A

What's up everybody? Welcome to the party. If you are looking to stay current on the top cyber security news stories of the day while engaging with like minded professionals in an inclusive community and having this guy, two thumbs, all smiles, use every ounce of his 20 years of experience in the cyber security industry to go beyond the headlines and give you additional value. Insights that you can use in job interviews, that you can use at work today, tomorrow, next week. All with the intent of making you the best cyber professional I can possibly help with. Well, you're in the right place. Welcome to Simply Cyber's daily Cyber Threat Brief. This is episode 1056. Today is Wednesday, January 28th. We're off and running and we're going to be cooking for the next hour. So stay tuned, get comfortable, let's party. Hey, what's up? That's right everybody. Welcome to the party. If you are here for the first time, I'd like to say what's up. If you are casually Joseph at 30,000ft, turn to your left and say hello to James McQuiggin at 35,000ft. Guys, we got a banger of a show for you. I'm pretty excited. It is Wednesday. If today's your first time, drop a hashtag first timer in chat. We love welcoming our first timers. I'll just give you a little teaser on what that could look like. Welcome to the party, pal. John McLean zone from the Christmas classic Die Hard. Ms. Julian wishing everybody a happy privacy day. If you're not familiar with Ms. Julian, she's got a newsletter that's cooking over on LinkedIn. Go check that out. I saw an issue dropped just recently in my inbox. Guys, for first timers who are here, we have a good time. And so you know, every episode, first timer and long timers, is worth half a cp. Look at Brexit. Brexit knows what's up. We should knows what's up. The deal is one hour is one CPE or continuing professional education credit to maintain your cyber security certifications. Well, we have some fun here for half the time and we get serious business work done for half half the time. So just to avoid any, you know, tom foolery or questioning our integrity, we say half a CP per episode. But the trick is just say what's up in chat. Grab a screenshot, include the episode number and date, which is right there in the title of the episode. We make it very easy for you here at Simply Cyber to get what you need and then be able to focus on the good parts. Right. We're not trying to make this complicated Ain't nobody got time Time for that Ain't nobody got time for that I want you to know we're gonna go through eight stories. Four on the front end, four on the back end. Speaking of back ends, it's been quite a week, you know what I mean? All right. But seriously, we'll go through eight stories, get you up to date. Obviously, you can read these stories and do the headlines yourself. The value prop here is that not only are you going to be engaging with community so you can find your tribe, but also I, I love going deeper. You know, there's, there's, there's typically opportunity and lessons learned from just life experience, career experience that we can give you here at Simply Cyber. So definitely a big fan of that. We're also going to make you aware of several opportunities we have. I mean, there's a, there's a. You'll just see. There's, like, workshops today, webinars today, watch parties tomorrow. We've got live interviews with, you know, just tomorrow. Like, it's insane. What we're doing here is. Shouldn't be possible. That's what I'm saying. It shouldn't be possible. Yet somehow we're cobbling it together. And you know what it makes me think? Shout out really quickly to the mods, like, Jenny Housley's in here. Justin Gold, casually, Joseph's operating from the plane. He's up in the cockpit right now, one hand on the stick, one hand on his cell phone and many more. Right? Dan Reardon, etc, that Kimberly, Kathy, like, it's not just like, it takes a village, everybody. And I've got to tell you, we are very fortunate here at Simply Cyber to just have an amazing group of people. Eric B. I always forget some people, so, you know, I try not to name everybody, but shout out to the mods. And if you are a squad member, there is a emote in the emote tray that you may not be familiar with. It looks like a kind of a 1950s Navy tattoo. There it is. Rob Cooper knows what's up Mod love. So just, you know, spread a little love around and get in on that. Yes, sir. Yes, sir. All right, guys, before we get into it, let me holla, holla, holla at the Stream sponsors, those who enable me to bring this show to you every single day in all of its insanity and glory. By the way, this show is live. As you can see the chats above me. I literally don't know what I'm going to say or what's going to come out of my mouth or where we're going to go with this. And that's part of the charm of the show. While we're talking, I am going to get this. My screen saver going. Got to have the screen saver, people. It really is the piece resist. Right. It's the. The AMU bouche to get you warmed up for the show. Retro synth wave all the time also. Oh, Jesse Johnson. Of course. See, I forget one cowboy. All right, guys. Hey, listen, I want to say what's up? If you're not attending my workshop today. I am running a four hour workshop. Maybe you ain't got time for that. That's cool. No worries. Let me tell you about anti Siphon training. Anti Siphon training is disrupting the traditional cyber security training industry. You can go to AntiSiphon Training.com right now and look at their live training calendar. They've always got content coming up. So if you got a day off, you get rift or whatever and you want to stay current and stay engaged. This is what's up. You can see later today. So just in three hours, four hours. Excuse me. Hayden Covington. He might, he might look demure, but this guy is a rock star. Okay. Leather pants. I don't know why his hair is short. He's. He's like 1980s Megadeth. Head banging in the sock. Okay. It's more about. It's more of an editorial on his professionalism than it is on his personal life. He's going to be doing a one hour webinar absolutely free. Effective AI for practical setbox sec ops workflows. The guy is Gordon Ramsay in the sock. Come check. Excuse me. Come check it out. Hayden Covington. Thank you. Anti Siphon training. Definitely appreciate you guys partying with me and connecting and sponsoring the stream. I also want to say holla to area. Actually, let's do flair. Listen, Flare academy. We're talking about webinars today. Anti Siphon training's got the Hayden one. Boom. Go to Simply bro. Go to Simply Cyber IO Flare. Simply Cyber IO Flare. And get ready for your face to melt as tomorrow at 11am to 1pm I'm going to be hosting a watch party over there. It's free to register. You can go to Simply Cyber IO Flare right now to register. We're going to be talking about inside the life of a ransomware operator. I literally don't know where you could get this kind of information anywhere else with like high fidelity that it is legit information. A lot of people on Reddit talking trash about, you know, ransomware life or whatever. Like, no. Who knows if that's true or not? This is legit. So, dude, I am pumped to go to this webinar tomorrow, which is why I'm hosting a watch party. So come on over. Simply Cyber IO Flair. It's free to attend. You will get value. You will get educated. I'm excited. I'm going to do a LinkedIn post after the talk because I'm. I want to share what I found out about it, so. Cool. You know, as always. All right, quick word from Threat Locker and then we'll get into the news. I'll do the area ad read at the minute. Actually, you know what? Let's do the area read today, because then we can do Worldwide Wednesday with Daft Punk, and then I can. And I know I said I wasn't going to do it anymore, but if we don't have any. If we don't have any sponsor reads during Daft Punk after the show's over, I'll just cut it out and then. You know what I mean? All right, let's talk about area guys. Everybody here working has a listen. If you're not working, you're using AI. If you are at work, not only are you using AI, but your leadership team in every meeting's like, what are we doing with AI? What are we doing with AI? All right, they're demand. Your leadership's demanding AI. You got employees up and down the tech stack. Excuse me, up and down the org chart, using it, Sales engineering, marketing leadership, cfo, intern. Everybody's using a. It's bananas. And you are somehow left holding the bag of managing the risk from shadow AI sprawling across your network. Everybody's getting great value from using AI. But how do you protect your organization? How do you control from IP theft, fines, competitive positioning, all those things? You can't say no to AI. Okay, we're not the office of. No, let me tell you about this. If you. What if. What if AI became an advantage instead of a risk? What if your teams could innovate while being protected? Sounds pretty good, right? Well, that's exactly what Area delivers. It's a unified platform that combines AI security, governance and orchestration. So you don't have to choose between innovation and protection. You don't have to choose which kids your favorite. You can have both of them or all of them. Take control today. Turn your AI stress into AI success with area. Go to Simply Cyber IO Airia. Just put it in your browser. Simply Cyber IO Air I. A Reminder everybody by going and checking the the event, you know the sponsors out, it does help the channel. So if you're interested in helping the channel, giving back to the channel, giving back to simply Cyber. That is a very easy way to do it, very effective way to do it and I appreciate it. Let's hear from Threat Locker then. We're going to do Worldwide Wednesday. Have a little bit of fun and get cooking. I want to give some love to the daily Cyber threat brief sponsor. Threat Locker do zero day exploits and supply chain attacks. Keep you up at night, worry no more. We're can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right y', all, I want to say what's up to a first timer in chat, Amy M8355. Amy, welcome to the party. Listen, I'm on the way of phasing out Worldwide Wednesday, but I just figured a way that we can do it and I can avoid the copyright strike by cutting it out of the show after our live. So if you're here live with us, guess what? You're gonna get some of this action. And if you're not, you're on replay. You're not gonna see this part anyways. All right guys, here's the deal. Until I find a replacement for Worldwide Wednesday, I owe it to you guys. So here's what we're gonna do. Amy, I'm gonna set the timer to 2 minutes 22 seconds. You tell me where you are. I don't need to know your zip code or like, you know, I don't need to know exactly where you are. Like, like, you know, Justin's in the bathroom. Like, what I need to know is what state you're in, what country you're in. Okay? And we're going to light this map up. And the entire point of this activity is to show you how international, diverse, inclusive, simply cyber is. This is live right now, not over the course of a week. Computer, set the timer to 2 minutes 20 seconds please. All right, we are live. Go. Where are you? Las Vegas, Nevada. Christopher IA Bringing North America United States online greeting from Texas thank you, Cyber St. Stephen. We got Midlands. Upstate. Excuse me. Code Brew is in here. First timer in chat. Cyber Yardy yesterday. Welcome to the party. All right, Crystallized Dragon, representing Greenville. Columbia, South Carolina. We got the Midlands. Wisconsin's in the house. Very cold. Stay warm. Auburn, Alabama. North Alabama. Greenville. We got Niagara. Canada's online, so North America is represented. We got Argentina. What's up, South America. Good to have you here. All right, you're making me crazy. Love it, love it, love it. Johannesburg, South Africa. We've got Africa online. Three continents down, y'. All. Let's go ahead and get Jamaica online right now. Jamaica's online. Kentucky, Texas. Lakeville, Minnesota. What's up, Boca Raton? I got you, Chuggy. Getting up early in Seattle. Thank you, Chuggy. Robertson, Texas. Chai Town. Gabe. Love it, love it, love it. All right, we got dirty jurors in Cleveland, Ohio, but go to Columbia. Boom, Dude. South America coming in hot today. Norway has brought Europe online. And I think we have Ethiopia. Yes, sir. Yes, sir. Norway. We're going up into Scandinavia. I love it. Ethiopia. You know I know you. Ethiopia. We got east coast love in Africa. Love it, love it, love it. Italy. We got the boot. Oh, my God. Where's Tom Bishop, then? Speaking of the boot. Tijuana. All of North America represented. Granted, it's an easy one to get. War in Michigan, India. Thank you very much. Uni. Bringing Asia online. Belgium. Love the beers. All right, there we go, guys. Cook. Ireland. Is that face oil? It is. Faced oil should have around. Face oil is always representing Ireland. I love it. I love it. Hotlanta. Cyprus. Ooh. All right, all right. DC's in the house. Thank you. Cyprus. All right, do we have in Africa. I mean, do we have in Australia. Excuse me. All right, really quick. Let's do a little recap here. Thank you. The mods are bringing the heat, cleaning me up. So we got the UK in chat. We got South Africa, Toronto, Canada. Colombia. Pagoda. Norway. Yep, yep. Mexico, Italy, The Philippines. All right. Philippines. Love it. That's really close to Australia. I mean, relatively. Ireland, Belgium, Cyprus. Portugal. All right, what's up, Portugal? All right. I love it. All right, so just really quickly, Amy and others taking a quick look. This is. Look at this. This is live in chat. Right now. We literally have people from all over the world, all sorts of different walks of life. Northern Hemisphere, Southern Hemisphere, Western Hemisphere, Eastern Hemisphere. It is bananas. Now, we didn't get it fully because Australia didn't come online, but to my Aussie friends. Oi, oi, oi. All Good. You can watch it on replay. All right, guys, do me a favor. Do me a favor. Sit back, relax, and let the cool sounds of the hot news wash over all of us in an awesome wave. I'll see you at the mid roll.

B

From the CISO series, it's cybersecurity headlines. These are the cybersecurity headlines for Wednesday, January 28, 2026. I'm Sarah Lane. U.S. cyber Chief uploaded sensitive files into public chat Politico sources say the US's acting cyber chief, Madhu Gautamakala uploaded contracting documents marked for official use only into a public version of ChatGPT last summer, triggering automated security alerts inside the Department of Homeland Security. The documents weren't classified, but the uploads prompted an internal review to determine whether sensitive government material had been exposed. Gautamakala had received a special Exception to use ChatGPT at a time when it was blocked for other DHS employees. DHS hasn't said what the review concluded. Vibe coded.

A

Oh, my God. Okay, okay, so first of all, Amy, I know you're new here. The long timers are dropping the Carl emote. Carl is just so everybody knows because I haven't told people in a while. I am old enough to have watched Aqua Teen Hunger Force when it first came out, and I was really into it. I'm still really into it. This is Carl. He was the neighbor next door. He, like, if you're. Listen, with all due respect, if you're from New Jersey or you've ever driven through like mid. Mid state Jersey, mid to upstate Jersey, you know who Carl is. Okay? And we have a Carl Emo. Carl sound effect. And basically I reserve it when someone does something kind of. Kind of dumb. Okay, so here we've got a couple things here for you. Okay? Let me tell you about this story. Yes. So the story is somebody uploaded sensitive information into a public AI. Yes. Let me, let me unpack this for you. Okay? Number one, if you have sensitive information, I don't care if it's customer data, financials, ip, whatever, and you stick it in an AI tool that is not local, guess what? You're going to get results for sure. But you also have just lost sovereignty over that data. And there's no clawing it back. In fact, just so you know, I'm actually got a video coming out this Sunday. This Sunday. This is so timely. I have a. So if you didn't know, I'm releasing a video every Sunday, like a nice produced video with like edits and stuff. I'm releasing A video this Sunday about a free tool that you can use to actually get the benefit of using AI like this without risking any data governance, data sovereignty issues. It's a, it's a free tool off GitHub, but okay, so first of all, this, this is why you have a pro, this is why it's dangerous, this is why you have a problem, this is why it's, you know, scary. Second of all, do you notice that it's the interim director, which is basically leadership, right? A C level, who also got an extension, I mean an exception to use this. So while everybody is aware of the risk of putting sensitive data in a AI, which by the way, we found out very early 2023, chat GPT hits the market March of 23, everybody's losing their friggin mind. You can go back and look summer of 2023. So just a few months afterwards, Samsung engineers uploaded a bunch of like blueprints effectively into Chat GPT to ask questions. And it, it made the rounds as a immediate case study on why you shouldn't upload sensitive information into these AI bots. Right? So obviously sisa, who is very forward on cyber security, puts a policy in place for nobody to do this. You know what, you know what happens at organizations. Leadership says I'm special, I get an exception. And I, you know what I mean? Like it's, this is a classic case study of like having a Windows shop, but the executives want to use Apple products and now you've got to manage these like you know, one off or not one off, but like basically not standard images because executives need special, special treatment. And it's, it's frustrating because as a cyber practitioner, there's a reason that we have policy. Whoa, GRC with your policy. What's that? Listen, there's a reason we have it because we're managing risk for the organization and oh, what could possibly happen? I'm a, I'm a leader. What's the problem? I know better. This is what happens. The state is there and it's, it's gone. It's, it's, it's, it's out of there, right? So if, I'm just telling you the, the tough thing is if a leader comes to you and says, I want an exception, you get into a power dynamic where you're like, no. And then they're like, all right, no problem, I'm going to talk to your boss and make your life hell or get you fired. Right? So we are forced into these very difficult positions. And as a GRC professional, I'M just letting you know, all you can do is advise of the risk, make them aware of it, grant the exception, and just be like, listen, this is something that goes against policy. It's not really an exception to the policy you're asking for. You're asking to violate policy because there's a reason we made it, and, you know, let's hope for the best. Now, I don't know what the repercussion is going to be for this guy. Is it a hand slap? Is it termination? You know, I mean, it's something in the. In that space, and, you know, it just is what it is. But the root of this is about executives asking for special treatment and then realizing the risk from that treatment. I'm sure. I'm sure when this interim director asked for the exception, they were like, oh, no, I'm not going to cause a problem. Why would I do that? I'm not stupid. Are you suggesting I'm stupid, Jerry? No, I'm not suggesting you're stupid. I'm suggesting that you're so important and so busy and so amazing that you may be moving so quickly that you may accidentally put sensitive information into these AI tools. And unfortunately, once it's out, we can't get it back. So, madam or sir, I'm asking you to reconsider. Or maybe, I don't know, this is crazy talk here. Maybe we can invest in a technology that tokenizes the sensitive information or. Or masks it or redacts it or does something to the data that makes it so you can use it without compromising it into public systems. I don't know. I know I'm speaking crazy here.

B

Sakari ransomware can't be decrypted. Security researchers at Halcyon and Checkpoint Research say a new ransomware strain called Sakari is so poorly built that paying the ransom won't decrypt victims data. The malware generates fresh RSA keys on each execution and. And discards the private key, leaving no viable recovery path. Sakari surfaced as a ransomware, as a service offering, and uses Hebrew symbols and language that Check Point believes may be machine translated and a false flag identity. Researchers say the code likely involved AI tooling, and victims are urged not to pay.

A

What a bunch of clown babies. All right, so I swear to God, if Vibe Coded gets put. Is Vibe Coded been entered into the dictionary? Like, 6, 7 was entered into the dictionary as a word this year or in 2025? Please let me know if Vibe Coded has become a word. All right, so some. Some clown babies develop Some ransomware using AI. But, but it, they literally. The prompt must have not been complete because they prompted the part where it does the encryption, but then they didn't test it. So the decryption process doesn't work. Listen, I'm not saying that ransomware threat actors are good people, but the, the, the, the, the, the viability of being a ransomware threat actor is that you deliver on the key or you deliver on the data delivery.

B

Right?

A

Like that's part of the, I guess, integrity. Again, there's no integrity in there. But like if someone steals your stuff and they say, I'll give it back to you if you give me a hundred bucks and then you give them 100 bucks and then they don't give you your stuff back, the next person they rob, you're just going to tell like, dude, don't give them any money. Like you're not going to get anything back anyways, right? So they immediately implode their market. Right? So if I had to guess, if I was in charge of this ransomware code, I would re. Listen, here's exactly what I would do. And if they're in chat right now, please mute so you don't hear how to fix this. If I was a ransomware threat actor and I did this, first of all, I would rebrand myself immediately so I get away from the, the stank that is Sakari and then I would rework the code for the decryption process to actually work and then just continue. I mean, you already have a viable ransomware solution. You might as. So anyways, that's, that's, I'm not saying they should do that. Right? And, and by the way, some ransomware threat actors will not give you a key or the key won't work, etc, right? So these things happen. But just so you know, share this with your, your threat community or your threat intel communities. Share this with your, your cyber friends. Share it, share it as wide and as far as you can. Sakari will not like, do not give them money because you're not going to get anything for it. All right? Also another example to put on the. If you've been collecting like Pokemon cards, you've been collecting use case studies of, of AI making malware. Right? I think it's Void Link. Void Link's a cop. A recent one that was vibe coded AI malware. There's the Chinese one that did like the entire Red Team workflows and now there's this one. So like if you've been flagging malware generated by AI, here's another good one, and it's interesting because it doesn't even really work thoroughly. So, you know, another, another part of vibe coding that's just a. A nuisance. Sakari's compromised three to six victims, all who paid the ransom. They do target small businesses, so put that into your threat model. A small business, you could be targeted. Here's the thing, if you get hit by this, it sucks because your, your data's encrypted and you're not getting it, you're not going to get it decrypted. So like, let's just put giving them money to the side. Like, if this happens, your business is hosed. Unless you have backups, you've thought through workflows and how people are going to respond during an incident. What is this? This looks like a psychedelic but. One second. I just want like a retro Synthwave screensaver, man. Can I just get that? Jeepers creepers. All right, let's go.

B

WhatsApp account feature combats spyware. WhatsApp introduced a strict account settings option that lets high risk users lock down their accounts against sophisticated spyware attacks. The feature blocks attachments and media from non contacts and joins protections like Apple's lockdown mode and Google's advanced protection. Digital Civil Rights Group Access now called it a useful free safeguard for journalists, activists and other vulnerable users. Users can enable it under Settings Privacy Advanced.

A

All right, I saw cyber security girl talking about this on LinkedIn. If, yeah, if you don't know her, where is it? Oh, hold on. Yeah, she was talking about this yesterday on LinkedIn. Here's the deal. If you're running WhatsApp, for whatever reason, personally, I try to limit the apps that I have. I try to, I try to navigate my friends and family to signal. That's the app that I like to use. But WhatsApp does have a good market. Hold on, some people. So if you are using WhatsApp, you know, basically they've introduced a new feature that you can enable that locks it down really tight. Now this may like with whenever you have a feature like this, just so you guys know, first of all, I'm sorry, let me, let me organize my thoughts better. The WhatsApp has a new update, you can apply it and you have a make it really private feature. If you have a VIP or a senior executive leader or whatever, you can let them know, hey, if you use WhatsApp, you can turn this on to protect yourself better. Now, whether or not they do that, you can't control that. Now you might be Asking. All right, so that's the deal for me, for me personally, like if I was using WhatsApp, I wouldn't toggle this on because I don't think anyone's going to spend half a million dollars to fire a no click spyware app at me. I'm a nobody, you know what I mean? Like no one's going to spend that. So like I'm not going to turn it on now. Why wouldn't you just turn it on by default? Well, here's why. A lot of times features like this, you are trading in usability and functionality for security and privacy for, right? So when you turn on extra private there, there's options, features and abilities, right, that go away. Let's just pretend I don't know definitively. But an example might be you can import fun emojis, right? Like you know how the squad members in chat right now have access to Simply Cyber's emote tray. Well, maybe you can bring that into your WhatsApp. So now you're in a WhatsApp group and you're spamming like Oprah emotes or something like that. It's fun, but you know, you're kind of using APIs and reaching out and stuff which, which increases your attack surface, right? So you turn this on and you can't use any APIs. For example. Again, I don't know the full functionality of this thing, but almost always when you increase privacy and security, there's a trade off on usability and functionality which is because if there was no trade off, this would just be the normal. You would just turn it on by default. This is why multi factor authentication isn't turned on in many places by default because user experience gets a little bit more painful because you have that extra step of authentication and, and businesses are trying to make straight cash, homie, and they're like, oh, I'm, I'm not going to do that because I, I don't want people, I want people to have a frictionless experience. That's the deal. It's a perfect example. So anyways, you know, whatever dude. Strict account settings gives end to end encryption. Welcome to signal. I feel like this is like iPhone and Android, right? Like, doesn't it? I feel like iPhone back in the day, it seems a little less nowadays, but back in the day, back in my day, Android would come out with some kind of feature and then like a year later iPhone would come out with the same feature. And it's so funny because like Apple fanboys and I, I'm, I'M an Apple user, so like, I'm not trying to throw stones here would be like, oh my God, did you see the new feature on the iPhone? And Android people be like, yeah, like I've had it for a year. Like, bruh. So anyways, tldr, turn this on. Here's what I would advise. Turn it on and then if it becomes too much of a burden, then turn it off. But turn it on by default and then roll back.

B

Stang Panda deploys info stealers via cool clients Kaspersky Researchers say China linked Mustang. Panda is running an updated cool client backdoor in espionage operations against government targets in Myanmar, Mongolia, Malaysia, Russia and Pakistan. The new variant adds clipboard monitoring, browser credential theft across Chromium based browsers, active window tracking and expanded plugins for remote shell access, file and service management. Researchers also saw operators using hard coded API tokens for Google Drive and Pixel Drain to exfiltrate data.

A

All right, while, hey, just as a teaser, while this story was going on, I asked AI to generate me a picture of a Panda driving a Mustang like a lunatic. So I'll add that right afterwards. All right, so Panda is, I believe, FireEye. No, no. Crowd strikes categorization for Chinese based threat actors. It's an espionage group. I mean, honestly guys, by default I assume China when I hear Chinese threat actor, you should, in my opinion, you should assume espionage until further notice. Until. So they have this info stealer that steals data from browsers, monitors the clipboard. Sure. All right, so they've been using it since 2022. Okay. This is just a well developed piece of malware. They're targeting governments. Myanmar, Mongolia, Malaysia, Russia, Pakistan. These are all areas that are. Well, at least Myanmar is kind of like. I, I don't know if they've changed much, but last time I checked, like they were in all sorts of challenges, right? Like having like warlords running the country and stuff like that. You know, I don't know even know what's going on in Mongolia. But if you're in these countries, obviously China's taking an interest in you and is targeting you. All the standard stuff. Initial infection is definitely going to be through some type of technical exploitation or phishing, I would imagine phishing because it's so effective. Oh my God, China. Be still my heart. We got a lot going on in this infographic. All right, so here's the thing. When you look at this infograph, if you're new to infosec or you're trying to figure it out, like the first thing Here it says Sang Exe. It's an executable side loading into your, onto your Windows system. The, the infections already happened. This is showing you like post exploitation execution of the cool client itself. So like if you're, if you're starting on step one, your, your, your infrastructure is already on fire. Okay. So just be clear about that. It's a little bit sophisticated in that it can take arguments for different functionality etc. Kaspersky is doing the research on this one. Makes sense. Kaspersky is a Russian based anti malware software company and this threat actor is targeting Russia among other countries. So that definitely makes sense. It's just a feature rich piece of malware. Okay, I'm looking at, this is disassembled code. So you would see this in something like Ghidra or IDA Pro. And I know it looks like nonsense to people who are not familiar with this information, but basically what this is showing you is how it copies the login data from the browser to a temporary file. Yeah, I mean this thing does all the things. It's a root kit, info stealer, C2, back door persistence. It does all the things. And, and it should. I mean this is a nation state backed military piece of code. This is not vibe coded, I'll give you, I'll tell you that much right now. Yes, real. Kyle. Kyle. You know he brings up a good point. This is the kind of infographic you bring home. This, I like to call this like a. So there's different levels of infograph, right? There's the Friday night. Just, you know, wanted to, just wanted to catch a little kiss. There's the, you know, make breakfast on Saturday. There's the Thanksgiving dinner and then there's the, the top of the hill Christmas morning. Okay, I'm putting this one kind of in the like make breakfast Thanksgiving dinner area on the heat map. I've put too much thought into it. Okay. Anyways, if you're one of these countries, you should be on the lookout. EDR obviously email security gateways. If they want to get you, they're going to get you. But you should do everything you can in your power to prevent getting got. Let me look at this. The Infosec Panda. Mustang Panda. Let me see this one. Looks like a lunatic. Here we go. There we go. And ladies and gentlemen, I give you your silly piece of Mustang Panda for the, for the day. There we go. I chose this one because of the look on the, on the panda's face. He is, he is very happy. Look at that guy. That's a happy Panda. All right.

B

Huge thanks to our sponsor Conveyor. Ever dream of giving customers instant answers to their security questions without ever filling out another questionnaire? And meet Conveyor's new Trust center agent. The agent lives in your Conveyor Trust center and answers every customer question, surfaces, documents and even completes full questionnaires instantly so customers can finish their review and be on their way. Top tech companies like Atlassian, Zapier and more are using Conveyor to automate away tedious work. Learn more@conveyor.com.

A

All right, really quickly guys. Hold on. Dude, it's cold in my studio. It's cold in the buffer Osier flow studio. Guys. Hey, really quick. We are at the mid roll. We did the fun. Every single day of the week has a special activity and Wednesdays is worldwide. Wednesdays if you. We did it at the beginning. If you're watching this on replay, I it's probably been cut out due to copyright, but we went and did almost all of the countries. Australia. When you're watching this on replay, we did miss you. But that's okay. You know, we understand time zones are tough. Shout out to all y' all and thank you to the sponsors. Threat locker. I'll see you guys at Zero Trust World. James Aquigan at 35000ft might be there. I've got word just yesterday from him. Anti siphon training with their weekly webinars that are kicking butt Flare academy. Oh. Gonna learn all about inside the life of a threat actor tomorrow. And then area helping AI become, you know, not. Not doing this in AI right. Uploading sensitive information. It's a whole thing. All right, guys, thank you. We're gonna keep on cooking. Finish strong. Remember, we've got jawjacking at the end.

B

Judge dismisses Virginia Flock camera. A federal judge upheld Norfolk, Virginia's use of 176 flock automated license plate reader cameras, rejecting claims they amount to unconstitutional warrantless surveillance. The court ruled the network is too sparse to reveal a whole picture of someone's movements, contrasting it with mobile phone tracking and aerial surveillance cases. The Institute for Justice, which brought the suit, plans to appeal as other cities end flaw contracts over privacy concerns when.

A

Okay, hold on. I've been hearing a little bit about this Flock camera thing, but I haven't really dug into it. So there's 176 automated license plate readers in Norfolk, Virginia. Norfolk. Shout out to Norfolk and the shipyard there. Plaintiffs argued it violated fourth amendment rights and a judge said, no, it doesn't. Okay, so this is more of a privacy thing like a Civil, civil liberties, privacy. Not really a cyber security story, but it does have, I guess, precedents that it's setting as far as the way that we're using surveillance technology in the United States. Remember, license plate cameras, you might say, like, well, what's the big deal, you know? Yes. If someone goes hauling butt, you know, doing 150 in a 55 speed zone, and it would be nice for a camera to catch the license plate so we can get that. The problem is where, you know, they're trying to find somebody. Maybe like, you know, somebody. I mean, imagine if you will, you're very outspoken about what's going on in this country, right? Or, or let's pick a different country. Okay. Let's say you're very outspoken about something going on in your government or with some official who's in a position of power. You know, technically this is a, a mass surveillance system that can find a car that you're registered to quickly. Right. So that is a bit of it. You could see instances of the camera being used for immigration enforcement. Track a woman who had an abortion. Right. So it's, it's. Here's the deal. Okay, guys, again, I don't really want to get political, but here's the deal. With any surveillance technology, the argument will always be, oh, it's used by law enforcement for good. We're going to round up all the people who are, you know, abusing children. We're going to round up all the people who are pushing drugs into the country. We're going to round up all the people who, like, oh, someone robbed a bank in the getaway car. We're going to find that. So, like, the use cases for surveillance technology is always righteous and it's always, like, altruistic. The problem is just like anything else, the technology is being used by a human. So now if you are, you know, a police officer who's going through a, you know, a bad divorce and you want to know who your spouse is seeing now, you could weaponize it if you have. If you take a personal affront to somebody's position on something, you can use it to find them. And, and by the way, really quickly there you could even envision a, an idea where a criminal group hacks into these things and then finds out where all the police officers live or find out where all the under, like, follow an undercover agent. You suspect someone's an undercover agent, you follow them around. Right. So there's a lot of, like, scary, nefarious use cases for these surveillance technology. And that, that's Kind of where we're going. The problem is in the current utility and use case of them. It's not really that, but you just got to be careful. I mean, I don't want to go full dystopian on you, but if you have read the book 1984, George Orwell, right. Basically there was like a flock camera in everybody's house. Okay, that, that's like where it went. There was a camera in the house that would watch you and make sure that you were conforming to norms. Right. The lead character has like a blind spot in his house. Not. Spoiler alert. Okay, So I don't know. So this is just a development. But anyways, with any of this technology, guys, the same thing can be said with spyware. Spyware, right. A Pegasus spyware, like the amazing, effective zero click spyware that is legal to sell because it's supposed to be used for law enforcement. Okay, so just keep an eye on this. Again, I didn't really dive into flock cameras and all of the things with flock cameras, so I don't know entirely what's going on there, but if you have a, you know, a thought, keep it in here. But remember, guys, simply Cyber is a supportive, inclusive community. So we're not, we're not getting, we're not throwing slurs or bars at each other. Barbs. You could throw bars if you want to rip a couple. Oh my God. Not rip a couple lines. That sounds terrible. But like if you want to throw bars and freestyle, I got listen as if it was on demand. I literally have my official Joe Joe Hudson freestyle and shirt on right now for the occasion. I suppose I didn't know it was going to happen. So you can, you can, you can have your own talk, but please, respectful, you know, objective statements and open discourse. That, that's the whole beauty of, of being able to speak your mind.

B

Our flaw still exploited. Google's threat intel unit says the Winrar path traversal flaw is still being exploited by both state backed and financially motivated groups for initial access. The bug lets attackers use alternate data streams to drop payloads, often into Windows startup via booby trapped archives. Activity started in mid-2025 and involves Russia aligned units, Turla and China linked actors plus criminals pushing rats and stealers. Google notes a growing market for packaged Winrar exploits.

A

All right, so I've got two things for you here. One is a. Basically a Tidbits Tuesday that's going to have you literally spit your coffee out laughing. Okay, so Winrar is like an archive utility. Dude, I don't even know why people are using these things. Like literally in 2026, Microsoft operating systems comes built in with extract and archive capabilities. So, like, what are we doing? But if you do download WinRAR and you're using it, you basically, it has a vulnerability that can be exploited and lead to compromise. It basically can basically detonate kind of on a file system through path traversal. You can go up the file system, get into like sensitive directories and I suppose execute things. CVE 2025, 8088. Oh, that's pretty cool. 8088 is the. Oh, my God. Intel Microp. No, no, intel is. Microprocessor is 8086, isn't it? Nerds. Please fact check me, fellow nerds. By the way, not just I'm calling you nerd. I'm a nerd too. I'm pretty sure it's 8086. I'm gonna go to epsslookup.com I'm gonna drop this CV in here. You'll notice it says 2025, which means it's a last year vulnerability. You have about a 3% chance of getting exploited in the next 30 days. And if you do get exploited, it's pretty nasty business. 86% of vulnerabilities. It's worse than 86% of vulnerabilities. Okay. Ooh, it uses alternate data streams. That's. That's. Alternate data streams is one of those things you learn about in class and then like, never ever use. You, like get to hide some text in a notepad file and. And you're like, ooh, this is fun. Look at me being. It's like the equivalent of like writing an invisible ink on a napkin, but no one really uses it. Well, threat actors are now using it. Google Threat Intelligence Group, which is no joke, says that exploitation started in the summer of 2025. Dude, there's got to be a patch on this one, right? All right, so exploitation's happening. Unk my Gen Alpha people. This is not the. This isn't your dad's Unk. And for those who are a little bit older, I do have a 10 year old and a 13 year old, so I get a little bit of insight into this crap, I guess Unk is like, you're old and kind of out of touch, like uncle. So. But unk in this capacity means unknown threat actor. So it's a threat actor. They don't have enough information to align with a known threat actor group. They're using spear phishing to deliver it. It's Basically just a phishing email specially downloaded, Bro. Yeah, man. Here's the deal. Cybercrime groups are going to continue to use it and deploy it as long as you're is it works. What I would say patch it. Ah, you gotta patch it. All right, that's it. There's got to be a patch. This is a freaking. Yeah, this is an old vulnerability. I mean this is from like the summer. So just if you can educate your workforce. Well, see, the thing is like my aunt Dorothea won't know that she's running WinRAR, although she probably wouldn't have downloaded it in the first place. I don't know. To me, this is one of those ones where if you can, if you can, if you're using like a centralized management solution like Avanti, you can see the applications on endpoints and kind of auto patch them or, or centrally maintain them. Just patch them. If you can't send out a quick note. Hey everybody, like, and by the way, just as a bonus, this, this graphic right here, this icon, this is what the winrar icon looks like. So you can literally, I would include that icon in my message and say, hey everybody, if you're, if you're running WinRAR or you see this icon on your desktop, just patch it. Like it's probably launch it and then like, you know, help update or something like that. Give them very crystal clear, do this, this, this on updating it and you're good to go. Okay. Again, the likelihood of you getting hit with this is 3% in the next 30 days. So not likely, but you don't want to risk it. Now let me share a little bit of a bonus thing. If you, if you put your coffee down or your tea down because this is really funny. Win.

B

Rawr.

A

Okay. It makes me, it makes me think if you guys don't know memoji, Lion, I think, okay, you guys see this thing right here? This is like an Apple iPhone thing and basically you can speak and the memoji will like move with you like so it looks like it's you talking. Right? My friend Matt Jones texted me and he texted me something, I don't remember, it doesn't matter. And then my wife also texted me separately about something else. And just playing around, I, I, I wish I could remember what I said, but playing around, I did a memoji and I texted her back and I'm like, I was like, roar, I love you or something like that. I, I used some word in the I love you that was like lion related. So it was like kind of a play on words, but I was just being like cute and silly or whatever. I was like, roar, I love you. Like. And then Matt Jones replied back to me, he's like, thanks honey. And I basically accidentally texted this like, silly intimate like me to my, my, my guy friend. So I was, I was like, roar. And, and then I showed it to my wife and she died laughing. So there you go. And that's been a thing for quite a while.

B

Netflix exposes Forgotten Attack Surface Threat actors are exploiting a decade old authentication bypass in GNU Net Utils TelnetD server that CISA just added to its Kev list. The bug lets attackers log in as root using a simple argument injection. Net Utils fixed it in version 2.8, but hundreds of thousands of exposed telnet instances are still online, particularly in legacy IoT and OT equipment. Data from forescout shows telnet usage is rising across industries with while SSH declines. Researchers say patches may take years due to supply chain dependencies and advise eliminating or isolating telnet services.

A

What? Okay, like, Are we taking crazy pills? Are we taking crazy pills? What is going on right now? I like, like on scale we're seeing all sorts of things go backwards. Like, like there's so many things that we have advanced as a society that for some unknown reason we're deciding to roll back and seem to go backwards on. And this is another one. This is insane. We're seeing a decline in SSH use in an increase in telnet. Where did I wake up in an alternate reality? Was I involved in Avengers Endgame? Did I take pimp particles? What are we doing here? Telnet by default is not secure. It transmits in clear text, which means your. Your data is not encrypted. I can grab it the like it's a joke, dude. You. When you see telnet, it's usually in like home labs for cyber noobs to like learn how to hack. Step one, like ooh, look at the wire. Grab the packets. Look, you can see the password for Telman FTP. Woo you. It's not practical. The other thing I want to point out is that if you're a security researcher and you think that you can't get. Fine. You know, like basically the telnet bushes completely picked free of fruit. Nope. This just shows you something as old as telnet, something that is a relic, something that you have to get. You have to either spend $10 to get access to the museum or use your, you know, your student ID to get in for free to the museum of History where you can go look at a telnet server, there's still vulnerabilities. So as a security researcher, don't think you have to look at AI only and bleeding edge stuff. There's all sorts of old tech that still has vulnerabilities. This one's decade old. CESA had to pull this thing out of retirement, lower the jersey down from the banners and throw it into the known exploited vulnerability catalog. Because in 2026, threat actors are actively exploiting telnet, which is facing Internet. I can't think of a more out of control thing than having a telnet server Internet facing that is like I'm getting lightheaded thinking about it. You can't. I would not. I, I, I wouldn't believe you. I wouldn't believe you. I, I, I mean obviously there's got to be some, but they're probably honey pots. Okay, I'm literally getting lightheaded right now. Give me a second, I'm going to show them. We got to get to the bottom of this. Come on. Oh my God. I don't, I don't have my, my vault open right now. Can someone, is there a way to send me a link to show it in Port 80, please? I don't want to, I don't want to log into my vault and make you guys watch me do that, but I'm just. Okay, here's the deal. Listen up everybody. I can't believe I have to say this, but the best practice here is, is to scan your Internet facing IP range and see if port 80 is listening. If it is, find the engineer who put it there and ask them politely to take it down, replace it with ssh, explain themselves. If, if there is some mission need, some compelling business need for Telnet to face the Internet, then you need to work with them. You have to put detections around everything because that is going to get punched in the mouth. DJB6 got me covered. Here we go. I am lightheaded. 100, 149,000 telnet instances facing the Internet with 35,000 in the US, China leading the pack with 38,000. Okay, Tor exit router meter, Meter sphere. Okay, thank you. No, I mean, oh, oh, hey guys, I've been saying port 80. I am so sorry. I am so sorry. Port 80 is HTTP unencrypted. I'm like, I'm sorry. DJB set, can you do port. Hold on. This is port 23, telnet. I am so sorry. I'm so sorry. Listen, I apologize. I like to give you guys real, real talk, okay? I am so Sorry, I made a mistake. It happens. I am like borderline out of my mind with this story. And unencrypted. Port80 is unencrypted. Telnet is also unencrypted. I said unencrypted and I just started screaming. Port 80. I'm sorry, it's port 23. Now, having said that, things didn't get better because there's half a million port 23 instances with the US leading at 219,000. And. Yep. Dude, CRM tool. This is bad, man. All right, so this doesn't surprise me. I. I would imagine there's a lot of IoT devices that have it on by default that were not. Were not configured differently from initial deployment. So that's what I'm thinking. Yep. So I guess whatever, you can screen clip it. I. I made a mistake. Sorry, guys. The good news is we got to the bottom of it. Thank you, chat, thank you, community. Thank you, and thanks the mods for catching it.

B

Fortinet blocks exploited Zero day. Fortinet confirmed a new Forta Cloud SSO authentication bypass zero day that attackers used to create rogue admin accounts and pull firewall configs from fully patched fortigate devices. The company disabled abused Forta Cloud SSO accounts, then temporarily shut off SSO globally before restoring it with server side blocks for vulnerable firmware while patches are developed. The flaw, which also affects other SAML SSO paths, lets attackers with a Forta Cloud account authenticate to other customers devices. Fortinet is telling admins to treat impacted systems as compromised. Have you.

A

All right, so guys, this story came out earlier this week, or end of last week. This is the Forta Cloud sso. It had a vulnerability. Now it's being actively exploited in the wild. Ah, you gotta patch it. I basically. You gotta patch it. I don't know. I believe the patch has come out. But the key to fix this. Oh, yeah, that's right. It was patched, but then the patch was bypassed. The way to fix this is you have to disable, unfortunately, disable the cloud login for the Fortinet fortigate SSO until it gets sorted out. Yeah, See, Fortinet advice customers to restrict admin access to the devices and disable for the cloud SSO as a mitigation. So it's two parts. I only remember the first one, but the second part just, you know, restrict admin access, which, by the way, you should be doing anyways, that's a best practice. Okay. They published a PSERT advisory on this one on January 27th. So yesterday. So here's the deal. If you're running Fortinet and Forta Cloud, if you're an MSP supporting small mid sized businesses that are running Fortinet for the cloud, I'm looking at you. Real Bilbo. Let me say his name three times. Real Bilbo, Real Bilbo, real billboard. Okay, now he'll appear. You should have known about this, right? This is a massive critical vulnerability that's being actively exploited. You are all hands on deck on managing this. Plus, honestly, guys, Fortinet gets. Fortinet has vulnerabilities like all the time. It's like one of those products. So the chances of you having Fortinet or Fort a cloud in your environment and not knowing it is very low. And if, if it's high, you have a lot of work to do because Fortinet's got problems all over the place all the time. So it's kind of like, I guess a blessing in disguise that it's got problems because you're constantly maintaining it. But go fix the Forta Cloud sso, restrict the admin access, disable it if you, if you have to. If you can't, put detections around it according to IOCs for this vulnerability being exploited and you'll be good to go. All right, that's gonna do it. All right, y', all, thank you so much for being here. I had a meltdown. I had a meltdown and a professional mistake. But I, I, I am happy to say that, like, this is why you just got to hit go live. Don't try to make it perfect. Mistakes happen. It's a thing. All right. Also, as Justin Gold's pointing out, the, as a cso, I, I'm, I'm so far removed from the keyboard that I'm lucky I even remembered that Telnet had port was a port. Oh, you nerd. All right, guys, thanks so very much. Don't go anywhere. We've got Jawjacking coming up. Jawjacking is a 30 minute AMA show where I'll do everything in my power to answer your questions, give you value and insights to help you be the best cybersecurity professional you can. This was episode 1056 of Simply Cyber's Daily Cyber Threat Brief. I was your host, Dr. Gerald Ozier. Until next time, stay secure. Ever wonder what it takes to break into cybersecurity? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together it's time for some jawjacking. Hey, what's up, everybody? Welcome to Jawjack. And this is a 24 minute show where I answer your questions. We have a good time. I'm your host, Jerry Guy, not that nerd. Dr. Gerald Ozier, coming from the Buffer Oer Flow studio. I do want to say really quickly, if you caught the daily cyber threat brief and you. I. I said this story right here with the lion. I remember. I remember what the thing was. I said to my wife. I said, I'd be lying to you if I told you I didn't love you. Roar. That's exactly what I said. I'd be lying to you if I said I didn't love you. Roar. And then Matt Jones said, thanks, honey. I love you too. All right, guys, so here's the deal. We got all sorts of stuff cooking. You can go to Simply Cyber IO Schedule. Simply. Simply Cyber IO Schedule. To see all the upcoming things for Simply Cyber and get calendar invites. We're starting to use that Simply Cyber IO schedule. See it right here. Very easy. You can see the upcoming events, live streams, interviews, workshops, skill streams, the works. All right, guys, if you got a question, put it in chat with a Q. I will flag it. I am very excited to answer your questions. Dude, I am cold up in this piece. Turn the heater on with my split voice. All right. All right, guys. Guys, what are the questions? Here we go. I have a question. William Ayers. Thank you, William. Getting this party started quickly. I split some sour. Oh, bro says he spilled sour cream on his keyboard. What should I do? Throw your keyboard out. That keyboard's trash now. Gotta get a new keyboard. Might have to throw the whole computer out. I hate sour cream. We got a joke in chat that's kind of built on truth. SRW788 says if you save money buying Fortinet, you're gonna offset it by having to pay someone to permanently maintain it. Oh, my God, that's good. All right, guys. So, yeah, I'm Jerry. If you let me know in chat if you're attending my workshop later today. I'm very excited about that. Got. Got four hour workshop for you guys free. Just bringing the value. So. Pocket Pixie, I think the question was more just to make me say sour cream. I hate sour cream. I hate it. I hate it. I hate it. Ew, Sagrass. So SRW788 has. I mean, if you have a question, put it in in front so it's easier for me to see. But as someone who's in the final semester of their doctorate. How did you find your PhD first impacting your cyber career? I can't see the immediate relation and I'm doing it primarily for fun. Congratulations on almost finishing your doctorate. You say final semester, but is that just of the curriculum? Like do you still have to do your dissertation or are you like defending your dissertation and that's your final semester? I'm just curious. When I got my PhD, it was in May of 2019. It had no immediate impact. I went back to work, you know, on Monday. No pay raise. If anything, I got more job responsibility with less pay. That's it. The, the, the lasting impact of getting my PhD was twofold. One, like I'm not really about this, but like it gives you like some, like some juice, right? So when you show up to, you know, like you apply to a job interview, a job, or you, you, you speak at a conference and it says like, you know, SRW comma, PhD. It's got a little bit more stickiness and clout to it. Okay. I personally don't walk around and say, call me Dr. Gerald Ozer. Call me Dr. Ozer. So. Oh, all right. So they're going to defend the dissertation. Dude, congratulations. The dissertation's definitely the hardest part. It's the loneliest part. It's the most soul sucking part. So congratulations on that. The impact is not immediate. It's. It's at your next job where you can demand a little bit higher pay. It's at getting access to opportunities. It's personal branding. Doing it for fun. Absolutely. I did mine for fun because I'm passionate about cyber security. So you'll be good. But yeah, sorry to, you know, be real. Like there's no immediate impact. Is Fortinet still safe to use? Yeah, Kenneth Jay it. Fortinet's a fine product. You just have to stay on top of the vulnerabilities. Is at the real Bilbo in here. We should talk to him. I just make fun of it because it's got vulnerabilities all the time. Cyber risk, which what simply cyber video or content from 2025 are you most proud of? That's a good one. Did we just become best friends?

B

Yep.

A

That's a tough one. A cyber risk, which I mean, I'm really, really proud of. Simply Cybercon, just. It's a, it was amazing to engage with the entire community. I even, I sat next to you and met you for the first time. So really I'd have to go back and look at the whole catalog of 2025. I feel like, you know, there's so many great, great helpful things that came out. So. Yeah, thank you. I'm sorry I don't have a better answer and I don't want to like fumble around up here, but simply cybercom was great. Sauerkraut. Sauerkraut's not bad. I can do sauerkraut. As a former DoD Intel Pro of 16 years looking to transition into cyber intelligence work, what roles would you suggest I look at that would maximize the crossover of skills? Cyber threat intelligence without a doubt. CTI Analyst. CTI Analyst. A thousand percent. You might also want to learn a little bit about like SOC analyst work and threat active behavior. But you can get it like there's, there's lots of threat intel. I mean like Flare cat flare. Flare IO is a cyber threat intelligence platform. I think Gray Noise is a cyber threat intelligence platform. You, you will need some technical chops, but that's definitely a good one. Also I have a CIA friend who runs a like surveillance and you know, kind of an OpSec ointment company. So you could look into that area as well. What's the workshop entail? Soul Shine asks. It's a four hour workshop. I'm going to teach you how to use YouTube for personal branding. It's basically a four hour speed run of how you could build your own simply cyber. Because honestly it like here's the thing, if you have a YouTube channel and you're making some content, it becomes very easy to repurpose the content for blog post, LinkedIn content, content, etc, you can build it out personal brand. And then when people, you apply to a job and it says like Soul Shine and then right below it it's like YouTube slash at soul Shine. Right, whatever. Just like people going to look at LinkedIn, people are going to be curious and they're gonna go look at your YouTube and you have a force multiplier there because they're going to see how you speak, what you look like. It's very much like an interview except it's one sided so the person going to like creep on you doesn't feel like they're like they can check you out without having to worry about the interview and interview process and all that. Plus it's easy because if they're reading your LinkedIn profile, they have to read it. If they watch a video, it's just there. So it's, it's really, really nice. My friend Nerman. Hey Nerman, it's great to see you. And if you guys don't know Nerman. He's definitely one to get to know. This guy's awesome. Norman. 26 months. How is AI changing the way ransomware attacks are carried out? Great question, Norman. I mean, we literally just saw a story in today's news about Vibe coded ransomware. Unfortunately, you know, obviously these dudes moved quickly, which means there's more people in the ransomware ecosystem, some more threat actors, but, you know, these ones were script kiddies, so they. The. The decryption part didn't even work. So that's how AI is changing it. We're going to see more. More ransomware type variants, more malware in general. Nerman. And. And faster turnarounds as well. Plus, I could see AI being used to reverse patches in order to get exploitation. Remember, ransomware is not that. Like, you can rent ransomware from malware as a service on the Dark Web. It's getting onto the boxes, the initial access, that's the big deal. All right, What was your dissertation? My dissertation was a study of why. Hold on one second. Like, the unofficial title is why Do Small Health Care Businesses Suck at Cyber Security? But it had a more formal name. Hold on, I. I'll grab it. I'm curious now myself. Actually. You know what? I'll do you one better. My dissertation is printed out right over there, and I could go grab the book, but Honestly, books in 2026, ain't nobody got time for that. I'm joking. I read all the time. But I can. I'll show you this really quickly because this is something that you can. You can do yourself. DSU Beetle Osier, Dissertation A Healthcare. Okay, so here's my official title, Brown Coyote. And you can download. Come on, man. You can download it and read. What the hell is going on with this? Oh, my God. All right, so here's my dissertation. I named it Flashlight in a Dark Room. A grounded theory study on information security management at a small health care provider organizations in the state of South Carolina, September 2019. And you can see here, like, I'm gonna link this. If you want to read my dissertation, go for it. If you're having trouble sleeping, you can read it. Since we're in here, I do want to point out really quickly, like, here's evidence that I have a PhD. I'm not just some blowhard poser. I do want to bring up here my acknowledgments. I immediately thank my wife. I thank my wife because without her support, I would not have been able to achieve this PhD. But then I also want to call out really quickly thank you. The Midnight. Yes, yes, I thanked the Midnight in my dissertation. The Midnight is sick. Oh, I love that band. I. I listen to a lot of the Midnight during my dissertation. Like I said, it is a lonely, lonely experience doing the dissertation. Okay, next question. Not yours, mine. I am three classes away from finishing my master's. Nice job. I have not worked in the IT field, but have an education in networking. I understand basics. What should I do to get a job? All right, so here's the deal. You're doing that. You're doing the. The education part, which is perfect. Okay? I would recommend getting SEC plus the CompTIA security plus. It's not necessarily a great certificate. Certification, but it is a hr. It's an HR Gatekeeper blocker thing. Okay? So you'll have education and a master's degree, which is good. You'll have the SET plus, which is good. And now you're. You're going to be in a sea of people who have the same thing. Your masters is going to give you a little bit of elevation over them. But what you should be doing already, not yours, mine one. And hopefully you've been doing it, is you need to network with other people in industry, and you need to get it out in the world that you are who you are and what you can do. I. E. Like personal branding. Now you might be like, oh, personal branding. That sounds lame. I don't want to be an influencer. I'm not talking about that. The. The easiest way I tell people is, like, just to listen. Imagine like, a car lot, right? You drive by the. I'm sure you drive by a Chevy dealership once in a while, right? And you. You. You definitely look. Just by natural you're driving. You probably look at the. The cars in the front, right? Oh, that's a cool pickup. Oh, wow. That's a cool Corvette. Oh, wow. They got a Jeep out front for some reason, right? Do you know what you don't do? You don't look at the cars in the way back by the tree line, in the way back, right? So think of you as a car on the lot, and all the other cars are people who are trying to get jobs in cyber security. And the person driving is an employer. If I need a car, I'm gonna pull into the lot. I've already seen the Corvette. I'm like, yeah, I want a Corvette. Or, oh, like, I need a reasonable car because I have a family. This SUV looks fine. I'll take it. But you're a better suv. You get better gas, mileage you have better features all in. But you're in the back. No one knows you're there. All personal branding does is drive you from the back of the parking lot to the front of the parking lot where the street is. That's what personal branding is. I want to give you some value here. Okay. And it's not too late to start, obviously. This is my YouTube channel, Simply Cyber. This is videos. And then. Wait, I should go to live. Look at. I did this video the other day with Mike Miller. Here it is. This is a one hour. Like, to me, this is a one hour super stream that I just, I. I feel like it didn't get enough. It didn't get enough reach. But I, I don't care. It's just too bad because it's so useful and so powerful that I want people to know about it. So who asked that question? Not yours. Mine. Not yours. Mine. Watch this video to get you started or maybe you're already doing it, I don't know. But relationship building, personal branding, Go to a local conference and stuff like that. It's so much easier to get a job when people know who you are already or they can easily see more about you beyond just a resume. Otherwise. And I hate to, I hate to say this, guys, but it's not a meritocracy. You don't get the job. Employers do not go and say, I'd like to speak to the valedictorian because we're giving them a job. Oh, the valedictorian already got a job. All right. I will speak to the second highest graduate. I will speak to the third highest graduate. That's not how it works. It's not a meritocracy. It is very much about relationships and networking. I personally can attest to this. Several times I've gotten jobs that were never posted, ever. I have connected friends. I have friends in chat right now. I'm not going to name names. I have friends in chat right now who literally have the job they have because someone contacted me and said, I have a job. Do you have anyone? And I put them in contact and it worked out. Now they got the job themselves. I didn't give them a job. But my point is that job never was on the market ever. Okay. SRW with a super chat. Thank you very much. We just become best friends. Yep. All right. All right. Do you call yourself Dr. Jerry Guy? No. That's a level of, of inception and insanity that I just don't think I can handle. Question, bdub. Jerry, you said yesterday you would prioritize MFA over quantum, which makes perfect sense. What didn't sound right was that using quantum was not on your five year roadma map at cisa. Oh, I see, I see. Okay. So you know, here's my thing with, with roadmaps. Five years is like, it's more like strategy. Three years is more operational, one year is tactical. So I mean I don't think quantum computers in five years, I just don't think I'm gonna be deploying like quantum Windows. You know, Windows, Windows 30 operating system isn't going to be quantum windows. You know what I mean? Like, I just don't think quantum computing is necessarily going to be as accessible as like AI is now because it's very, very, very hard to cool. You have to get quantum computers almost to zero Kelvin because the entire thing is how the atoms move and you need them so cold that they're not moving. So I just don't really see it as like practical. And then yeah, I mean if nation states want to use quantum computers to break encryption, they're going to have to steal the data, then break it. And yes, I get it, but just, I don't know, like a manufacturing company in Spartanburg, South Carolina, they have lean margins already. Like most manufacturing companies have 3% margins and like a for profit. So like there's not a lot of extra scratch to be throwing around at cyber security. People. Like people are deploying technology with default creds. People are not updating from Windows 2008 R2 servers because of schema changes. Like we, we have so many problems that like just Quantum's not on my five year roadmap and I mean it's a good, it's a good question. I, you know, I'd love to have a, you know, not a debate but like an open conversation about where quantum sits in other people's. It's just to me it's like, I don't know, it's just not, it's not, it's just not on the radar. I'm not saying, here's the thing, if I buy a solution and you know, one costs $10 and the other one costs $10 and one's quantum resistant and one's not and they're similar in features. I'll take the quantum resistant one. I'm not anti quantum resistant. I'm just not prioritizing it and I'm not spending, I'm not spending extra money on it. Thoughts on wgu Berlinda? I haven't taken it. I know several people who have there's several people in chat who have gone to wgu, so I'll ask them. If you've attended wgu, Please put your thoughts in chat. I will tell you Casually Joseph's probably passed out right now on an airplane, but I have asked Casually Joseph to make a video for Simply Cyber about his WGU experience and he's agreed to it, but I don't know what he's doing with it. You gotta like, you gotta like ride Casually Joseph to get him to do those type of things. Working on learning Python. We do have a cyber department in my job already. All right, very cool. Cool. Definitely network with your people in your office. Sunshine says get a master's or get search. Which would you choose if you had neither in this day and age? Depends on what job you want, Sunshine. I'm assuming you have a bachelor's degree then if you're going to get a master's next. For me, the master. So I have two master's degrees. It didn't really necessarily unlock anything for me. When you have a master's degree, you can get access to management a little bit faster. Like get a job in management a little bit faster. So for me, if, if I'm looking for a job, I, you know, I'm a GRC guy, so I would get the isaca, cisa, and CISM before I got a master's degree. If you're gonna get your employer to pay for your master's degree, I would certainly do it. And again, like a master's degree only takes two years, which I know sounds like a long time, but it's really just four semesters. I, I, I've crushed, like I don't even remember my first master is like going to get it. It was just like, it was like something I was doing while I was waiting for my wife to graduate. So yeah, but I guess if my, if, if you came to me and asked this, it would depend on the job. But I think a bachelor's and some Certs that are like gatekeeper certs might serve you better. But you know, a master's isn't bad. They're both good options. Hopefully that was helpful, Sunshine, and not more confusing. All right, two more minutes because I'm doing a four hour workshop today and I still got like my job to do. William says is there a risk of infosec jobs disappearing with the rise of AI? I get that the job may change, but this is there stuff you would recommend studying to remain employable. Data science may go away. Yeah, I mean, I think Data science is, you know, got some challenges. I think software engineering's got some challenges. Infosec. The cool thing about Infosec is, yes, AI is going to help us quite a bit, but I don't think it's ready to replace us just because the thing is, half the deal with cyber security is that threat actors are constantly thinking of ways to abuse systems. And if AI is thinking about systems, the way they're designed and how to use them, then when they get weaponized, you're going to need a human to kind of like identify and, and, and power through it. I do want to point out something really quickly as a reminder. In 2026, not only AM I releasing a video every single day on, I mean, oh, my God, every single Sunday on Simply Cyber, I'm also partnering with people. So Simply Cyber Media Group, you could see, here's me, here's me, here's me. But also every other week or occasionally, I'm going to have people who are experts in certain areas deliver their value. As part of Simply Cyber Media Group, Michelle Khan just did an OSINT one. The reason I'm telling you this is because the question you're asking right now, the question you're asking right now, look at this. Hayden Covington, the same guy who's bringing you the heat for the webinar today at Anti Siphon. This guy, he's got a video here on Simply Cyber that's going to be dropping in just a few weeks called AI Won't Save you. And it's talking about AI in the Sock and how it. You need a human, like, kind of around the things I just said. So definitely want to check that out. William Ayers, as a follow up to your question, SISA was saying that we should prioritize Quantum. With increased vulnerability in crypto, should we consider that existing controls do not mitigate risk? I mean, I, I guess I'd have to look at. I mean, see, you gotta remember, Cease is trying to protect the federal US Government as well, right? So national security, security secrets, all those things are in play. I mean, existing controls do not mitigate risk. I mean, it's mostly around encryption controls, Right? The whole benefit of Quantum is that it can shred current encryption. Quantum computers aren't gonna change a door lock or, you know, help your backups be, you know, restore or something like that. So it only kind of messes up some controls, not all controls. All right, we're at 9:31. I'm going to speed run now. I've been working in a sock Analyst for three years. How hard is it to hop over to the GRC side? Not hard at all. Just, you know, like, you'll understand how security works, so you'll be able to better manage risk. Understand risk. I think you'll have a good time. Code Brew. Six years IT experience. Current company, three titles, all previous. Unrelated. How far back should I go on my resume? Well, that's great question. So, Code Brew, I personally don't like to use much on my resume that didn't have anything to do with the job I want because it's just filler. Right. If you were like, construction worker, like, what's that do for you as a software engineer? Right. So what I like to do is I like to fill up that full page with as much information that's directly related to the job I'm applying to. And then because I'm old now, what I typically do is I'd have a last line item that just says prior to 2012, you know, multiple roles in, you know, demonstrating, like, grow, like professional growth or something like that. Just kind of like, you know, succinctly capture that, you know, you've been working for an additional 12 years or whatever it is, and whoever's gonna read it is gonna be like, okay, I get it. All right. All right. Do you think it's easier to find a job inside with a bachelor's versus master's degree? Is a year too long to go without a new cert? No, I mean, I think. I think a master's might be easier to find a job than a bachelor's because it's a key differentiator. But a master's doesn't guarantee you one a year without a cert. I don't know. I don't think you need to, like, stack certs or anything like that. Certs are only to me asserts good if you're like. Because they're asking for it on the job res. Job requisition. Is it worth it? Having associate's degree with everyone having higher degrees? I feel left behind. Yeah, no, no, it's definitely worth it. Right? I mean, I think an associate's degree is good. It shows education. People are getting hired in cyber with no degree, so it's. It's something else. Right. I don't. Don't. Don't downplay it. Right. Shows that you were able to commit to something for a couple years and execute on it. Elliot, have you ever published your dissertation on LinkedIn? If so, increase engagement with you and your brand. No, I never done it. I mean, the thing is, it's like a 200 page book. It's dry. All dissertations follow the same kind of format. Like, there's five chapters. Each chapter, it's like, well known. Like, one's the introduction, two is the lit review, three's the research design. Like, it's just not a good read. You know what I mean? So, I mean, I could publish it, but, you know, I don't know. To me, it almost would just seem like a flex, Elliot. Like. Like someone who's like, I don't know. It's just not for me. Shodan free to scan your own public IPs. It is up to like, I think 12 IPS. And then you have to pay for more than that. STV0887 go look for Shodan Monitor. M O N I T O R Shodan Monitor. Should building a brand or portfolio be part of the cyber job search process? I think it should be. All right, guys, I really got to get out of here. I've got work to do before I do this four hour workshop. How should newcomers measure real cyber skill versus credential accumulation? I mean, the thing is, the credentials get you the interview. You need the skills to be able to explain your capability in the interview. So, I mean, definitely take a balanced approach. If you have a, you know, a word soup after your name. But you can't. You don't know like, what an IP address is. It's. You're going to not get the job. All right. Oh yeah, BW is. So I did make a custom. I made a custom graphic. I made a visual infographic in my dissertation that absolutely captures in one graphic my entire dissertations discovery, which is so funny. Thanks BW5542 for capturing it. I actually did like a. I was on this giant dry erase board when I worked that out. That's a hidden gem, dude. Thanks for finding it. All right. Oh my God, you guys. I don't want to leave anyone hanging. I don't want to leave anyone hanging. Oh, my gosh. Okay. Come on, come on, come on, come on, come on, come on, come on, come on. All right. Looking, looking, looking. Trying to get caught up. Trying to get caught up. Damn Cryptic roses with a cyber degree tune, Linux certs, job hunting training, but little traction. What practical steps can grads take to gain real experience when enterprise access and home labs cost are a barrier? Well, I mean, dude, there's all sorts of like, you know, affordable, like hack Tyler Ramsby's hack. Smarter can give you real skills. And it's like seven bucks a month. So I mean, I don't, I don't know if that's a barrier. I mean, I'm not saying everybody's got their own situation, but like, I don't know, I feel like you can scrape seven bucks a month again, maybe that's not your speed. Maybe you're not trying to do pen testing, but you know, you want to get the skills. Like go find a job, wreck for the things you want to do and then try to back into the skills. Remember, a lot of businesses will say, I can teach you the skills I need, the passion, the attitude and everything like that. So definitely, you know, do that personal branding thing. Get your word out there on what you're doing and what you want to get access to. But you know, I'm sorry that some things are a little bit hard to get into, but like Cisco Packet Tracer. Cisco is an enterprise grade tool. Packet Tracer is a tool that's free to use. Burp Suite has a free tier you can certainly use. Depends on what you want to do. All right. Trying desperately to get to caught up so I can. And please don't put. Oh, good, we're caught up. All right, everybody, thank you so very much for all your questions. I will see you at the workshop if that's where you're going to be today. Otherwise, we'll be back tomorrow at 8am Eastern Time for episode 1,057 of Simply Cyber's Daily Threat Brief, which is, by the way, like 1057 is lost. The original badge maker for DEFCON. Like handle. Kind of fun, little fun fact. Okay, very cool. All right, all right. Only because Justin Gold tagged it and Justin Gold does a lot for the community. The one question about newcomers measure real cyber versus credential accumulation. Think about sports. You can train all day, but until you go playing a game, you just don't know if you're good or not. I've been making a ton of Magic the Gathering Commander decks, but I've yet to play commander with four people. With my own deck, I don't know if my decks are good. You can read a cookbook a thousand times over and be able to memorize a cookbook, but until you've like actually cooked in the kitchen, you won't know if you're good. All right, I gotta get out of here. Jerry, I'm Simply the workshops on Zoom you had to have registered. I'm Jerry from Simply and you can go to Simply Cyber IO schedule. I still think there's a couple slots for the workshop. I'm Jerry from Simply Cyber. Thank you all so very much. Until next time, stay secure. And thank you to the mods for all the support. Let's go.