Loading summary
A
What's up everybody? Welcome to the party. It's Friday, January 30th. Goodbye, January, hello February. If you're looking to stay current on the top cyber security news stories of the day, which you'd want to as a cyber professional, because it's going to enable you to stay up to date on current threats, current techniques, current research, current vulnerabilities, all the things current that we are required to know about as cyber security professionals. Well, you're in the right place because this live podcast that's dropping on your face right now is all about giving you the top cyber news compacted in a nice, easy, educational and entertaining package. And I will be doing everything within my power to harness the 20 plus years of cyber experience. I have to go beyond the headlines and give you additional value and insights on things that you wouldn't necessarily learn from from a textbook. And I was reading through my YouTube comments this morning and saw someone say I know nothing because I make YouTube videos. Well, I appreciate that and I look forward to this opportunity to prove my worth to you random YouTube comment person out there. Stay tuned. I'm Dr. Gerald Ozer coming to you live from the Buffer Oer Flow Studio. This is simply Cyber's daily cyber threat. Brief episode 1058. 1058. Everybody get your coffee, get comfortable because we're about to get cooking. Holla. That's right, everybody. Good morning. I hope you're all well. We're going to go through eight stories today. I want you to know I haven't researched or prepped for any of them. Ain't nobody got time for that. So you're going to be getting my raw, authentic opinion on these stories. Now I see a lot of familiar friendly faces. Dennis, Keith, the O said Master straw hat sec who caught the live stream? Simply Cyber Fireside yesterday. Space Tacos is going to activate Lurker mode in a hot minute. Devin Grady. Devin, I might be going up the Chapin this weekend. Dude got one eye on the weather. Listen, if you are here for a first time, let us know in chat. There's a lot of long timers in here, a lot of good friends in here. But if you are here for the first time, don't be shy. Drop a hashtag first timer in chat. We love our first timers. We have a special way to welcome them. We have a special way to celebrate you and and make you feel comfortable. That's the deal. It's like walking into a new house or a new party and someone handing you a solo cup with a beer. In it and being like, hey, welcome to the party. Nachos are over there. TV's got the game on. We're going to be grilling some burgers and dogs in a minute. You interested? That's what we want to do for you virtually, my friends. All right. Every single episode, including this one episode 1058, is worth half a CPE. So say what's up in chat. It'll appear right above my head here live on the stream. You are part of the program. The best part is you can grab a screenshot, include the title of the episode, which happens to be the Episode unique identifier 1058 and today's date, January 30, 2026. Top cyber news. Now, it's not a coincidence that those unique identifiers are inside the title of this show in allowing you to do a screenshot. This is a service that we at Simply Cyber do for you. No cost to make it simple for you to capture those CPEs, take a screenshot, file it away once a year, count those screenshots, and that's how many CPS you can get. Up to 120 a year. James McQuiggin at 35, 000ft with a 37 month squad membership. Wow. More than three years with this amazing community. And Jerry guy, as if we said his name three times. And he appeared every single day of the week as a special segment. And there he is, this Beautiful man, James McQuiggin, at 35,000ft. He is dropping dad jokes on our face. I've got them hot and ready, piping hot, loaded into my phone. I haven't read them in advance. I do everything I can not to read them in advance. And we'll have some rib ticklers at the mid roll. Space tacos 32 months blue badge. Thank you Space tacos for, you know, just being a longtime member of the community and being awesome. GRC mafia activated. Let's go. All right, so we got our CPEs, our first timers. I've explained what we're doing on the show. We got the music cooking, dad jokes galore. Let me take a hot minute and say thank you to the stream sponsors. Because guys, without the stream sponsors, it doesn't happen. I can't do the show. I can't do the show. Like I can't be a responsible provider for my family if I'm just, you know, not working. So shout out to the stream sponsors those who enable me to bring this show to you. Go use the links below. Toasty Pops, Kansas City Zone Good to see you multiple days in a row. Toasty Pops. I hope really all is well in your world, dude. All right. Hey. Anti Siphon Training.com. anti Siphon Training is disrupting the traditional cybersecurity training industry by offering high quality, cutting edge education to everyone, regardless of financial position. So, hey, you know, if you're in between jobs, you got dire straits. You know, you want to get access to education, but you don't have money. It doesn't mean you have to have take a loan out or something stupid. Sell your entire Magic the Gathering collection to pay for some education. Nope. Anti Siphon Training's got live training for as little as $25. Four hour workshop. So basically like six bucks an hour. This guy right here, Troy, very seasoned senior practitioner and he's basically working at 30% of minimum wage. Six bucks an hour to train you? That's amazing. That's ridiculous. Okay, but this is what anti Siphon training is doing. Come on down. Foundations and network forensics and analysis. It's a full workshop today, starting at noon. I'll drop a link in the chat. Just as a teaser. We're going to be talking about capture the flags with anti Siphon training very soon in. In. In February. So come on down. Let's talk about Area for a hot minute. Area?
B
Yes.
A
Area was sponsoring for January. Thank you, Area. It was great to know them. I'm going to be doing some more work, bringing some more insights about their platform and solution to bear in February. So I'm looking forward to that. Guys, listen. Everybody's got this problem. Literally everybody's got this problem at work. Your leadership is banging on the desk screaming, AI automation. What's N8N? We want to go faster, longer, stronger, whatever. More money, right? Everybody in your workforce is using it except some of the olds who refuse. Right? AI is everywhere. It's on your phone, it's on your desktop. Shadow AI sprawling across your organization. The deputy director of CISA just put sensitive information to chat GPT yesterday. We saw that in the news. Right? So with everybody using AI and using company data, you're really taking on big risk because one incident can result in a really big deal. FedEx 21 months. Blue badge. Thanks FedEx. See you at Zero Trust World. FedEx. But guys, listen. What if AI became an advantage instead of a giant risk for you? What if your teams, all your staff, could innovate with AI without and. And, excuse me, and do it in a completely secure way, right? You sleep well at night. Leadership's loving you because everybody's doing the AI thing and there's no risk here. Well, guess what? That's what Area does. Like surprise. That's what area does. Okay. It's a unified platform that combines AI security, governance and orchestration so you don't have to choose between innovation and protection. Simple as that. Take control of the day. Turn your AI stress into AI suck cess. Go to Simply Cyber IO Area 8. I'm putting the link in chat Simply Cyber IO Air I A today. Go check it out. Right, there we go. Click me. Support the channel. Go check them out. Maybe it's for you, maybe it's not for you. At a minimum, what I would say is at a minimum, it's good to get at least perspective on solutions like this because AI is literally not going anywhere. So understanding what options are available to kind of manage that AI sprawl and shadow AI, super important. As I said to FedEx just a moment ago, myself Kathy Chambers Kimberly can fix it. We will be at Zero Trust World in March for Threat Locker. Who's Threat Locker? Let me tell you about them. They're a long time sponsor. I would argue they're a partner with Simply Cyber at this point. Like what they do. Love the people over there. Let's hear from them really quick and then I'm going to melt your face to the top news. Let's go. I want to give some love to the Daily Cyber Threat brief sponsor Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. Oh yeah. You know what time it is everybody? It's that time. Get your coffee, I got a big old cup of joe here. Grab that recliner handle on the side of the chair, sit back, relax and let's let the cool sounds of the hot news wash over us in an awesome wave. I'll see you guys at the mid roll.
C
It's Cyber Security Headlines.
B
These are the cyber security headlines for Friday January 30, 2026. Steve I'm Steve Prentice. France fines countries unemployment agency over data breach. The French Data Protection Authority has fined the country's national employment agency, France Travail, a sum of 5 million euros.
A
Stop, stop, stop. I'm going to rewind that. That was, that was extra. Okay. Woo. That was extra. Hold on. Okay, hold on.
C
Here we go.
B
France fines countries unemployment agency over data breach. The French Data Protection Authority has fined the country's national employment agency France Travail, a sum of 5 million euros for quote, failing to secure job seekers data which allowed hackers to steal the personal information of 43 million people, end quote. This follows a data breach that occurred in early 2024 and which exposed job seekers personal information spanning 20 years, including standard PII. Bank details and account passwords were not affected, nor were job seeker files taken. This latter category is important because job seeker files tend to contain sensitive health data.
A
All right, so I, I appreciate this news report going ahead and doing the heavy lifting for me. So the French government find. The French government. That seems very peculiar to me. I mean, like, I feel like, you know, the, like some government agencies are designed to keep other government agencies in check. But like when they find the. This government agency, like, doesn't the money just. This is like me finding my wife. Like, we have shared bank accounts. I'm like, oh, you violated policy, my dear. Happy Valentine's Day. I'm fining you $200. And she just like goes over to my nightstand and takes two $200 out of my nightstand and then hands it to me and she's like, whatever, like. So now let's get to the meat of this. This was a massive data rage. 43 million people. What's the. Hold on, what's the population of FRS? Population of France. What do we got here? 69 million inhabitants currently. So I mean, dude, like this is technically close to 75% of all French citizens. Because I'm assuming it's French citizens that would be filing for unemployment in France. You know, obviously there's exceptions and whatnot, but I mean, this is a pretty significant percentage of them. It does not go into detail on how the hack happened. So, you know, there's something to be said there. I do want to say. They were fined 5 million euros for not securing job seeker information. It was a lot of the standard pii. Name, dob, date of birth, not ODB or old Dirty. It's do national insurance number, email, home address, phone number. So, you know, a lot of like, juicy bits that threat actors can use for additional cyber attacks and phishing exercises. But honestly, at this point, pii, like this is out in like eight different ways. I was wondering if France had a track record of finding companies or entities like this. Like, do they have a really firm policy? Well, apparently they do. And this is why I said thank you for doing the heavy lifting for me. Reporter. They, they find Google $378 million for violating cookie regulations, you know, regarding GDPR. And they find free mobile, $42 million. So it sounds like, you know, one of two things. Either there's a new sheriff in town over in France and they're, they're not into taking any guff from the riff raff tech people and they're just finding people all over the place. Like Oprah giving out cars. Like you get to find. You get to find. Or this is a bit of a, a, a dark hot take. Okay, so let me. Do I have like a hot take? I guess little spicy hot take. Like I don't know where this money goes when they find these people, but like is this part of their GDP now? Like France is like, oh man. Or, or this is. So I do have some like French in my background. So I feel like this isn't politically incorrect, but it's like the worst French accent. I was like, oh, oui, oui. Like our roads, they have potholes. We have no money to fix the potholes. Find Google. Like, I mean, is it, is it like a, is this like a revenue center now for France is like these fines? I don't know. I don't know. So anyways, whatever this, this is, the thing is Google can pull out of France. France's unemployment agency cannot pull out of France. The final thing I'll say for this, and this is for all the GRC Mafia people in chat space. Tacos among others, GRC guardrail. I'm thinking as a GRC mafia member, they are finding them for not securing data. But there's no information in the story on what they. What, what, what, what controls they did have in place. Hey, thanks. Find the true nine months. Let me, let me dispel a myth really quickly. You cannot eliminate all risk. So like the fact that this French unemployment agency had a data breach. Like I want the details right. Like if they had EDR and mdr, like if they had endpoint detection and response and managed detection and response, like a, like a security operations center that manages it and they did data backups and they had data at rest encryption and they had firewalls out the butt and then some insider threat exploited their access or some domain admin downloaded like an only fans zip archive which was really malware and popped it. Or somebody accidentally took a bunch of data and plugged it into GPT because, you know, we've seen that before and that resulted in the data breach. I can't fix that there. You can't. There's not. You can't give me. You could give me infinite budget and infinite personnel and I can't stop those attacks from occurring because you can't eliminate all risk. There will always be some residual risk. And spoiler alert, the more you invest, the you get diminishing returns on the value of risk reduction you're getting. Meaning $1 million of budget, right? You give me a million dollars to build you a cyber program, I'll build you. I'll build you a good cyber program. I'll take you from a 0 to a 1, right? Just on a C, a simple scale of 1 to 5. If you give me another million dollars, I do not go from 1 to 2. I go from 1 to like 3. Excuse me, 1 to 1.3 or 1 to 1.4. You don't get a linear return on your investment in cyber security. It is a. It looks like a logarithmic curve. If you want to go back to 10th grade math, it has a diminishing return. Okay, That's a fact, Jack.
B
Microsoft Teams addition will allow for suspicious calls to be flagged and reported. This new feature is intended to be released to targeted release customers by mid March. Its goal is to help users flag suspicious or unwanted calls as potential scams or phishing attempts. Named Report a Call, the function will be enabled by default but can be disabled by admins via a toggle inside the call settings section. When users choose to manually flag a call. Some metadata including timestamps, duration, caller ID information and participant teams IDs will be shared with both the user's organization and Microsoft. General availability worldwide is expected for late April.
A
All right, like way to go Microsoft. Not that I'm any type of like decision maker over there, but I'll allow it. I think this is great. So we have a report phishing email button, you know, in our Outlook and now they have like basically report report a call feature in teams. Essentially like report a fish. This, this tells me two things. One, there's obviously a material increase in activity of threat actors which weaponizing Microsoft Teams to conduct social engineering operations. Think of deep fakes. Think of, well, deep fake voicing, deep fake video. It, it's just an extra level of authority and social proof that I am who I say I am, right? Like the. It's like the Popeye. I am what I am, right? Drink. And Popeye is a bit of a deep cut too, but I love this. Like, dude, Microsoft's got a massive market footprint and they're continuing to drive the bus towards better security and allowing. Yeah, I don't know where the, why I'm getting all these dings on Discord either. I don't know where they're coming from. I've never heard them before myself, so I don't know. What is this? It sounds like Discord, right? Hold on, let me, let me do this. Dang. Okay, anyways, yeah, so hey, here's the deal. This function's enabled by default. So what I would say is I, I don't, I use teams as little as I can, right? What I would say is this is a great opportunity for you. Okay, listen up GRC people. And hey, if you're a lone wolf, right, if you're like, I think ad tech is if you're a Joey, right? If you're a one person shop, if you're responsible for it, cyber, you know, all the things, maintenance, patching, you know, fixing the coffee maker. If you're a one person shop, first of all, you're not alone. That's why you can think of simply cyber as your, you know, co workers. Right. In a sense. Don't disclose anything sensitive, but this is an awesome opportunity. Whether you're a one person shop or a 50 person shop. When a new feature just is enabled by default and appears, all your end users are going to see it and what's going to happen is they're going to be like, oh, that's interesting. What is that? What is that? I don't know what that is. So I'm not going to touch that or I'm going to assume what it is and then I'm going to assume when to use it. Okay, so what you can do is take a screenshot of your team's instance with the report a call feature, slap that graphic in an email and say new security feature or new new feet. Just new feature in teams, whatever. You want them to open the email, right? So you got to make that subject line like a good hook. If you say new security feature, my aunt or Thea doesn't click on it. If you say new feature in teams, my aunt Dorothea clicks on it. Because it might be like a cool new filter or a cool new sound effect you can play in meetings. Nope, no, we're just gonna do a feature. Hey, you know, hey, hey, workforce. Hope you're doing well, check it out. New feature just rolled out. Report a call if you have a suspicious call or something odd, even if it turns out not to be a problem, use that report a call feature. Let us know. We're here to protect you. I'm Jerry from Simply, or I'm Jerry from the Infosec Department. Report a call. And until next time, stay. Stay secure. Right? Use this as an opportunity to highlight what the functionality is and when they are supposed to use it. Dude, just a little bit of information will give people more confidence in using the security features that we roll out for them. Do not assume that Carl in marketing knows what report a call means. He's probably thinking, like, oh, I guess leadership's tracking my call, my call volume now. And he's just like, reporting every call because he thinks it's capturing it for statistics. No, Carl, Carl, it's a security feature. Little. Little bit of information, guys. Knowing's half the battle. Yo, Joe, let's go.
B
UK leaders warned about absorbing the cyber attacks without offensive deterrence. During a UK Parliamentary hearing on national security, ministers were warned.
A
Hold on, hold on, hold on, hold on. I'm stopping everything. Tristan Sowers, 9,000, 940, is in chat at Tristan. Okay, late to the stream, But I passed SEC/ yesterday after working my butt off. Hell, yeah. Congratulations, Tristan. Dynamite, dynamite accomplishment. Keep crushing. Keep the momentum. All right. Love it, love it, love it. All right, let's back up. We get back to our regularly scheduled.
B
Program that Britain, quote, risks leaving itself exposed to cyberattacks and hybrid forms of warfare unless it exercises an ability to impose costs on hostile states, end quote. Former National Security adviser Lord Sedwill, who is now a member of the Joint Committee on the National Security Strategy, added that, quote, resilience measures alone would not deter adversaries conducting cyber operations, sabotage of critical infrastructure, and disinformation campaigns against the United Kingdom, end quote. His comments echo those made by the former head of the British army who previously urged the government to get on the forward foot with ransomware instead of just, quote, absorbing the punches. End quote. Shiny.
A
All right, hey, so two things. One, this guy's name, Lord Saidwell. Doesn't this sound like the newest. Like, if. If they, like, rebooted Harry Potter, this guy would be, like, like, not a main character, but, like, at least in a couple of the books, like, as like, either a good guy or like a kind of a shady henchman guy, like wormwood or worm tongue. Lord said, well, okay, anyways, UK is like, speed running a cyber program. And if you look. Why? What, why it, it's definitely my discord. I just don't know why it's making noises. Can I, do I deafen it? Do I mute it? What do I, how do I, I, I need, I need someone who's under 30. I need someone who was born in a year that starts, that starts with a two to tell me how to turn off the discord sound effects. Listen, it's, it's Zach Hill, by the way. Blame Zach. He's DMing me. Here's the deal. The United States has had a cyber capability, cyber program for a long time. We've got a lot of bruise cuts and learning opportunities, A lot of learning opportunities, okay? And the UK has stood up their own kind of cyber capability, like the national cyber something recently. They've been getting hit in a lot by, you know, kind of 18 to 22 year old UK citizens with ransomware attacks. I believe like Lapsis specifically is out of the UK and with UK being tightly aligned with the United States and this whole bricks thing versus Western governments thing, the UK is getting bombarded by attacks, okay, Cyber attacks. And what they're saying here is, hey, listen, we can't just take a. We're going to stand back and absorb attacks and be resilient and be very strongly defensive because it's not gonna deter anyone. This is essentially, this is the equivalent, okay? This is the equivalent of building like a really strong castle with a moat and everything. And then just like your enemies come and they start lobbing like boulders at your castle and, you know, knocking bricks down and causing damage. But you've invested heavily in the masons, so you've got like a team of like operators who can quickly respond and put bricks and mud back into the joints and stuff like that, okay? But this guy's saying, like, they're not going to stop running, they're not going to stop shooting boulders at us because they're not going to get bored or, or tired or run out of, you know, resources to continue to attack us. So what he's saying is the fact that we're resilient. The only way that a resilience approach is going to work is if the attacker gets bored. But this is nation state level attacks in, in many instances. So the mission is to take down whatever it is. You don't go back to your commanding officer and be like, bruh, I've been doing this for like a week and it's really hard. Like it's not really achieving the goal. Can we just do something Else like your commanding officers be like, what are you talking about? Get back to work. Right. So what they're saying here is we need to adopt a hackback capability which if you've been following the United States for the last 10 years, we have adopted. We like literally had the same argument and we've you know, kind of taken to oh, here we go. I got a visual. Hold on one second, I'll do it while the next story is running. Oh my God. So anyways, this gets dangerous, by the way. This gets dangerous because like who are you gonna attack back? Can you do attribution? Right, Chris Rock, not the slap, but the Australian gray hat mercenary cyber guy, uh, who I'm a big fan of. I haven't seen him in chat in a long time but he is a, I would consider him a card carrying simply cyber community member. He said when he attacks, you know, nations, he doesn't go from like his computer directly. He'll compromise some like smaller businesses and then route through them. So when you're doing attribution you can make it look like you're coming from wherever you want. So I. E. If the UK is going to hack back and it looks like it's Pakistan attacking you, but it's actually North Korea because they're rerouting through Pakistan, you may actually attack somebody that is already been victimized. Right. So be careful. I just want to point out for a fun fact, for a fun fact, if you want to know what happens after this, let's just. Dude, I'm a huge fan of history and history repeating itself. Again, not a political show. So I'm not going to point out some obvious things that are going on in the world that seem to be history repeating themselves. But check this out if you want to see where the United States, I mean where, where UK is going. United States Private Offensive Cyber Capability Consideration law okay, check this out. January 2026 United States Ways expanding Private companies role in cyber in cyber offensive operations the US is considering expanding the role of private companies to national offensive cyber operations. So if you want to know what the story is going to be, you know, in, in like August of 2026 mark tape I'm telling you right now, UK leaders consider private sector for offensive capability. I'm telling you like they're running the United States playbook. They're just doing it on like 4x.
B
Speed hunters steals 10 million records in alleged Dating App heist these records were allegedly stolen from Match Group, a US based firm that owns some of the world's most widely Used swipe based dating platforms including Hinge, Match.com and OkCupid. Shiny Hunter's representatives say they made off with user data as well as hundreds of internal documents. They identified Apps Flyer, a marketing analytics provider, as the apparent source of the exposure. Match Group itself has declined to say what types of data were accessed, how many customers were affected, or whether a ransom was involved.
A
All right, so I did the thing. I was told by Justin Gold and I can still hear it. I don't know what happened. I like, I've made no changes to Discord. Shiny Hunters, one of the three threat actor groups that are very effective and composed of like 18 to 22 year olds. And they, they've. They formed like Voltron as the calm. But Shiny Hunters lapses scattered spider. So Shiny Hunters swipes. Right. I think this is like a Tinder thing really quick. All the youngs in chat, if you're. I guess not. Not married. Like it swipes. Right. I think Tinder does this right. But is this like a standard now? Like Bumble and Hinge, I think are. I literally don't know exactly what I'm talking about. But these like dating apps, I think they have like swipe left and right. I don't know. Let me know if, let me know if this is like a standard now. 10 million records data app grab. By the way, as far as like if you guys attended the the Flare Syndicate life of a ransomware operator talk yesterday. Holy crap. Two hours of value. I. Hold on. God dang. Hold on. I'm setting my do not disturb. Oh, try it now. Try it now. Okay, so Shiny Hunters, if Shiny Hunters got your data, they execute the full kill chain. But the flare talk yesterday was dynamite. Okay. Extort and leak crew. That's right. Stolen hall includes user data tied to Hinge Match. Okay. Oh, so basically there's all these different dating apps, but they're all owned by the same company. There you go. Way to diversify your portfolio. Okay, I want to know. Oh, oh, hey, guys, you know, it's, you know it's legit when the company makes this. Makes this comment immediately following a breach. You know, insert company name here in variable value. Takes the safety and security of our users seriously. They terminated unauthorized access, which is fine. User creds, financial information, private comms were accessed. Well, I mean, spoiler alert. Yeah, the. If they got in, chances are some user login credentials were compromised. So they say 10 million personal customer data, employee data, corporate material. All right, so amount paid records, ip. Okay, so there's a couple things in here, right? Number one. Number. Okay, so there's a couple things for you to know here. Number one, you know your data, you, your data may be compromised. Shiny Hunters has just got this data. They are, you know, a business, right? They've got the data. They're going to try to force Match Group to pay them for the data or they're going to leak it. Now, this information doesn't have any sensitive like credit card information. It doesn't look like it has passwords. So that doesn't seem to be problematic for the business, right? So the business, if you're got shareholders, you're feeling pretty good about yourself. Now, if you are a user of this system, you may have some concern, right? Like say you're being unfaithful to your spouse. I've. Dude, I, I've seen some videos online of like, where a wife will like create a Tinder profile or, or whatever. Like her husband's using Tinder, so she'll create like a honeypot Tinder account and then like set up a date and then show up at the date with like the kids and her and be like, I found you busted. Right? So, like, there is that. I mean, this, this has got like Ashley Madison data breach vibes all over it. But I mean, that's really the extent of it. 10 million records is a lot. We'll see. To me, this is just Shiny Hunters doing, doing their business, right? They get some credentials, they get in, they exhale a bunch of data. One, One bonus tip. One bonus tip for everybody. Or not bonus tip, but like bonus insight. That again, I like to go beyond the headlines with the show. After attending the Flare Academy webinar yesterday, one of the really interesting things that I discovered that I hadn't really thought about is that when you are doing data exfiltration, right, you have to put the data somewhere, right? Shiny Hunters has to put this somewhere. They can, yes, they can move it from A to B, but they're not sticking it in like a Google Drive, they're not sticking in a NAS under their desk. They need infrastructure that can handle terabytes of data and they have to pay for it. Now of course, there, there's hosting services called bulletproof hosting that will look the other way and don't really care, etc. Etc. But still there are monthly operating costs associated with this and doing these big data exils also making the choice. Shiny Hunters does not encrypt. At least in this instance, they're not encrypted. I, I don't know their full Playbook to see if they don't ever encrypt. But like, it's a different business model where they're like, where they're like just doing data exil leaking on their leak sites and letting it go. So very interesting if you get a chance. I know it's two hours long, but I would definitely recommend you check out the, the, the Flare Academy replay on that video. It was really good. At a minimum, I would take the transcript from that Flare Academy two hour webinar, run it through AI and ask it, you know, to give you like a breakdown of key points. You know, I, I, I assume everybody out there, if you haven't done this, you absolutely should do it. You can take like talks or lectures or books and put it into AI and ask it for like key points synopsises. Not like you can have it do all of the processing and then you just kind of, I don't want to call it a Cliff Notes version, but like, it's like getting an executive briefing. You're like, I, I don't talk to my AI this way yet. But it's like, hey, nerd, here's a bunch of raw data. Give me an executive briefing so I can save my time and do more important things than deal with that. And then it's like, yes, sir. And then it like just drops this report on your head and you're like, yes, yes. Okay. And now I'm informed that's what I like to use AI for. I do it a little less bombastic and pompous, but I'm doing that for effect and entertainment value for all y'. All. All right. Also, let's see. Okay.
B
Huge thanks to our sponsor, Conveyor. Want to hear a horror story? An infosec manager found out that their sales rep had filled in a customer security questionnaire themselves and sent it back to the customer without review. This led to dozens of follow up questions. With Conveyor's Trust Center AI agent, you can avoid all of that. The agent lives in your Conveyor hosted Trust center and answers every customer question, surfaces, documents and even completes full questionnaires instantly so customers can finish their review and be on their way. Learn more at www.conveyor.com. that is C-O-N V E Y-O-R.com.
C
All.
A
Right, here we go. Where's our wind chocolate? You know, it's interesting, the Daft Punk on Wednesday did not flag the copyright strike. Thing must have been too low. All right, guys. Every single day. Hey, really quick, I want to say thank you to all the stream sponsors, Threat Locker, Anti Siphon, Flare and Area. I didn't mention Flair at the beginning, but I am going to mention them right now. Guys, Flare has two things going. It's Flare, the cyber threat intelligence platform, which is the product that Flare sells and then Flare Academy which is just a, you know, I guess a community outreach philanthropic opportunity where they're bringing threat intelligence analysts to the communities in order to educate, which is what that two hour talk was that I did yesterday. I registered kind of did a watch party. Not a lot of people were digging it with me, but it's awesome. So because their last talk was yesterday and they don't really have their next one lined up. Let me just tell you about Flare, the threat intelligence platform. Guys, I have a video on the channel going through the Flare threat intelligence platform in all its value. I would recommend, I'm, I'm actually working with them right now to figure out a way to get like a, a free trial or free experience. You can see the free trial button here on the top. But I'm looking for the simply Cyber community to get something a bit extra. Anyways, if you work in an organization that you're responsible for cyber security, I strongly, this isn't even like a pitch because they're a sponsor. Like I would strongly recommend you check out Blair. Like I said, I got full access to the platform and I used it. It's very cool. Essentially what they do is they go out on the dark web and they grab all the information, all the log stealers, all the info, all the chat, all the telegram stuff that they can get and then like that's step one. Step two is that they have a really intelligent like querying system. Kind of the way like Google queries the Internet. Like you can query the data that they have collected for your organization's like domain name or IP addresses or usernames or not domain name but like you know, like slash, you know, whatever, dot local. Like you can look through it quickly and you can it if you have a compromise in your environment but your EDR didn't fire. If you have a compromise in your environment and you don't have any visibility in it, you will discover it because you can find compromised assets and data and info stealers in the FL in the Flare platform. It's very cool and basically it's a, I would consider it like it allows you to go threat hunting in like a more strong way. So anyways, that's Flare. Go to Flare IO if you want to check it out every Single day of the week has a special segment. And, my friends, Fridays is Dad jokes of the week with James McQuiggin at 35, 000ft. That's James right there. If you didn't know him, he's a great guy. He's been around forever. Here we go. And I don't read these jokes in advance. Hold on one second. We don't. Hold on. We don't. I don't read these in advance. Okay, here we go. How do you count crows? Marcus Kyler? How do you count crows? Oh. Oh, I'm. The joke doesn't make sense because I read it incorrectly. Oh, my God. You are so dumb. You are really dumb. For real. Okay. How do you count cows? How do you count cows? Very easily with a calculator. All right. It would have been lame AF if I said, how do you count crows with a calculator? What do you call a sleeping cow? I guess we've got bovine jokes today. What do you call a sleeping cow? Find the true two. Dakota Seifert. Snow knows you call a sleeping cow A bulldozer. Okay. Okay. All right. And then finally, where do cows watch tv? Guys, where do cows watch tv? Very, very easy. They saddle up on the co. James was really hoping that this would move the crowd with laughter. Oh, my. Guys. Oh, my God. You know what? Oh, here we go. You know what you call a cow with no legs? Ground beef. A cow with no legs? Ground beef. All right, all right, all right, all right. Let's finish strong, y'. All.
B
Foreign. Group splits into three distinct operations. According to a report released by CrowdStrike yesterday Thursday, the group Labyrinth Columna, that is spelled C H O L L I M A has spawned two additional groups. Golden Columna and Pressure Kolyma. These spin offs, which have been operating since 2020, allow Labyrinth Kolyma to narrow its focus on espionage, targeting victims in the manufacturing, logistics, defense, and aerospace industries. While Golden Colymer and Pressure column focus on stealing cryptocurrency for funding North Korea's cyber operations. These three groups have all grown out of the Lazarus group, sharing some tools and infrastructure which indicates centralized coordination in concert with their specialized individual capab. End quote. Solar.
A
All right, so this is not. This is not good for us. However, much like how the UK is speed running, the US's playbook, North Korea is speed running, not speed running. Because they've been. It's not a speed run, but they're. They're following suit. I would say to like what China's doing. So listen, I'M not even, I'm not even gonna get into North Korea. And you know how Kim Jong Un has, has the world record for lowest score on an 18 hole golf course with 15? Okay, like just ridiculous things like that Lazarus Group, which is a highly effective cyber threat actor group, they've stole, they've stolen hundreds of millions of dollars, over a billion dollars. Okay, go Google or look up Darknut Diaries. Bangladesh bank heist. You will be thoroughly entertained if you're, if you're dealing somewhere where it's going to be cold this weekend, get a roaring fire going, throw on some lo fi, you know, softly, right, like so you could barely hear it, set some ambiance and then dig in to the Bangladesh bank heist. It's better than any Netflix show out. I mean, it's not better than any Netflix show. Ultra Carbon season one's pretty dope. But, but, but, but Lazarus Group, they were stealing money all the time. It was kind of how like North Korea was funding their regime. Now they've got, they've obviously been training their staff internally. We saw Kim Suki, which was another North Korean based threat actor group coming out. We, we have seen espionage type moves where they were hacking into Russia and stealing missile and rocket technology. And now they're officially like, it's almost like a, a freaking butterfly or caterpillar turning into a butterfly or tadpole turning into a frog. They've reached a level now where they have enough capable cyber operators that they can change or not change, but like diversify the mission. So like, hey, when we only have three people who can do this job, go get us money and if you have some extra time, steal some technology, now they have like two dozen. We don't need two dozen people stealing money. We've got that on lock with six people over here. So with these other three, you know, 18 people, you go steal this. You go, you know, you do, you, you attack like, I don't know, South Korea and you attack United States. Like it's just natural that as you build up a capability, the opportunities that you have at your disposal increase and you want to allocate those resources to give you the highest bang for your buck. That's all that's happening here. I mean, you can make, I'll make fun of Kim Jong Un, you make fun of Kim Jong Un. It doesn't matter. Anybody that has half a brain can figure out when you have more resources, you can do more things with it. It's only a fool that has them all do the same thing or you Just leave them on the bench and be like, oh, I don't know, we've always just stolen money with three people. So if we have 18, I guess we have six times the backup. No, you don't do that. Okay, so another thing that you need to know about this, or at least I'm thinking as a GRC professional immediately, is that these are new nation state level, so sophisticated threat actors coming on the scene. And, and if you have been doing your threat modeling for North Korea, you're like, well, we're not a fintech company, we're not a crypto company, we don't operate out of South Korea. We're not really in scope of this. Well, when they splinter off and they start having more focused missions besides stealing cryptocurrency, that changes your threat model. You potentially may be in scope now of one of these splintered apts. And, and by the way, this is, this right here. Hello. This is a perfect example of why we need to stay current on cyber news. Okay. A lot of people think you're supposed to stay current on cyber news because oh like, oh, there's a vulnerability in Fortinet. Gotta patch it. Ah, you gotta patch it. Yeah. Okay. Like yes, tactical, transactional things like patch your stuff, you do need to stay current on, but this is a more macro level, you know, change that if you're not paying attention, you could get, you know, slapped in the face. This is like the, the equivalent of this is like for forever. North Korea has attacked through the front door. The front door. The front door. So you got all your guards, guns, gates, German shepherds, firewalls. All of you are just absolutely slammed up against the front door. It looks like a post apocalyptic zombie movie where like you're like, oh, we're gonna bunker the crap out of this front door. Let's go. We could see a mile down the road. If they get through the sandbags, we can shoot them. If they get past that, we can stab them. We're gonna win the day. Nor, you know, like. And then all of a sudden North Korea splinters off and has a secondary force to. So you still see this one force coming down the front door and you're thinking you're great. But in reality they have a secondary capability that is amazing at using back doors. And they are just going to walk right in because you haven't updated your threat model, your defense in depth strategy to account for the back door. And then they just walk up and they tap you on the shoulder and then they just very firmly with like really, like, really pivoting through the hips like a golf swing and. And just straight up slap you, just like one of these professional slap fight things now that they got going and just knock you on your butt. Don't be that guy. Don't be that lady. Stay current on what's going on. Update your threat models. Thank you for coming to my TED Talk.
B
Wins fixes critical Web help desk flaws. These security updates seek to address, quote, multiple security vulnerabilities impacting SolarWinds web help desk, desk, end quote, including four that could result in authentication bypass and remote code execution. There are six vulnerabilities involved in this update series, four of which have CVSS ratings of 9.8. A link to an article providing the CVE numbers and details on these flaws is available in the show Notes to the se.
A
All right, hold on, hold on, hold on, hold on. I got to point out something very important here. Brown Coyote. Definitely hold on. Brown Coyote is. Here we go. Let's. They bring up a very interesting point just to let everybody know. You gotta update your threat models for K Pop. K Mop is taking over, okay? You gotta worry about operation Kalina Lazarus Group, Kim Suki, and K Pop. All right, thanks for having fun with me on that one. All right, so Solar Winds fixes for critical Web help desk clause. Guys, Solar Winds absolutely got jacked up a couple years ago by Russia. Massive cyber attack, in my opinion, and I will. I will fight anyone who wants to disagree. I think SolarWinds is one of the most. I, I. Okay, so maybe I won't fight anyone because I'm gonna. I'm about to like falafel on this. Not falafel waffle on this. A waffle waffle. I think Solar Winds is the most sophisticated, elegant attack inside in history. Cyber attack in history. You can make a case for stuxnet. I can make that case too. But Solar Winds, man, what Russia did. Oh, the impact. Oh. I don't promote or encourage cyber attacks or condone it in any way, but I am a student, I am a. A lifelong learner, and, And I, you know, I love, you know, the academic evaluation of things. And what Russia did with Solar Winds a couple years ago was unbelievable. All right, so go look at Solar Winds. Russia attack if you haven't seen it. Okay, so what are we doing here? If you are still using Solar Winds, that means Solar Winds is your ride or die. If what Russia did a couple years ago did not get you off Solar Winds, guess What? You've got SolarWinds by the way everybody in chat knows damn well whether or not they're running SolarWinds. You know, SolarWinds isn't like a win raw that like some end user downloads and installs on their app and all of a sudden you got like a little bit of attack surface. No, Solarwinds is an enterprise grade, very expensive, massive Solution. It's like ServiceNow or something like, you know, if you have it. So if you're running SolarWinds and it's using it for your help desk, guess what? You got to patch it. Ah, you gotta patch it. This is a 10.0. I. I'm not even gonna look. This is either a 9.8 or higher. Okay, for sure it's a 9.8. It is a web help desk vulnerability that can lead to RCE and AUTH bypass. Jerry, I don't know what these acronyms mean because I'm new to cyber and I'm. You know, all your acronyms are confusing the crap out of me. Well, let me break it down for you. RCE is remote code execution. And without a doubt, it is the sexiest thing to a threat actor. Remote code execution means they can do whatever they want on your computer. They can make it run PowerShell, which is what they often do. They can make it pull down and download their second stage payloads. They can remote code execute. Disable your edr. Remote code execute. Create a new admin account on your box. Remote code execute. Dump your sam, you know, files, right? Like basically dump your. Your credentials. Right. Auth bypass. Wait, what is AUTH bypass? That means you don't have to log in. You just bypass it. Auth bypass is the equivalent of a gate that doesn't have walls on either side of it. You can go through the gate like you're supposed to, or you can just go around it. Right. Hold on one second. See if we can. I don't have a good example. Mod, guys, mod. If you got a quick, like, visual of, you know, these things where you can see a well worn path around a gate. That's what it is. So the combination of those things is disgusting. If you see rce, AUTH bypass. I don't care what the tech is or what the vulnerability is, you should patch it immediately. It is the. You know, it's basically like the two worst things combined together. Thank you. Okay. Thank you, Dan. I should have known Dan was going to get it. This is a. This is a gate protecting this walkway. And the ability to walk around it is the AUTH bypass. There's a visual for you. Okay, normally I use verbal analogies. This one's a visual. This gate right here has a massive AUTH bypass vulnerability. What do they rate it as? Eight point. Really? Eight point one for unauthenticated access. Oh. To certain restricted functionality. So the impact's a little bit less because of what you can get access to. It has hard coded creds in it, bro. And then here we go. Here's your 98. That can lead to RCE. Here's another 98 that is unofficial. Okay, so these are the two nasty ones. 98 RCE, 98 unauthenticated attack. 98 RCE again, 98 auth bypass. So there's a lot of different things going on here. I'll just tell you as a professional, if you didn't know this, this is a easy thing to remember. If it's a 9.8 vulnerability, it is very gross and you should patch it sooner than later. If it is a 10.0, it means it was a 9.8. But now there are available exploitation is happening. So just because you're running this Disgusting version of SolarWinds Web Help Desk doesn't mean that you're. You're compromised yet. It just means that your hospital gown is untied in the back. When it becomes a 10, that means that you're being exploited. Okay? You got two hands on your shoulders, like you've got to you. The. The. The likelihood value in your risk calculation goes way, way up. All right? So definitely get that sorted out.
B
So Isuru Botnet outdoes itself with 31.4 terabit per second DDoS attack. This attack targeted multiple companies, mostly in the telecommunications sector, and was detected and mitigated by Cloudflare on December 19. It was launched by the Asuru Kimwulf botnet and peaked at 31.4 terabits and 200 million requests per second, surpassing its own previous DDoS record that had reached 29.7 terabits per second. Despite the scale of these hypervolumetric attacks, Cloudflare says, quote, they were detected and mitigated automatically and did not trigger any internal alerts, end quote. Cloudflare added in its report that in general, isuru uses compromised IoT devices and routers as its botnet. But in this December 19th attack, it used Android TVs.
A
All right, so there's two things about this, okay? Number one, this entire news report is basically like a advertisement for Cloud Flare, okay? I mean, it's. It's interesting, it's fun, but Isuru Botnet becomes the biggest botnet attack in history. It didn't cause any alerts and you didn't definitely, you definitely didn't experience anything because Cloudflare was able to automatically mitigate it and not have to trigger any alerts. So biggest attack in history. But Cloudflare is so good, it wasn't a problem. Link in the description below for your Cloudflare Try like this is, I mean that's all, I mean like whatever go you do you Cloudflare. But like, okay, for practitioners in here there are. If you have an online. If you have a business that you know depends on being online, like Netflix or something, among others, you definitely want to be mindful of denial of service attacks. If your kind of Internet facing thing were to get blown up for an hour and your business is fine, then you're not super sweaty about denial of service attacks and investing in defensive capabilities to mitigate denial of service attacks. Okay, that's what's up now for, for the, you know, the curious people in chat cyber folks. It's interesting that this is, you know, the largest attack on record. 31.4 terabits per second. I mean that's a serious, serious volume of data. It is through a bot net. But to me what I found interesting is it's TVs, it's IoT devices that are compromised in doing this. And I have said this before on the channel, I've yeah, 500,000, 500,000 IP addresses were involved in an attack that was only 15 terabits per second. So half the size of it. They don't say how big the botnet is. Like to me, that's interesting size. I'm asking. It consists of 1 to 4 million infected devices. That is quite the scale. Dude, here we go. Cyber Scoop is reporting that it is. How many devices are compromised? It doesn't say. Okay, 2 million infected devices. So this botnet has 2 million. I just want to point out in like 2015, when Mirai botnet was popping off, it had like 5, 600,000 IP addresses. The federal government, the FBI was confused whether or not this was a Russian based state sponsored weapon, the Mirai botnet, which ended up getting resources and the kids at Rutgers University dropping all their code on GitHub and getting arrested and all that. It's a fascinating story. Me right botnet, go look at it. But this botnet is 4 times bigger, 4x the size and it's. We're still able to mitigate the attack from it. So wildly interesting if your tv right See this TV behind me is on the Internet. If this TV was compromised and was used in a botnet, it doesn't. I can still run my screen saver, I can still watch YouTube, I can still play music with it. Do I care? And that. I'm not being flippant. I'm serious, right? Like it with all these infected compromised devices that are just being utilized in botnet attacks, like if the burn doesn't hurt the business or the end user, then they're probably not going to do anything about it. Now I don't know. This could be infected. I wouldn't even know right now. But my point is like you got to think about it, right? These botnets can grow because of default creds and etc but then also people don't even know their IoT devices are compromised.
B
Latvia identifies Russia as its top cyber threat as attacks hit record high in its annual report released this week, Latvia's national security service said 2025 marked an all time high in registered cyber threats targeting the country, with activity surging significantly past levels seen before Russia's invasion of Ukraine in 2022. The report says most of the incidents dealt with cybercrime and digital fraud rather than threatening critical infrastructure or national. The methods included intrusion attempts, malware distribution, equipment compromise and DDoS attacks. The agency adds that the campaign shows no sign of slowing, quote, even though most incidents so far have failed to cause serious disruption, end quote. Have you?
A
All right, so Latvia, you know, one of these Eastern European countries says that Russia is its biggest threat. This is in English. This could be pretty good. Listen, as far as I'm concerned, right, like if you, if you have time today and you're interested in like Russia and Russia based operations, this is probably a good read. If you are super busy and you barely have time to do the things you need to do, then don't read this, okay? Unless you live in Latvia or you're very concerned about Russia attacking you. But this is what like, dude, this is a year of information. It's from a government. A government is going to have a lot of telemetry, a lot of resources to apply to this particular research. You could see here Russian invasion of Ukraine, militarization of the Russian economy, Russia's regime, perception of the West, Russia, Bella Rus relations. I mean this is pretty. I, I'm surprised that this is being made public. This seems like a very internal use only type report, so definitely worth checking out for the sake of time. I'm going to just leave that as an exercise for you. All right guys, we did the thing. Thank you very much for being here. We're going to pop of Jawjacking. It is only going to be a short program today. 9:30, I've got to go to the store and buy a bunch of heat and serve food because I may or may not be going up to the Midlands and like, restaurants may or may not be closed because of the snowstorm. I, I, I gotta get my hands around the snowstorm because I'm not gonna drive on fraking black ice on the highway. I'm not interested in wrecking my car and putting my family in danger. Oh, I'm Jerry from Simply Cyber. Like, don't go anywhere. We're gonna take his jaw dragging. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some jawjacking. Hey, what's up, everybody? Welcome to the party. I am Jerry. Jerry Guy, as the glasses would suggest. Let's do some jawjacking. Jawjacking is a 30 minute AMA on Fridays. I like to bring friends of the community in. Looks like we've got one right here. Here comes one. James McQuiggin at 35, 000ft. What's up, James?
C
Morning. How's everybody doing?
A
You're looking good. You're looking, you're looking proper today.
C
Oh, yeah, well, you know, sporting the shirt. What can I say?
A
I like it. James, have you ever had fish and chips in England?
C
Is the Pope Catholic? Yes, Many, many times. I've had fish and chips. Fish and chips. Steak and kidney pie. Yeah. Bangers and mash.
A
Is the fish and chips in, like in England? Does it taste better?
C
Very much so, yeah. Because it's fresh fish then.
A
Well, no, let's.
C
Let me give you something that you can equate to here, Jerry. It's like, is the lobster better in Boston than in the rest of the world? You know, I mean, you know, you know, the lobster rolls are really, really good up in Boston.
A
Yeah, yeah. No, they are right there.
C
And it's the same thing. If you go to England, you got to go to Whitby. That's like the best place to get the fish and chips.
A
Yeah. Tell your mom I said hi. Okay. Get you get some scratchies if you actually want to know what real Boston looks like. The Casey affleck Dunkin Donuts SNL skit is 100 on brand.
C
That's it.
A
100 that he's like, definitely from like Somerville. Okay. So if you got questions, put them in chat. We're gonna bring them on. James has got a million years of experience. I have 750, 000 years of experience. We're gonna do what we can. First question, I see I'm not even reading these in advance. How do we know we haven't been listening to Jerry guy wearing context? You'll never know. Marcus Kyler, Rogue cybers in the chat. What's up, Brian? Good to see you as always. Mara Levy's in here. Hey, Mara. Yeah. Oh my God. So legrat saying, I can't believe they're closing this. Yeah, guys, it. They'll listen in the south. South Carolina where I live, they will. If there's like a potential snowstorm on Wednesday, they'll cancel school on Monday and Tuesday. It's like. It's bananas.
C
There's no messing around.
A
Yeah. Yeah. Well, I mean, for what it's worth, they don't have infrastructure to deal with anything, so. Right. You know, we'll see. We'll see how it goes.
C
I remember there was like an inch of snow in Atlanta one year and everything came to a grinding halt.
A
So. Yeah, yeah. My only concern and you know, chat, you can weigh in on this. My only concern right now is do I need to go fill up a five gallon jug of gasoline and put it in my car? Because, well, here's my thing.
C
Yeah.
A
Are the gas stations going to be open? A human has to, you know, turn on the gas pumps. They're not. They're not. AI hasn't gotten there yet, but I just don't want to get stuck out there, you know, so like, well, ironically.
C
You would need a jerry can, right, to fill up. Don't use a jug, don't use a plastic container. You got to use, you know, proper gasoline containers. Yes. Then, yes, it doesn't hurt to have an extra five gallons kicking around.
A
Sean says, what's some good projects for an infosec engineer at a medium sized, less than 300 people company? All right, so I'm going to, I guess, frame this question because there's a lot of things that would be relevant to know. So I'm going to say that you work at this 300 person company and you've been given some extra, like, let's say Friday from noon to 5, you can work on whatever pet projects you want. And. But it has to be value for the company. So depending on. And, and I don't know what you already have in place, what kind of security program you have. So I think a good project would be for me and James, you can go second. I think a good project would be I'm assuming you have a sim. Okay, if you have a sim, go threat hunting, right? You can look on Miter attack for whatever industry you're in, see who kind of some of the threat actors are that's targeting you. I would look more at criminal based, not nation state based threat actors. Then look at their ttps and then just go threat hunting through the logs. Make it an exercise. Maybe you can create some like auto, not auto detections but like go look for them. If there's nothing there maybe you can kind of combine a detection so it automatically fires a second one that you could do just to give you two go to showed in monitor and then you can like look at the IP range of your Internet facing assets and see what kind of vulnerabilities you have. James, what do you got for this guy?
C
Yeah, I mean well you kind of pick, I mean you pick all the good ones with regards to your, your blue teaming, you know you could depending on what's in your organization look for me it's looking at what's the mission of the organization, what's the, the widgets, what is it that needs to be protected and look to see and kind of investigate what is the security features, what programs are in place with regards to that Maybe look at you know, with regards to the human element, what kind of security training. Maybe do a look to do a lunch and learn something fun like that. Get out there in front of your, your users and your, your organization. Especially if it's less than 300 people. You could probably do a fun lunch and learn on some you know, security tip of the week. But it's a good way for you to get out there, build rapport with your, with the community that you've got in your organization. Yeah, that would be kind of, kind of for me also. But yeah look at what kind of pet projects can you do? What can you self learn? I remember early on for me it was locking myself in one of the workshops that we had and teaching myself how to configure a pix firewall. That's how old I am.
A
I love it. Elton Roswell UK Let me know if how the fish and chips are there for real. If for a home lab I was to task an old laptop as a sim, what software setup would you recommend? So I mean I bought a little nuc. Nuc. I don't even know what that acronym stands for but it's like a little kind of headless computer that's pretty, pretty good. You can buy these on, on Amazon and I threw Security Onion on it and then I got Sysmon logs on my endpoints in my home and I push those in. Security Onion is a very feature rich open source SIM and you know, there you go. That's what I would do. And then I use a span port off my switch, my ubiquity switch to push network telemetry into the box as well. James?
C
Yeah, Security Engine was what I was going to say. That's a nice open source tool. A lot of great capabilities within that. That gives you the sim, but it gives you the logging, gives you all the different, the elk, you know, your elasticsearching, that was something I was using or I was teaching students like five years ago. But it's an open source, it's easy to use, download it, it's Linux based. So no, doesn't matter what kind of. You don't need a high end system for that. But definitely look at that. I think Alien Vault, Open VAS or some other ones as well that are out there. But yeah, certainly start with Security Engine.
A
All right, hold on. I'm trying to, trying to use the teleprompter but I gotta zoom in because my eyes suck. Zach Hill says I did you dirty by saying you were a million years old. I said I was 750,000 years old. So you know, it's all relative, it's all good. Yeah. Pedro got a job interview coming up. Good luck. Attack Surface Management Analyst. Any advice? Five years of IT experience. James, I'll let you go first.
C
My advice on this. Somebody wrote a book on interviewing. There's some good cybersecurity books on interviewing and resume building and that kind of stuff out there. But with your interview. One of the fun things to do that I'm playing around with now that I'm a free agent again is leveraging ChatGPT or one of the large language models. Give it the job description, give it your resume. If you're fine with that, upload that and go have it go through a series of interview questions with you where it asks you the questions and then you type it. Or you can use voice and respond back and practice that way and then have it grade you or score you or give you advice or recommendations and things to work on. That's kind of something I've been playing around with a little bit and having. I haven't inter. Had any proper interviews yet but you know Some kind of a fun way to be able to go through and practice interviewing.
A
I'm a big fan of comprehensive attention to detail. So what I mean by that is if the role is a tax surface management analyst, you know, I'm immediately thinking of Internet facing assets and then also when you're, when you're responding to the questions, make sure that you're talking about people, process and technology and kind of dealing with the risks associated with that. So you know, someone dropping some type of new server, new asset on the Internet facing assets. So like that process of how that goes, there's risk there as far as you know, developers throwing a test system for testing before they push to prod. But they have this test system, Internet facing that doesn't have really all the security controls that would be like, you know, a people issue. So around that or misconfiguration, someone toggles something and they don't toggle it back. And then using technology, you know, are things getting patched, stuff like that. So you can use Shodan to kind of look at that, have Shodan monitor as like a constant thing looking at it. I, I would just focus on like again I'm a GRC dork. So like I would focus on like where is the risk coming from? Like you're going to be asked to manage that risk. So think of all the different levers you can pull to reduce risk in that way. But being mindful of like how businesses have to operate, they have to have Internet facing assets, they have to have engineers testing things. So yeah, there you go. Good luck on the interview. I, I, I hope you crush it, dude. Let's see. Continuing to scan through Chad, I see a lot of people giving suggestions on the home lab stuff. Very nice. Cool. Yeah. Esco07 put the queue in the front because I can see it. What are some additional ways I can earn income in Cyber besides a W2 position?
C
For me, one of the things that I did was I went and I, and Jerry does it too. Teaching at either local college or university depending on what kind of degree you got but or getting out in different conferences, volunteering get, you know, if you like public speaking or you want to improve your public speaking, get out and speak at these conferences, put in for workshops. If you're looking to do cyber outside of what your, your main full time job is, it could be how either helping nonprofits or you know, smaller organizations helping them out either as contract work, that, that can be something as well. What other, what other? For me, a lot of it comes down to what do you, what's your passion? What do you really love to do and see if there's a way to, to turn that, if they're, you know, maybe even like through some other passive income, you know, you've got documents that you're putting out there, people can download for a couple bucks or something. You know, how to build a home lab or something. I know there's a lot of YouTube, but I'm just picking that as an example.
A
Yeah, those are all great options. I won't add to it like you gave several different good options. Mickey's finishing his cyber courses in his degree and now he's I guess finishing the degree but has some time here, some projects to stand out to employers. What I would say is I, I, I literally just did a workshop or I did a, a one hour skills stream on Simply Cyber. Go Mickey and look forward. It was on January 6th, I think or 9th and it's me and Mike Miller. That'll be the easiest way to find it. And it's around personal branding. Yes, you can do some projects but I would recommend you like get your LinkedIn or get a website, cross pollinate between them, make sure it's on your resume. And then as you do projects, whether it doesn't matter if you stand up security onion or you do detection tuning or you take a course and there's some output that you can demonstrate, you're going to have to make sure that employers can see it. So I feel like a lot of people get wrapped around the axle on doing the project and doing the labs and walking through it, which is totally, totally awesome. You have to do that, you have to get your hands on a keyboard to be a more desirable candidate for job applications. But a lot of people overlook the fact that you need to, you need to get it out there. We don't live in a meritocracy, okay. People don't when they. I've been using this analogy a lot. So if you're a regular of my content, you're going to be like, oh my God, Jerry with this. But like when you bought your last car, your parents bought their last car, they didn't drive every car in the parking lot and then choose the best one. They probably saw one when they drove into the parking lot or driving by and they're like, oh, that looks cool, I'll try that, right? So you need to stand out and be seen. You need to get to the front of the parking lot and that's through, you know, LinkedIn and personal website and Stuff like that. Okay. I mean look at Zach Hill and what he's done with it. Career questions. Zach Hill definitely having an impact on people, you know, and with his giant YouTube channel. Way to go, Zach. I love what you're doing over there. Elliot Matice had a question. I like it. This is a fun question everybody. What Set it and forget it. Cyber tools like Pie Hole would you recommend could be set up for non tech folks. Like he wants to basically bundle something for family and friends. Plus going Back to s cool 07s question earlier, this could be a nice little side hustle, right? Like you pre package all these things. Of course you have to sell it as is because you're gonna have to otherwise. Yeah. Or sell a subscription where like the maintenance is additional. Anyways, I'll give Pie Hole is a good one. You can do that on a Raspberry PI. I'm also a huge fan of dude. Just depending. Depending on what people are into. Okay. So your mileage may vary, but I, I like setting their DNS resolvers to Quad Nines or Cloudflare's got one and they have different ones. So like my really quick for everybody here because if you don't know what DNS is or domain name service, it's the translation between google.com and then whatever IP address google.com is going to be, they have a bunch because it's Google, right? So by default when you have AT&T or Verizon or whatever the, the router in your. In your living room or in the kitchen or wherever the hell your router is, it's using Verizon or Amazon or AT&T's default ISP resolvers and they don't DNS resolvers. They don't care. They. You go anywhere you want. You can go to really dangerous, you know, website Ru and they'll resolve that IP address. You can replace that with other DNS resolvers and then you get some protections, right. Automatically I like to use Cloudflare has one that'll stop the resolution of dangerous websites and then they have another one that'll stop resolution of all dangerous websites. And like porn sites, right? So if you want to stop malware and porn, like I forget the IP address, you can look it up. It's a free service and Elliot, you can set that and honestly the people in the house probably won't even know how to change it. And that'll help protect their home network. Of course they could take their computer to the Charleston Airport and DNS resolution is not going to route back through your house. So you can't protect them from everything. And then if you know your cousin Eddie is like, why can't I access my prawn hub? You know, then you'll have to, you know, you're going to have to have that conversation. But that's what I like. I, I, I like the DNS resolution because it's super clean. It's always going to work. Like tech changes, network layer stuff is awesome. Go. James, what you said.
C
Yeah. See the Set it and forget it. I've kind of got my family and friends where they've, you know, they come to me with, with you know, easy ways to keep things secure and everything else. And I always talk about MFA and password managers, but those aren't set it and forget it. But I do like the DNS. I'm gonna, I think I learned something today, Jerry. Thanks man.
A
What's next? No, that's awesome, James. I'm glad also, by the way. So cloud flares, DNS resolution. Quad Nines has another one and then Google has one as well. So yeah, all of them will give you that extra value. Just know that they're going to have access to your DNS like your DNS queries. Okay. That's not encrypted, so they will be getting it. But like whatever.
C
Next DNS.
A
I'm looking through chat right now. Oh good. As a follow up, Mickey, Mickey has got a home lab with a sim, the hive and other things. So I'll be sure that it's reflected on my LinkedIn. Yeah, absolutely. And make sure you're like, your posts aren't just like, I have a lab, like what's the impact? Share with it. Basically try to pose it as like you're helping other people.
C
What were your challenges? Yeah. What problems did you encounter? How did you solve them? Because that's how we all learn as a community is learning from everybody else's challenges. The good, the bad, the ugly. And if you've got a GitHub, then you can use leverage GitHub as a website or you post your stuff, that's your portfolio. If you think about artists, actors, you know, they're out there with portfolios and YouTube videos. That's what we need as well.
A
Awesome. If you got any questions, please drop them in chat with a queue at the front. We have a couple people. Quad nine is Kitchen Infosec's favorite. Zmith is saying he uses one called Next DNS. I haven't heard of that one myself, but there's certainly, Listen, there's Better options than the default one Verizon is going to give you. Same with your phone. You can set your phone for DNS resolution. So no matter where you are, where you're going, what network you're on, you'll get a little bit of protection for you. All right, there's no questions in chat right now. James, let's talk, you know, conferences that you're thinking about being at this year?
C
Well, right now. Well, actually, I got accepted to a couple conferences already, which is kind of nice. But as I'm starting to figure out what I'm going to be when I grow up, because as I. Everybody knows, the, the announcement I made the other week and had a massive LinkedIn post. Let me talk about community here real quick. Over the years that I've been posting on LinkedIn, I average between my best LinkedIn posts have been about 20,000 impressions. And an impression is the interaction you have with the people that follow you. The best I've ever had was about 20,000. On average, I get between 5 and 10 on LinkedIn posts, which is fine. I'm okay with that. The post I did Monday that I announced that I'd left no before, and now I'm looking at, you know, the next adventure and all that stuff. When you talk about the power of this community, between well over a hundred comments, well over 100 reposts, and I have about six and a half thousand connections. The number of impressions that came off of that by Tuesday was over 60,000 impressions. Wow, 20,000 was the best. I hit 60,000 right now. I have broken a hundred thousand impressions here on Friday, dude. So just from people like you, Jerry, from people that I've worked with over the years, people in this community, people I've never met, but we're connected on LinkedIn and we're reposting it and sharing it and going, hey, James is a great guy. That for me has just been. Oh, my gosh. That I will say it's been humbling but extremely appreciative to everybody in this community. This is the power of the community. I don't have a job yet. I've got things lined up and there'll be more to come in the next couple months. But I'm going to Security Secret Con in June and I'm going to CipherCon, Cipher Cons in Milwaukee. Secret Con is. Where is that one? I know it's up north. It's Central Time. Oh, St. Paul Minutes. It's St. Paul, Minnesota. That will be. So those are two that I'm going To. I'm probably going to be at Wild West Hack and Fest later this year, but right now, this first quarter, the James McQuiggins at ground level is grounded for now. Just kind of getting some things. I will be at CruiseCon next week, which is a big CISO leadership conference. I'm at ConnectCon in Tampa next week. I'm the emcee for that. People must have heard I was the emcee for simply CyberCon and now I'm getting asked to be MCs all around. So that's kind of cool.
A
I love it. I love it. Yeah. The power of, you know, saying yes, right?
C
Yes, exactly. Yeah. It's the actor theater in me where it's like, hey, can you make coffee? Yes, yes, I can.
A
That's right. I'm trying.
C
GRC Home Lab.
A
Yeah, I've got the. I've got the easy button solution for this. I just want to. Affirming wings. I just linked it. Affirming wigs. The easy button answer for this is this right here. So I have a YouTube video already for this called GRC Portfolio. I think it's three different ideas. It's this video. I just, I just tagged you in chat and put it. It's a four minute video with three ideas. You know, get after it. It's. It's all yours.
C
I was gonna say I. It's a shame we're not playing bingo today because that. Isn't that one of the cards? I got a video for that.
A
Yeah, exactly. The. I. I've. Yeah, I've got a video for that. Yeah. Final question here as we're rounding out the day. Great workshop the other day. Thank you very much. I changed my handle to lead analyst labs and harvested handles yesterday, submitted a few CFPs. Why do you recommend next to become a regular speaker at local cons, James? I mean, you probably speak like 30, 40 times a year. What? Like you answer this one.
C
76 presentations I did last year, 500 in the last six years. Keep submitting. Keep submitting your CFPs. A lot of the times they're going to be saying, have you given this talk elsewhere? You always want to keep adapting it and tweaking it so that way it. Because if they know you've given the talk elsewhere, they may be less accepting of doing your talk. So always keep tweaking it, changing the title, that kind of thing goes a long way. But Keep submitting your CFPs, you know, and as you get picked up and people start recognizing you as a speaker, then they're like, oh, we saw him speak. Because then you want to put together a scissor reel on your YouTube channel, if you got it. Keep track of all the places you've given presentations. I had a list of all the places I've given presentations. I lost access to it, unfortunately, so I have to start all over again. But definitely keep track personally, either through YouTube links, if it's on YouTube, or on a GitHub of places you've given presentations. Keep a spreadsheet, so that way you've always got that ready. And if there's a YouTube or some video link or audio recording or podcast that you've done, you want to keep that there, make your life a lot easier. So when they go, hey, have you presented anywhere else? Boom, here you go.
A
All right. I love it. S. Cole07 did ask how. How to approach people at conferences without seeming intrusive. SRW788 answered that question. He says, find someone standing by themselves and ask them why they're at the conference. You can also. There's a bunch of different ways, right? You can start, do this, do the cfp, do the CTF and sit at a table with other people, ETF and start the conversation. You can sit down and before the speaker talks, just turn to the person next to you and say, hi. You know, like a couple different ways. Don't. Don't think that every single person you're going to meet is going to be awesome either, right? So use your own, you know, judgment and stuff like that. James, thank you very much for jumping on here. Yeah, hey, thank you for being here today and being part of the show this morning and all your questions that you dropped in chat. Definitely a good experience. I'm cautiously optimistic about my weekend plans. I'll report back on Monday or somebody else will, because I get. I'm. I'm, like, terrified of getting stuck out there.
C
Oh, I bet.
A
So, anyways, I'm Jerry from Simply Cyber. He is James McQuiggin at 35, 000ft. I want to say thanks to everybody. Have a great weekend, and until next time, stay secure. SA.
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Co-host/Guest: James McQuiggan (35,000 ft)
Duration: Jan 30, 2026
Theme: An expert yet accessible tour through the day’s top cybersecurity headlines, with Dr. Auger providing real-world analysis, lessons, and actionable advice for practitioners, leaders, and aspiring cyber pros.
Purpose:
This episode rounds up eight major cybersecurity news stories affecting governments, enterprises, and the everyday practitioner. Dr. Auger provides sharp, experience-backed commentary on each headline, translating news into practical takeaways, and closes out with a lively listener Q&A and career guidance segment alongside industry veteran James McQuiggan.
Details:
Analysis:
Details:
Analysis & Advice:
Details:
Analysis:
Details:
Analysis:
Details:
Analysis:
Details:
Advice:
Details:
Interpretation:
Details:
Host’s Advice:
Co-host: James McQuiggan
Closing Quote:
“Don’t be that guy. Don’t be that lady. Stay current on what’s going on. Update your threat models. Thank you for coming to my TED Talk.” (50:38)
Sign-off:
“Thank you for being here… Have a great weekend, and until next time, stay secure!”