Steve Prentiss

Foreign.

Tyler Ramsby

Ladies and gentlemen, boys and girls, good morning. Today is Monday, January 26th, and you are watching Simply Cyber's Daily Morning Threat Brief. I think I said that correct. That I've been practicing that before we went live. That's really hard to say over and over again, especially this early in the morning, but yo, I am super excited to have you here. If you cannot already tell, I am not Dr. Jerry Ozier. My name is Tyler Ramsby. Jerry is gone today and I have the opportunity of guest hosting and hanging out with all of you. Hey, real quick, since I'm not always here, guys, please let me know if audio and video all looks okay. But I'm super excited to have you. Today is episode 1054, which is insane. And as usual, you can get half a cpe. This is an instructor LED webinar, so make sure you say hello in the chat. Grab a screenshot of that and you get your half a CPE for all of your fun renewal stuff. But if you are new to the Daily Cyber Threat Brief, let me explain to you what is going to happen. First of all, who am I? Who's this dude up on the screen? Since I'm not normally Jerry? Well, once again, my name is Tyler Ramsby and I am a practitioner in this field, but specifically in the offensive security realm. So I am the founder of two companies. One is Kairosac, which is a boutique pen testing firm, which means I get to spend my days hacking companies before the real criminals do and then giving people reports saying, hey, you might want to fix this before you end up on an episode of the Daily Morning Threat Brief. And I also founded Hack Smarter, which is a training platform with labs and courses, all of that fun stuff. I share that for two reasons. Number one, it's like super easy self promotion, which is always fun. But number two, I want you to know that my takes don't just come from some random person out here on the Internet. This is what I do day in and day out. I also livestream on YouTube all the time myself. But I'll be real with you guys. Usually when I live stream, I just sort of hit go live and I hack stuff and hang out with people. Every time I do this show, believe it or not, I get. I still get incredibly nervous because I just feel like it's almost. It's almost like too formal, too structured. I always feel like I'm gonna mess up. So I appreciate any grace. I appreciate your patience. But guys and gals, thank you so much for being here. Hey, before we dive in and shred the top cyber news of the day. I do have to give you a word from the sponsor, but look for the sponsorships. I am not going to attempt to do it. So we have an amazing video from the one and only Dr. Jerry Ozier. So let me play this video for you real quick. And before I play it though, the sponsors are seriously the ones that allow this show to happen. So if you can do me a favor, if you can do Jerry a favor. During this ad read, if you look in the description of this video, you will see a link to each one of these sponsors. Click all the links. I know that is the complete opposite of the fishing training you took at your workplace, but trust me, I'm a professional. You can do it right now. During the ad read description of the video, click all the links, check out the sponsors, show them some love and support because it is because of them that we are able to make this show possible. So let me go ahead and grab this. We'll play the sponsors and then we will dive into the top cyber news of the day and we'll shred all the things. Here you guys go.

Dr. Jerry Ozier

All right, thanks Tyler so much. Hey everybody, really quick, I want to say shout out and love to the stream sponsors, those who enable me to bring this show to you or Tyler. Starting off with Anti Siphon Training Anti Siphon Training is disrupting the traditional cyber security training industry by offering high quality cutting edge education to everyone regardless of financial position. And they've got a banger. This January 28th, just a few days away from noon to one eastern time, you can learn for absolutely free from one of the brightest in the industry, Hayden Covington around effective AI for practical SecOps workflows use the link in the description below to go to Anti Siphon Training. Look at their upcoming course calendar and you will see this on January 28th. Hayden is an amazing security operations analyst and you are going to get mad value from this, I promise you. Thank you. Anti Siphon Training Also want to say hala Hala. Holla to Flare Academy. Now listen, Flare Academy is providing amazing opportunities to learn from industry practitioners who are right there in the space around threat intelligence. And yes they Flare has a wonderful threat intelligence platform worth checking out. But what I want to share is this January 29th so the day after your Anti Siphon webinar you can check out Inside the Life of a Ransomware Operator. You can go to simply cyber IO flare to register. This is a two hour 11am To 1pm Eastern Time Training and the best part is a bunch of us from Simply Cyber are going to be watching it. I do not want to get into the CD underbelly of the criminal underground, but I would very much like to know how are they thinking and what do they like to improve my threat modeling as I'm building out programs and thinking about how to defend from these type of criminals. Join the watch party that I'll be leading on January 29th at 11am Come, hang out, have fun again absolutely free. And that's all good times. Also want to say Shout out to Area Listen. Your leadership team is demanding AI automation. Your employees are using it. Sales is doing one thing, marketing another you have no control over. It's like AI sprawl and it's unfortunately introducing a lot of risk to your organization around data governance, sprawl access, a million things, right? But what if AI became an advantage instead of your biggest risk? What if teams could innovate while being protected? Get the best of both worlds. Well that's what Area does does unified platform that combines AI security, governance and orchestration so you never have to choose between innovation and protection. Take control today. Go check it out. Turn your AI stress into AI success. Go to Simply Cyber. That's a I R I a link in the description below. Give it a look, give it a sniff, see what's up. Definitely appreciate you checking them out because it helps the channel. Quick word from Threat Locker and then we are going to rip the news apart. We're going to with Tyler Ramsby. I want to give some love to the Daily Cyber Threat Brief sponsor Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com dailycyber.

Tyler Ramsby

And we are back. Hey, big shout out to Jerry for doing the ad read for us. I also was confused we had like an ad read within an ad read. Full inception going on. But yes, Rip the News apart with Tyler Ramsey says Jump Points X sounds like a cool podcast title. Let's do it guys. I don't know if Jerry shared this with you but if he hasn't actually, me and Jerry have a podcast coming out together. We are co hosts of this podcast. I believe it's launching in February. You'll have to ask Jerry about it, but stay tuned to that. But once again, thank you to Jerry. Thank you to all of you, and thank you to all of the sponsors who make this show possible. I just want to you one more time. I know I'm a hacker, and I know generally you don't listen to hackers when they tell you to click all the links, but you really should listen this time, right? Description. This video. Click on the link. Show some love and support to those sponsors. And now what we are going to do is we're going to dive into the top cyber news of the day, or at least we're going to attempt to. It's always kind of a very weird setup when I'm piping everything to restream from obs this craziness, but I think I have it set up. It might be rough in the beginning, but we got this. And I also want to remind you, I have not taken a look at these news stories. If. If nothing else, guys, we need to fill out something to encourage Jerry. Jerry, you need to push the show back one more hour. I had to get up at 6 in the morning, y', all, in order to get everything ready for the show. It's 7am My time, so if you are at your computer or looking at your phone and you are half asleep, I'm right there with you. But here's the thing. I'm faking like I have energy. And if I can fake like I have energy, you also can fake like you have energy. But I have not prepped. I have not looked at the news stories. These are my raw takes, for good or for bad, depending on what I say and how it goes. But let's go ahead and dive into the top news stories. I'm going to make sure I share my screen. Hopefully you all can see it. I just realized when I share my screen this way, it. When I'm looking at restream, it looks like it is backwards and upside down. Can you guys let me know if all the text on the screen is upside down for you? Before I go into things where everything is backward, I'm looking over at chat. We'll see if anyone can get caught up. I'm actually going to pull it up myself. Yes, it is upside down. It is backwards. I can. I can fix that. Y' all give me just a moment. And. Yeah, it's mirrored. I got you guys I got you. Give me a moment. I'm. I'm pretty sure I am able to fix it. Maybe I can fix it. Otherwise, you guys are going to read backwards. All right? I hate. I hate having to fix things, like, on the spot, but I think I can, so if I do. Nope, nope. Definitely not that. That's definitely not the way we want to do it. Now we're upside down. All right, we got to get it back to normal now. Oh, my goodness. All right, so that is still backwards. So I think I need to flip it a different way. Let's try this. No. Come on. Are you joking me? It's backwards. I know. Guys, relax, relax, okay? I'm a professional. Jeez. So I have a few ways that we can do this. I don't know why it's backwards. Let me try one more thing. As I flip everything. What if I do this? What? I fixed it. I tell you guys, I work in it. Yeah, I know, guys, I know it seems simple to fix that, but I use obs to pipe everything out and to fix it in obs, I was clicking around on stuff. When I usually stream from obs, it doesn't mirror it. So now when I'm done with you guys, it actually is flipped in obs. So when I stream, I got to do it. It's fixed now. It's fixed. Everyone, like, give me a round of applause. All right. Just like Jerry. We fix it in real time. What's he always say to see how. Whatever cooks the. The freaking. I don't even know what he says. All right, before I dig myself a deeper hole, let's go ahead and dive now into this top cyber news stories of the day. Besides Tyler trying to figure out how to flip his screen horizontally in obs, let's go. From the CISO series, it's cybersecurity headlines. Hopefully you guys can hear it. Hear something.

Steve Prentiss

These are the cybersecurity headlines for Monday, January 26, 2026. I'm Steve Prentiss. Microsoft releases emergency update for Frozen Outlook. The out of band release occurred Saturday for Windows 10, Windows 11, and Windows Server. This was to fix an issue that stopped Microsoft Outlook Classic from opening when using PSTs stored in cloud storage. A Microsoft Outlook PST file is a data file used by the application to store a user's email and other data locally on their computer instead of on the email server, and is commonly used to access mail when offline and backing up important messages. This problem had existed since the release of the January 2026 patch. Tuesday updates this issue primarily involved classic Outlook used in enterprise licensing and not with home installations of Windows.

Tyler Ramsby

Well, I don't know how that's a news story like ladies and gentlemen, Microsoft broke something with a patch. This is your typical day to day story. I'm assuming this is in the CISO series, just so CISOs and IT teams are aware of that. Hey, as usual, Microsoft broke something, as usual. You probably got a lot of tickets from users and as usual they're pushing out another patch to fix it. That's probably going to break something else, but that is good old Microsoft. Hey, if you can't. Oh no, you can't actually tell by my screen because it's just showing my browser. But I'm not a fan of Windows. I don't use Windows. The only time I use Windows is for two things. Number one is if I'm gaming because Nvidia and Linux don't like each other. Or number two, if I'm hacking Active Directory or doing like malware development, then I do jump onto my Windows machine and do things that way. But hey, here's the lesson, here's the takeaway. If at all possible, avoid Microsoft products. I swear I feel like every update that gets pushed out ends up breaking it. Oh, Roswell UK has a very good point here. I don't know if I can bring it up on the screen. Oh, I can. So shout out to Roswell. He's spot on here. Watch out for click fix patches that fix Outlook. I know Jerry has talked about this multiple times and we're probably all aware of the whole click fix thing. It's essentially a social engineering attack that you get users to copy and paste something into run or PowerShell and then when it executes you have code execution on the victim's computer. And that's something that we've seen threat actors use over and over and over again, especially when we see outages and issues happening. So that, that actually is a good call out. So big shout out to Roswell UK for calling that out. Something to be aware of. But also, hey, if you work in IT support and you're seeing issues, there's always a good chance it is Microsoft. Matter of fact, I spent was about a year and a half managing an IT department for a small technical college. And one of my things is I oversaw the support team. So if you're in IT support, I know your pain. I know what it's like to deal with Microsoft. I know what it's like when things go down. I know what it's like to get the ticket of someone saying, hey, I can't access Facebook. You know, when you can't access Facebook, you know, it is the end of the world. But. All right, let's go ahead and continue and dive into the next one, which is literally. We have, I love it. We have a story about Microsoft releasing an emergency update to fix Outlook. And then the next story is Microsoft Windows 11 boot failures after January updates. You can't, you can't make this up. All right, let's, let's just let the news story play and see how it goes. Let me get it pulled back up here.

Steve Prentiss

Microsoft investigates Windows 11 boot failures after January Updates. This second Patch Tuesday headache for Microsoft involves reports that some Windows 11 devices are failing to boot with, quote, unmountable boot volume errors and quote, after installing the January 2026 Patch Tuesday security updates. This problem issue affects Windows 11 version 25H2 and all editions of Windows 11 version 24H2. Users are reporting encountering a black screen of death and systems are unable to boot into Windows and require manual recovery efforts to boot again. This is an ongoing issue.

Tyler Ramsby

I feel we must have like a slow news weekend when it comes to the cybersecurity world. The fact that two of our stories are back to back about, hey, Microsoft sucks at updates. Just so you guys know, they suck at updates. We all, we already know that. So I don't have too much commentary on this story either. Besides, we laugh. We laugh so that we do not cry. Especially for those of you in IG support. Some Windows 11 devices are failing to boot with unmountable boot volume. Like you don't need, you don't need threat actors when you have Microsoft, right? If you just want to experience denial of service, just use Microsoft. They help you do it. We all remember the crowdstrike fiasco, right? This is not on that scale and I don't know the issue behind it, what caused it to stop working. But you have to patch all the things. But sometimes when it comes to Microsoft, you have to very, very carefully patch all the things. When I was, I've had various job roles right in the world of it. Before I got into pen testing, I was a senior analyst on the blue team. And one of the things that I was in charge of was patching a bunch of Windows devices in an enterprise environment. And we did essentially ring patching, where you patch a small ring of machines, wait to see how they respond, and then you open it up larger and larger and larger so you don't patch everything all at once. And that is generally your best way to deal with Windows and Microsoft is you patch things slowly, wait to see the 10 or 15 things that Microsoft broke, wait for them to roll out an emergency update, install the emergency update, watch everything else break in the way. But I'm guessing we have a slow news story, ladies and gentlemen, when it comes to the CISO series. If we're having two back to back stories of how Microsoft sucks and when they patch stuff, they accidentally break stuff. But I mean, let's be real. This is really good security. If you cannot boot your computer, your computer cannot be hacked. It is completely air gapped. If your end users get a black screen of death and the unmountable boot volume error, they can't follow the click fix. This is just 4D chess by Microsoft. If your end users don't have a computer, your end users can't be hacked. Big brain move. Good job, Microsoft. Keep up the good work. Go team. All right, let's go into maybe a real news story. Yeah, it looks like a real news story. Let's get the news going.

Steve Prentiss

Sandworm likely behind cyber attack on Poland's power grid says iset. Researchers from that company state that the cyber attack, described as the largest the country has seen in years, was the work of the notorious Russia aligned APT group. Sandworm is best known at least in 2025 for attacks on infrastructure in Ukraine. The attack on Poland's power grid which occurred in the last week of December, involved data wiping malware that ESET has named dinowiper. ESET researchers have also highlighted the fact that the coordinated attack occurred on the 10th anniversary of the Sandworm orchestrated attack against the Ukrainian power grid, which resulted in the first ever malware facilitated blackout. End quote.

Tyler Ramsby

All right, so when it comes to a story like this, we actually do have a few things that we can digest, a few things that we can talk about. If you've been in the space at all, I'm sure that you have heard of Sandworm. And I do want to break down a few of these terms, especially for those of you who, sorry, my nose is all running, my kids get me sick. Those of you who are maybe new to this space, APT is an advanced persistent threat. Some people would call them an advanced persistent teenager, depending on the group we're talking about. But. But this is advanced persistent threat. And these are generally nation state actors who have significantly more money than your typical threat actor prowling out on the deep web. They are powered by the nation that is behind them, hence the name nation state threat actor. And because of that they are incredibly sophisticated. They have zero days, which are vulnerabilities in software that have not been disclosed. And they use that to do these types of attacks. And one thing that we have been seeing for a while, we're going to see even more of is when it comes to war and conflicts between nations, we are going to be talking less about your traditional war and more about cyber war. So of course Russia and Poland are not engaged in a physical war, at least not actually physically attacking each other. But we already see that behind the scenes. There is truly hidden, almost invisible war that we do not see until we experience the effects of it. And that's what's going on here. So with this we have. What do they call it? Dino Wiper, I think, yeah, Dino Wiper. Guys, it sounds like a. I've, I have young kids, thankfully my kids are out of diapers. But Dino Wiper sounds like a diaper brand or like something to wipe your kids, in my opinion. Bad, bad branding by eset. Dynowiper is just an odd name in my opinion. But we have this malware wiper. So it's not necessarily trying to deploy ransomware. It is quite literally just trying to cause damage. And we can see this, what was it, a year ago or an anniversary of the year when Ukraine's power grid was taken out by a malware facilitated blackout? We are going to see more and more and more of this as we see conflicts and wars going on in the world. So here's the takeaway. If you are ciso, if you're a leader of an organization, especially if you work anywhere near critical infrastructure, you need to be on your guard. You need to make sure you have defense in depth in place. You need to make sure you're doing tabletop exercises, you need to do pen tests, you need to do red teams, you need to be prepared. The reality is it's not if you get breached, but it's rather when you get breached, how do you contain the threat? This is already happening, this is going to continue to happen and anyone in critical infrastructure will be targeted. But even outside of that, we see other states like North Korea that target U.S. companies and they are incredibly sophisticated. Once again, APT, APT Nation State Threat Actor. And they're targeting U.S. companies and companies around the world. So once again, it's not if, but it's when you get breached, how do you contain the threat? How do you have defense in depth in place? How do you decrease the meantime to dwell in the meantime to discover the threat actor in your environment? To prevent damage such of this. But here we go, we got the Dynowiper group here that seems to be sponsored by Russia with the Sandworm attacks. Looking at the TTPS or the indicators is what points to it being the Sandworm. All right, let's continue going through our stories for the day.

Steve Prentiss

Dresden Museum Network suffers cyber attack On Wednesday, one of Europe's oldest museum groups, Germany's Dresden State Art Collections, suffered a targeted cyber attack that left it with limited digital and phone services and no ability to process online ticket sales, visitor services or transactions at the museum's shops. The museums remain open to visitors and the Culture Ministry said, quote, security systems protecting the collections were not affected and that both physical and technical security remain fully intact, end quote. Officials have not attributed the attack to any group and it is not clear whether the incident involved a ransom.

Tyler Ramsby

All right, I was just saying this. I mean, threat actors are coming after organizations regardless of your organization size or the organization's background. We've seen this in library systems, at least in the US that's what I'm aware of. I know, like the Seattle library system was down for a long time, to name one of them. We've seen schools get attacked by threat actor groups as Well, K through 12, which is honestly insane to me. But now we have this. Germany's Dresden State Art Collection, one of Europe's oldest museum networks, has been hit by a targeted cyber attack. Now, I don't think I was trying to glance at the story if it really gave us any information on how the threat actors got into the environment. No, it says officials have not said who carried out the attack or what their motives may have been. I mean, I can tell you their motives. Likely money. It is also unclear whether the incident involved a ransom demand or whether any negotiations the attackers are underway. I'm gonna go with probably right. Unless it is a nation state actor trying to target critical infrastructure, the money is going to be the primary motivation for the majority of these threat actor groups. I'm guessing it was ransomware. I'm guessing they are asking for a ransom to restore access to their networks, but we don't have anything for sure. We have nothing saying that that's what happened. I also don't know what kind of data that a state art collection stores, but I'm assuming they have potentially sensitive data as well that the threat actors are able to use in a ransomware attack. Now we'll see what happens in the upcoming days if they release more information. But my guess is the way in with social engineering that's what we see often. And if you study the way threat actors work is they're generally getting into networks via some type of social engineering. It could be a click fix attack, it could be a phishing email, it could be a pretext call, which is when you call someone, often in combination with a phishing email to get initial access to the network or to the files. So without seeing the details, I am guessing that was the initial way in, which is once again for those of us who are maybe in the blue team, in the GRC side of things, the CISO side of things, this is where defense and depth comes into place in the whole concept of a pyramid of pain. The more difficult you make it for an attacker when they try to gain access to your network, the better it's going to be for you. Now, we don't have any indications here of the threat actors behind it, but most cyber attacks that happen, especially to smaller organizations are not done by incredibly sophisticated hackers. They probably couldn't hack their way out of an easy hack the box machine, right? They are done by people who are targeting for low hanging bugs. They either found a way in or they purchased a way in. We see this online often where threat actors sell VPN access and other credits to major organizations. This isn't a major organization, so I don't know if that's the case. But for those your typical threat actor, the more difficult that you make it for them, the more likely that they are going to give up and try something else. So this really sucks for these people. So we have the Toronto Public Library. It says they spent months recovering from a ransomware attack, describing the incident as a crime scene. Unfortunately, we are going to see more and more of this. And when we see libraries and schools being attacked, I think it's very obvious why they're attacking the libraries and schools because they don't have the big budgets, they don't have the money in place in order to really defend against these types of attacks. And here's good career advice for those of you who are like, hey, how the heck do I break into cybersecurity? How do I make it through that experience gap? One really cool thing that you can do is reach out to a nonprofit in your area and see if you can volunteer with them in in some way. For those of you who are interested in grc, maybe that looks like coming up with some type of policies and auditing or what they currently have in place. And once again coming alongside them as a volunteer, they cannot afford to pay A major cyber security firm or they cannot afford to pay for a pen test. But you can see that regardless of your size, regardless of your bank account, everyone's a target when it comes to criminals and threat actor groups trying to steal money from organizations. So real quick tip. If you want to break into cyber and you want to help bridge that experience gap, I guarantee you there are many non profits in your area who would love to have someone come volunteer to help them with their cyber program. But ladies and gentlemen, I believe we are at the mid roll here. Let me double check. The news story stopped playing but I think we were at the mid roll. Let me see if I can refresh this and see if I can get access to it again. Give me just a moment.

Steve Prentiss

From the CISO data level boot into as seen involved resulted in these dresses and mystery scene fully intact. End quote. Officials have not attributed the attack to any group and it is not clear whether the incident involves.

Tyler Ramsby

I think it's the mid roll.

Steve Prentiss

Yep, huge thanks to our sponsor.

Tyler Ramsby

All right, the we are now at time for the mid roll. I'm looking over at Mod Chat and I don't know if anyone gave an actual answer. I think Mondays are are the cyber security like membership Monday thing where we highlight a member of the Simply Cyber Community. They get like a hundred dollar gift card, all of that fun stuff. But guess what? I don't actually know that whole process so we're not gonna do that. So we can just pretend like all of you win. But I'm not gonna send you a gift card. So if you get an email from someone named Tyler Ramsby, do not click the link because I'm really not sending you a gift card. I'm sure Jerry might be able to follow up with this tomorrow. I see Haircut Fish talking to Mad Mod Chat so maybe he will have some information. But yo, I also don't have the music guys. I don't have the Sweet Stream deck and fanciness like Dr. Jerry Ozer does. I just have my computer and so I don't have the music that I'm gonna play. So you guys just have to imagine that you hear the la las and all the fun music that Jerry plays. During the mid break ad Elliot said I'm finally a winner. Congratulations Elliot. You got this. Yes. So Haircut Fish said Simply Cyber Community member of the week is Monday just named Jerry as the person of the week. All right. Dr. Jerry Ozier is Simply Cybers member of the week because we don't know who has been selected. Maybe he Will follow up tomorrow and select somebody. So I apologize I don't have the member of the week for you. But you know what I do have? You know what I do have? I at least have the mid roll ad. So let me go ahead and play this mid roll ad and get it pulled up. Share my screen. Here we go. So a huge thank you to our sponsors. We have Threat Locker, Anti Siphon Training, Flare and Area. I think I'm saying that correct based on Jerry's ad read in the beginning. Each one of these organizations is amazing and I do want to share with you and I know this myself as being a YouTuber that Jerry does not accept sponsors if they do not allot align with the simply cyber focus and mission. Each one of these sponsors truly are amazing organizations. Either giving back to the community in consumers, customers trying to learn cybersecurity such as Anti siphon training, even Flare has their flare academy. Or giving back to businesses and organizations to defend and protect against cyber attacks such as Flare and Area. Both do those and Threat Locker. So once again, I know I just told you a little bit ago, do not click the links that I send you. But now you need to click all the links that I'm sending you. In the description of this video, make sure you click Threat Locker, Anti Siphon, Flare Area, click all the links, click all the sponsors, show them some love, show them some support. Because once again, they are the ones who make this show possible. Haircut Fish said you can do a Tidbits Tuesday on a Monday. All right, let's do a Tidbits Tuesday. Let's do it. So Tidbits Tuesday is when Jared usually shares something interesting about him. Geez, I'm trying to think of what I could share about myself. I'm. I'm very open on my stream. So like you guys, if you follow me on my own YouTube channel, you probably already know every somewhat unique thing about me here. I'll give you one unique thing. Two unique things. One unique thing because the other one, someone's gonna clip it, I'm gonna get in trouble. I have punched a police officer in the face without getting arrested. And that's because I box. It was actually really cool. So one of the things I love, one of my hobbies is boxing. Now, I have never competed yet. We could talk about why I haven't competed, but I don't do this as often now because I legit think that CTE is an issue. Right? If you study boxing and combat sports, the damage isn't caused by getting knocked out. It is the sub concussive punches before you get knocked out. But I used to do a lot of semi heavy sparring with both amateur and pro fighters in the boxing MMA scene. And at one of the gyms that I trained at in a bigger city near me, a lot of police officers came and trained as well, which was amazing. So I, I boxed with the head of the entire police department in my area. We jumped into the ring and we threw hands, which is fun. And then I boxed with this deputy, and the fun thing about his deputy is we were about the same size. Like, I'm pretty big. He was pretty big. And we started getting a little bit too aggressive and the coach was like, hey, like, you guys need to pipe down. So I have gone, I have gone toe to toe with multiple police officers, but in the boxing ring and it was a lot of fun. So that's the fun fact about me. I have technically hit multiple police officers in the face, but did not go to jail for it. But because I was doing it in the boxing ring and they, they were amazing and it was so much fun to hang out with them. Did you untie him first, Tyler? No. All right, well, let's go ahead and continue working through our news stories of the day. After my sweet tidbits Tuesday, I'm gonna close out all of my extra tabs. So I have just the right news stories pulled up. And let's go ahead and continue our news story. Also, I have seen a few questions in chat. I do want to remind you guys, at the end of the daily cyber threat briefing, I will be doing the Jawjacking segment. If you don't know what the Jawjacking segment is, that is when we do Q A. So if you have any questions about cyber security, pen testing, entrepreneurship, business, anything like that, I, I truly am an open book. Anyone who follows me on my channel, you know that. So just know at the end of the daily cyber threat briefing, we will go over to Jawjacking and I will answer any question you have. So if you have questions, you can hold your questions till then because if you're asking them now, I'm going to miss the questions. All right, let's dive in. I do need a drink of water. I'm not used to talking this much this early in the morning. Usually I stream late at night. All right, let's continue. We're halfway through the stories. Let's knock out the rest. Oh, I should probably share my screen. Eh? Here we go.

Steve Prentiss

Officials have not attributed the attack to any group, and it is not a ransom.

Tyler Ramsby

Here we go.

Steve Prentiss

Huge thanks to our sponsor Conveyor. Ever wish your customers could magically get answers to their own security questionnaires before they ever hit your desk? Conveyor has heard this wish from hundreds of teams, so they have just launched a new Trust Center AI agent. The agent lives on your Conveyor hosted Trust center and answers customer questions, surfaces, documents and even completes full questionnaires instantly so customers can finish their review without your intervention. Join top tech companies using Conveyor today like Atlassian, Zapier and more. Check it all out@conveyor.com that is C O N V E Y O. Nike Investigating possible security incident the maker of athletic footwear and apparel has been listed as a victim on a tour based leak website operated by the World Leaks gang, along with a threat to make stolen data public. Although the type of data has not been identified, World Leaks is a new gang apparently built on the remains of Hunters International. According to Security Week, the World Leaks website names nearly 120 alleged victims, one being Dell, who in July 2025 said the hackers had quote, only stolen synthetic or publicly available information, end quote.

Tyler Ramsby

Sisa adds, okay, that was that whole story. Once again, nothing super new here. I always do find it interesting when they call it a potential cyber attack, but in this case I think it might actually be just that, a potential cyber attack. So we have this new group, World leaks Immersion 2025 finally shut down of Hunters International, a ransom group active since late 2023. Now I, I haven't dug into this, obviously I can't comment it at all. Oh, one second guys, my wife just messaged me so I'm gonna pause. Okay. Nothing, Nothing. That's a big deal. Anyway, so we have the same thing with Dell and Dell claims. Geez, sorry guys. Dell claims the Stackers had only stole stolen synthetic or publicly available information. I don't know if any more information about that leak came out. That's possible. It says they have nearly 120 alleged victims. It could be, and I'm not saying this is the case here, but it could be that these threat actor groups do have some type of publicly available information and they gathered it together and that is the information they are leaking in order to try to gain money from it, that the information itself isn't necessarily as sensitive as they claim it is. But from my experience, often when an organization makes a statement like this like no, they don't have anything sensitive. It's only publicly available information. It's almost always not correct that there is sensitive information being there and the company is just trying to do some protection of their brand. Now, we don't know what's going on here, but Nike has launched an investigation, et cetera, et cetera. We're going to see more of this. We're going to see, honestly, your organization has a good chance of being targeted at some point in time by one of these organizations. And that's why we need to stay on top of cyber security. I know for many CISO CIOs, cyber security looks like a cost center and not actually something that's going to accomplish anything, but it will. It matters when these attacks happen. It matters to have the defense in depth in place. It matters to have a skilled team and a budget dedicated to this. So not if, but when this happens, you are able to respond. So I have no idea if Nike is ever going to release more information about how this happened. But if I was a betting man, I would have to bet and guesstimate that. Once again, it's social engineering. Someone bought VPN access. Nike is a big organization. So you have the initial people who get get initial access to a network. They sell that information to ransomware groups and the ransomware groups use that to dive back in. Looking at what Roswell said. Oh yeah, so that's a good call. So Roswell said this. He's got great. Roswell needs to lead the show sometime. He said be alert for emails claiming to be from Nike support asking to re verify your account due to the breach. These are likely follow up scans spot. And we do see that going around when things like this happen, you see hackers. I mean we saw this with Instagram. I didn't really dig into the Instagram story. I have an Instagram account, but I never use it. But I remember like a bunch of people. I got an Instagram password reset email to my email. I just assumed it's someone who follows me on YouTube and was trying to get access to my account. I get that happen all the time. But we see things like that. You see a breach that happens and then you see emails go out shortly afterwards in order to use that breach for more social engineering to target the victims even more. And that's a common tactic in the cyber security groups. All right, let's continue our stories. I don't know why I always have this issue. No matter how I try to play these stories, the podcast always pauses and I have to refresh it. So give me just a second, guys, is I get it pulled back up to where we were at from the.

Steve Prentiss

Culture Ministry said a trust operated a new GAN July 2020 exploited vulnerability available information end quote CISA adds four actively exploited vulnerabilities to its KEV catalog. In short, the vulnerabilities are a PHP remote file inclusion vulnerability in Synecore Zimbra collaboration suite, an authentication bypass in the Versa Concerto SD WAN orchestration platform, an improper access control vulnerability in Vit js, a front end build tool for web projects, and an embedded malicious code vulnerability in ESLINT Config Prettier. A link to an article with additional details including CVE numbers, CVSS scores and the threats these vulnerabilities pose is available in the show notes to this episode.

Tyler Ramsby

All right, so we have some CVEs. I do want to just explain a little bit about what is going on here for those of you who might be new to this scene. CVE is a way that tracks what's called zero days. A zero day would be a vulnerability found in software that was previously undisclosed. And now the big deal about these are they're being exploited in the wild by threat actor groups. Now this is sort of unrelated to the story, but if you want to get into this space as offensive security pen tester, ethical hacker, one of the best things that you can do is find your own CVEs. If you look me up on YouTube, I have multiple videos on this. I think I'm at like 12 CVEs now that I have found. And finding CVEs isn't super difficult and it looks amazing on your resume. So if you cannot afford the big certifications like the OSCP, you can find CVEs. And it really is an amazing way to give back to the cybersecurity community. You find a vulnerability generally an open source software, you report it to the vendor and then you often help the vendor patch it. One time actually I found a CVE in Ghost cms, which is a big CMS used by I think Mozilla and OpenAI and other big companies. But I found a CVE in it and then because they're open source, I patched my own cve. So I found the vulnerability and then I patched the vulnerability. So those of you who want to get into offensive security, do some research into not just like understanding CVEs but finding your own CVEs. But we have four of them here. One is a PHP remote file inclusion, which is not going to be good, but allows a remote attacker to craft request to allow inclusion of arbitrary files in the web root directory without any authentication that's actually a pretty big deal. Often can lead to what's called rce, a remote code execution which is essentially full control over the back end web server. We have an AUTH bypass that allows an attacker to access administrative endpoints. It doesn't say if the attacker has to be authenticated or not. Often with an authentication bypass it goes from a low level user and you can access things that only an admin can access. And we have something similar here of improper access control. Arbitrary files to be returned to the browser using inline import raw import. It was fixed in March 2025. And we have another CVE here, a malicious code vulnerability. Here's what we need to do. You gotta patch it. All right, I know, I know. I said when it comes to Microsoft, if you try to patch it right away you're gonna probably break something. But generally what I've noticed for these kind of products you do need to patch it and the patches generally work well. So I've done a lot of pen testing and when I do a pen test on an external network and by external network, here's what an external network pen test looks like. The client gives you a list of IPs, those are their Internet facing assets and those are the things that you are attacking. Generally a company's external network is pretty secure against these types of vulnerabilities, but the internal network can be a mess. So then when I do an internal network pen test, which is when I'm on the inside of the client's network, maybe with VPN access or send a computer to them on site when I'm on their internal network, that's where I see patch programs either are lagging behind or are non existent. The reality is threat actors will gain access to your internal network or especially on the external network. If you don't have things patched then this is going to be a big deal. So if you do not have a good patching system in place, that's the biggest takeaway from the story. You have to patch all of the things. All right, we got two more stories to cover and then we'll jump into jawjacking. So let me go ahead and jump over to this story. We'll hit play and we shall dive into it.

Steve Prentiss

Shiny Hunters CLAIMS OKTA CUSTOMER breaches the group is taking credit for a voice phishing campaign which allowed it access to market intel broker CrunchBase, streaming platform SoundCloud and financial tech firm Betterment. The voice phishing campaign gave the group access to single sign on codes. SoundCloud says the breach affected about 28 million of its users, while the Betterment and Crunchbase data dumps contain more than 20 million and 2 million records respectively, end quote, all relating to PII. And this according to representatives from Shiny Hunters itself, ZD.

Tyler Ramsby

All right, so something I actually just talked about. If we scroll up to the top, the biggest thing to understand about this story is we have an Okta voice phishing campaign and this is what we're going to see a lot more of. As far as the voice phishing things go, it just means phishing but with voice, as you can tell, not sending the email. Once we see. And here's honestly what I think is going to be significantly more dangerous is once we have AI powered voice phishing, we've seen the deep fakes where you can make yourself look like another person, which is a big deal, but we're going to see deep fakes where you're able to translate your voice in real time in order to sound like a specific person. So I don't know if it goes into detail of how they did this. I want to look a little bit closer. It says they confirmed to the register that they gained access to two of the three Crunch Bass and Betterment by voice phishing. Octa single sign on codes. Interesting. SoundCloud confirmed it had been breached. I'm actually curious about how they confirm this. Oh wow. We had a few other breaches happen here that we won't, we won't share here. Oh wow. So we have SoundCloud. Here's what frustrates me so much about organizations. SoundCloud confirmed it was breached after a week of user complaints about outages and broken access, which the company now says were linked to a cyber security incident the streaming platform said detected unauthorized activity in an ancillary service dashboard and brought in third party security experts to investigate, eventually determining that the exposure affected roughly 20% of users and they have approximately 140 million users. Very frustrating. Companies get breached and the company didn't report it until a week of user complaints. And here's the thing. Before the threat actor generally causes damage, they have been in the system for a long time. That tells me that SoundCloud did not have good detections in place to see that a threat actor was actually there. The third actor was there likely for a significant amount of time. Then they started causing damage and then only after users started reporting, guys, the platform isn't working. Then SoundCloud's like, oh yeah, we were breached. It should not take your end users to say, yo, your website sucks. Your website is down. Something happened here. You should have things in place in order to prevent that. But prepare for this. This is going to be, I think, the new normal, taking social engineering to the next level with these voice phishing attacks. All right, we got one more story. I got 10 more minutes. And it's about AI. So we can talk, we can dive into the AI craziness. Here we go.

Steve Prentiss

ZDNet releases its list of 10 ways AI might ruin your life in 2026. Although this is the time of year where everyone makes predictions, and although this list focuses on AI, the list presented by David Berland and published on ZDNet makes for compelling reading for cybersecurity experts. Berlind offers 10 separate ways that AI can and likely will unleash havoc on organizations and their security teams, notably by being weaponized by threat actors. These include AI enabled malware, agentic AI, prompt injection, finding and exploiting weak APIs, and yes, of course, six more. A link to this article is available in the show Notes to this episode. Do you love getting the security news?

Tyler Ramsby

All right, this actually does look like a super interesting story. I would recommend that you all check it out in a little more detail. We'll just, we'll glance through it as fast as we possibly can without really diving into it. But this could be a full YouTube video of walking through some of these threats. So AI enabled malware will unleash havoc. Yes, there's not. Not much more to comment on that. That is true. I agree. Agentic AI, which is AI agents with access to tool, is evolving into every threat actor's fantasy. We see this in the business world. Of course, threat actors are also going to be using it. Let me scroll through. Is there anything else interesting here? Prompt injection. I mean, these are all things that if you're not aware of these terms, you do need to be aware of them. AI is fundamentally transforming the industry. Whether you're on the blue team or the red team, you need to understand what it is and how to attack it. But this is what I'll say. Yes and amen to. I mean, at Kairos Sec, one of the things we offer are AI and LLM pen testing AI tools, not will be. They already are the new attack surface. As we see companies slapping AI powered onto literally every single thing I for good or for bad, we're going to see those become a massive attack surface. They'll use AI to go up to the weakest link. I already talked about that, called it a lot. AI will expose APIs as to easily exploit A point of attack? Absolutely. Matter of fact, if you want to get hands on with this port, Swigger Academy has a completely free hacking AI path and one of their labs is you figuring out the back end API of the AI agent and then exploiting that backend API. So yes, I also agree to that from the pen testing perspective. Let's see. Extortion tactics will evolve from ransomware encryption to what as a form? It will continue to evolve and cross link with AI. Expect an early wave of magentic Mel. Okay, yeah. I don't know how this is really news, but okay. How the contagion spreads to industrial control and operations. Yeah. Will it affect that imposter employees? The insider threat to your organization? We talked about that as well. With deep fakes and the interviews we've seen, major organizations fall prey to things like North Korea who are faking interviews using deep fake technology do so nation states will destabilize western interests. Well, we are seeing that right now, so yes. And credential mismanagement to continue as a leading cybersecurity challenge. Yep. I could have written this article. I could have written this article, but that's fine. Still good things to dig into. I recommend checking out this article and dig into it yourself. Maybe write up some bullet points for those of you who want to make content. I will just say this is about as click clickbait as you can be for a YouTube video. If you make a YouTube video on 10 Ways AI is going to destroy the world, you could go through this article, pull out some main bullet points. Of course, reference the article, give credit where it's due. But I almost guarantee that you'll get a lot of good views on that YouTube video. So if you want to create content, this article gives you a lot of good content to dig into. If you want to create labs like I create hacking labs to teach realistic hacking techniques, this article actually gives some ideas of some labs that you can create that emulate what a real threat actor is going to do so that you can prepare your blue team. So not necessarily news in and of itself, but I would say that these 10 ways are definitely accurate. And as I said before, AI is fundamentally transforming the world, fundamentally transforming our industry and fundamentally transforming the way that we do cybersecurity and the way threat actors do threat acting. So you and I on the good side of things, we need to stay on top of it. We need to stay aware of it because it is has happened and it already is happening. But ladies and gentlemen, five minutes early. This concludes The Daily Cyber Threat Brief by Simply Cyber. And I first just want to say thank you so much. Thank you for your patience, especially when I feel like I spent, like, five minutes just trying to flip my freaking screen so it wasn't mirrored, but thank you for your patience. Thank you to Jerry and the entire Simply Cyber team for having me. It's always an honor to spend time hanging out with all of you. But, hey, don't leave, because I'm not going anywhere yet. In just a moment, we are going to transition to the Jawjacking segment. If you are new to the Daily Cyber Threat briefing, the Jawjacking segment is a time that we do Q and A. So if you have any questions about pen testing, career, cybersecurity business, you name it, then I would be more than happy to talk about it. So we'll do jawjacking for about 30 minutes. Let me go ahead and find the outro. That's honestly the toughest thing sometimes is digging through all of Jerry's random videos in Restream and finding the right one. Okay, I think I found the outro. Oh, we're gonna. We're gonna do the Jawjacking intro. Here we go. Jawjacking intro. And then we'll take about 30 minutes to do Jawjacking. So if you have questions about cyber security, pen testing careers, all that fun stuff, we'll dive into it. Here we go. And if you're just here for the daily morning threat brief, thank you for being here. We will see you tomorrow.

Dr. Jerry Ozier

Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking.

Tyler Ramsby

Sorry, guys. I didn't mean to disappear. There was my office. I. I rent an office here, and I also have an office at home, but I'm at my office at my office, and my buddy who owns the building was just letting me know that H vac people are coming to fix something in this office. But I tell them, hey, I'm done in 30 minutes, so we should be fine. So that's all that was. Hey, let me go and get chat pulled up. Do you want questions in my chat? Are you good just pulling from chat? Yo, Justin, if we get a bunch of questions, it would be good to have it in my chat. Otherwise, I should be good just pulling the questions from chat. But, guys, once again, this is the jawjacking segment, so 30 minutes of Q A or less. If there's not a bunch of questions, then I won't answer all of them. But if you guys have any questions about the news stories of the day about pen testing, cyber security, entrepreneurship, business, I'm an open book, would be happy to answer them. All right, question number one, not Microsoft then. What do you prefer and why? I feel like I told you to ask this question because any opportunity I have to go off on Microsoft, I'll take it. I also recognize that my answer is not going to work for the majority of people because I know that in a large enterprise environment, Windows and Microsoft are embedded deeply into it. I don't live or work in a large enterprise environment. So what I use as my primary operating system is Ubuntu. And then when I do things like pen testing, I have your typical like Kali and stuff in QEMU virtual machines on top of my Ubuntu machine and that's how I do all of my hacking. But everything else you see me do, my primary operating system is Ubuntu and I do just want to tell people Ubuntu, if you haven't checked it out, has gone a long way from what it used to be. It's not as much troubleshooting as it used to be. This is not as sponsored by them, but my laptop is a system 76 laptop. I'll just type in the chat, you can look it up. But system 76 are like a laptop and computer manufacturer like Dell, but specifically for Linux. So the machines that they make are custom hardware and everything so that they're as Linux compatible as possible and, and everything comes like with Linux on it and you can choose between popos which is they create popos or Ubuntu. And I just enjoy Ubuntu. So it is possible to do everything from Linux. I do all of my live streaming from Ubuntu, I do all my video editing from Ubuntu, I do all my hacking from Ubuntu. You don't actually need Windows, I promise. All right, let me scroll up and grab some of these other questions. So Doom Kraken said, what are some good resources for getting into SOC analysts? I want to be very clear. I do not like speaking on careers and fields that I don't actively participate in. So I'm a pen tester. I do pen testing day in and day out. That is what I do. I have never worked in a sock before a day in my life. I was a senior analyst on the blue team, but that was mainly vulnerability management and things along that nature. Not actively working in a society. I will say I think one of the best resources for learning SOC work is Hack the Box Academy they recently purchased. Let's defend. I think that's who they purchased, but they already have their cdsa, which is their Blue Team certification, and everything on Hack the Box Academy is top tier. So that's what I would recommend. But I do want to be clear, I do not recommend it. As someone who has experience as a SOC analyst, someone else who does have that experience might have a better take on that. Best Interview Tips for Career Swapping from Automotive to Cyber hmm. There's a lot that I could list here, but I think general interview tips in general is Number one. When you're interviewing for a cybersecurity or really any technical job, the person interviewing you is going to ask you a question or multiple questions you don't know the answer to. Far too many people when they receive that question, they attempt to answer it, they stumble over the words and they answer it inaccurately. That's the worst thing you can do. The best thing you can do in that moment is say, you know what? I do not know. But if you give me some time to research, I will get back to you after the interview. Do the research, figure out an answer. Email the person that interviewed you and just say, hey, you asked me this question I didn't know the answer to and I told you I'd follow up. I did some research and here is my answer to that question. If you do that, you're already going to stand apart from a lot of the candidates interviewing for that job. Another interview tip that I would give you, and this goes for all types of interviews, is at the end of the interview they always ask you this question, do you have any questions for us? And when they ask you that, one of the best responses to that is saying right now, so if I'm the one being interviewed, I tell them, hey, you have now spent, let's say, an hour interviewing me. You looked over my resume. I want you to take off your interviewer hat and put on your coaching hat. What is some critical feedback you can give me about the way I did the interview, about the way my resume looks, about this field in general, what are some weak areas? What are some red flags? What are some questions I didn't answer well, that I should dig into more? Number one, that's going to build a report with the people interviewing you, but number two, you're going to get some amazing advice about your field that you're applying to that. Hey, if you don't get that job, you can take the advice from the people interviewing you and apply it to your next job. When I was getting the IT full time, I asked that question and I think I'm above average when it comes to interviews. Like basically anytime I've got an interview, I've gotten a job offer. There was one time I didn't and they reached out to me about four weeks later saying, hey, we ended up hiring someone else, but we have another opening and we want to hire you. And it specifically because I asked that question at the end. I already found a different job at that time. But that's. Those two things have taken me far when it comes to technical interviews. Already answered that. I use Ubuntu. Is there a way to get into a pen testing role with no previous cyber security working experience? Yes. Like everything's possible. I don't want to ever gatekeep pen testing. I will say it's unlikely. Pen testing by its very nature is not an entry level field. You generally get into pen testing after spending work on the blue team or doing sysadmin because as a pen tester you're doing very advanced work for clients and there's a high degree of if you mess something up, it's not going to be a good day for you or your firm. So it's not likely to get into pen testing with no experience, but it is possible. I actually had a friend at my previous firm, his first ever IT job was working as a pen tester alongside of me. What I would give you for advice is generally you want some of those hands on certifications. The OSCP from Offset is still the gold standard when it comes to ethical hacking, but also do some CVE hunting. I talked about this earlier in the show. If you go to my YouTube channel, just search Tyler Ramsby CVE. I've done a lot of talks on CVEs how to hunt for them. Heck, I did an entire workshop or I don't know if I'd call it a workshop. I think it was one of Jerry's Fireside chats where we talked about finding cve. So you can actually find that on the Simply Cyber YouTube channel. So that would be my recommendation. All right, Felipe, I don't know how to say your name, but we'll go with it. Going for I am or Identity Access Management. I have the SC900, SC300. Have a lot of projects and labs in Entre. Think about niching down to Cyber Arc, but I heard Okta is more used in the market. Which one should I focus on? Okta is definitely more used in the market from my experience. I only say that from a pen tester. When I'm doing pen testing I see Okta a lot. But I'm going to be honest with you guys, I don't do IM. I haven't done the SC 900 or the SC 300 and so I'm going to give you the I'm going to do the same advice I just mentioned. When someone asks you a question you don't know the answer to, I don't know. From my experience I recommend Okta, but I don't do. I am. I don't want to speak into something I don't have experience with. Can you discuss seasonality and orgs wanting pen testing in Q4 and then it dies on the vine in Q1? Maybe it depends on the company. A lot of companies have to do pen testing for compliance so it's not going to necessarily die. It might get pushed back. Actually just had this happen with a client at Kairosec. We had a pen test scheduled. I think it was scheduled for like early January and they just pushed it back to April. So it's not that they canceled it, they just pushed it back to better align with their needs in going into Q1 and and that's just to be expected. Not just with pen testing but any consulting project based work that is just part of the game. I will say Q4 is always crazy for pen testing, particularly because many organizations need pen testing for compliance before end of year and then they realize oh shoot, we need to get this pen testing done. And then many pen testing companies are fully booked into Q4 so then it's all kind of a mad dash to the end. So I will just say hey, if your company does need pen testing you want to do it now and not wait until Q4. You may even be able to get a discount by doing it before Q4. And hey, if you're looking for a company check out Kairosak. It's kairos-sec.com I'm just going to drop it in chat. I would love to hack your organization, it would be a lot of fun and I think you will notice a huge difference working with Kairosak. But I'll also say that we are starting to get booked throughout the year but we do still have some openings so I can't guarantee anything. But if nothing else we can jump on a call and I can give you some free advice on what to look for at the pen test vendor. All right, I'm scrolling through chat. I also see questions in mod chat as well, which I think I hit all the ones that were posted over in mod chat. So I'm just going to scroll from the top and see if there's any questions that I am missing. We have a question from Carrie Tyler. I want a class through Arcanum. Arcanum and I chose Bug Bounty and I just wonder how I can apply this once I'm done. You can apply it by trying to get bug bounty. I'm guessing it's not what you're looking for, but I will say bug bounty and pen testing are different. When I. When we've hired bug bounty hunters before at my previous job, you think that they would hit pen testing really well from the beginning, but the truth is they often struggle. And the reason they struggle is when you are good at bug bounty hunting, you generally only focus on one class of bugs. Like you get really good at cross site scripting as an example, or really good at broken access control. And then we do bug bounty. You know how to dig a little bit deeper in that specific class of vulnerability. As a pen tester, you're very much a generalist. You need to approach an application from a holistic standpoint, not only looking for high vulnerabilities, but informationals and lows. You need to be really good at communicating to clients. So it really depends on what your end goal is. I'm not a huge fan of bug bounty and the reason I'm not is I feel like Bug Bounty is almost like the crypto of today. You have a lot of people saying, hey, you want to work remote, you want to make six figures, you can do bug bounty. The reality is the vast majority of people who do bug bounty don't even come close to making a full time living. I've done some bug bounty. I've been somewhat successful in that space, but I personally do not think bug bounty is a sustainable source of income for the vast majority of people. And so that's, that's my take on it. I don't know if that's what you're looking for, Carrie, but Bug Bounty will teach you some solid web app skills. And Justin said, yeah, projects in general get pushed back all of the time. And hey, I'm not seeing any other questions in chat. I know we still have almost 300 people watching, which is amazing. But hey, if you guys don't have questions, then I'll also call it a morning and start working and hacking Away at things. But one last call guys. If you have any questions about pen testing, cyber security, ethical hacking, careers, business. As I shared before, I'm the founder of two companies actually as of October 1st I am fully self employed. I don't have any other employer outside of myself, which was terrifying. I left a high paying job as a pen tester for a firm in Seattle to do my own thing. A lot of risk, a lot of anxiety, a lot of honestly fear around it. But we are almost four months in, over four months in and I've been able to pay myself every month. I've been able to pay health insurance for my family, which mind blowing, is amazing. Still have a lot of growth to grow. Still like super anxious every single day. But hey, so far so good. So if you even have questions about entrepreneurship and doing your own thing, I'd be happy to answer that. How are you planning on leveraging AI in your pen testing and or pen testing AI integrations in your work? That's a good question. So when it comes to pen testing, one of the big things that you need to be careful about is just running client data through an AI model. I see a lot of junior pen testers make this mistake and it's a huge mistake. There's actually legal ramifications behind it. But you should never be taking client data in a pen test, such as a post request or a get request or sensitive information and passing it to Gemini or Chat GPT. You are sharing client data with a third party without authorization. That opens you up legit to a lawsuit if that ever happens. So I know that AI powered pen testing is a big thing right now, but if you are getting an AI pen test or an autonomous pen test, you need to ask very solid questions on data sovereignty and how your data is being stored and used by third parties. The reality is basically all of those AI pen testing products that you see are just a wrapper around OpenAI or Claude or another LLM. And so you need to ask solid questions on how your data is being used. For me of course I'm using AI to augment some of the pen testing side of things, but I'm really not using it in my technical work, I'm rather using it. For example, I have a custom gem in Gemini that helps with vulnerabilities. So if I tell Gemini hey I found cross site scripting, can you write up a quick summary and suggested remediation of it and it will give me nice professional writing and then I modify that to fit the use case for that specific client in that specific scenario. So I use AI in some in the report writing process. And I also use AI just in my own learning as well. If I'm digging into something, let's say Okta for example, and I just need a quick refresher on how Okta works, how it differs from other SSO products. I'll use AI for some of those things. But that's also integrating AI is still a learning experience for me. I don't have it fully figured out, but I do know that you need to be very, very careful with where you are storing and what you're feeding client data to. That's a big no. No. Thanks for the question. All right, let me scroll up. There's actually not new stuff on the wall behind me. So I have two fake brick walls. First of all, this isn't a real wall. All right. My office doesn't look that nice and so I have a fake backdrop here and then I have a home office at home. These are my kids as old artwork. You guys have to watch the live streams on when I'm at home. That has my kids's new artwork, which is amazing. But yes, whenever you see me live stream, you're likely going to see things like that behind me. That's artwork from my kids. I have a nine year old and a six year old, but this is old artwork. This is probably when my kids were, gosh, 7 and 4. You should see their new artwork. It's amazing. I actually showed it off in a recent live stream on my channel, the new stuff that they've been making. But yeah, that's what you see behind me is artwork from my kids bruising hacks. I don't know what your question was. Can you maybe repost it? And maybe you already did. I'm scrolling from the top, so if you repost it, I will see it. Oh, we got James McQuicken. Dude, great to hear from you. I said, what is one lesson or message you would give yourself when you left that company to start your own business? One lesson or message? The biggest lesson that I'm still actively learning and trying to figure out is do not sacrifice your family on the altar to your business, on the altar to success, whatever that looks like. Of course, being an entrepreneur, I tend to work crazy hours, so I probably work on average about 65 to 70 hours a week. So that's already a lot of work. One change I made within the past week is I noticed when I'm not not working, when I'm not actively at my computer I have a tendency to be on here and constantly replying to discord messages and emails and support tickets and things of that nature. I've removed all of that from my phone because apparently I don't have enough self control to just avoid it. So that's the best advice I can give. Take those things off your phone and when you are with your family, be with your family. Don't be half with your family and half responding to people's messages and requests. People can wait 12 hours, they can wait 24 hours. They're not going to freak out. The world's not going to fall apart. And that's something I'm still actively learning. I'm no good if I burn myself out in this. Doesn't matter how much money you make, if you burn yourself out, you're not going to be effective. And so I'm trying to figure out proper boundaries and barriers for me. And what works for me may not work for you. We all have to figure out our own pace. So I don't know if that answers your question. I appreciate the question. My answer is I don't know for sure. Ask me in a year. But I'm still struggling with some of those things. You can use local models to keep your data secure. You can, but to use local models you need to have incredibly powerful computers. Otherwise the local models are very slow. I just made changes to my website and LinkedIn over the weekend and would love some feedback and would love SC friends have a moment to do so as well. All right, bet. Let me, let me see if I can give you feedback in real time if I can grab it. So we'll go to Bruise and hacks dot com. All right, here we go. We got Bruise and Hacks. Hello friends. I am Ryan. Looks like this image is broken. Or it might just be my computer. All right, so here would be my raw feedback on your website. Number one, I can tell that your background is AI generated. Not necessarily a bad thing. But I'm a big fan of simplicity when it comes to your website. I'd strongly recommend not having an image on the backdrop of your website. It very much reminds me of early 2000s. It does not give your website a like a clean look to it, if that makes sense. And once again, when I share advice, Brisbane hacks, I do want to be very clear. This is just my perspective. All right, but that's one, one big thing. Initial impressions. Oh, my dark mode messed it up. Okay, give me a second. Well, I will just say this. There we go. I will say This a lot of the people who are going to be looking at websites have dark mode enabled. So anytime you are making a website you want to make sure you test it with dark mode and non dark mode because once again a lot of cybersecurity people have dark mode enabled on every website that they browse and visit. So that's something you want to keep in mind. Anyways, I still stick with that though. I personally don't think website background should be an image. I think it should be a much more plain background that makes it clear. A clear example of this is you have a white text on top of an image which in my opinion makes the white text a little bit harder to read. It doesn't stand out as well. Let me click around and just check things out. The creds. I like this. Look at that cool looking dude. I like this honestly. So overall real quick feedback because I know we have a few other questions. My real quick feedback is I like from what I can see the content of the website but the image background, especially the AI, we can see it's AI generated. It also seems to be stretched too much like system vulnerabilities, successful perception tests, system exploits like very clearly AI generated. Not necessarily bad but it causes the website to be too noisy. There's too much going on with it. Just my opinion when it comes to that background I mean. So I'll give you an example of like what I mean by simplicity. If you go to hack smarter you can see everything's very simple, easy to read, easy to see what's going on. If you go to Kairosa, which is my other website, similar thing. I try to make the website very simple, easy to read and whether you have dark mode on. So if I turn on dark mode it looks fine as well. It gives a little bit of a weird hint to the text on hack smarter. If I turn on dark mode I think I already had it on maybe for hack smarter. So whether dark mode is on or off, the website generally looks the same. So that would be my recommendation on those couple of things. Hopefully. Hopefully you find it helpful. Thanks for sharing. Space. Taco said last time you did the morning show there weren't that many pieces up on the fake wall. That's why it looks new to me but might be the only one. Either way, yay munchkin art. Yeah, thank you. You'll have to see my kids as new art on my wall at my house. And James McCoy has some good wisdom here. He said I can see how easy it would be to work 80 hours a week for your business. Work life balance is important. It is. And the tough thing guys is I have two businesses like Hack Smarter on its own is a full time job. Kairos Sec on its own is a full time job. And I'm trying to do both of them for good or for bad. All right, scrolling, scrolling, scrolling. All right, cool. Cobra Cyber says. I agree. Busy background. Pulls your eye away from the content. Yep. So bruising hacks. Thank you. Thank you though for sharing. Thank you for, for having the courage to be like, yo, pull up my website and let's, let's let everybody look at it. But make sure you guys go check out his website. Show him some love and support. But. All right, we have eight. We're at 8:20. I have a few more minutes. I can hang out if you guys have questions. Oh my goodness. My question is what can we do to get Jerry to push the show start time back by an hour? Just one hour. So early. This is why you guys never, or I say almost never see me in the live chat when Jerry's actually streaming. Take these off now. Well, for a few things, usually I'm actually getting my kids ready for school. So this show happens at the same time I'm getting my kids ready and brought to school. That's usually what I'm doing. So I usually wake up right when the show starts and then I make my kids breakfast and have breakfast with them and all that fun stuff. But so early in the morning. All right, well, guys, I have successfully, I think made it through another episode of the Daily Cyber Threat Brief and made it through another segment of Jawjacking. So thank you so much for taking the time to hang out with me if you do appreciate my content. Hey, check out my channel. You can just search for Tyler Ramsby. You will be able to find me and hide this from the screen. There we go. But you'll be able to find me. I live stream pretty often. Generally when I live stream, I pick a lab from Hack smarter, very realistic labs and we hack our way through things and I teach as we go. We got Justin Gold. Why don't you just. Oh, wrong one. Why don't you just move to an est zone? Because I live in rural South Dakota and I don't make that much money. So the only way for me to do my own business is I have to live wherever everything is. Super cheap. You ESG time zone people have too high cost of a living. Oh, man. If one takes a GRC master class, do they get help finding a Job? I have no idea. You got to ask Jerry. I don't think he gives you personal help with finding a job. No, I feel idle in my cyber security career. Any update? Join a community. I have the Hack Smarter community. Of course you can join Simply Cyber as well. But I feel like you need a community around you to help hold you accountable, to encourage you when things get discouraging. But having that community is what's going to make the biggest difference for you. So join a community, be active in the community, and I think you'll see a lot of improvement on that life. Hack Midwest life. Yeah, guys, I know some of you in the south, you're like, it's so cold right now where I live. I posted this in mod Chat. I'm not going to share it here because it literally shows exactly where I live. But those of you saying, it's so cold where you live. When I got to my office this morning, it was negative 16 degrees on Friday. This past Friday, they canceled school in my area because when the kids are supposed to be going to school, it was around negative 30 degrees outside. All right, that's Fahrenheit. So when you're like, ah, it's 20 degrees, it's so cold here, bro. 20 degrees in South Dakota is us jumping in the outside pool with our swimsuits on. All right, so all you people in the south complaining about 20 degrees, come live in South Dakota in the winter. I'll show you what real cold feels like, what it looks like. Anyone who lives in the Midwest, right, you know, you know what real winter is? The Southern people like, ah, it's 20 degrees and it snowed. Come join us. We'll show you. We'll show you what the real, real winter is like. Will toughen you up a little bit, but. All right, y', all, thank you for being here. I hope you guys have an awesome rest of your Monday. Hope you have an amazing rest of your week. But this is going to conclude the show for today, so let's see if I can find the right outro, and then I'm gonna sign off. So thank you, everyone, for being here. I will catch you guys in the next one. Peace.

Dr. Jerry Ozier

Hey, everybody. I hope you enjoyed that content. Keep the cyber security train going by connecting with the other simple.