A

All right, what's up, everybody? Welcome to the party. Today is Tuesday, January 6th, 2026. This is episode 1040. 1040, 104. Big Dog. I'm your host, Dr. Gerald Lozier. Listen, if you're looking to go through the top cyber news stories of the day while getting expert analysis and a deeper understanding of what those stories mean, so you can be better in job interviews, better at executing on your role as a cyber professional, and just being an overall, you know, supportive community member in the cyber security industry, well, then you're in the right place, my friend, because that's what we're doing here every single weekday morning. This is Simply Cyber's Daily Cyber Threat Brief. I'm your host, Dr. Gerald Doer, alongside the entire Simply Cyber community. We're off and running on a beautiful Tuesday morning. Let's go. All right, Good morning, everybody. Thank you so much for being here. Allow. You know, I don't ask for it often, but do grant me some grace. It's. It's. It's been a wild morning. Uh, we do have a puppy here who's had some surgery, pretty intensive surgery, and he is now behind me so I can keep eyes on him like Robert Dairo in Meet the Fockers, Right, to make sure he's not licking on those wounds. We tried the cone thing. It's just. It's not. It's not vibing. Had to get into the studio late, so I'm setting up. If you didn't know, I don't research or prep for any of these stories. And right now, I literally have no idea what the stories are going to be. That's why the. The look and feel of this show right now is not accurate. You can see this is wet because I got out of the shower about four minutes ago. But you know what? I say this all the time, and I live it. I show you guys personally on the regular. Do not let perfection get in the way of progress. 90 of the show is still better than 0% of the show. I got my cup of coffee, I got my smile on, and I got the Simply Cyber Community bringing the heat in chat right now. So let's go. Let's get this Tuesday morning going. Now, I want everyone to know every single episode of the Daily Cyber Threat Brief is worth half a cpe. Even when it. It's looking like this. Yeah. Picking up what I'm putting down. Here we go. Let me do this really quickly. All right, let's do this. And I think this will work. Computer, switch screens, please. Okay, well, that didn't work. Hold on. Stand by. Standing by to stand by. There we go. All right. Hey, guys, Every episode, half a cpe. So say what's up in chat, grab a screenshot, simple as that. File it away and once a year, you count up those screenshots and divide by two and that's how many you know, CPS you got. It's very, very simple. I do want to say shout out to the mod team. They're probably gonna do some heavy lifting today as I got my head screwed on sideways, as it were. Good morning, Simply Cyber Community. Hey, listen, if this is your first episode, welcome to the party, pal. Drop a hashtag first timer in Chad. Hashtag first timer. And Chad, we love welcoming our first timers. The show, you never know what you're gonna get. It's very much a box of chocolates a la Forrest Gump. A drink. You'll have to forgive me. I'll keep looking back at my dog every 15 seconds to yell at him. Roswell UK is digging that. We're having AV issues. That's right. Good stuff, guys. Hey, listen, we'll be going through eight stories. I'll give my expert analysis on each of those stories. Let's take a look right now on what those stories are. Here we go. Looks like we're going to be talking about European hospitality, Bright Speed investigation, Bitfinex laundering. Okay, cool. All right, we got cyber attack in Greece, Kim Wolf infecting Mongo Bleed, and New Zealand getting their. Their action on. So we got a great lineup of stories for you guys. So what else we got? We got first timers, we got CPEs. I don't research or prep. Honestly, ain't nobody got time for that. I got a nice sweaty going on on my sweatshirt. Day two, Back in the in the A hole share here at Simply Cyber at the Buffer Osier Flow studio. It is Tuesday, which means only one thing. It's tidbits Tuesday. I'll share a little bit about myself with the community and see if we can vibe on these things. Nice. I'm glad, glad I'm making Kyla's day this morning. So, hey, listen, really quickly, if you didn't know, I just want to share this with everybody. If you didn't know. We have the Simply Cyber Community right now, about 200 people we rolling in chat. But I have been told by many, many people that they turn this on in the kitchen while they get ready. So shout out to all of you extended family members, Simply Cyber Community by association, if my voice is recognizable because your Husband, your spouse, your kid is listening to the show. If we're in Carline right now and you're. You're like, oh, my God, I can't believe I have to go back to school. I vibe with you. My kids definitely feel that way. If you're in the kitchen making a bagel right now and your. Your wife is like, oh my God, this guy all, all the time with his jokes and his 90s references, I feel you. Welcome to the party, pal. And hey, you know what, Extended family, thank you for being here. I hope you enjoy it. We do try to make it a family friendly show. Shout out to Courtney getting her name right since I got it wrong at the DEFCON meetup. All right, Amish runaway, literally in the. In the kitchen. We got our flock cameras turned on right now across the country and across the world. All right, guys, let's see here. A quick word from our sponsors, those who enable me to bring the. Holy Jesus. Eric Taylor dropping a 50 bomb on our faces. Here we go. Guys, listen really quickly. If you don't know Eric Taylor and the team at Barricade Cyber, Eric Taylor doing flyovers and just dropping relief packages on the Simply cyber community. 100 gifted subs coming in hot right now. If you are a Simply Cyber Community member and you are not aware of what's happening, let me tell you right now, we have memberships, right? It's just like a little fun thing. So you get access to emotes in the emo tray and have some fun. And it's basically like two bucks a month to do it, right? It's. It's like a nominal fee just to have some fun. Eric Taylor just dropped 100 gifted subs. So triple G. Lovely savvy Tom from Chicago. I am. I am Jax. I am Jax. I believe that's Jack. Hey, get out of there. Hey. Hey. Get out of there. There will be several of those instances as I turn around and find my dog eating his stitches. Might have to put a second camera on this guy. He definitely looks shamed. All right, thank you very much, Eric Taylor and the team at Barricade Cyber. I got eyes on you, dog. Quick, shout out from the stream sponsors. All right, hold on. Let me do this. All right, guys, check it. Check it out. Now let me say what's up to. Hold on, I gotta fix all these. I want to say shout out to Anti Siphon training. Anti siphon training. Disrupting the traditional cyber security training industry by offering high quality, cutting edge education to everyone, regardless of financial position. No, Elliot, I Can't wrap it in an ACE bandage. He's got sutures that got to come out. He's got, like, dangly things. I don't. Oh, my God. Be quiet. You gotta. Patrick, I don't want to get too into it, but let's just say he had. Hey, stop it. Whatever. He. He had a surgery that's in, like, in his, like, lower belly area. Okay? So, hey, check it out. Did you know anti siphon training. Delivering all sorts of crazy awesome training. They have an anti cast. I told you about John Strand's cyber deception and active defense training training. But did you know our very own friend, Michelle Khan? I. I consider this guy a good friend. Okay. I love myself some Michelle Khan. He is doing an anti cast on January 21st. Now, what's an anti cast? An anti cast is a one hour free for everybody webinar where you get to learn a skill. We're actually inspired by this idea here at Simply Cyber. We're actually introducing a new series called Skill Streams at Simply Cyber that's very similar to this. All right, Noel scums coming in from South Africa. Thanks for getting up this morning. We do have a cone for the dog, but it doesn't work. I mean, it works, but he's. He's a. He's a hot mess with the cone on. Guys, check it out. Michelle Khan is doing an OSINT training. Osint, like a hacker. If you have taken a Michelle Khan training at any point in your life, you know how good it is. This guy is the real, real. I love him. I. I do love him. I love myself Michelle Khan. I like his ideals, I like his values, I like his thought process, and I love the way he does osin. So go to anti siphon training right now. I just pinned it in con in chat. There's a free training, guys. All you have to do is basically go register, put it on your calendar, and then if, you know, if it doesn't work out, it doesn't work out. All right. Love it, love it, love it. Also want to say shout out to Flare Academy, guys, I told you repeatedly. I love. I really love the people at Flair. I got to spend a lot of time with them during Black Cat last year. And even at Cyber Security Marketing Con there in Austin, Texas. I spent some time with their team. Just good people. Nick Escoli is over there and we spent some time with him on Simply Cyber Firesides a couple weeks ago. It's just, it's just a great group of people. And while they're flip, what is why is this not going anywhere? While they're threat intelligence platform is good, their Flare Academy is also very good. What is Flare Academy? They are bringing industry professionals who operate as essentially threat intelligence analysts. This can include everything from dark web operators to analyst analyzing intelligence reports to give insights and you know, actionable value. They bring those people for two hour monthly webinars to go around the dark web. The way I like to think about Flare Academy is listen, I don't really go fishing. I know I live in the south and that's a big thing. But I just watch it on TV and by watching on TV I played it on VR a couple years ago and that's the extent of my by fishing. But listen, Flair, the group at Flare is basically like wearing waiters, right? The rubber suit. So you can wait out into the mud and crap and like get out there without getting dirty because when you get back to the boat you can just take the waiters off and you're clean. That's what Flare Academy is. And the team at Flair, they're the waiters and you get to wear it and be clean. Now Bruising Hack says when is your webinar with Flare? That has not been scheduled yet, but just a teaser for everybody. I am partnering with Flare this year where I will be doing one of the Flare Academy webinars, co hosting it alongside one of the Dark web operators and providing my unique brand of insight and commentary to it. So I'm very excited about that. Stay tuned for that bruise and hacks. More, more insights to come from that as we get closer and they release their schedule. So go to Flare IO Flare Academy or simply Cyber IO Flare. You can always do that and that's good. Let's hear from Threat Locker really quickly and then we are going to slide to the left into the news. Thank you. I want to give some love to the Daily Cyber Threat Brief sponsor Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCyber. All right, do me a favor, sit back, relax Cool. Sounds hot. News. Let's go.

B

These are the cyber security headlines for Tuesday, January 6, 2026. I'm Sarah Lane. European hospitality industry hit with blue screen of death. Securonix researchers say suspected Russian hackers are targeting European hotels with a malware campaign, Fault Blix, that uses a fake Windows blue screen of death to deliver DC rat malware. It starts with phishing emails posing as booking site reservation cancellations, often listing charges above €1,000 to create urgency. The malware disables defenses, steals credentials and clipboard data and and maintains persistence with Russian language debug strings infrastructure geolocated to Russia and DC rets sale on Russian underground forums. Pointing to that Russian link, Brightspeed investigates claims.

A

Bright, hold on one second. Of course, dude. When it rains, it pours up in this thing. If you are a content creator, especially a live content creator, when your stream deck fails, man, it's. It's just like bruh. Christopher. Christopher, get to the chopper. Hell yeah, man. All right, hold on, let me. Let me see if I can sort this out really quickly. Reload device. Computer reload. And that did not work. That failed. All right, so I'll be manually doing this today. All right, so guys, here we go. It says blue screen of death attack. But this has nothing to do with blue screen. The only thing blue screen about it is they have an image pop up appear to be a blue screen. And the blue screen has the instructions for the victim to essentially copy and paste into a command line whatever the payload is that the threat actor wants you to run. They automatically post it to the clipboard so that payload can change, but very likely it's a powershell cradle to pull down additional payloads. All right, Avina. Hold on. Avinash. George, reading my book. Nice. Avan as George. I hope you're enjoying that. All right, so this is why they call it blue screen of death. But dude, anybody who's worked in it for more than like 15 seconds knows that blue screen of death means that you've got to reboot your computer. Like, blue screen of death is not solved by opening. Like the fact that you can hit Windows key R and get a pop up means you're not blue screen to death. Of course, my Aunt Dorothea, your Uncle Kevin, they don't know this, okay? They are targeting hospitality industry. Now, one thing to note here is, and as you know it, as they said in the story, this is click fix. It's just the new version of it. Click fix is a very prolific attack technique right now, or attack vector and essentially what it's trying to do is the captcha, like move the puzzle piece, click on the fire hydrants, whatever. With this one they're saying run Windows key R, control V, hit enter to prove you're human. This is just a new flavor of it with the blue screen of death. Essentially this is a phishing attack. It's exploiting the lack of awareness of a human end user and getting them to run a payload on their own box under their own user access permissions and infecting themselves. So not super zero day level hacksaw. The payloads are probably pretty good, but you know, if you're doing malware as a service or something, you could just pull those down. Remember, this is not necessarily attacking businesses. This is, this is attacking individuals. Right. And a couple things to point out here. Number one, I want to point out that even though this is attacking individuals, there's, there's three things I want to point out here. Number one, right now, @ least in from my perspective, and this is a little bit of a political hot take and I don't run politics in this show, but it's right now there's like this like wealth divide happening. And if you look, some of the industries that are doing incredibly well are traveling in hospitality because effectively the 1% that has all the money, they go on vacations and they do all these things. So like, in my opinion, it's pretty savvy from a threat actor perspective to begin to target this particular victim pool because there is an increased population. Think of the Attack Surface. Normally when we say attack Surface, it's like the technology attack surface of a business's Internet facing infrastructure. But also Attack Surface can be, what is the pool of population that I can attack? This is why Windows machines get more malware written form than Linux machines, because there's a greater potential pool of Attack Surface. This to me is pretty savvy for that. Additionally, if you think of that population that I just mentioned, this is why I brought it up in the first place, not to talk about economic disparity and, and other things associated with that. It's to point out that the people, not everyone, everyone can go on vacation. I'm not saying that, but you have a greater likelihood of targeting someone with a greater net worth, which means it makes it worth your time and money as a, as a threat actor to go after this particular victim pool. Now the final thing I'll point out is remember a lot of, you know, the dream of work from home is, is slowly dying, but sales people need to go into the field. A lot of VIPs and business leaders go out and travel in order to make the deal. Like Richard Gear and Pretty Woman in person. Drink, by the way. Okay, so you're getting a lot of people who are using their company laptops and why wouldn't they, on the road traveling, and they're getting this particular attack. Now, I do want to point out really quickly, as a human or whatever, as a normal human, I would be more likely to fall for this attack if it was my own personal travel plans, because it's my own personal money. If it's company money, then I'm like, all right, what is this like, you know, like, I'll get it sorted out. Who gives a crap? You know what I mean? But I will tell you also, depending on what the attack looks like, if it says your reservations are canceled. Dude, that's scary. If you're look at reservation cancellation, if you're supposed to be meeting, you know, insert VIP here tomorrow in Minsk to close the deal. And that deal is going to get you, you know, a two million dollar bonus. Do you know how many boats you can buy for $2 million? Baby, you're probably gonna freak out because you don't want your plans changed, right? I do want to point out they have booking.com here in the story. Booking.com and those type of attacks has been pretty, not pretty common, but it has been seen in the last six months. TLDR for everybody taking action in chat today. Educate your workforce, especially the ones who travel quite a bit like your sales team. Especially the sales team. Guys, I'm not dogging on the sales team, but let me just say I think that they could use a little bit of extra awareness training around cyber risk. Because sales people, I mean, they love to click, click, click, click. You know why? Because every click is potential for straight cash, homie. And that's the name of the game in the sales arena. Russian hackers. We see you, you busted. Okay, let's.

B

Continue. Speed. A major US fiber broadband provider serving rural and suburban areas across 20 states says it's investigating breach and data theft claims made by the Crimson Collective extortion group. The attackers allege they stole personal and account data tied to more than 1 million customers, including contact details, account and session information, payment history, limited card data, and appointment records. Brightspeed confirmed it's probing a potential cybersecurity incident by but hasn't verified the claims. Convicted.

A

Bitfinex. All right, hey, you know what? You don't have to be Comcast or Verizon in order to get punched in the mouth right now, dude, listen, all the money is in the cities, right? Right. Like you, you roll out Internet and in a city and you have, let's say, just make the numbers easy, a thousand potential subscribers. You roll Internet out in a rural area. Rural. And you know, maybe you have a thousand, but you have to spend much, much more on infrastructure to reach those thousand people. So rural communities typically get the short end of the stick, if you will, in some of these transactions. Same with healthcare. You ever notice that rural communities get the shaft on healthcare? Very similar economic reasons. Again, this is why it's super important in pointing. What am I like a 1930s gangster? Ah, it's important. See, this is why it's important to pay attention to money and business and business economics and financial drivers. I'm telling you. Hey, hey, I was this year old, or maybe I was like over 40 when I finally wrapped my head around how following the money is important. So this ISP got hit and tons of sensitive information was stolen. This, I mean, to me, this just looks like. One second, okay, to me. It's called the Crimson Collective. Another threat actor group I've never heard of. They just hit this business. If I had to guess, this is one of those. They weren't targeting Bright Speed Internet. They just somebody who works at Bright Speed fell for a click fix, got trapped up in a snare threat actor group, you know, did some research, found it X filled data and now they're charging them. This is, honestly, to me, this is, I mean, it sucks for Bright Speed. I run a business. I don't want to get attacked by ransomware, believe that. But this is just what happens, you know what I mean? Like it's a day that ends in y of, you know, organization gets hit. We'll see what happens. I mean, obviously it sounds like only their data was ex filled, which means BrightSpeed can continue to deliver Internet services to its customer base. And then they're going to send out, you know, an email saying they're. They take security and privacy quite seriously. Please accept your 1 year identity theft protection. Also, here's your monthly bill for your Internet service. Okay, like there's not much here. Okay. Do all the things to prevent.

B

Ransomware Launderer freed from prison Ilya Lichtenstein, who pleaded guilty to laundering billions in bitcoin stolen in the 2016 Bitfinex hack, has been released from prison just more than a year into a five year sentence and handed down in late 2024. Lichtenstein says his early release was due to the First Step Act, a bipartisan prison reform law. Officials say he served significant time and is now on home confinement. The hack led to a record $3.6 billion bitcoin seizure. Hackers target Ukrainian military.

A

And. Okay, man, not a political show. This has nothing to do with, you know, the Trump law or whatever. This has to do with an act called the First Step Back, which I have never heard of before, but essentially it's like you get slapped on the hand or you get like a first strike. Is my understanding this individual has gotten out. Listen, if you get pinched with a dime bag of weed, you go to jail and they let you out for a first step back, okay? If you launder $3.6 billion and screw over probably thousands, if not more individuals and steal their money and wreck them. I, I, I don't, I don't know. I just h, this is not 67, okay? So calm down. This gross. Now, I will say this dude was only going to serve five years, okay? Which I don't want to serve 15 seconds in prison, okay? So I'm not trying to belittle this prison sentence, but there was only going to serve five years. You know, I, I, I'm not a lawyer or anything like that. So, you know, typically, I feel like, you know, you never serve the full sentence, right? You get out on good behavior or whatever it is. This person says they're going to make a positive impact on cyber security, okay? He's a hacker on the road to redemption. All right? I will say that this act was a bipartisan act. You know, like, do the research. Does that mean one Democrat voted for it or, or was it brought before Congress as a, a Democrat and a Republican submitting the bill for evaluation and potential lawmaking? I don't know. Okay? They are on home confinement. I mean, whatever. Here's my thing. Here's my thing, okay? With this. Listen again, real talk for a second. There is so much money to be made in ransomware. There's so much money to be made in ransomware and business email compromise, okay? So tons of threat actors are gonna do it because it's very lucrative. And there's like, I would say, on balance, the chances of you getting caught are, are low. All right? People get caught all the time. We cover it all the time. This guy served prison time, okay? Now he wasn't doing ransomware. But if you think about the ransomware ecosystem, just so we're all on the same page, you're not getting fiat, you're not Getting cash money, you're not getting Amazon gift cards. Okay? When you ransomware someone, you get crypto. Yeah, baby. Crypto, right? Get those NFTs out. Remember NFTs? We're gonna have to explain that to our kids and how we were idiots when NFTs were a thing. But in the ransomware ecosystem, you have to take that crypto money and launder it or wash it. So you can turn it into fiat USD or Euros or whatever your rubles, whatever you want, but something that you can actually buy something with, right? You cannot buy a house with crypto. You can't buy a sub at Jimmy John's for crypto. Now, Jay Gold may accept crypto if you go to firehouse subs, I don't know. But on average, most businesses aren't taking crypto, so you have to launder it because they can trace where the money went and who it went to and everything like that. And that's what this guy was doing. This guy was doing business to business service, hooking up criminals with cleaning your money. And just like traditional money laundering, they take a little taste for themselves. Broseph, I will clean your money like an absolute boss for 10 of said money. Right? Hey, Sage the professor. Good morning to you too. All right, so here's my thing, okay? Long, long rant over. If you are light on these criminals, it just incentivizes them to commit crime, okay? I'm not saying this guy should have been brought out to the town square and stoned. But what I am saying is if. If, say you get. Say you get laid off, right? You're looking around, you can't get a job, money's piling up, your kid is sick, you've got a opioid addiction, whatever your bag is, okay? Just insert scenario here, and your only option is turn to a life of crime when you're evaluating. Should I do this right? If you go physically rob a bank, it is highly probable that's not going to work out for you, okay? So when you're doing the risk evaluation, you're like, that's a terrible idea. I saw the movie Heat. Even on my best day, I'm gonna get mowed down. Okay? Then you look at, you know, ransomware business, email compromise, and you're like, you know what? It's not so bad. So just to me, this. This furthers that. I hope this guy gets his crap together. I hope Ilya Lichtenstein delivers value to the cybersecurity industry if they are truly reformed. Welcome to Simply Cyber Community. Ilya you're more than welcome to be here, but I just hope it's true. All right, thank you for my.

B

Rant. Government with Viber. The 360 Threat Intelligence center reports that Russia aligned hackers are targeting Ukrainian military and government entities by using the Viber messaging app to deliver malware. The campaign sends malicious zip files containing Windows shortcut files disguised as Word and Excel documents which deploy Hijack Loader and ultimately install Remcos RAT for espionage and data theft. Researchers say the group has escalated its tactics by abusing messaging platforms like Viber and also Signal and Telegram to evade detection and maintain persistent.

A

Access. Okay, listen, Vibert. I don't get it. I hate to sound like an old. And I know I'm gonna sound like an old. I told you guys I was gonna shave yesterday and I didn't because I'm old. Actually, it's because I was. We're dealing with the dog. But why do we need a new messaging app like Signal, Telegram, iMessage, WhatsApp. Like, doesn't that cover what we're working on here? Like, I don't understand how there is market room for a new messaging app. Hey, Give me one second. Talk amongst yourselves. I gotta, I gotta investigate something. Give me one. Just grant me some grace. Okay? Get out of there. All right, I think my dog's bleeding a little bit now because I think he got in there with a tongue. For those who are just joining, my dog is in here with me with stitches, sutures, and he's not allowed to. All right? So anyways, I don't know why. Oh, there's an infographic here. Let's go. Oh, who told me about that? BDUB5542. Yes. Oh my, my. That is quite the infographic. Okay, so check it out. I mean, the infographic does have some you English glyphs, a lot of. I don't know if that's Chinese or. Anyways, let's just play it by ear. Fortunately, they have visual icons. Let's see what this guy does. He sends a message on Viber. He sends a message on Viber. The person downloads a zip file which runs an LNK and PowerShell reaches out to the threat actor. C2 server, sets up a running service that's probably for persistence called C Flux Exe, which gets pulled down from the C2 server. Then they run some type of side loaded dll, another dll, another dll. Jesus, this is like DJ Collet of DLLs. It's dll to dll to dll to Dll and then they run chime exe and then the nuclear payload here, hijack loader and you're owned. So here's the deal. If you're running Viber, I don't know what. Listen, if you're, if you are working in the Ukrainian government, you're obviously in year you of a conflict with another country. You work in the military, the government. Why are you installing Viber on your phone or your device, man? Just seems. Just seems like a bad idea. Can we have this? Listen, here's the TLDR for everybody here. It's called governance of the world of grc. Governance is the one that's the least understood. And I would say it's not the most important, but it's equally important. I would say that risk and governance are important in compliance is like, kind of like tier two, right? It's the. It's the A tier. Governance and risk are S tier. If you're following along at home. Now listen, you got to have good governance. Listen, do not. You're not allowed to install anything stupid on your device. If you can use technical controls to prevent installation of software, even better educate your end users. This is the same thing as when those Russians were on Tinder right before they invaded Northwest Ukraine, right before the war went out and they totally blew up their opsec. Stop it. All right, let's.

B

Go. Huge thanks to our sponsor, Hawks Hunt. Traditional security training fails because it treats employees like the problem. Hawks Hunt treats them like the solution. AI powered simulations mirror actual attacks hitting your inbox. Instant coaching turns mistakes into learning moments. Gamified rewards make security engaging. The result, real behavior change that measurably reduces your risk. Thousands of companies trust Hoxhunt to transform human vulnerability into human defense. Visit hoxhunt.com cisoseries to learn.

A

More. All right, all right, all.

B

Right.

A

Cyber. I'm not going to be playing. I'm not going to be playing. Don't you forget about me anymore because I just want to avoid. Well, you guys know why I do it. I wish it'd be nice but I. I definitely don't want to invite any issues. All right, guys. Hey, we are at the mid roll. I want to say thank you all for being here. We're back here for the first week of January, a new year 2026. Guys, I want to tell you really quickly about one of the new sponsors area. It's actually spelled A I R I A area. Worth checking out links in the description below. I do appreciate them. I think it's cool Checked it out. AI agent orchestration. Listen, your leaders, this is something that a lot of people can vibe on. If you're working in GRC right now at a business, you're probably dealing with this. Your leadership team is demanding AI automation because it's, it's the new hotness. Employees all over your organization are using it without any approval. You got shadow it all over the place. Sales teams using one tool, marketing another, engineers, who knows what they're doing. One security incident or audit failure could cost you everything. You got your IP with the engineers sticking it all over the place. Regulatory fines about, you know, breaching contract or, you know, putting, you know, data of sensitive natures in places it shouldn't be. You could even lose your talent. Right? But what if AI became an advantage instead of your biggest risk? What if teams could innovate faster while staying completely secure? This is the dream and that's what Area delivers. It's an actual unified platform that combines AI security, governance. Thank you GRC Mafia and orchestration. So you actually don't have to choose whether or not to protect the organization or allow innovation. You can have both. You can take control today. Turn your AI stress into AI success. Embrace enterprise AI. Believe me, you'll be happy. Visit Area Enterprise AI platform for secure and scalable solutions. To see the platform in action, just go to area.com, that's a I R I A dot com. You can see it right here. Very straightforward, you know, WYSY WIG interface. You can do agent orchestration. You have visibility. Guys, this is pretty cool. Worth checking out. Okay, like I said, link in the description below. All right, again thanks to the stream sponsors, Threat locker, anti siphon, flare and Area, it is Tuesday, which means only one thing, Tidbits Tuesday, where I share a little bit about myself and we see if we vibe on.

B

It.

A

What to share today, what to share. So I, I don't know, this is just a silly little thing but like Christmas gifts, I don't know if anyone else does this Christmas gift. So I have two kids, if you didn't know. I have two kids, 13 and 10. And they got a bunch of gift cards for Christmas, whether it's Amazon gift cards or Visa gift cards. And I, I somehow in the currency exchange at the airport, so my kids come to me with their Amazon gift cards. You know, say, say it's a 25Amazon gift card and then I buy it from them. Now the problem is I give them full value, I give them 25. What I should be doing is charging a vic, right? Like give them $20 for their 25 gift card. Give them a little taste of reality. This is what real life's gonna be like. You're gonna get hosed because I don't need you. Amazon gift. But seriously, I. I must have bought, I don't know, 125 worth of gift cards off my kids. They just want straight cash on me. Great cash, homie, because they just want to turn it into Robux Fortnite bucks. My. My one son's, like, trying to save up for some type of bike. Pretty cool. Pretty interesting. I just don't know. I just don't know. Also, FedEx is asking about the nursing experience with the doggo. I mean, it is what it is. You know, he's got stitches in his. Like, basically he had. He's been neutered. But, like, the area where the neutering happened, he had cancer, so they had to remove that whole section. So it's a very awkward place for him to go.

B

And.

A

Yep. DND gift. Jose Alfredo. I'm not sure what you're talking about, but we'll continue on if you want. Jose, clear that, clarify that and we can. I can talk about it before we flip to jawjacking. My hair is out of control right now, guys. All right, thank.

B

You. Cyber attack unlikely over Greece Grounded flights. Greek authorities say a radio communications failure that shut down the country's airspace for several hours on Sunday probably wasn't a cyber attack, though investigations are ongoing. Flights were grounded, diverted, or delayed after noise disrupted all air traffic control channels, including backups affecting about 120 flights in Athens and. And Thessaloniki airports and stranding thousands of passengers. Officials have launched multiple probes and formed a multi agency investigative committee. Air traffic controllers renewed calls to replace outdated equipment. Kim.

A

Will. Okay, so this is not the first time. Yeah, we have a cone. It's just. It's not a good fit for him. Not physically. It's. He like. He's like a mess with the cone. He's crying. He's, you know. All right, so Greece gets hit with this. Guys, this is not the first time that air traffic we've seen in the United States a few times is impacted, but is not a cyber attack. Okay, just listen, just as a. People always are. Like, people who don't work in cyber, I always hear them say, like, oh, my God. They say two things. One, there's so many acronyms, and the other thing they say is, oh, my God. It's just so intense. It's so scary and everything. It's like, yeah, it's scary, but you almost like, you almost like get calloused because of it. So just because an IT system has disruption, whether it's down on the fritz, not working correctly, whatever, does not mean a cyber attack. Dude. A lot of OT ICS systems, a lot of legacy tech, it fails, it breaks, it has problems, it has a, you know, segmentation fault or whatever. And this is just another one. Air traffic controllers. I don't know much about Greece and what Greece's, you know, financial situation looks like as far as investing back in infrastructure upgrades, but Greece has got some old deprecated air traffic controller stuff and it's not working. Noise across all channels, including backup systems, triggered the shutdown. So basically they were having some type of, you know, audio issue on the, the, the, the radio communication channels between the air traffic controller tower and the pilots. Now if you've watched any of The Air Force 85, Air Force 95, Microsoft Flight Simulator videos on YouTube, they're hilarious. But you know, I'm not a pilot. Josh Mason is. If you're a pilot in chat, sound off, let us know. But being able to talk to the tower is important. Listen, the last thing you want is an in air collision. That's like the worst, right? We just saw this in Washington D.C. in December of 2024 when a helicopter in a plane collided. Right. Air traffic is very important to be crystal clear. And the air traffic controllers are the ones, you know, navigating. They're the traffic cops. Right. Basically. So when there's an issue with that, it's a, it's a full stop. Now a legacy tech, it says there was some noise. Who knows, dude, it could have been somebody put, somebody put like a space heater next to something that caused, you know, feedback and noise on the wire. I, I don't know. They're saying here though that it's definitely not cyber attack. I, you know, that's it is what it is, I guess for me, I like to go beyond the stories here. All I want to say is just know that it's not always a cyber attack, okay? It can just be screwed up. Some engineer could have just updated BGP, right? CrowdStrike, somebody, you know, there's a patch that broke things, you know, that's the story.

B

Here. Infects more than 2 million devices. New research from Synthient says the Kim Wolf Android botnet has now infected more than 2 million devices. Expanding on December reports that first tied it to the Aceru botnet and record setting DDoS attacks, investigators say Kim Wolf is being actively monetized through residential proxy sales, app install fraud and DDoS for hire with about 12 million unique IPs observed weekly. The update also links infections to exposed Android debug bridge services and pre infected Android TV boxes and confirms recent abuse of China based proxy provider EPDE infrastructure before a late December.

A

Patch. Okay, so two things. And this is important, okay, because my, my cousin Pat would definitely fall for this. Okay. Although he's an iPhone user, Android botnet has over 1.8 million devices inside of it. Okay. And did a 1.7 billion denial of service attack commands. Right. So it's a couple things. Number one, I just want to point out really quickly. A botnet with 1.8 million is freaking huge. Okay? When Mirai Botnet blew up and became like interesting to the U.S. department of justice, it was at about 600,000 bots. This is literally three times that. And we're just talking about it casually. So that just to me, that just goes to show you the current state of like botnets and like what is, what is normal. Number two, Android. Okay? Don't stop installing weird apps from weird places. Educate your workforce. Tell them that fortunately for most of us, executives and business leaders love their iPhones. So you don't have to deal with this. But you know, a lot of, you know, power users, a lot of your, you know, a lot of your. Oh my God, I wish I could remember this guy's name. I used to have to deal with this massive pain in the butt user who was like a super power user and was like custom scripting his own things and running them on our enterprises. Such a mess. That guy actually ended up just. Spoiler alert. That guy actually got, ended up getting fired because there was some nonsense that got uncovered that he was up to. Tao with a super.

C

Chat. Welcome.

A

Back. Become best friends. Yep. Thanks, Dal. It's great to be back. I appreciate that. The, the one thing I want to point out here, there is some indicators of compromise. They've got this silly. Looks like Domain generated algorithm domain name. You could shove this into your sim and look for it, but domain names are trivial to change, so probably not going to get a hit. But if you're, if you're futzing around and wanting to just do a little threat hunting, you could certainly do that. Oh my God. Okay, so you can actually search for this naming pattern, which I'm not going to say on stream. If you're listening on audio only, you'll have to go to the story itself to read it. But I'm not going to Say it because it has a bad word in it, which I don't want to say. The final thing I want to point out, and this to me is the headline that's buried in the story, is that this malware comes preloaded on some Android devices. Now wait, like Samsung lg, they're not loading this malware on it. But when you get these devices that have like, I don't know about you guys, I don't do this because I'm, I'm, I'm such a rule following, law abiding citizen at this point in my life. But have you seen these devices that you can buy, you know, from places? You probably got a guy at work who gets them for everybody. You plug them in and you have access to like basically IPTV and you have access to all the channels and all sorts of streaming services and stuff. And it's like, wow, this is amazing. I don't pay for anything yet I have access to everything. This is great. Those devices are black market devices. So if they're loaded with malware, guess what, who cares? Because they're not being checked or validated. And guess what you're also not going to do? You're not going to report it because you're also committing a theft, essentially. So those devices could be infected with malware. So a couple of things you could do here. Number one, educate your cousin Pats of the world that yo, that thing could be infected. They may not care because if it's just being used in a botnet attack, does that really matter to you? That's a serious question for everybody to think about. If you add a device on your network, your ring doorbell for example, right? If your ring doorbell was part of a botnet and used in a denial of service attack to knock over bank of America, do you care? Because when Amazon comes to your door and rings the doorbell, you still get the notification. Your ring doorbell still works. It's just also being part of a botnet. So because it doesn't have any pain for you as an end user, do you actually care? Okay, so you're going to deal with that particular struggle. Number two, I don't remember my second point because I got all wrapped around the axle on the. Do you actually care? So tldr, this is how things get in there. Oh, oh, oh. If you want to screw around, I can't promise anything but buy one of these black market devices for research purposes only. Plug it in, span the port and see where it goes. See if it does anything wild. Write a blog post about it expose these people. All right, let's keep.

B

Going. Critical Mongo Bleed bug under attack. Attackers are actively exploiting a critical MongoDB vulnerability dubbed Mongo Bleed that lets unauthenticated remote attackers leak server memory and steal clear text credentials, tokens and sensitive data. Exploitation began around December 29, just days after proof of concept code was published, prompting CISA to confirm in the wild attacks. The flaw affects multiple MongoDB versions when ZLib compression is enabled. And security vendor Rapid7 warns that organizations need to patch and rotate exposed credentials. MongoDB urges immediate upgrades or disabling zlib.

A

Compression. All right, so a couple of things here. Number one, Amish runaway said she wasn't familiar with quote, botnet quote. There are a lot of terms in our industry and some I just take as common. So thank you for calling that out. Amish Runway. I'm not pointing, I'm not saying, oh, look at this, I'm saying, like, if you didn't know that term, let me define it so really quickly. Just going back to the story. So we all have the same. Because you should know what a botnet is. It's a common enough concept. Okay, so, so when you have an infected device, right, you can control it. If you have a hundred infected devices, you can control all 100. If you have a 10,000 infected, you can control all 10,000. So they are a network of machines that you own that are basically, you know, robots or zombies or bots or whatever. There's another less PC term that used to be used, but we're not going to use that anymore. Those machines are under your control as the threat actor. So typically when you think botnet, you think denial of service attack. So you say, hey, botnet army, go attack this IP address or go attack this domain or go attack this resource and all of those bots because you control them as a network attack. Okay, so that's what a botnet is now going to this mongo bleed. One couple things. One, if you didn't know, dude, MongoDB, I want to say like in 2015, 2016, when it first came on the scene, was massive, dude. There were Mongo database breaches all over the place. Because it was not, it was not, it was not a well secured. People were just deploying it, okay? So I guess it's still out there. If you're running MongoDB, you have to be vigilant in patching it. It's just like any other technology, right? You got to patch it. Ah, you gotta patch it now. CVE202514847. Our classic CVE numbering has high severity. A CVSS score of 8. 7, which is high, not critical. So don't get your underwear in a bunch there. It's not like you're. It's not like you're sitting in sand at the beach. Okay, I'm gonna go to epsslookup.com to get the score on this one. EPSS score. Holy geez. Okay, so this is one of those examples. This is a perfect example. Listen, have a good one, Grady. Listen really quickly, guys. If you use CVSS score only for vulnerability identification, you actually could probably never patch this one because it never gets to a high enough level to get your attention. But from an EPSS score, which is basically an estimate of the probability that this will get exploited in the next 30 days in your environment, has a 68% chance. So greater than a coin flip. And if you could get 68% chance at a casino, you would be rich. 68% is very high. Okay, and then how bad is it? That's what this percentile is. How bad is it? Of the hundreds of thousands of vulnerabilities in the EPSS database, this one ranks in the top 98 and a half percent, which is nasty. Nasty. Okay, so don't sleep on this one. The way to fix it is disabling zlib compression or patch it. I recommend patching it. Chances are you personally will not be patching it. As a cyber professional, you'll be telling the application security or the app team or the development team to patch it. Do me a favor, solid favor, don't sleep on this one. Get this one sorted out asap. You should have already done it, honestly, because this came out December 29th. You're a week. You're a week behind. You're a week behind. And there's a POC exploit out there, which means, dude, if there's a POC that's a working exploit that can be modified to download or, you know, execute shellcode payloads, etc. So don't sleep on this one. If you're running MongoDB, this is a pretty nasty vulnerability to get sorted.

B

Out. New Zealand reviews Manage My Health cyber attack. New Zealand's health minister has ordered a government review into a cyber attack on patient portal provider Manage My Health after a breach potentially exposed data tied to more than 100,000 patients. The platform is used nationwide and manages records for about 1.85 million people, with an estimated 6 to 7% affected. The attacker, using the alias Kazuha, has Claimed to steal more than 428,000 files and is demanding a $60,000 ransom, threatening to release the data publicly. Manage My Health says the incident is contained and is working with law enforcement and cybersecurity experts to determine what data was accessed or downloaded. Want more great content from the CISO series team? If.

A

You. All right, so New Zealand. Did New Zealand ever get a confirmed case of COVID Do you remember when Covid was a thing and, like, the New Zealand prime minister put the kibosh down and, like, New Zealand was the only country in the world without one? I. I have to imagine that's not the case anymore, but the government's incredibly concerned about a breach affecting 100,000 patients. Okay. I mean, America's like, hold my beer for real. Let's see. So they. Whatever. Like, with all due respect, this is a large percentage of their population because it is a. A small population, but I don't know. To me, listen, this is not good. This is not good. But to me, this. This is going to sound like such a grizzled, you know, multiple scars. Seasoned veteran. When I see this story. What I think is, first of all, like, I don't know, I hate to say, like, cute, but, like, good job. I'm glad the federal government of New Zealand is interested in getting in front of this and figuring out the problem and doing lessons learned. But, like, dude, like, like, just allow me for a moment. Okay, where's, like, this is. Hold on. Let me just pull up yesterday's news here. This is yesterday's news. Where is it? Hold. Hold on. Oh, my God. Okay, hold on. Covenant health care data breach. Okay, Look at this. 14 hours ago, this is reported. Covenant Health Care had a Data breach of 500,000. Essentially, I'm rounding up 500,000 patients records. Done. Right? This was attacked on New Year's Eve. I mean, excuse me. This came out New Year's Eve. This is the chillin ransomware group. The attack happened in May. This is like, on page four of the newspaper. Okay, so this is what. This is my perspective, right? Five times the amount of patients impacted. And this is like a. It makes the news cycle or it doesn't. It's kind of in the fringes. New Zealand gets 20% of that 100,000. And the federal government wants to have, like, a massive intervention again, I'm not. I'm not crapping on them for wanting to take it seriously. I am happy about that. But just like, I. I don't know if they have perspective on how rampant health care Attacks are globally. And how. I mean, again, a hundred thousand patients, I'm not. I don't wanna. Every single one of those patients doesn't deserve to have their protected health information exposed like that. But in the grand scheme of things, you know, you know, so whatever, we'll see what happens. Honestly, I hate to be a peckerhead, but here's what I think is going to happen. A whole lot of nothing, okay? There'll be an investigation. They'll make some findings. They'll probably come up with an idea. Hey, get out of there. But listen, we saw Australia, which is like New Zealand's big brother. We saw New Zealand. I mean, excuse me, we saw Australia two years ago, have massive data breaches, okay? Their ISPs got hit, their major telecommunication provider got hit, their healthcare provider got hit. And the country of Australia was like, no more. We're passing a law. If you are a large company and you get hit with a data breach, you're absolutely going to get financially screwed. Ha. That'll fix these cyber attacks. We win. And then like the next month, a Fortune 5 company in Australia got punched in the mouth. And guess what happened? Nothing. Nothing happened. That law was not utilized because. Well, I'm not going to get into. I'm not going to get into my thoughts around why, you know, a company that makes billions of dollars that has friends in high places wouldn't actually be financially penalized. Not that I even agree with it, honestly. I think it's silly. I think you should get penalized for negligence. Like gross negligence, like not having mfa. But, dude, as a GRC professional, you cannot reduce all risk. You'll. You'll always have residual risk. So I don't think it's fair to like, fire the CISO or, You know, like hold people financially accountable again. Okay. All right, guys, let's do.

C

This.

A

Foreign. I want to say thank you very much for being here today. We're a couple minutes over. Don't go anywhere because we have jawjacking lined up. Eric Taylor from Barricade Cyber, the same Eric Taylor that dropped 100 bomb on your head at the beginning of the show, is going to be doing jawjacking. Jawjacking is a 30 minute ask me anything store show. Excuse me. Where if you have industry questions, you know what certs should you get into. This is, you know, ransomware really still a thing. What is C2? What is botnet? Whatever questions you have, put a Q in chat and then ask your question. Eric is coming on to answer them. I'm Jerry from Simply Cyber. Thank you all so very much. I appreciate. I appreciate the. The grace you guys granted me as we came into the studio hut and dealing with the old puppers down here. Until tomorrow. Oh, I forget what I. I'm sorry, Jose. We could talk magic the gathering later. All right, I'm Jerry from Simply Cyber. Until next time, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some.

C

Jawjacking, Man. Good morning, good afternoon, good evening, wherever the world you are. It's been two freaking weeks, man. I've missed you guys and gals that are out there. Hope you are doing well. Hope you are starting off the new year with a bang. With your goals in mind, let me know in chat. Cyber related, what are your goals to complete by the end of the year? Let me know. I'm generally curious, right? You know, tidbits. Tuesday, we're looking at more and more incorporating AI into our SoC and IR retainer triaging. So, you know, I've been very vocal about it. Hold on a second. Let's make it a little fuzzy. I need to move my mic. One second. Sorry, let me move it.

B

Here.

C

Because I think it's given some static. Change.

B

That. All.

C

Right. My feed looks like it's better. Let me know if the audio got a little bit better. Your hair looks very wet. It's actually got. So it is a little wet. Yes. But I've got a product that I use called Tea Tree. It's like leave in conditioner and stuff because you know, y', all, y' all, those have been around for a while. You'll see my hair, it's a big freaking fro. Especially when I like to let it grow out. There's times in my life that I embrace the curl and I just kind of let it grow out. And if I don't put some leave in conditioner in, it goes all Jackie. But anyway, the while I'm doing a little bit of ranting. If you have questions and you're new, put a Q colon mark in there in the beginning. So that way when I do my. My look for questions, I will be able to find them easily and be able to answer them. Mods and chat. I tried to look and I think Jerry is actually still here. Jerry, if you're still in the green room, let me know. Do we have a 9:30 show? And I'm looking for mods. I tried. I guess I'm just getting old and don't understand technology to some degree. But trying to find out, you know, do we have a 9:30 show when I'm looking on YouTube is hard for me to do. May honestly the way I chalk it up is to is thank you so much Jerry for that confirmation. Jerry's just got so much freaking content that YouTube just doesn't know how to sort it properly. That's what I blame it on me personally. You got so many content that's coming up, so much content that's already been done that's hard. YouTube doesn't know how to filter the madness that Jerry is pumping out and that you guys are here for. So that's what I chalk it up to. I got a question from any advice for an interview. I have a I'm sorry I have a cyber security consulting role tomorrow. This would be my first job out of college. Yes, thank you Kim in Mod Chat for also the confirmation. What I love to hear as a business owner and when I'm doing.

B

Hiring.

C

The let me make sure I phrase this correctly. So I personally as the owner of Barricade and I know a lot of other folks, but it's not industry wide right that most small businesses will hire passion over or passion over certification nine times out of ten. I know John Strand has talked about it. I know a lot of other folks have talked about I think DJ B Sec has even talked about it. I don't want to put words in his mouth, but if memory is serving me correctly, he's talked about it several times that if you show passion you can learn a certification, you can learn a role because you have the passion to learn it. So show passion. And also one question I love to hear and I advise everybody to do it, ask them sir ma' am and sorry why I'm doing the sir ma', am, but I'm Southern. This is what I do. But ask them what does success look like in this role in the next 30, 60 and 90 days? How do I make sure that I am meeting your expectations over the next 30, 60, 90 days? Whatever flavor works for you in that verbiage. But you want to make sure that you're meeting the mark. You know, I can't tell you how many times even early on in my career because you know, coming out of the Marine Corps I had a big freaking head, right? I know everything, right? So that I was just a cocky little kid so you couldn't tell me nothing. Even before the Military that, you know, I just couldn't. You, you couldn't tell me. So I always thought I was doing the best bang up job ever. So when I start learning that, it's like, okay, this is what I need to do to make sure I am seen favorably and be able to keep my freaking job. My mouth got me into more trouble than anything else. You know, you talk to Mrs. Barricade, she'll tell you I couldn't hold down a job. Like being a business owner is the longest job I've ever had in my life because I mean, I don't know, I just, there was a lot of growing up that I had to do. Right.

B

So. All.

C

Right, let's start looking for questions. And remember, put the Q in there. I know some people in last year or just putting the period and sometimes I miss them. See you later. Jesse. Glad to see that you're out of the shower. Sorry, that's a long joke. So in Mod chat last year or the year before, I, me and Jesse would always mess with each other because he'd be like, oh, I'm about to get in the shower. I'm like, get out of the freaking shower. We got modding to do. Anyway, I love messing with Jesse. He's good people. So that's a little bit of the back room talk a little bit. Let me scroll up here. What's the best job for. For fresh jobs as LinkedIn and indeed seem to be of a show, to be honest with you, dude. But I say dude, loose. I don't know. The real problem is and let's unveil the curtain, right? The real problem again is AI and a lot of the services that are out there. So I've used LinkedIn before, I've used, I'm drawing a blank on the other one. It's been so long since I've done this and thankfully I've been able to hire from the community. But the I know with a lot of the platforms that they allow users to auto publish and auto push their resumes out so you know, you can blindly mass apply to a bunch of organizations really, really quickly whether you're qualified for the job or not. So that is a major, major problem. So I don't think it really depends on what platform you are you're on. You're going to have that problem. So I do think this really does go back to the network and being part of this group, being part of, you know, Black Hills, being a part of all the different communities that you can be in, I know it's going to be hard to keep up with them. Dude, I'm in forensics and cti. I can't keep up with everything. Right. And this is my day job all day long. The being able to keep up with everything is mission impossible. It really is. So try to find high value groups to be a part of and network your face off is what I would tell you. All right, I'm going to start that one because I've got that one entered. Let's see. I am new to cyber security also recent AI consultant. Okay, question is, what search should I look into if I want to implement AI securely? Oh my gosh. Honestly, I don't know. I really, I really. Unfortunately, I really don't know. You know, as we're still looking at, you know, AI and incorporating it into a lot of our daily work, at least for initial triage, we, I don't know, in the next three years we'll be able to just like let run, let AI just run rampant on whatever requires a lot of human intervention and oversight. But that said, the, The only thing I can say running AI securely, you got to have it as a local language model or a local large language model LLM or L dash LLM. And I mean truly local. Not using Claude Desktop to do that because it's still brokering to the cloud for cloud AI. So, you know, being able to use and keep it truly private, using things like crawl for AI to download and create MD files, AKA markdown files and ingesting that into your AI or your LLM is really the best way to go to truly do AI securely. Now what controls, what frameworks to apply? I'm still too new to the, to the space to properly advise on that, but again, I would think keeping, you know, doing general network hygiene, make sure it's its own vlan, make sure only authorized users can get to it. You know, can you put a login on it? You know, some of the stuff is just an open website like open UI or open web UI that bolts on top of olama and things of that nature. Right. So, you know, putting standard network protocol protections in place, keeping it on its own VLAN and just making sure that, you know, stays truly local as much as possible would be the best way that I would say that. Right. I just don't know of a cert available right now that will give you what you're looking for. Good question. Catch it up, Catch it up. Are you back on the Wednesday Barricade Cyber podcast? We got a lot of things going on. I Think we got the last episode of Fortify365. Yep. Tomorrow and we've got the Ransomware monthly update. I get the numbers over to Kimberly to get the slides put together for that, but that's on Thursday. Just go to webinars.barricadecyber.com to be able to get on those. I am going to bring back the Brutally Honest podcast. I've really been toying with this one, you know, with that podcast that trying to release. I really want to do it, but I want to make sure it's the right format, that I'm bringing proper value instead of it just being, you know, 20, 30 minutes of me just complete nonsense ranting about everything and be like old man yelling at the clouds. And I feel that's kind of the way it's been and I don't know if it's going to bring much and maybe that's what people want. I don't know. You know, going to be bringing out a ask barricade, you know, so, you know, questions that we don't potentially get a chance to answer here or whatever or you want to be things that may get a little bit more political in the cyber industry and things of that nature, you know, where I don't mind answering that stuff on our platform, you know, so we're going to be bringing that out here in the next couple weeks. Already recorded a couple of questions for that. But yeah, hopefully I answered your question. If not re ask it in a different way so that way I can make sure I understand your question effectively. Any suggestion on which cert to pursue in 2026? I'm in blue team.

A

Stuff. All.

C

Right. Blue man grew. I would say anything cloud, you know, if you're in the Azure space, get some Azure certs. If you're in aws, if you're in gcp, Google Cloud product, whatever platform your organization is in or the organization you're looking to get into, start getting some of those implementation and security frameworks. You know, a lot of stuff in Azure is there search free? I don't know about aws, but I'm pretty sure GCP has a bunch of free ones as well. So that's what I would say. If you're not doing cloud certs, because a lot of stuff is, you know, a lot of organizations are not going fully cloud, but a lot of them are doing hybrid and even multi cloud instances. So, you know, that will be very, very beneficial. I'm thinking about doing dual booting with Windows 11 and Kali Linux on my lab Box. What's the easiest way to clone back up my Windows 11 before Duo booting? To be honest with you, I wouldn't dual boot. I'll just do a VM. No, I believe VMware Desktop is free for private. If not, use VirtualBox, but just spin up a VM in your Windows 11 infrastructure or workstation. That way you don't have to worry about shutting down your stuff to do a boot into this. You're like, oh crap, now I got to go back to my Windows. You can easily pivot back and forth. Just do a VM. That. That's what I recommend. That's what I do. Let's see any IOCs found about the RDP hunt that you been on that you posted about on Link. No. No. So on LinkedIn we are. We started a couple weeks ago or maybe even a month ago now. Started posting, you know, when we're seeing new threat actors because the, the ransom monitor just didn't get the traction that we were looking for. So we're playing with different tactics for social media and you know, as we find more stuff out about certain threat actors, we'll post it there. I. We may do it on the website and drive everybody there to do a threat intel based off of the threat actor is what I'm thinking it's going to eventually do. We got some last minute hurdles with the new website where phase three is still in development for the blog and all that stuff. So as soon as that gets done then you know, we'll be doing some of that stuff and then we can just post hey, we're an update to this threat actor has been. Or yeah, a threat actor threat feed or whatever has been updated. Oh, whatever the verbiage.

A

Is.

C

Question. Have you ever heard of the U.S. delta Force computer Network Operations Squadron? Are they real? I don't know to be hon. I. I haven't heard of them. I don't know why a physical security force would have a network operations squadron that would. That would vote because a lot of times. So Special Forces, they will have other not departments. Sorry it's been so long since I've been. I'm trying to remember the right term. Oh, I'm drawing a blank. Essentially they would have other. They would have people that were designated from other companies or squadrons to accompany them. There's a word I'm looking for but I'm completely drawing the blank. It's like acetate, but it's not. I forget. But they, they become a, you know, a unified force or whatever in collaboration. So you know, I don't think Delta Force themselves would have their own because again, they're. Because like, let's say hypothet. Okay, I'm trying to phrase it right, and every time I start to say it, I'm like, nope, that's gonna sound stupid. All right, SEAL teams, Delta Force or whatever, if I'm not mistaken, they will use another department for like drones, right? So they may use the Air Force, they may use the Navy, they may. The army may have their own drone squadron or whatever and another company. Company, squadron. I am drawing so many blanks on military terms this morning. But, you know, they will run in unison with each other. So they are a support group. That's it. Support group. Why was I forgetting that? So, you know, why would they have their own versus spinning up their own, you know, independent. I don't know. But that. That whole Delta Force thing, you know, those who've been living under a massive boulder with the whole Venezuela, you know, situation, the. There's a lot of people coming out to act as they are freaking industry leaders in information. And I'm like, please shut up. Go back in your corner. You know, it's. It's okay to say things like, based on the information that I have currently presented to me, this is the way I feel, or this is what I believe. But stop coming out. Out acting like you're. You've been in the trenches of every freaking topic known to man for the past hundred years, and you're here to drove your massive amount of knowledge. Get out of here. Influencers drive me. Steel experts drive me nuts. I'm like, shut up. Because I'll be the first one to tell you. Like, again, I said it earlier where I'm in ransomware, I'm in cti all day long, you know, I'm working cases, I'm doing this stuff. I don't know everything. I just don't. There's always new stuff. There's always things happening. New tactics, new techniques, new procedures. While a lot of it is rinse and repeat. But when you have initial access brokers as part of the getting that first layer of access us and having dwell time, you know, it's. There's always new things going on, ladies and gentlemen, always. I'm new to cyber and want to know what basics I should start with. Senior. That's like saying I'm new to it. But in cyber, really the only thing that comes to mind when it comes. When you say the word cyber as an entry level to me at this moment, I. It Screams, you know, you need to be a SOC analyst. You need to be able to learn what is legitimate and illegitimate information that's happening inside the environment. So that way you could be able to make that determination and be able to advance your career. Our home audience is the only way to get experience. If you've never worked in the industry. No, it's not. You can internship, you can, you know, do freelance work. You can do all kinds of stuff. Home labs help give you the confidence of hands on experiences because you can stand it up in so many different sort of scenarios and stuff like that that you know, while tr, Hack Me and Hack the Box are excellent platforms to give you infrastructure to test on, it is very much a closed system with a certain use case scenario. But if you are. Wanting to set up a certain scenario like hey, we got this new CVE and I want to find out, you know, how this, how the logs are generated when you exploit it with this poc, that home lab is the only way you're gonna be able to do it. At least for the first 15, 30 days until the cloud platforms, you know, build a proof of concept lab for you to do. The brutally honest has a definite audience. It does. Again, I'm just trying to make sure it's legit. I'm trying to make sure it's proper question. Anyone know of any tricks to get in contact with LinkedIn support without logging into the account? My MFA has been jacked and will not let me access my account. It keeps telling me, taking me in a loop is that, let's see, give me a second. All right, I'm pasting a link into chat for you. That is how you. It's going to come over as Dr. Jared Ozer or simply Cyber Jerry Ozer, PhD. That LinkedIn link will get you where you want to go. Hope that helps you. Just kind of going through here. I really do enjoy all the questions. It's been awesome, awesome, awesome. So I entered that, Yeah, attached support groups is where I was trying to go with. When we were talking about the Delta Force folks. And that's the part, that's what I was trying to say earlier. Like when you, when you're in the industry, you know, definitely showing that you have passion because you know, it's been 20, let's see, 20 now, 25 years sub out. You don't use the terms all the time, you forget a lot of it. So yeah, I mean some words stick with you, some terminology sticks with you, but. Happy new year, roswell uk. The Blue Lagoon said Their goal is to get a job and finally begin their career. Awesome, awesome. Just kind of scrolling through here. Awesome. Thanks. Yep, you're welcome. You are welcome. Yeah. And this is literally, This is part of it, right? There is so much to learn and that's what I was talking about with the influencers and the quote unquote experts and all this other stuff. Dude, if you, if you're talking to someone and quite honestly, this is going to be really awesome. Honest. But if you're talking to someone and they are either like one upping you on everything that you're saying like they know it all or you just can't tell this person anything because they know it all, freaking walk away from them just like you're an idiot. And I'm not wasting my time with you. Question, what is OpenVPN Connect? So that is a open source tool that's used in Windows, Mac and Linux operating systems to connect to a firewall or a VPN service that allow for third party VPN clients to connect foreign. We still have 204 people that's showing up here. This is awesome, awesome, awesome. We are running long and I'm happy to stick around and answer any more questions or topics that you may potentially have. But if not, what kind of, what kind of jam out? Well, you'll get back to our work. I don't know about you, but definitely have a full plate of stuff in front of me to take care of today. I'm looking at my LinkedIn. Holy mcmoley, I am so far behind. All right, ladies and gentlemen, looking at Mod Chat. Doesn't look like I missed anything. Let me just kind of switch circle back through the chat, make sure I am not missing anything. Let's see here. He looks sharp. And look at you, super boss looking in on this. Yeah, I mean unfortunately, I mean I shouldn't say unfortunately, but a lot of our clients are, you know, very professional and we deal with a lot of legal people and a lot of insurance carriers and you know, some three letter agencies and stuff like that. When we're on camera, this is the way we got to be. So this year is to definitely hold myself at a more professional level. Maybe that's why I'm struggling with the brutally honest podcast. All right, Joe. Well, I do greatly appreciate it. I. Well, I'll let you guys go. Y' all enjoy your day. Get out there and crush Your start to 2026 if this is your first week back in the saddle. And as always, if you have questions, ask them. You know and sorry, I'm, I'm. I feel like I'm forgetting something. Whatever. Y' all enjoy yourselves. Take care those who stuck around and have missed it. We'll do sea shanty and we will close out with Dr. Joe Ozier. I will try to be around here. Oh, no, I do have a conflict on. Oh, no, I don't. So I'll come on Friday and do some jawjacking. And with the, with the panel, I'll go and add it to my calendar now so I don't forget. And if not, I'll see you there then. I'll see y' all in next Tuesday. Until then, stay curious, my friends. There once was a kid whose.

A

Passwords laid across all sites. They were the same. A criminal then found their fame by taking that data to go. Soon may a criminal come to.

C

Steal your pictures and data and.

A

Run. One day when the crime is.

C

Done, they'll steal your account and.

A

Go, Hey everybody, I hope you enjoyed that content. Keep the cyber security train going by connecting with the other Simply Cyber community resources. We have the Discord server that's lively and always keeps the conversation going. You can connect with me directly on LinkedIn and also every single weekday morning on the Simply Cyber channel. We're doing live daily cyber threat briefings, 8am Eastern time, as well as Thursday at 4:30pm we're doing live stream interviews with industry experts and we produce videos that we push out every Wednesday morning. I'm Jerry from Simply Cyber. I hope you enjoyed the content and we'll see you in the next.