B (9:51)

Roll from the CISO series.

C (9:53)

It's Cybersecurity Headlines these are the cybersecurity headlines for Thursday, January 29, 2026. I'm Sarah Lane. Sandbox escape law exposes N8N instances JFrog researchers disclosed two sandbox escape vulnerabilities in the N8N workflow automation platform that can lead to a full remote code execut on self hosted instances. One bug is rated critical at 9.9 and allows authenticated non admin users to escape JavaScript sandboxing and gain host level control. The other enables similar RCE via Python sub processes. The flaws are patched in recent N8N releases. Cloud hosted NAN is not affected and J Frog warns slow patching leaves tens of thousands of exposed instances at risk.

A (10:57)

Okay, very simple here. If you're running N8N locally, you got a Patrick. I mean it can't be any simpler. And listen, all of you in here, like you're all cyber pros. Come on. Like if, if we need to, if we need to patch something, we make it happen, okay? Now if you're in a larger organization and you got like an R and D team running around with N8N, that's fine. Tell them that they need to patch it, right? And, and I mean depending on who the person is, you can just tell like I, I don't promote lying. So I would look into the patch. There is a possibility that there's some new features. Hey, Carl, Carl, Carl. Hey, why don't you patch your N8N? You're going to get a new emoji in your keyboard tray. I know N8N doesn't have a keyboard tray, but just. Yeah, you get the joke, right? Oh, hey, it's faster, bigger, stronger, leaner. It's the daft punk of, of patches. Get on it, right? Sometimes you gotta, you gotta, you know, put a little honey in the medicine to make it taste better. Self hosted N8Ns need to patch. Now the, the, the vulnerability is really bad because you can execute host level commands I. E. PowerShell and then you know, basically run a PowerShell cradle, pull down second stage payloads and the box is compromised. The N8N is like irrelevant at that point. It's the box. And now they got a foothold in your environment. It requires the individual to have authentication to the N8N instance already. And last time I check, we're not just allowing admin admin logins to N8N so, you know, are you going to get popped it, you know, I would say of all the, you know, hundreds of thousands of instances of N8N locally installed, this is not going to be like a wannacry spreading across the country violating SMB shares with the Eternal Blue tool. But, but you shouldn't mess around, okay? We're all familiar with the F around and find out. Model this thing, right? You just. This is like a colonoscopy. It's complete. The problem is completely solvable. You do not need to experience getting violated by a threat actor. You can just patch it. Ah, you gotta patch it. So yeah, that's it. Best practices. Anytime you have tech on your box, you know, you got to maintain it. That's the whole deal. I would. A lot of people are getting, you know, very AI is allowing anybody to be like a developer nowadays, right? And the entire N8N deal is that it's like a WYSIWYG. Like, you know, you, what you see is what you get. Like you drag and drop things and it does the work underneath, right? It's very much like a, a higher level tool. Which means my cousin Pat, my aunt Dorothea, you know, my cousin Todd, like they can all use this thing regardless of skill level. So what I'm saying is this is not a tool reserved for developers and AI analysts only, which means you can have a wider spread of it in your environment. So I would, you know, for me personally, I would start with R D and engineering. I don't know if N8N has automatic update capabilities, but as always, you can scan your network and look for instances of N8N. It probably has some type of fingerprint for on a listening service. And then, you know, hunt it down. If need be, send out a broadcast email to your organization. Hey, if you're running N, patch it. Thank you for your time. Like, simple as that. Because here's the deal. In reality GRC world, if you don't know what. If you know what N8N is, you know what N8N is, right? I know that sounds super stupid, but just hear me out. If you send an email to your entire organization saying, hey, just real quick, if you're running N8N locally, make sure to patch it. There's a pretty nasty vulnerability out there, period. Right? My Aunt Dorothea gets that. She's like, I don't know what N8N is. Disregard. You know, DJ B Sec gets it. He's like, oh geez, okay, you know what I mean? So like you're not gonna like confuse anybody. All right, let's keep cooking.

C (15:14)

Fake Multbot Assistant Dr. Drops MALWARE Security researchers flagged a fake claudebot agent AI coding assistant on Microsoft's VS Code Marketplace that secretly installs malware, giving attackers persistent remote access via a bundled Screen Connect client. The extension exploited Multbot's popularity despite the project having no official VS code plugin, using multiple fallback methods to deliver payloads even if infrastructure went offline. The report also highlights broader Multbot security risks, including exposed unauthenticated instances leaking API keys and credentials.

A (16:00)

All right, so this is an entire vector of threat. I guess so again, AI is making everybody, you know, a friggin developer, a software engineer, a sales expert, expert marketing expert, whatever, right? And then now and there are people are writing tools. This is no different than putting like Python libraries on GitHub or in PyPi or NPM and having developers Pull it down. It's just, this is just like a marketplace of AI tools that can be pushed into Visual Studio. Some of them are going to be malicious because threat actors know they can just leave them there. It's like Minesweeper drink. And by you, by the way, Youngs, you know what Minesweeper is? Don't act like I'm a boomer up here. It's like Minesweeper, you just put it, you put the malware there and eventually someone's going to step on it, right? Pull it down. Looks a lot like Claude Bot. People could mistakenly download it and it's just malware. Now. Remember the, the gist of this one is that this is a crime of opportunity, right? The threat actors don't know who's going to download this. So it's not targeted like, oh, I'm gonna get paid today, I'm attacking Chase bank or whatever. It's like, I hope I, you know, it's almost like ripping packs of freaking Lorwin Eclipse. They're like Magic the Gathering or Pokemon Packs. You don't know what you're gonna get. Are you gonna get a hit? You're gonna get a Chase card? Are you gonna get some type of investment hedge fund place? Are you gonna get, you know, some, you know, tween who's joking around and has no, you know, using a Chromebook or something? You know what I mean? Like at school you don't know, so you gotta, you gotta see. So just as always, I would just say kind of stick to me personally. I like to stick to the main ones. Like Claude Bot obviously appears to be vetted and everybody's talking about it and how amazing it is and everything. N8N Everybody's talking about how amazing it is. So I, I guess call me a conformist, but I like to stick to kind of those. I like to stick to the main streets. I don't like to go down alleys and dark alleys and little go off the path into the woods and see what happens. Like that's where you get in trouble. Nothing good happens after midnight. All right, that facts I can tell you. I went to college. Like nothing good after midnight. So you know what I'm saying is between, you know, 8pm and noon and midnight is like downloading Nana and Clubbot. Again, this, to me this is less obviously if you have Mold Bot in your environment, you have a problem. But there's a bigger paradigm here of hey, be careful when you're using Visual Studio or any of these like AI enabled software development Packages that you could be pulling in malware. Just be mindful of it because it's molt bot today, it's flaming donkey bot tomorrow. So if you're just trying to treat the symptoms, you're not going to solve the problem, you're just going to get reinfected. Reinfected, of course. Something like this. No, Elliot Matice. I absolutely did not go off the main streets. Even, even. That was a little dodgy, dude. San Francisco's like, I don't know, I've never seen the show. What do they call it? Fallout. I've never seen Fallout or played the video games. I was talking to Joe, Justin and Joseph and Dan the other day about Fallout. But like San Francisco, I feel might be like, what Fallout is. Another thing really quickly, just so we're doing the GRC calculation here from the risk, right? Risk is likelihood times, impact, how likely is something bad to happen and if it does, how bad is it? With AI enabled bots and stuff, people are like, here's my apa, here's my API key, here's a non human identity with full permissions. Here's all the things you need. AI, go do the things you want to do. Make my life easier, right? Here's all my email, here's all my calendar, here's my bank account so you can book a flight or my credit card. Here's all my chats and personal connections. So when you give malware that you're giving it to the threat actor, you know what I'm saying? So like to me the impact is quite high so you have to be extra vigilant when you're dealing with this stuff. Okay? Again, educate your end users.

C (20:29)

Peck Birdie takes flight for cross platform attacks Trend Micro reports that China aligned threat actors have used a cross platform J script based command and control framework dubbed Peck Birdie since at least 2023 to run cyber espionage campaigns. In two separate operations, attackers targeted Chinese gambling websites and Asian government entities using pecbirdie alongside new modular backdoors mkdor and Holodonut to deliver fake software updates, harvest credentials and enable lateral movement while evading endpoint defenses. The framework's use of JavaScript and living off the land binaries makes detection difficult and points to ongoing state linked espionage activity. Autonom.

A (21:21)

All right, so this, I feel like for most people in chat, this is interesting and worth noting, but not really something we have to get sweaty about, right? Like your butt's not puckering on this one. They're targeting Chinese gambling websites and Asian government entities Now I know we have a Filipino population in here, but for the most part I, I don't, I. As far as I know, I haven't heard much in the way of simply cybers community members working within this space. If, if you do work in the space, you should listen up. But for the, for the most of us, this is just interesting. A lot of great learning here for us. Number one, Chinese state. Sponsored. Okay, Chinese state sponsored malware. And, and this isn't even malware. This is like apt level behavior. This is like what you'd want a red team to come in and do. They're using a C2 framework that uses J script. I'm not familiar with this C2 framework. C2 frameworks are command and control frameworks. If you want like a classic example, go look at Cobalt Strike or Powershell Empire or Sliver. Those are all examples. Sliver is a open source one. Empire is an open source one. So you can play with them if you want. But anyways it just allows you to infect a bunch of machines on victim infrastructure and then control it remotely. And there's more advanced capabilities, right, like chaining things and, and whatever. So two things jump out of this. First, China attacking Asian governments makes a lot of sense, right? I mean, hello, Taiwan is on line one. So that makes sense. Them attacking Chinese gambling websites, that actually seems out of character. That, that feels like more of a North Korean type move than a Chinese move. But you know, I, I don't know. You know, obviously they have orders and there's a, there is a reason behind it. I'm just not well informed. If anyone has a thought in why they attack gambling websites, let me know. And like yes, I understand that's where money is, but guess what? China is an authoritative regime. They, they have money. They as far as I know. So I don't think you have to learn worry too much about Peck Birdie. But if you are interested, one thing that they do talk about that makes it very difficult for detection. Oh look, you can see here they actually mentioned Cobalt Strike payloads. They're using Cobalt Strike payloads for exploitation and they're exploiting a Google Chrome 2020 vulnerability. Listen, CVE's the, the date the CVE was discovered or officially registered is in the CVE identifier. This one was 2020, bro. If you're running Google Chrome and it hasn't been updated since 2020, the back of my hand would like to have an appointment with you. Like what are we up to here, bro? Ah, you gotta patch it. Okay. So there's no excuse here. Like you've gotta, you've gotta patch your Google Chrome first of all. Second of all, and this is what I want you to take away if you didn't know. Living off the land is a concept that you should definitely be familiar with. It is a technique that is used by very good threat actors very often and it makes it very difficult to detect malicious behavior on a box. Living off the land is taking advantage of existing binaries on Windows operating system or Linux operating system and abusing those binaries or executables or applications, whatever you want to call them, to achieve the goals of the threat actor. This can include opening network connections, writing to the disk, data exfiltration, hiding data persistence mechanisms, all those things you need to, you need to know what living off the land is. And the best thing is there's already a whole website for you called LOL Bins or LOL Boss. LOL Bins is the other one, right? And you can see here, look at this. I'm gonna drop this link. This is a GitHub repo. This is. If you didn't know about this, welcome to the party, pal. You should definitely know about this. Okay, this, this. They even map it to Miter attack techniques, which is very nice. You could see like, look at. Let me just find one that's like pretty common, like Certutil. Exe. Certutil. This is a standard Windows binary. Comes by default with Microsoft Windows operating system. Every version. Windows 10, Windows 11, Windows XP. Right. Cert util. But you can. It's used for like basically generating hashes for validating certificates, etc. It's good. It can also be used to download files from the Internet. Oh, I'd like to pull down my second stage payload now. No problem, sir. UTIL is here to rescue. You want to hide something in an alternate data stream? Sure. We got. You want to encode your payload so it doesn't look like malware. So it doesn't say, you know, PowerShell or you know, cmd exe. We can encode and decode no problem. This is what living off the land is and you should be familiar with it.

C (27:07)

System uncovers open SSL flaws A January update fixed 12 previously unknown open SSL vulnerabilities, some dating back to 1998. Uncovered by Autonomous analysis from Aisle. The flaws spanned more than eight subsystems and included one high severity bug that could enable remote code execution under specific conditions alongside moderate and low severity issues. OpenSSL maintainers credited Aisle's disclosures and Said the findings highlight how automated analysis can surface long standing issues in heavily audited code bases.

A (27:50)

All right, so Open SSL has been used by lots and lots and lots of applications, lots and lots of developers and it's got flaws. Dude, here's the reality. Any software written by a human or a, what do they call those people? AI. I've just called AI a people. Software written by anyone likely has flaws. I remember back in my day when I was a software engineer, there was some metric and if you know it in chat, let me know. But it was like for every thousand lines of code there's like 27 flaws or 17 flaws or something like that. There was some like known acceptable percentage per thousand lines of code. Because then you could say like you know, the Microsoft operating system kernel has you know, 30,000 lines or 40,000 lines of code. Therefore there's approximately like 98 bugs or 170 bugs or whatever, Etc. So OpenSSL, there are flaws that were discovered that have existed since 1998. Okay, Britney Spears. Hold on. Britney Spears, 1998. What were we doing there? That was her breakout year, baby. One more time. Okay, so developers were like listening to Brittany in the background hitting code commit for open SSL and introducing a flaw and it just rode dirty for 17, 18 years. You're picking up what I'm putting down. All right, so don't think that, you know, it's all got to be cutting edge new code or there's nothing for security researchers to find out there. Now I'm pretty impressed with myself by the way, pulling that Britney Spears breakout year. I. I'm not a Britney. I never was into Britney. I went to college with some guys who were really into Britney, but I don't think it was. I don't know why they were into it. Let's see, what do you do? Do you have to patch? No. Update? Yes. So the January 2026 release of a open SSL build includes all the updates for the 12 vulnerabilities. So it doesn't say it exactly, but you gotta patch it. Ah, you gotta patch it also for BW5542 if they're in the chat. Open SSL has new components for post quantum signature handling. So this is one of those examples where you're going to get quantum resistance capabilities without extra pay or without actually, you know, changing your infrastructure. So holla.

C (30:47)

Huge thanks to our sponsor conveyor. Another security questionnaire hits your desk. Ever wish it could magically disappear? You already have the answers that customers should self serve, but they can't find the info in your trust center. That's why Conveyor built the first truly agentic trust center. An AI agent lives inside it, answering customer questions, sharing documents, and even completing full questionnaires. Instantly, customers get what they need fast. It's magical, touchless, extremely accurate. Join teams at Atlassian Zapier and more@conveyor.com.

A (31:29)

All right, hey, really quickly, as if, as if we said his name three times. As if we said his name three times. Dan reared him with a double shot of memes of the week. He just happened to have a leave Britney alone with my face on it meme like at the ready. Dan is a. Do you know the Westerns where the two gunslingers stand in the middle of the road and the first one, like, is clearly faster. That's Dan Reardon. But instead of a six shooter, he's got like a PEZ dispenser with memes and he's like, ding, ding, ding, ding, ding. All right, guys. So, hey, we're at the mid roll. I want to thank all of you for being here. Shout out to the sponsors, want to say much love to Area. You guys know Area, right? Your leadership team's demanding. Demanding. Fist on the table. Give me some AI automation employees are already using it. We talked about it. N8Ns all over the place. Quad bots taking over. Nobody's approving and reviewing these things. Your sales team, your marketing team, your engineers, everybody's all up in AI. You, you are probably up in AI. So you've got this AI sprawl, shadow AI issue and honestly, one. One failure, one audit, it's going to compromise stuff and potentially result in IP theft, regulatory fines, losing people, compliance issues. But listen, I got the solution here. What if AI became an advantage instead of a burden or a risk? What if teams could innovate and you could be the hero because you're still protecting data. Well, guess what? That's what Area does. That's the answer. They deliver a unified platform that combines AI security, governance and orchestration so you don't have to choose between innovation and protection. Take control today and turn your AI stress into AI success. Go to Simply Cyber IO in the browser. I'll put a link here. You just click on it. Simply Cyber IO Air I A Simply Cyber IO AirA Again, clicking on the links, checking out the sponsors helps the channel immensely. So if you're getting value and, and you'd like to, you know, contribute or say thank you in some impactful way to. To the. To the channel, to the Simply Cyber. Check out the sponsors links below. Links in the chat. Thank you very much. Every single day of the week has a special segment. And Thursdays is what you mean Thursday. Now, you might think you've already had the itch scratch because of the leave Britney alone, but that was just an amuse bouche. That was just something to wet your beak. Now we're gonna get into the real, real. Ladies and gentlemen, earlier this week I referenced Hayden Covington as the Gordon rams me of the sock. Dan Reardon took inspiration. Ladies and gentlemen, I present you your meme of the week. Hayden Covington. The Gordon Ramsay of the sock security operations. Gordon Ramsay. There we go. There we go. Love it, love it, love it. Hayden. Thank you. No one is safe. No one is safe from Dan Reardon's memens. Now, of course, Dan didn't want me to feel left out. So I'm Jerry Guy Fieri. If you don't know, my like video game handle is Jerry Guy. That's what a lot of people called me, Guy. If I don't even know if you guys know this, it's like tidbits Tuesday, my friends called me Guy or Jerry Guy in, in college. Like Jerry Guy, Guy, Guy, Guy, Guy, Guy. So Guy Jerry Guy Fieri. Okay, so but let's focus more like let's think less about me and let's think more about Gordon Hayden Ramsey. All right. Love it, love it, love it. Thank you very much. Someone please ping Hayden and let him know he's been assassinated. Let's go.

C (35:46)

Teen swatting suspects arrested. Hungarian and Romanian police arrested four suspects including teenagers over coordinated swatting and doxing campaigns and that triggered repeated bomb threats and false emergency calls across Hungary. Authorities say the group used discord to collect victims personal information, then placed fake threats in their names prompting large police responses. A 17 year old Romanian national faces terrorism related and false reporting charges while investigations continue into the roles of the other suspects.

A (36:24)

Good swatting is gross swatting. If you didn't know, they call it swatting because they'll send a SWAT team to your house. Essentially the, the, the ruse is they get your information and then they'll say like, hi. Like, hi, I'm. Oh, Hayden's in chat right now. Okay. Okay. Hi there. Okay. So basically they would say like, like, hi, this is, this is, you know Dan Reardon. Right? Like, so I'm not Dan, obviously. Like whoever my victim is going to be, I call the police and say, hi, this is Dan Reardon. I live at this address and I am holding my own family. You Know, like against their will. And I have weapons and I plan on using it and then hang up. Right? So then they send a SWAT team there, they ring your doorbell, you open the door in your pajamas because you don't know what's going on and they just like ransack you or even worse. I mean, there's been numerous instances where it's turned deadly, frankly. Someone opens the door and you're out in the, you know, you're out in rural South Carolina. Rural, rural South Carolina. And you come to the door with a weapon and the law enforcement doesn't know. So this is quite serious. Okay. You know, celebrities get swatted. Brian Krebs has been swatted. Our very own Jen Easterly here. This is from January 2024, if you recall that it's right there on scene. Jenny SLEEP TARGETED IN SWATTING INCIDENT So the reason I'm bringing all this up is just to highlight that this is a real problem and a real issue. And 16, 17 year olds, 18 year olds, I don't care. I don't care. Like, you know what you're doing when you do it. You're not like, I'm a child, like, it's not a toddler banging on a speaking spell and somehow accidentally sending law enforcement to someone's house. This is deliberate and it's coordinated. Right? So the fact that they're being brought up on terrorism charges is, is wild. But you know what, gotta, gotta make examples. This is another instance where, you know, our data gets out there. We have like 15 different identity theft protections, privacy reports, etc, and this is one way. It's not, it's more of an obscure way, I would say, like less popular, but it's one way that this can happen. And sadly, sadly, sometimes it's for the lulz. Right? I've seen instances where, you know, like someone's an online stream. Like right now, I'm streaming live to you right now. So if some jerk calls in a, a SWAT and like law enforcement breaks down my door and mushes my face against the camera, that's hilarious to you, right? Not you. You don't think it's funny, but the jerk who did it can watch it on stream, right? So there's all sorts of nonsense going on or, you know, someone's kicking your butt in Fortnite or you know, whatever, Battlefield 6 and you call in a swat against them, right? So I mean, from a, from a cyber security perspective, I would say, number one, this is, this, I'm glad they did it. Number two, this doesn't really matter to your organization, right? This is an individual type thing. I would say that this is pretty juicy. Like, drippy, drippy, juicy. So this is like a beef three ways up in Danvis. It's Supreme's beef. You know what I'm saying? If you're familiar with roast beef up in the North Shore. Oh, my God, I'm missing some beef right now. I like Supremes. People are very, very protective of their. Their beefs up in North Shore. A lot of people like Kelly's, but Kelly's has played out like. Welcome back, Carter Cotter. I do know how to pronounce my R. Sir. This is a drippy one that you can use for end user awareness training, right? If you want to just have a. Have a piece of end user awareness training. Again, I'm a huge advocate of, like, constantly sending stuff out, but, like, little snackable things. This one is good because it's interesting, you know, so you can do that.

B (40:39)

Whoops.

A (40:41)

Wow.

C (40:42)

FBI.

A (40:43)

That was quite the misfire. Sorry.

C (40:45)

Ramp. The FBI has seized the Ramp cybercrime forum, a major marketplace used by ransomware gangs to advertise malware hacking services and recruit affiliates. Both its Tor and Clearnet domains now show an FBI seizure notice potentially giving law enforcement access to user data, including Messages, emails, and IP addresses. RAMP launched back in 2021 as one of the few forums still allowing ransomware promotion and was linked to Babook ransomware operator Mikhail Metv, who was indicted by the DOJ in 2023. Electrum. Tied to.

A (41:29)

Oh, my God, look at this. This is the website Ramp for you. The FBI confiscated it. This. This girl. I feel like you have to be a parent. This girl right here. This is from, like, a German cartoon, Masha and the Bear. Does anyone know that? I mean, that's an incredibly deep cut. By the way. Where is this group out of. Honestly, is this group out of, like, Eastern Europe or something? Where. Hold on. It says Russian. Yeah. Oh, Masha and the Bear right here. All right, so FBI took it down. This is great. Congratulations, FBI. Obviously, if you are using Ramp cybercrime form, you're probably feeling a little anxious today because all your. All your. Your IP addresses and your, you know, behaviors are captured in there. Two, if you're running the Ramp cybercrime forum, you're probably a little nervous today. Now, if you live in Eastern Europe under Russian control and you don't, you're not really super sweaty about it, but still, I have not heard of Ramp. Oh, thanks. Real Bilbo. Real Bilbo's Here, everybody. Real bilbo. Were you not here yesterday because Fortinet was on fire, bruh, I said your name three times to like summon you yesterday. It was the forticloud SSO thing, Bill. Okay, so hold on. Law enforcement regulators, mount up. It was all right. And by the way, when you see FBI takedowns like this, they basically update DNS to have you redirect to their controlled websites. It's not like they're defacing the cyber criminal forum websites. Okay? You could see that they've pulled, as I said, email addresses, IP addresses, private messages and other incriminating information. So the FBI is going to build out, you know, an investigation, a case on this. Obviously anyone that they find that they can get a hold of, they're either going to, well, they're definitely going to capture and then they're going to shake them down for more information to get to ring leaders or they're going to bring them to jail. Either way, do the crime, do the time f around, find out whatever you want to say. It is what it is. Years of his work building the freest form in the world. All right, so this guy, you know, this guy seems like he's like, like kind of the Robin Hood of ransomware. Like he, he built it just. All right, okay. This ban was due to the heightened pressure from rust western law enforcement following the dark side ransomware colonial pipeline. Okay, who's the reporter on this one? Dark side ransomware was like 2018. Hold on. Colonial, when was that? Colonial? 2020, 2021. I don't know if I would say that this FBI takedown was from heightened pressure from the colonial pipeline. That was like five years ago. My, my, my friend, I think it's just because ransomware regularly is punching people in the mouth every single day and it is a blight on our society. I think that's why they're going after these things. So I've said it before, the only way to take down ransomware is it's got to be multi pronged. You got to get the people behind it, you got to get the forums where they're sharing. You got to increase organizational information security for to, to reduce the impact of a ransomware attack on your organization. To include good backups, end user awareness training, solid EDR using tokenization when you're using your data in third party tools, etc. Anyways, this is a win for the FBI. It's honestly not a government show. But I will say it's nice to see the FBI doing something else that you know, is is good for society.

C (45:57)

Cyber attack, or, you know, being in.

A (45:59)

The news for other things.

C (46:01)

Cyber attack on Poland's power grid in December is tied with medium confidence to the Russian state linked hacking group Electrum. The attack targeted communications and control systems connecting grid operators to distributed energy resources and including wind, solar and combined heat and power facilities, disrupting operations at around 30 sites and permanently disabling some OT equipment. Though no power outages were reported, Drago says the incident shows a division of labor between Electrum and a related access focused cluster commasite.

A (46:40)

All right, hey, you ICSOT people, pick your head up. I feel like. I feel like this is completely absurd, but I feel like ICSO 2 people in my mind are constantly walking around with like the welder's helmet on. And like when you summon them, they like, swing the hell the welder's helmet up and they're like, I'm here. That. That's like ICSOT people in my mind all the time, okay? And then when you're done being like, hey, can you put multi factor authentication, like, before you finish asking them? They just put the helmet back down and go back to like icsot. All right, Russian threat actor group getting after it here on the Polish power grid. They attacked. They did not succeed, if you recall, Poland was able to rebuff. I don't even know if that's the right word or a word they were able to repel. They were able to put shields up and block the attack from being successful. There's more investigation into it, of course. Dragos D R A G O S. Dragos is kind of like the darling of the ICSOT incident response world. To me. They're like, mandiant is for Fortune 500 companies. Like vanilla. I said, if you've got an ICS, if you got an ICS attack problem, yo, Dragos will solve it. Right? That's. I mean, I'm obviously appropriating Vanilla Ice. Drago's mailing address, if you want to send him a thank you note, is A1A Beechwood Avenue. All right, enough. Enough with me reliving the 90s, okay? So if you're interested in ICSOT, you should absolutely know about Dragos. I would love to talk to Joe Marshall about this particular attack. Joe Marshall's over at Cisco Talos, but he's an expert on ICSOT related incident response and helping people. He's just a great guy. In this instance, we're seeing that Electrum and Camasite have overlapped ttps with SAND Worm. It's believed that Sand Worm is like a, basically like a private sector Russian cyber criminal group that basically their one client is the Russian government. So you know, this is a top tier threat actor doing some things. Again, if you are a European country and you are openly supporting Ukraine, which you know Russia is trying to conquer, you're in, you're in the potential firing line of Russian threat actors, right? So that's all this is. As always, you should have a increased level of awareness detections in place. It's hard. ICSOT is hard because it's typically like older technology, older, like me, right? When I was born in the 70s, we didn't have security in mind. It was just get it up, get it running, get packets flowing, right? You gen Alphas, you're being born with security, you know, engineered at the beginning, right? When mom and dad have enough love, right, the stork flies in, you've got SSL stamped to your, to your, your baby bracelet, mfa on the other hand, right? Well, you know, when we were young, you just, you know, maybe you eat dirt, right? All right, so anyways, I'm being silly. The point is, if you're interested in icsot, the, this is a postmortem. Poland was able to defend it, but they did a postmortem with Dragos to see what happened, who it was, get attribution and hopefully the most important thing you can do from a postmortem post mortem of an incident is to figure out where you were weak, how it was exploited and then fix it. Right? This is another thing, guys, listen, a lot of times in cyber security, you're, you're, you're basically working with like limited resources. So you have a compromise, you have an infection, whatever, unless it's like a full blown everything stops ransomware attack. Normally you just clean it up, reimage the machine, educate the end user, whatever, and then get back to work. Known good state. Get back to work, right? We don't always have time to do a post mortem, but when you do, it's very valuable because then you can fix the problems. So if you're going to go, listen, if you go through all the effort to do a post mortem and you don't get lessons learned, and most importantly, you don't make changes to people, process or technology. And it happens again, I'm sorry, but you should expect it to happen again. You literally have the answers to the test and you've done nothing with it. So that's what's up.

C (51:36)

Our owner pleads guilty to drug conspiracy. A Virginia man who co created the dark web marketplace Empire Market has pleaded guilty to a federal drug conspiracy tied to more than $430 million in illegal transactions between 2018 and 2020. Prosecutors say Empire Market, an Alphabet style platform with more than 1.6 million users, facilitated roughly $375 million in drug sales with operators using cryptocurrency to launder proceeds and evade law enforcement. Authorities have seized around $75 million in crypto, and the defendant now faces a mandatory minimum of 10 years in prison if customer.

A (52:24)

Right. Okay, so these dark web marketplaces is where you can buy drugs, counterfeit money, illegal documents, and it's big money. And, you know, Ross Ulbricht, you know, pioneered it with Silk Road. And then when he got taken down, AlphaBay showed up, and when that goes down, Genesis shows up. I don't even know if Genesis got taken down. There's, there's a market for these type of markets. Like, there's literally a customer demand for these type of markets. So Empire Market, I mean, obviously this guy's pleading guilty, so they've already taken it down and arrested him and processed him and everything like that. And he's going to go to jail again if. Listen, if you're going to commit cybercrime, I would strongly recommend you move out of the United States. Like you're, you know, a lot of people just like, oh, I'll be fine, dude. They were facilitating half a billion dollars in illegal transaction. So no, that doesn't work. And, and by the way, the guys just really quick, this is not, this is real money, right? Hundreds of millions of dollars in transactions. First of all, this is not, you know, some dude running it in his spare time. They had staff, they had two co founders, they had five moderators, they probably had some other people. They had 1.6 million unique users on the platform. I mean it, that's a full business guy. So, yeah, now I don't know how law enforcement got this guy, regulators, But I'm glad they did. This is one thing that really sucks. It's a double edged sword. The authorities took down and arrested this dude in 2017. So he just pled guilty nine years later to me. Like, I don't know, man, that seems really like a long time when you have it like dead to rights. Dead to rights, Right? So whatever, I'm, I'm glad, I'm glad they got them. I'm glad they got all that. Hold on one second.

B (54:50)

Hold on.

A (54:51)

Talk amongst yourselves. All right, let's go. 8:56. All right, guys, holla, holla, holla. We just did it. We did the thing. We had a show. Guys, remember, if you want some Simply Cyber in your life, you don't have to go too far. May I direct your attention? Hold on one second. Hold on.

B (55:34)

I'm. I'm.

A (55:35)

I'm. I'm producing as well as hosting. What do you.

C (55:39)

Oh, my God.

A (55:43)

You guys know this guy? Dakota. Bearded I. T. Dad, right? Who doesn't love themselves some Dakota? This guy's great. Today he's gonna be my guest on Simply cyber firesides at 4:30pm Eastern time. What are we going to be talking about? Listen, guys, if you're looking for inspiration, if you're trying to get into the industry or move around in the industry and you're like, it's so hard. I get it. It is hard. This guy went from literally. I'm not even exaggerating. Literally bulldozer operator to director of I T in three years. Okay, you want it? There's a path. That's why the title of the episode Cyber Security career speed run. We're going to be talking about a bunch of stuff, but I want to highlight this dude's break into cyber an IT story because it is inspirational. Okay. All right, give me one second. I gotta do something here. So that's at 4:30 Eastern Time. Hold on one second, bro. I was not prepared to do what I'm doing right now. So grant me grace. Here we go. All right. All right, hold on. We gotta. Just give me a second. Give me a second. All right. This is a bit of a mess. I was not. This is. This is messier than I wanted, guys. All right. Hey, thank you again, everybody for showing up. Thanks to the sponsors. Threat locker, Anti siphon flare. Area. Area. I do want to say thank you area. Tomorrow though, will be their last sponsor slot for the Simply Cyber Daily Cyber Threat Brief. It's been good. If you have been checking them out, I appreciate it. Where's the link to the. There we go. Link to Simply Cyber Firesides. There we go. Hello.

B (58:15)

Just become best friends.

C (58:16)

Yep.

A (58:19)

I gotta go. All right. Hey, cyber seller Phil, thanks for the super chat. Dude, did we just become best friends? Love it, love it, love it. All right, Vindaloo. I gotta tell you, man, just saying that word out loud makes me hungry. Hold on really quick. Out of curiosity, Dream Logic is saying jh no longer active. John Hammond. Is that what we're saying here? John Hammond is somehow going dark. Bravo 6 going dark. Right. All right, guys, I gotta get out of here. I want to say thank you very much for everyone being here. If you're going to Wild West Hack Infest in Denver, do connect with each other. Oh. Cyber seller Phil was a first timer. Welcome to the party. Thank you very much, guys. All right, I gotta go. Everyone have a great day. Until next time, no Jawjacking today. Oh, oh, okay. Excuse me for swearing. Are we good to go? Thumbs up. All right, here we go, guys. Can you. Hey, do you see the ability to end the stream? All right, guys, I give you a very special guest, ladies and gentlemen, Jawjacking is coming up. Jawjacking is a 30 minute AMA where you're going to be getting all sorts of guidance, mentorship. And we've got a special. He's Jawjacked before, but he's not as frequent. So I leave you in the trusty hands. I'm not even going to tell you who it is. It's going to be a big old surprise. He's looking good. He's looking sweaty. I like it. All right, ladies and gentlemen, have a great one. I'll see you today at 4:30pm until next time, stay secure. Ever wonder what it takes to break into cybersecurity? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field. Live, unfiltered and totally free. Let's level up together. It's time for some Jawjacking.

B (60:30)

Let's go, everybody. Good morning. Good morning, Good morning. It's good to see all of you out there. Hope you're having a fine. What is today, Thursday? How is everybody? Boom. No, not cashmere. I think he's busy saving the world right now. How's everybody doing out there? Welcome to Jawjacking. My name is Jesse J, AKA the Cosmic Cowboy. Good to see everybody in chat. I see a lot of long timers. Got my buc ee's hat on. Hey, quick update. It's been a long time since I've seen any of you on a live stream. I hope everybody is doing well out there. If this is your first time at Simply Cybers, Jawjack. And I am Jesse J, AKA the Cosmic Cowboy. And there was a time way back in the day when I had to go uphill in a snowstorm and downhill or something like that, right? And I used to do a live stream where we would do live security plus preparation moving forward. I got involved in some hiring opportunities, put that on the back burner. And I wanted to figure out how we could do our own material, our own original material on Slate Security Plus. Well, good news, got a new job. So I've changed positions in companies so that is a huge plus. And I'll tell you what, the benefit of that really came from making connections and networking. You hear it a million times but it is one of the times where I got to see it pay off. And it was super, super cool. Bucky's hat and moonshine jar. Yep, that's it. There we go. Get the morning started right? It cure questions. Good to see you, Zach. Let's get a little bit of music going here. How does that sound? Real. We'll go quiet. Gotta have some tunes. Well, hit me up. It's been a long time. This is an AMA 30 minutes where Dr. Jerry Ozer has given me the reigns of the Simply Cyber Studio. Let me know on the volume on that music, make sure it's not too loud. Got black hill information security's own zach hill up in the hill. Let me know how is everybody doing? How is everybody's cyber security journeys? What kind of questions do you have for me? Good vibes. All good vibes. In a new location as well. I need to up my streaming capabilities back here. Space Tacos asks, can you tell us anything about the new job? Anything. And when did I start? I started just less than a month ago. The company is a global company and I am leading a team of folks in the vulnerability management department which is super fun thus far. It's about half technical and half facilitating having conversations and talking with C suite things of that nature. And so it really is a great company thus far to work for. Super fun. Exploit. Forget B. What do I think about AI? It's a very broad question. I'm not terrified of it at this point because I'm an old. I'm a hashtag old. And because of that I use AI as a force multiplier. So I already have a project or a plan or something that's on a board somewhere or on a monitor. But I already have the idea going and sometimes I like to have this, a little bit of refinement, that next piece that might help me take it to the next level. And so I'll use AI quite a bit for that. So as a force multiplier, helping clean up maybe code from time to time or give me ideas on how to be more efficient at whatever widget I'm building at the time. I also see how it could have a massive impact on the job market. And so like with any new tool, I think it's better to become aware of it instead of be afraid of it. And so I utilize it as much as I can in my job. Maybe not at the highest level possible. It's not. Some people obviously do, but for myself, it works. And it's something that I am looking forward to seeing how it can help in the future. And now, obviously, with great power comes great responsibilities, and there is the likelihood that it will get used for a weaponized purpose of some kind. But with all that being said, I still look forward to seeing the good that AI can do when it comes to being a force multiplier in our. In our workforce. To bring my mic up, my mic volume up just a little bit. You can do a VAL coil. You're not old, you're in your prime. Let's see how he did. Did that. Let me think. You're not old, you're in your prime. Something like that. I got two guns, one for each of y'. All. Ellipsis. I work in vulnerability management. What kind of metrics are you reporting up to leadership? Well, it depends. And I know that's such an overused answer, but other than the. I think there's a cookie cutter list that we report metrics working vulnerability management. But also really, it depends on what that team's priorities are. And so in some environments, there's the development team, the production team, the admin, the staff team, a almost test environment, and then a full test environment. And so it just depends on what that company is doing, how large it is. And then I will take those, I guess, restrictions or preferences, however you want to look at them. And I'll do that to refine the metrics that I'm going to present in any given meeting or conversation. And so the conversations will always be on a C suite side. And then I'll have conversations at a technical level with my engineers and we discuss how we can be more efficient in our role, providing what the customer needs. Hope that helps. Answer. I lead a new team. How big is the squad? The whole squad's relatively large. And then I'm on a team of 10 or so people. And then I lead. Then I'm. I lead 3, 3 or 4, depending on where they are in their role that day or that week or that minute. Sunshine2477. Any interesting interview questions you want can share. You know, this company had a really good HR team, and so I had to do a background, like a long personality matrix type of thing, just to kind of see what category you'd fall in. But then after that, I had a really good conversation with the head Of I guess, human operations or global human experience, however you want to say it. And they asked questions. Let me think of something off the top of my head. Oh, you know, tell us about some of the larger mistakes you've made at work. Like tell me. Tell us something. Tell. Give us a moment in your career history where you went, oh, I made a big mistake. And then what did you do to fix it? And there's no wrong answer, right? And so having an idea of places that you know that you've gone off the beaten path in your career trajectory or in your project or something, to just approach big oops moment. And then being able to discuss how you were able to take ownership of that and move forward was an interesting question. I got. DJ B Sec, what's going on, brother? Good to see you. Am I looking to inter Looking for ways to integrate AI automation to help your team be more efficient and quicker to suppress vols? I can't speak to that. Shop to Joy Love the. Love the handle. A lot of people say fake it till you make it during interviews. Do you agree? If yes, how do you fake or justify your experience during a technical interview? Okay, so I'm going to try and unpack this into. We'll try and. Excuse me. And do some production on the heating vent. We'll try and unpack this in two different ways. So I see fake it. So you make it during interviews. Do I agree? And then if yes, how do I fake it? So to me, there's a time in place to fake it until you make it. When I think of fake it until you make it, I never translate that into being honest. And so for me to fake it until I make it, it means be a chameleon in the interview. If the interviewer is asking you a certain type of question, maybe conform your answers to that. If you have a script of how you're going to go into the interview and they start off with a question that throws you off your guard. Being willing to roll with the punches when I think fake it till I make it play to your know your audience, right? Know who's listening to you in that. That specific. That given day, that given interview. And then how do I fake or justify my experience during a technical interview? Well, I don't fake my technical experience during a technical during the parts about my history or my background. If it's an area in which I've only dabbled, I just explain that to them. I say, you know, currently that area of technology is something that I've done exclusively in a home Lab environment, but I've never worked on it in a professional, I guess, production or working environment. But I do have experience with the tool. Yes. And I'm, you know, as a fast learner, I'm always, you know, looking forward to learning more about it if it's something that we would be implementing. I see a lot of we statements. I like saying we and I'm sure a lot of people pick up on it. But when I say we, it helps me put myself when I do a job interview, when I come into a job interview, I like the interview to make the interviewer to feel like they're interviewing somebody who already works for the company. So I do quite a bit of OSINT on whatever company I'm interviewing. About two years ago, I was interviewing quite frequently for some, for some good jobs. I didn't get them mainly because I was honest about my experience, but I was able to give them a feeling that I've already really invested in the company. Right. Did your OSINT understand what the company's values are? And so when I think fake it till I make it, I think I bring the OSINT in and you just, you make yourself feel like you're part of the company and there's nothing skeezy, there's nothing wrong with that. But it's showing the interviewer, especially if you really want the job, it's showing the interviewer that you've your best foot forward in that capacity. And so I don't lie or, or justify. When I justify my experience during a technical interview, it's going to be in the capacity of talking about how I've done it in a home lab. So I'm probably going to be applying for a job. I look at the tool set, let's say it's pen testing. Well, I have done some extensive pen test labs. I do do, I do do. I do hack Smarter labs and before that, TCM labs. Before that, try hack me labs. Home environments spin up in the cloud use infrastructure as code to spin up a small environment and then hack them. Right. Or done some vulnerability management for friends or whatever. And then would, they would authorize me because there was a business owner to try and break in. And so there's always little bits of technical truth during your explanation. Right. And so I always come with that in mind when I come to the interview is, you know what, you know what? You don't know, you don't know, but you're happy to learn and people typically are, are cool with that.

C (75:19)

Foreign.

B (75:26)

Victory V. Not a question. Hi Jesse, just wanted to say thanks for helping me pass my Security plus last year through the Slay Security plus channel. Appreciate you. Thank you. We have plans to bring it back. We do have plans to bring Slay Security plus back. I'm still getting my feet wet with the new job and when it would be the best time to do a consistent stream. And so I want to make sure that I've got that under my belt before I make any promises to anybody. KG Number one, if I were to start my career from zero in 2026, what path would you follow? To get back to where I am at the moment, to get to where I am now? I guess if. And I start. But I started now and then I'm, you know, and then I'm going to get it hired and then move to a different company, get another job and be where I am today. Hmm. I would start by plugging then. This is not just because I'm doing jawjacking for Simply Cyber, but this is a true statement. And this is because probably I would do what I did before because if I was to start from zero in 2026, I would start the same way, which is by investigating some of the, like looking out and, and trying to find different people who are in the same industry, doing YouTube live streams, probably create a LinkedIn. So I start with LinkedIn. I'd find simply Cyber again. And really that is what kind of got my path started. The first time was Simply Cyber, the crew of Black Hills and Information TCM Security, really getting into companies and I guess influencers, content creators, educators, mentors that can mentor at scale similar to Jerry does. And I would take a lot of notes on that. I would continue to build a network which I know it sounds like overused and we think of LinkedIn as this big cesspool and at times it definitely can be, but it's beautiful for building your brand, building a brand statement. So I know all that stuff sounds really cheesy, but I knew even three, four years ago when I was getting my feet wet into cyber security that it was going to be really tough to get a job. And so I knew I would have to work extra hard that because I didn't have 20 years as a sysadmin or all this experience at the time people were looking for that I would have to learn quick, I would have to find different ways of learning. I would be OCD about my schedule when it came to, well, I don't have a job or I don't have the job I want. So how does my free time look, your time management isn't just important at work, it's also important when you're studying. So say I would do the same things, right? Same steps. I plug into simply Cyber. I would start really building that LinkedIn profile doesn't have to be something that you can contribute meaningful posts to people that are in the same industry so that you're just in their air, right? You're just kind of breathing in the same lane having conversations. Maybe they give a like on your comment, maybe they comment back and then if you have the capacity find ways to offer ways to support what they're doing. So hey, I see that you're part of this. I also am interested in doing this widget building. I see that you do widget building. Maybe I can contribute some of my ideas for other beginners because everybody starts somewhere, right? And I would probably look at threat exposure reporting same things. I think the landscape of penetration testing, red teaming has changed somewhat with automation. Same thing with, you know, on the blue team side. And all of our tech fields are going to see that change. But I would just start probably working on my soft skills as well. I can tell you right now in 2026, soft skills are really, really, really valued by employers. Being able to communicate technical, highly technical things to people who are not technical people at all is a great feature to have. DreamLogic and I work with folks in the IT cybersecurity space that are not technical but they can explain it to stakeholders, they can explain it to customers. They know what products people are looking for or might need. So there is always room for non technical people. Look at grc. Even though GRC is was saying becoming more technical but having some kind of technical knowledge, even if it's just book knowledge, helps a ton in that GRC space. Kathy Chambers Digital Big hug. I can't wait to see a haircut fish in chat. Haircut fish. I have a talk coming up on soft skills. I'm telling you those soft skills will get you the job. AI driven grc solutions. Where can we apply this in grc workflow? So for now I could see at least for me where IT would apply for me in a GRC workflow is helping with presentation management, right? Because I have to have conversation security awareness meetings with people I'm going to have to have meetings with with the stakeholders in the C suite and the IT teams and all these various teams. And so I would have automation. You could even do some kind of. I would build a profile and have the automation help me with have the AI driven bot help me with presentation management. Kennedy can get your amateur radio license. Soft skill that is not expensive. Hey hey that's not a bad idea at all. Foreign. It is good to be back on a live Stream. Thank you Dr. Jerry Ozer for trusting me entrusting me. Just take it on the spin of a rip. We got about six minutes left. Any questions on breaking into the industry? How to study any I would say the resources I can give you are going to be very similar to the ones that I use myself Hack Smarter labs For a lot of my red teaming simply Cyber, Black Hills, Information Security, TCM Security and then Google I would really work on building environments. Lab environments have helped me a ton. Just like when we added cloud skills into our tool belts and then later maybe we we added some all these different skills that we add into our tool belts. Make sure you're adding at the very least prompt engineering or prompting skills into your tool belt. Working with AI if you could do it in other levels that's great. But be ready to explain if it comes up in a conversation how you're working with AI to make you a full a force multiplier. Even if it's in a lab environment. I'm telling you it goes a long way. What do I do when Google takes my reports and credits them takes my reports reports. I don't. I at this time don't put my whole report into a bot. I guess if I had a company owned co pilot instance then maybe we would but right now even with my paid chat or Google I will. I know I put ideas and concepts into Google but I don't, I don't feed it my entire report. I'm sorry if that's happened to you. That's a huge bummer. Foreign. Er net 100 what's the scoop on TCM? Been out of the loop. I've been out of the loop somewhat lately. I've plugged into Simply Cyber and Black Hills when I can. So I see Zach Hill and Kathy Chambers, Daniel, Larry. I see folks from the industry because I'm on YouTube to watch them for my cyber security ingestion of content. So I've been out of the loop as well. I know they were purchased by a larger company and that's kind of. I canceled my subscription. Not necessarily just because of that, but I canceled my subscription about a month ago. I was doing the all you can all you can eat buffet. TCM sold out? Yep. So they, they sold their shares or however that works. How many am I going to See you at how many of you am I going to see a Wild West Hacking Fest this year? Deadwood, South Dakota or am I going to see you at simply Cyberfest Or I'm going to see you at Wild West Hacking Fest potentially in Denver, Colorado. About three and a half hours from my backyard the sun is coming up. It is a 7:30 in the morning for me. It is a warm what? Let's see how warm it is it so far it's 22 degrees. J goal 96. Talking to David Amber Weather Spoon 6131 look up Tyler Ramsby has an video on how to report CVE's mentions yeah, and Tyler mentions if he could go back. Tyler himself I'll say. Tyler mentioned to me that if he could go back he would do a lot of bug bounties as well. Maybe not for to build your living on but just to really get nitty gritty if you want to be an application pen tester. Deadwood or bust Code Brew Cyber. That is right. I'll see you there. I don't know if I can use your real name on stream so I'll just call you Code Brew. Fedex my man. Good to see you. I. I'm playing. I think he's saying planning. I'm planning to go to SCCON this year for sure. No Wild West Hacking Fest Denver as I am still getting used to the new gig and what places they will send me. Completely understood. That was actually one of the questions I asked in return during my interview for this company. I said how do you treat. What do you guys think of when it comes to conferences? Do you support, do you enable? Do you facilitate your employees to go to conferences to better them, blah blah blah blah blah. And they were like yeah, absolutely. Well you know depending on the conference we'll for sure give you the time but depending on what's going on, we can pay you. It can be a work event. So. Thanks for subscribing Peter. Make sure you check us out. Ladies and gentlemen, we are at the almost the 30 after I got a drop and prepare for a meeting myself. It was really fun, even if it was just for a moment. And I kind of came in doing it live to do jockey jacking. Wow, I can't even get it out. It's been a minute. Gotta dust off those microphone skills. It was an honor to be able to do jawjacking with you all today. Thank you to Dr. Jerry Ozer and the Simply Cyber team for entrusting me with the microphone. I'm going to get rocking a roll. And make sure you tune into the daily Cyber Threat Brief every single weekday at 8:00am Eastern Standard Time to get your what is going on in the world of cyber security? It's a great place to take to an interview to a boardroom, and it's a place that you can share information with your peers, maybe meet new people, meet a mentor. Maybe you've had some experience and you just want to stay sharp in the industry. Also, you get half a CPE to go towards your certifications. I'm going to sign off. It was great to see a lot of you today. I can't wait to see a lot of you more as we continue to live stream and get back into the swing of things.

A (88:57)

Get back on the saddle again.

B (89:04)

Okay, back to reality. I hope you have a wonderful, wonderful Thursday. And until next time, stay secure.