right, there we go. All right, so you'd have to chain these vulnerabilities together to get full exploitation, which is not simple, right? Obviously. But you would need to me this. To me personally, this story is more interesting because it highlights MCP vulnerabilities in the third party risk of those systems to your systems in your code base. Less about this specific vulnerability and the chaining of it for exploitation. Okay. You can see here Anthropics already removed the package and added extra validation to prevent path traversal. So like the problem has already been fixed. So, you know, as far as today goes, you're. You're already fine, right? You don't have to fix anything. As a professional, this should be interesting to you as a kind of, as a paradigm of vulnerability. Okay. Also, Hala, if you are like interviewing for jobs, okay, this is a good story to read, get familiar with and just kind of have in your back pocket you listen, if you're going to a job, it doesn't matter if the job is about AI or not, right? Say you're a stock analyst or whatever, something might come up about, hey, like, you know, what are your thoughts about AI or how do you think AI is impacting security, whatever, like just like kind of a thought question to see where your thoughts are. This would be sick to just kind of like casually bring up because you're talking about mcps, which shows you understand kind of the evolution of where AI is going and how businesses are using it and developers are using it. To scale number two, you're pointing out vulnerabilities and how they can be chained together. Right. For exploitation through third party risk. If you're a GRC person and they mention third party risk, you're mostly talking about vendors introducing risk to your environment, like through user access or I almost swore there, poor data governance. Right? You just like casually drop this up as third party risk, bro, Tell me more. Shall we play a game? Okay, so that's what's up the crush your interview. Absolutely. Oh, and by the way, speaking of interviews, if you want to take your interviewing to like the next level, like if you want to like just strap into a rocket and Crush your job. Interviews on Simply Cyber's channel the last three weeks, every Sunday. I'm releasing a new video in 2026. That's the promise I'm making to you. I did three different videos. It's basically one GRC interview question answered by somebody looking to break in. Somebody who's worked in the field for a few years and someone who's worked for 10 years plus in the field answering the same interview question. And I do constructive breakdown and feedback of their responses in real time. I have been getting unbelievably positive feedback from that video series. So go check it out. It basically allows you to get feedback on your interviewing, which nobody gets anymore. When was the last time someone who interviewed you was open to giving you feedback? Usually you just get like a friggin generic email, you didn't get the job and then like they just ghost you on social media because they don't want to talk to you about like how you're interviewing went, all right, let's keep cooking here. What am I doing?

B

Phishing. Researchers at ReliaQuest detailed a phishing campaign that targeted high value individuals on LinkedIn. These used industry related lures to establish trust, first to gain a connection with the target and then to send them a direct message. From there, the attackers send a carefully named malicious winrar archive that extracts a legit PDF reader and a malicious dll. This is all pretty standard stuff, but the researchers noted the campaign used an open source Python pen testing script with a registry run key to achieve persistence on systems. Something they hadn't observed in other similar attacks.

A

All right, yes, LinkedIn. Guess what? You can easily find high value targets on LinkedIn people. I'm the executive of whatever. I'm an investor of whatever. Okay, a lot of people on LinkedIn. What is it called? Not glory signaling or whatever but like, I don't know, I mean I, I post a lot on LinkedIn. I'm sure you've seen my stupid face on LinkedIn a lot. So I, I'm not one to talk but I'm certainly not a high value target. No one's targeting me but there's a lot of like virtue signaling or whatever, like oh, like you know, I, you know, I'm an executive and like something ha. You know I got in an Uber last night and it in, it reminded me of like five things I did to be successful like whatever. So it's easy to find these people. Okay, so what are we doing here? Open source pen testing tools. Sure. There's a million of them. Let's see ReliaQuest vendor. I mean ReliaQuest has a blog post on it. This is great. So hey, whenever the story says that like a vendor did a blog post, I always like to go to the blog post because it's usually well written because the person who wrote it is the security practitioner. All right, who wrote this one? All right, look at the anatomy of an attack. This is not an infographic, but it might as well be initial access, execution, persistency too if you are new to cyber security. This is literally the cyber kill chain. They are writing it in the cyber kill chain mechanism. And I love it, I want all of it. Give it to me. And they're talking about, you know, basically open source tooling, what, Whatever, dude. Pen test tools are great. There's a million of them. Even if it wasn't open source, as we just saw with the Void link story, you can use AI to write your own tools. Social media platforms, very easy to find high value targets out there. You can DM them, which gets around email security gateways, obviously high value targets, sea level people, they, they, you know, they're well aware that they're a high value target, but they're easy, not easy to trick, but like you can trick them. Okay, so this is all I would say here is what, what is the actual, how's this attack work? Fishy message on DMS containing a link to download a malicious file. Well, first of all, I always like to look at the first step in the kill chain. Okay, number one, educate your VIPs, please educate everybody. Listen real quick, I'm a GRC professional. I'm going to give you some like real value, high impact stuff right now. Okay? So like cl, we should clip this. Okay? When you're doing awareness training for your workforce, you have to do certain segments to have higher impact because people like to feel special. And if you're talking to 10,000 people, no one really feels like you're talking to them. Talk to your finance team specifically about business email compromise. Talk to your engineers and your IT people about certain types of risks like around AI tooling or you know, research and development or just like, you know, running all sorts of wild code and stuff like that. And talk to your executive team specifically. Make them feel great that you're talking just to them. And make them aware of targeted phishing through, you know, obviously email. But we have a lot of great email security tools nowadays through DMS, especially on LinkedIn because there's clearly an uptick in activity and have them know that they shouldn't be opening archive files and extensions that are being passed to them through DMs and social media, of course. Also make sure that the devices they're using have EDR or anti malware solutions on it. Executives love to be special and use their MacBooks when you're a Windows shop or use their iPhone when you're, you know, you know, for byod. Bring your own device, educate them, let them know that they're a target, let them know that this is real and let them know that their level of access is going to grant an attacker unfettered access to a lot of significant things that could result in. Wait for it. Great cash, homie. Massive financial impact to your business. Once you start talking numbers, the executive team is going to listen up. Definitely get in front of the LinkedIn DM malware because once it detonates on their box, it, you know, it's kind of game over. Like all the persistence mechanisms, all the C2, all the side loading of DLLs, it doesn't matter because the initial payload, the dropper, is running under the context of the executive, which we all know executives want frictionless experiences, which means they got high access. Get in front of this one today. Okay? All right, thank you for coming to my TED Talk.

B

His Report Fraud service does what it says on the tin. The City of London Police formally launched the Report Fraud Service, which provides a single reporting portal for fraud and cybercrime across the uk. This follows a soft launch of the service late last year. Unlike the UK's previous Action Fraud service, Report Fraud will actively keep people reporting scams in the loop as an investigation progresses and is built on top of a new real time analytics platform that will integrate with telco operators to actively disrupt malicious activity. The UK's minister for tackling Fraud, Lord Hanson, said the government planned to follow this with the launch of its new fraud strategy next month.

A

Lord Hansen, the Dutch Lord Hansen and his wife, the Duchess of Mbop, are, are very interested in this. I just wanted to make a Hanson joke and if you don't know, that's a, that is a 90s reference. A drink. All right, all right. So UK, like, you know, obviously individuals are getting hit with fraud cybercrime all over the place. You know, it, it sucks. But think about, you know, those pig butchering text messages, right? If you've gotten a text message about, you know, from someone who's like, oh, I left my clubs in your car or are we still on for dinner Tuesday? Like that's a, that's the start of A pig butchering. And individuals are getting hit. One of my good friends, my. My college roommate's parents got hit for five grand just a couple weeks ago. It sucks to lose money. It also feels very violating to be compromised by some jerk. So I love that the UK is doing this. You know, we'll see. The, the proof is always in the pudding, right? Ideas are easy. Execution is hard. All right, you can see fraud rates again. The UK is going like the, The UK is pushing all their chips into the center of the table on cyber security. Like, they're investing heavily in, in execution. They're executing heavily in resources and programs. I'm all for it, dude. Get as much cyber as you can up in here, especially if you live in the uk, I would imagine. Roswell, uk. Can you comment on this? I'd be interested if there's like an uptick in overall kind of cyber hiring and cyber roles as, you know, the government kind of sets a tone for the country. And if they're having an increase in all that cyber stuff, I could see more, more, you know, businesses wanting cyber stuff too. All right, so they got a national campaign around individuals reporting. So if you're a victim of cybercrime, they're. They're basically giving you an. Listen, you know what this is? This is no different than if you work at a business where the email, like you have like a report fish button on your Outlook client so your workforce can report a fish. You can get in front of a, a phishing campaign that cleverly gets past your filters. That's what this is. And the cool thing is the UK will follow up with the people who reported on, you know, any updates around that. Now, like I said, Execution's hard. If25,000 people report that they have been a victim of fraud, on Tuesday, when I call them back to give them an update, I, you know, I can't call 25,000 people. So then there's going to have to be some, like, submit your email and then you get some generic response. You know, I don't know if that's going to be satisfying to people who are victims, but, you know, I will tell you one of the best. One of the best. One of the best, I guess, things. I don't know the right word. One of the best things for defense, right, for us as defenders, is crowdsourcing threat intelligence, right? This is why it's very valuable to report to CISA or the FBI when you have a cyber attack on your business. Because if I get hit and I tell somebody Then it's possible that you don't get hit by the same attack because you have shared information. This is why Isaacs Information sharing and analysis centers exist for every. Not every, but for many different industries. It's because of that closed group TLP or traffic like protocol, you know, amber or red. These kind of like not publicly communicated intelligence reports come out and it's super valuable. It's because we're crowdsourcing and not letting the criminals operate, picking us off one at a time. That's what this is for individuals. And for one, I'm all for it. Let's go. In fact, it'd be cool if, if this actually does somehow work into reducing fraud somehow, it'd be cool to see it in the United States. I don't, I don't see how it will reduce fraud, honestly, simply because the fraud's already happened by the time you report it. If anything, the UK would have to then figure out who is causing the fraud and then go eliminate them, you know, through whatever means necessary. But a lot of the fraud is coming from Southeast Asia. So last time I checked, you know what the. What do they call the cops in London? They have a name. Constables. Is that a thing? Last time I checked, Constable Blarney Stone isn't got jurisdiction in Southeast Asia. And I know I just mangled a lot of UK related stuff, but just bear with me, all right?

B

Ad blocker leads to real click fix attacks. Yeah, A browser extension causing a crash usually isn't a feature, but it is in the case of Next Shield, available for Chrome and Edge. It was listed as being created by Ublock Origin creator Raymond Hill to give it added veracity. This supposed ad blocker intentionally creates a denial of service condition by exhausting memory resources, causing the browser to either hang or just flat out crash. Upon restart, the extension shows a popup suggesting a system scan to solve the issue. This scan, of course, reveals a supposed security issue, which conveniently requires you to input a series of commands in the Windows command prompt that actually executes a malicious script. The Extension has a 60 day timer to help avoid suspicion and downloads a more specialized Modelo RAT payload if it attacks, it's on a corporate network. The extension is no longer available on the Chrome Web Store. Remember to subscribe to the CISO series.

A

You all right? So threat actors continuing to use click fix style attacks. The click fix attacks have continued to evolve, but the TLD or tld, the top level domain nerd. The. The TLDR here is if you educate your workforce on what A click fix attacks. Looks like it doesn't matter what technique the attackers use to get the click fix in front of your victim or in front of their victim, your, Your end user, your. Your, Your mother. It won't, it won't be successful. Okay, so click fix attacks. If you're new here, a click fix attack is essentially convincing a human to open a command prompt, right? Essentially a command prompt or start run and then run a powershell command that'll basically go grab an initial payload. Why on earth would my Aunt Dorothea do this? Well, this is where the trick comes in, the fishing part of it. Okay? And classically it was the captcha. Like, are you a robot? Instead of clicking on fire extinguishers, you would run this code to prove you're a human. Okay, we got smart to that. Now what this ad blocker is doing, which is fake, is it'll pop up and say, oh, your, Your browser's screwed up. In order to fix it, do this. So if you're not paying attention or you're in a hurry or whatever, you're just going to do the thing it says because it looks legit and you just want to get back to back to work or back to whatever, back to searching, back to. Net Decking casually, Joseph. So educate your end users. You will never, ever. There will never be a time when you need to hit Windows key R and then paste in some code and make sure that you are including a screenshot. Because again, this is why I like infographics. The visual picture of showing it or will stick with the users on what it looks like if you tell them, oh, hey, don't, don't hit windows key R contrl V with PowerShell code. That means nothing to my Aunt Dorothea. That means nothing to your executive team. They already forgot what you just said. They already forgot it. Show them a picture and say, if you see this, we've got a big problem. Okay, Visually punch it in there, make it clear to them. I mean, shoot, shoot. You could even print it out and stick in the elevator. Don't be a victim. If you see this, stop. And here's the thing. Your, your power users, your IT users, your. Your developers, like, they know what Windows key are in a PowerShell is. They know what it is. So they're already predisposed to know that that's not okay. So you don't have to worry about being confusing and blanket saying that, start, run. PowerShell is bad because anyone that knows that the instances where it's not bad are going to know Already that it's all good. They'll like be on inside on the, on the joke. All right, again, I don't want to focus so much on this browser, fake ad blocker extension and this extra. It doesn't matter because next week it's going to be a different thing. The threat actors are continuing to use click fix because it works. It's just the initial trick to convince you to do it is what's changing. All right, let's cook. All right, we're a couple minutes over, but that's okay. Guys, it's Wednesday, so I'll be doing AMA jawjacking in a hot minute. If you got value from the show. Thank you. I like, like, literally the whole reason I do this is to deliver value. I love educating, I love mentoring, I love helping people. It makes me feel good to help other people. I didn't have anyone really helping me when I was coming up and, you know, it sucked. Right. So this is all about paying it, making it, making a, a change and helping people. So share it with your friends, share it with your network. Bring a friend tomorrow. I'm Jerry from Simply Cyber. Don't go anywhere because we're going to be doing jawjacking. I'm going to be mentoring at scale, continuing to melt your face. Until next time. I'll see you. I'll see you. All right. O. Oh, also really quickly, tomorrow is today Wednesday? Yeah, tomorrow. I'm pretty pumped. We actually have Bryson Bort coming on. Bryson Bort. If you don't know who he is, you know, I don't know what you've been up to, but you, you should know who he is. He's just a. He's a wonderful guy, really well known in the cyber security community. A lot of his focus was in icsot, but he's much bigger now. And like, this is cyber related. But a lot of people are interested in how to start and run a business. Your biz. I'm a one person business. Kathy and Kimberly helped me. But you know, effectively they're contractors. Right. So I'm like a one, one employee business. Well, I shouldn't say that my wife and kids are part of the business as well, but you get my point. You don't have to be a Fortune 5 company to start and run a business. And a lot of people in 2026 are interested in this. So I asked Bryson to come on and talk about it. Why not? The guy's got mad experience. I'm Jerry from Simply Cyber. Until next time, stay secure. Ever wonder what it takes to break into cyber security. Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking. Holla. What's up, everybody? Welcome to Jawjack, and I'm your host, Jerry Guy. If you're new here, a 30 minute show. You ask a question, I give an answer. If I don't have the answer, I do everything in my power to get you the answer by either querying the community, which is right here full of amazing professionals, or we try to Google it, right? We're not pretending to be the the Oracle of Deli here. We're like, literally just trying to cook and help people. All right, guys, if you got a question, put it in chat with a q. We got 21 minutes for you. Super exciting. Go. All right, let's see. Hello, Michael Vito, coming from the Philippines. Good to see you. Good morning. All right, the Mod Team. I do want to thank Justin Gold, Haircut, Fish, DJ B Sec. So many wonderful people. Kimberly can fix it. I think Daniel Lowry's in there. Maybe Tyler Ramsby's in there. Maybe. All right, Modern Rogue has entered the chat. Question, can I make a deep fake of you for learning purposes? Yes, you can. Modern Rogue and Modern Rogue, if you google James McQuiggin, Wild west hack infest 2020 or I believe he had a whole, he had a whole presentation on deep fakes and there was a deep fake of me in there. But yes, you can use a deep fake of me. Word of the week Wednesday instead of Worldwide Wednesday. Thank you, FedEx. We can develop our vernacular by increasing our lexicon by using interesting words to capture insights and value for practitioners. I will tell you guys. So I don't even know if you have to do this anymore, but if you don't know, I, I, I have master's degrees and in order to get apply to a master's program, I had to take these GREs, which is like, basically like SATs plus plus. And it's half math, half vocabulary. And I literally memorized 500 different words using flashcards for, for studying for the GREs. Now, spoiler alert. I, I did great on the GREs and I got accepted to master's programs, which is why I have multiple master's degrees. But I never forgot those words. They are baked into my brain. All right? Like dilettante. I know what a dilettante is. All right, next question. How is run Fish says how difficult is hacking TV stations in the U.S. good question. I don't know. Nowadays I would assume it's actually not trivial. I wonder, is Kathy Chambers in chat? Is Kathy Chambers in chat? Hey, Kathy. So Kathy Chambers worked in breaking news for like a long time and was right up in TV space. I would love to get her thoughts on this. Let me see if she can come online. Hey, hey, are you there? And answer this question. It's a fun question because hacking TVs, it happened in Iran just recently. It was in today's news and it was big. Like, it's like, I don't know, it's like one of those dream hacks where it's really cool because lots of people see it. I'm gonna flag this one, Run Fish and we'll come back to it. Okay. Modern rogue tech Run is sharing that James McQuiggin did a deep fake B sides Orlando talk as well. All right, let's see what else we got here. All right, Phil Stafford, is MCP security just about fixing bad code or are we looking at a whole new attack surface that we don't have real controls for yet? Solid question. You know, I, I want to say I don't think it's a whole new attack surface. I just think it's like really intense imported code risk. Right? So if you are writing software that uses APIs to pull into things, you know, if, if wherever the API is pulling into gets hacked or has compromises, you're importing that, if you import some Python library into your code and you don't validate it, it could be hacked. So I don't see it as a new attack surface, but I see it as more glorified because the MCP server you're not really going to have visibility into. Right? I mean, you could bake in some, some validations of the code or whatever. The returns are coming back from the mcp. As always, whatever you're putting into these MCP servers, from a data governance and data sovereignty perspective, you do want to make sure that you're managing that as well. Like a little teaser for everybody again, I'm doing a video every Sunday in 2026, a produced video for the Simply Cyber YouTube channel. And I. February 1st or February 8th, I'm actually doing a video that is going to be dropping a brand new free enterprise grade tool that can help you legitimately manage data sovereignty and data governance. It's like unbelievable. Like I've already filmed the A roll. I've gotta, I've got to do like the tech demo Stuff, Phil, but it's sick. So I do think we have controls for this right now. Unfortunately, it's more. There's a lot of human controls around managing this risk. What kind of human controls? You might be asking yourself? Well, number one, like WordPress, right? WordPress, the server that has a million plugins and some are vulnerable. Or your Chrome browser. Right. And extensions that are vulnerable. You have to make sure that you kind of keep your code clean, right? So if you interface with MCP servers and then you don't end up using it, you might want to clean it up, right? Because you could have some, like, janky, you know, call to an MCP server that you forgot about, or it's not there and it causes an issue downstream. Again, if you're not. If you leave it in your code, but you're not actually reaching out and touching the MCP server, you don't have to worry because that's like, static, right? It's only when you. It's like having malware on your desktop. It's not a problem until you execute the code and have it sit in memory and touch your processor. All right, fun question. Phil Stafford. Phil Stafford is also like an AI superhero. So I would love Phil's thoughts on this, too. I mean, I. I appreciate Phil asking the question and getting my thoughts on it, but Phil, as a superhero in AI, let me know your thoughts. Also, Phil, I might be going to rsa. I. It's ridiculous that I don't know already, because I'm sure I'm gonna have to stay in, like, San Jose because all the hotels are taken. Still pay 800 bucks a night. But. But if I get to RSA, Phil, I hope you can come out to the Simply Cyber meetup. Continuing to look at questions. All right, Cyber Risk, which is. Paging Kathy. That's funny. All right. Cyber Risk, which says advice for developing as a new manager when also carrying a full analyst workload on top of leading leadership responsibilities. Yeah, that's asking a lot. I mean, honestly, for me, I've always tried to avoid managing people. I guess if you really break it down, I'm not great at confrontation. I don't enjoy it. I don't like how it makes me feel. So I've always tried that. But I have managed people before because, you know, at a certain level, you have to manage people. What I always like to do is two things. Cyber risk. Rich. You could take these, you could leave these. And if people in chat have thoughts on answering this question, drop it in chat. But for me, the Two things that I like to do as a manager because they align with like how, how I like avoiding a confrontation. Number one, I view managing as the following. My, like the team that I'm managing, they are the, the worker bees. They're executing work, they're delivering on objectives. My entire function is to make sure they have what they need in order to be successful. That's how I see being a manager. Do you have what you need? So when I, oh, and also regularly meeting with them and making sure that they're good, right? Not just being like, like do your work, right? So like, hey, do you have what you need? Okay. The second thing I like to do when it's possible is I like to allow them to set the deadlines, right? So hey, hey Catherine. Like I need, I need you to, to make this piece of code or I need you to develop an awareness training deck or whatever, right? I need you to do this thing because I'm being told that our team needs to do this. I need you to do this thing. Do you understand what the ask is? And if you, if you don't, then I didn't give you what you need to be successful. So I will clarify until we get to a point where you understand what the ask is. Then I'll say, when do you think you can have it by? So instead of me saying have it by Friday, I say when do you think you can have it by? And this way you have buy in in stake in the deadlines. So if you say I'll have it later today, I, I might say like that's great, but I mean it, it, I don't need it today. Like, do you know, I don't want you to set unrealistic expectations. Also if you're like, it's going to take me two months and I'm like, come on, it's like three slide PowerPoint. Two months. Can, you know, let's. So usually in my opinion when someone sets their own deadlines, they have buy in and they're more likely to, you know, just execute on it. So those are my tips. Christian Fernandez says. Good morning Doc. So recently I got my SEC plus last week. Very good, Congratulations. And I was wondering what would be some good projects to work on. I have a Proxmox instance where I'm planning to do some home labbing. Well Christian, the number one question is what do you want to do? Right? Like, so if you want to be a sock analyst, sure you could do some GRC related labs, but does that necessarily help you get to the sock analyst role. I don't know. So first of all, pick. Pick a role you want. Now, if you don't know what role you want and you're like, jesus, Jerry, like, can you just not give me a problem? Like, just answer my question. Here's what I would say. Okay? This is a great lab. Yeah. Proxmont, right? Set up a. A Windows vm. Make it vulnerable af, okay? Get like some type of, you know, like lightweight SIM or something. Like something very lightweight sim, okay? Put some type of agent that can do logging, like Sysmon or something on, on the Windows vulnerable vm. Have the logs go to the sim, then stand up another box that. Or, you know, use Atomic. Like, so look up red canaries, Atomic Red Team, okay? Then detonate. Atomic Red Team basically does axiomatic hacks on an endpoint which would map to like, Miter Attack framework. So you can literally do this exact technique, right? So here's the deal. Execute one of the axiomatic techniques on the vulnerable system and confirm it worked. Okay? Then go look in the SIM and see if you see it. Then use Atomic Red Team allows you to like, reverse basically the attack. So reverse it. Then try to write like a little detection and then execute it again and see if it like fires off in your sim. Now, this is a very SOC analyst focused lab, but the reason I like it is because of the following. Number one, you are setting up kind of a complex lab, right? You've got multiple systems, vulnerable endpoints. You're seeing attacks and stuff like that. Number two, if you want to get into pen testing, you are looking at axiomatic attacks. You can read the attack, you can see it, you can study it, you can understand it. You're executing it on a victim machine. You're seeing what a compromised victim machine looks like. You're seeing what it looks like when you detect it through logs. You're also going to be. You should be looking at MITRE ATT and CK Framework. And then once you get a little comfortable, start picking attacks that are directly related to very popular threat actor groups like APT 28 or APT 41, like or, or Lazarus Group or, or Scattered Spider or Lapses, like one of these threat actor groups that's got like a big, big splashy name that everybody that's interviewing you has heard and knows about. This is going to be good for like, GRC jobs. So then when you're like, getting experience, seeing how it all works, and understanding the kill chain and what things look like and all these things in an interview you could talk about Miter attack framework. You could talk about Atomic Red Team. You could talk about detection, engineering and tuning. You could talk about home labs that are complicated and set up very nicely. It'll give you a lot of different avenues to explore. Shoot. You could even take like one of these, you know, recent, like if, say there's a big story in the news, right? Like this threat actor group, right? Like I'm trying to think of, like, what's a threat actor? Well, black boss that just. Oh, oh, oh, there's Safe Pay Ransomware. Yesterday's news, it was reported that Safe Pay Ransomware group is like the new kid on the block. Like the hotness, right? Like Bo Jackson, future all Star baseball card, if you're picking up what I'm putting down. Or the Mark McGuire Jr Olympics team baseball card. Those were like the hotness in the 80s when I was a kid, by the way, drinking. And if you know those baseball cards, the future all stars, Bo Jackson one where he's like running back in the center field. Let me know in chat, but go like, once you get a little comfortable. Christian, say you had an interview on Friday this week. Go find some Safe Pay techniques, detonate them, detection, engineer them, learn them, and then just casually drop that, you know, like, oh, yeah. The newest threat actor group, Safe Pay. I actually in my home lab executed some of their techniques to see what it looks like. Like, you will absolutely jaw drop people in that interview. Come on down. All right, all right. What would, what would be good experiment? Okay, I already answered this question. Cryptic roses. If I wanted to write a LinkedIn post about a home router V without exposing my home network stack. I mean, just, I mean, just. I just don't say it's your home stack. What? You know what I mean? Like, whether, whether what your post is about. No one's gonna know it's your home stack. Just, just pose it as. I mean, if you want, just say that you bought this home router off of ebay or off of Amazon and. And tested it. No one's gonna know it's your home router. Just don't say it's your home router. Do you plan on attending RSA this year? Yep. I mean, we'll see. Right now. We'll see right now I'm in conversations with a company to do work at RSA with them. And you know, RSA is incredibly expensive. I'm not, I'm not paying to send myself to rsa, I guess, to put it plainly. All right, Ross, the boss says I May be let go soon after two decades. Oh, God dang, dude, that sucks. What are some personal branding tips while the clock ticks? Okay, dude, here we go. Ross the boss. Number one, I'm glad you're asking this question now. Number two, I'm sorry that you're having to ask this question. All right, here we go. I'm gonna drop links in chat number one. I did this. Where is it? This? I did this talk with Mike Miller the other day, literally. Ross the boss. The name of this one hour, very valuable practical session is called personal branding for your Cyber career in 2026. So this is a one hour answer to your question. All right. There's a one hour answer to your question. I just tagged you in chat number two. Ross the boss. I don't, I don't know if you want to do this, but. And I don't even know if I'm going to be able to do this. Hold on one second. If you go to Simply Cyber IO schedule, it's my upcoming events. I'm actually running a four hour workshop on. What the hell? All right, hold on one second. I'm running a four hour workshop on amplifying your cyber career for free. So really quickly, I'm. We're doing workshops through Simply Cyber Academy one a month, every month. And the workshops are going to be multiple hours taught by very awesome senior industry professionals. They are paid, but they're very reasonably priced. Since I'm doing the first one, I have waived the registration fee entirely. So you can take this webinar for free now. I will tell you, Ross, this is around building, like, basically I built a YouTube platform that's been very successful and helped me network and brand and all these other things. And there's, there's tangential benefits from it. So that's really what this is all about. So if you're not into that, I wouldn't do that. The other thing I would start doing right now, just as like a final tip for you, Ross the boss is in your two decades, you've probably met a lot of people. I would start reaching out to people and just reconnecting with them. Do not reach out to them and say, hey, I think I'm gonna get laid off. Do you have any jobs? Don't do that. Okay? Just reach out. You probably have developed relationships over the years with people you worked with that you've lost contact with. So reach out to them and just say, hey, you know, I, like, literally, this is not disingenuous. Hey, like I. Okay, so let me Give you an example personally, so it can, it can be relatable. I worked with a guy named Jacob Neal at Booz Allen. He's the guy that I went to Antarctica with a bunch of times. Okay. Now we work in different spaces now. He's, he's a government employee. And I do all this right. Every once in a while, I'll reach out to him. Like simply, cybercon is in. What happened? And I hadn't seen him in a minute, so I called him and I was like, dude, we're hosting a conference. Would love for you to come. I'll pay for your ticket and buy you a T shirt. What do you think? And he's like, yeah, I'll be there. And he came and we, he got a lot of value. We hung out some, and then it was off and running. Now, I didn't invite him or reach out to him for a job, but I did. I, I am nurturing that relationship because I, I like the guy and I don't want always to have a deliberate purpose for doing that. So reach out and reconnect and just ask people how they're doing. Think about it this way, really quickly. Everybody, if you have a neighbor or a friend, that the only time you hear from them is when they want to borrow your wheelbarrow or they need help moving or they want to borrow your, whatever, your pickup truck. What? Like, how does that taste? That tastes like butt, right? You're like, oh, yeah, of course. Like, you see the phone ringing and you're like, oh, I know what this is about. No one likes that. But if it's like, hey, what's up? I just, or even just text them, right? Hey, what's going on? So start building those relationships back up, okay? Because, because then you could be like, oh, I just got laid off. You know, like, sucks, you know? Hey, if you know of anything, let me know. Okay? All right, I'm gonna speed run now. I think we needed to design a Simply Cyber shirt contest with the winner getting a free one.

B

Sure.

A

Yeah, yeah, yeah, yeah. That's cool. How often do you read? Assuming you do. Yes, I do read. Although I've been doing audiobooks lately. But I read. I, I, I mean, not every day, but I do audiobooks every single day. Like whenever I drive, I'm listening to an audiobook and I drive, you know, I, I go to the grocery store almost every day because I cook fresh every night and I drive to the Citadel and stuff like that. But like, books around, like, like non fiction books to help me be Better at business or better at AI or better at work and stuff. I'd say like, you know, one a book a month, two books a month maybe possible. Wednesday idea. Word of the day. Thank you, Code Brew. We'll give that a shot. Worldwide wipeout. Every Wednesday you profile the single business security of the week, maybe. I kind of want it to be not security related though, just because it's like a fun little digression. Continuing to look here through chat, I'm speed running to get to the end of the stream. AB just says, Eric Capuano, like this is like a. A non referential statement. I don't know what this is, but if you don't know, Eric Capuano's phenomenal. I love myself, Samara Capuano. In fact, who. How many people we still got here? 260. Oh, oh, oh. I have a giveaway. Good thing you stuck around. I have a giveaway to give away really quickly. The On Simply Cyber's YouTube channel, I did the three GRC analyst job interview questions with interview feedback and breakdown or whatever. I'm doing it for pen testing and I'm doing it for SOC analyst. Mike Saunders from Red Siege is doing the pen testing interview feedback and Eric Capuano is doing the sock analyst feedback. So if you like yourself, Samara Capuano, giddy up on that. All right, guys, I've got news for everybody. Earlier this week or last week or whatever, I gave a Arcanum Security. Arcanum Security. My friend Jason Haddock over at Arcanum Security, they. They celebrated two years and he gave me five vouchers for any class that they offer. And I'm tell some of these classes are thousands of dollars. Okay, so this is like he gave me like $10,000 worth of prizes and I raffled them all off. And one of the winners messaged me and said, I want to work in grc. Which class do you recommend I take? And I said, jason's training really isn't for grc. So I said, you know what? I want you to be successful. So I just gave them my GRC analyst masterclass. And I said, I'll trade you. I'll give you my GRC Analyst masterclass if you give me the voucher back and I'll raffle the voucher off to someone else. And they said, that's great. So we got a voucher to raffle off. So go ahead and enter Arcanum. A R C A N U M in chat. I'll give it a minute. If you want to win like a Two thousand dollar prize. You can only enter once. And I'll draw the winner in, like, I don't know how much time in the songs left. All right, this song has like a minute and a half left. So when this song ends, I'll draw the winner. In the meantime, I'll keep answering questions. What's one cyber story from your past you hope no one finds about because it's embarrassing? What's. Oh, what do you mean, like, like my professional career? I don't know. I mean, I don't really. I'd have to think about that one. Roswell. I don't know. I guess one. One story that's kind of embarrassing from my career. Like, I used to be very anxious and nervous public speaking. And the only way that I got better at it was by doing it. So, like, there's many, many public speaking events where I was like, anxious and you could tell I was anxious and my voice would crack and stuff and I was like, very uncomfortable. I mean, of course now I. I've done like a thousand hour long live streams. I'm very comfortable public speaking now. I I public. I've spoke. I keynoted Wild West Hacking Fest. There was like a thousand people in the audience, so definitely those early talking things was embarrassing. I don't understand. I do understand privacy is important, but I also like the advantage of personalized ads. Where's the sweet spot? I mean, it is what it is. You choose your own adventure. I mean, I like personalized ads too. I'd rather something marketed to me that I'd be interested in than like something I don't care about. Right. All right, how many people we got? We have 62 entries. 62 entries for the Arcanum Security Prize. Here we go. Let's draw a winner. We'll do it live on stream so everybody can see it. Here we go. Good luck to everybody. This is for an Arcanum Prize. Winner is Berg, ssj. Berg ssj. Congrats. And here's the thing. I need Berg SSJ to comment in like the next minute, I guess, or I'm gonna give. I'm gonna give the prize to somebody else. Okay? So Berg ssj, let me know, you know, you know, if you're driving or whatever. That's something else. Just maybe you could just. Just type anything in the chat so I like you acknowledge that you're here and that you won. I'm gonna look at chat really quickly. Cyber Risk, which. Oh, all right, we got them. Cyber Risk, which says. How's your dog doing? Dog's doing Great Cyber Risk Witch. Thank you for asking. They actually got their. So Monday he was considered through, right? He had antibiotics, he's done with that. And then yesterday the dogs got haircuts. So he's looking so fresh and so clean. Clean. And he smells good and he's all recovered. Thank you for asking. All right, so Berg ssj, what I would like you to do is connect. Go to Simply Cyber IO Discord and in the general channel just at Gerald Ozier PhD, which is me. And just, just so we can sync up and I can get you your prize and just like I need like, just something to prove that I, I don't want someone to steal your prize so I just need you to like either take a screenshot of, of your inner. Your YouTube channel so like, or whatever so I can see that you're you or. Oh, it's Justin on Discord. Okay, yeah, so it looks like AB knows you. So Berg, just, just message me in Discord. Okay. All right, guys, what a solid, solid jawjacking. Thank you everybody. I'm gonna go do some work. I am really excited. Me and Zach Hill are working on something that's completely unrelated to cybersecurity that's super cool. I'm really excited about it because it's, it's, it's happening. There's been some, some forward progress on these things and it's, it's like filling my cup. All right, guys, I want to thank all of you for being here today. Thanks for being great. I'm Jerry From Simply Cyber Be well, we'll be back tomorrow morning, 8am Eastern Time. Until next time, stay secure. Play the Outro video computer, please.