A

All right. Good morning, everybody. Welcome to the party. Today is Wednesday, June 3, 2026. Welcome to Simply Cyber's daily Cyber Threat Brief podcast. I AM your host, Dr. Gerald. Those are two thumbs coming to you live at 5:00am Pacific Time from Las Vegas. This is Daily Cyber Threat Brief. If you're looking to stay current on the top cyber news stories of the day while being entertained, educated and having community experiences right above my head, then you're in the right place. We're off and running. Get your coffee, get ready. I need a second cup of coffee, frankly, but we are about to cook. Let's go. Yes. Yes. Good morning, everybody. Hopefully I'm coming in loud and clear. Got the audio on my mic so you can hear my voice and then maybe a little bit of, maybe a little bit of music underneath as we get the show started. It's day three here at Cisco Live. I've been putting content out on social medias about my Cisco Live experience. I got another banger coming out. I just, I, I don't have time. So after the cyber career hotline today, I should have about 30 minutes where I can focus on getting a piece of content out to let people know how it's going here. Day two, before I have to run downstairs and get breakfast and then go to the second keynote, guys, if you want to know what, not only what the top cyber stories are of the day, but then go one step further and have somebody who's been a practitioner for 20 plus years break it down and give you insights that you wouldn't get from a textbook or from a classroom. Well, that's what we do here today. We're going to go through them. Eight stories. I've seen none of them. I literally have no idea what stories we're going to be covering. And that's perfectly fine with me. I love riding by the seat of my pants. And for me, it's actually part of the show because I don't know what I'm going to say either. Honestly, ain't nobody got time for that. I have the soundboard, but it is the mobile studio. I'm in a hotel room, so of course everything is like 80 of what the normal show is. Say what's up and chat, everybody. If today's your first time Dark Iceman, you definitely need more coffee, my guy. Hey, if today's your first episode with us, thank you for joining. Thanks for checking us out. Welcome to the party, pal. I do have that one on the soundboard. Be shy. John McLean, you can speak. Dude, I had to Reboot my stream deck right before the stream started. And it worked for like a split second, and now it doesn't. So I guess we're. We're on manual sound effects today, everybody. Welcome to the party, pal. To all those first timers, drop a hashtag first timer in chat, if you would let us know it's your first time. Not only is it for you to get comfortable with chat so you aren't shy and you can say what's up and ask questions and whatever, but also we, the Simply Cyber Community, have a special emote, we have a special sound effect which I will be doing manually. And we just love welcoming new people. We are all about support, inclusion, and empowerment here at Simply Cyber. And welcoming first timers is one way we demonstrate that inclusion. I want to say what's up to people in chat because I am traveling. I do have a little bit of a different flow here at the show. Jesse Johnson getting up early, my guy. I feel you, Jesse getting up early. Dream logic, of course. Marcus Kyler. Hope everything's going well. Space Tacos is in her glory. We've got the team sippy cup and manual sound effects. I feel like that's a. A double win for her. Uh, and she's in the running for Auditor 2 position as a promotion. So things are looking very good in the space Tacos world here. Roswell UK says he's got to admit he lurked for months before saying what's up? Well, that's fine. I'll say it every single day. Come on down. Welcome, everybody. I am going to take a slug off this coffee. You know, guys, honestly, the coffee when I'm on the road is like. Like the mobile show. Like, it's 80% of what it is when I'm at home. All right, Phil Staffer manual wrecking balls coming in. Yes. Rhonda Rummerfield, good to see you as always. AA Witherspoon dropping the tag in chat. Andre. Matt, good to see you. Nintendo from Georgia bringing the heat, guys. Every single day of the week has a special segment. And Wednesdays, every Wednesday. And we've been doing this for years, is. Well, I should rephrase that. We've been doing a special segment every day four years, way back. Wednesday is our newest edition. It came into a vogue maybe, I don't know, six months ago and way back Wednesday. I'm old. I stopped developing culturally in 1998, so I love throwing it back to some old tech, seeing if we vibe. I've got a fun one for you guys today. Shot Warning, there's a PTSD triggering that you need to know about. So, Chad Green, when you say, do you feel okay? I hope you're not talking to me. I feel fine. I just have, you know, I'm working late and getting up early, so. So it'll be all good. Hey, guys. Every single episode of the Daily Cyber Threat Brief, did you know, is worth half a cp. Many of you in Chad have actually received your June cpe. Some of you got the certificate, except Roswell uk, the PDF version if you wanted it. I. I'm teasing you, Roswell uk. But if you go to Cyberthreat Brief, simply Cyber IO cpe, you will see this web form interface. You just drop your name and email address. And the whole reason I need your name is because I will send you a certificate at the end of the month. Of all the times you adjoined the Daily Cyber Threat Brief, your name appears on the certificate. Your email is how I send it to you. These two checkboxes say that, you know, you're. You're testing you were here and that I can email you. So I'm not harvesting these emails. I'm not selling these emails. I'm not going to send you a fraking. I. I don't even know what people would say, like a, like an advertisement or something. It's literally so I can send it. This is just one of the services that we do here at Simply Cyber. Again, support inclusion and empowerment. Those are fine words, but how do you represent them? Inclusion with our first timers and then not, you know, not pay gating, not paywalling, not anything. Cpes for this show that is empowering you to be able to maintain your CPEs and get that continuing education. I will tell you, I. This has become like, for me, this has become a paid. A paid thing. I actually have to pay to be able to send those emails. We. I work through a challenge. Okay. Thank you, John McLean, for the sound effect. The reason people didn't get their email initially the other day was because I have to upgrade my plan for the email sender to a paid version. So this actually has negative, negative financial value for me as a cost center. But that's okay because the show is sponsored. And if you're wondering, hey, where's all this money come from? Jerry must be living the luxury with a Lamborghini and eating Tomahawk steaks. No, I'm in a hotel room drinking out of a sippy cup and paying for these CP things. But that's okay. Those expenses are covered by the stream sponsors. Which is why I humbly ask you to use the links in the description. Just click on them, that helps. Check out their the businesses that are our sponsors and our partners. And that's all I ask. I'm not asking you to spend money. I'm not asking you to buy their product. I'm just asking you to look at them. Guys. Flair. I've been working with Flair for a couple of years now. Love myself some flair. Guys. Right now, threat actors are logging in. They're not breaking in. And Nash, Data Dragon or Bnash? Data Dragon. My guy, two months, squad member. Thanks for being here. Wow. I guess that's gonna be a manual sound effect. But dude, how do you know if identities in your environment have been compromised? You wouldn't know unless you had some intelligence. That's where Flare steps in. Flare. Cyber threat intelligence capabilities go out on the dark web. They comb through info stealer logs, they comb through criminal telegram channel activity and they pull it all back and make it accessible and queryable for you. So what does this mean? Go to Simply Cyber IO Flare. I'm going to put it in the chat here. Simply Cyber IO Flare. Hold on, I typed that incorrectly. Do not go to that link. That one? Yeah. Can I delete that? How do I and basically sign up for their two week free trial Again, no cost, no expense, no pressure. See their platform, I swear to God I used it for a week and within like 15 minutes I realized how powerful it was. It's super cool Flare threat intelligence platform. You know what else is super cool? Anti Siphon. You know how like I'm not, I'm. I'm paying for the CPE thing and sending them to you once a month. Anti Siphon training is also helping support the community by offering free conferences. June 17, 10:00am to 4:30pm Come on down and check out Anti Siphons thread Hunting Summit 2026. Free to register. So at a minimum register and then if you can't make it, that's fine. No one's going to call you and be like where were you? Get it on your calendar, come join. There's going to be amazing talks. Really? It is targeted for people who work in a sock or looking to work in a sock, which by the way is a great entry level position. MDR companies have well defined pipelines and programs for ingesting new talent and training them up. I'll drop a link in chat, go check it out. I'm telling you whether you're grc Sock blue red, getting threat intelligence insights is valuable from a practitioner perspective. Also they have training, right? Threat hunting on the edge. You can learn from Wade Wells with the Cyber Threat Intelligence 1012 day training. $575 value. But wait, you can save 20% by using Simply Cyber 26. The code Simply Cyber 26. At checkout you get 20% off just because you're part of the Simply Cyber community. Do get your employer to pay for this and do my guy like 575 bucks plus 20% off which is like 100 bucks off. Basically. For less than 500 buc, you can get two days of training. That's a no brainer for most employers who want to skill up their team. I also want to say thank you and I appreciate Threat Locker. Threat Locker has been a long time sponsor of the show and of the channel. Their application denied by default. Solution is enterprise grade. They have. They have clients like JetBlue. You may have heard of them. Heathrow Airport, US federal government. Dude, there's so many. The Indianapolis Colts. There's so many organizations that use Threat Locker and rely on them. They use a deny by default. It's very difficult to do. They've cracked the code on it. If you try to run malware that was written just for you. Just for you. It's like the perfect piece of malware. It will not run on your computer if you're using Threat Locker. Simple as that. They do it on the endpoint. Now they've moved it to also do the cloud. Very cool. Let's hear from Threat Locker. Got a little ad read. I want to give some love to the daily Cyber Threat brief sponsor. Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCyber. Ah, that was the perfect amount of time to get a fresh cup of coffee. Ha. You had no idea what was going on behind the scenes. All right, everybody, do me a favor. I need you to sit back, relax and let the cool sounds of the hot news wash over all of us in an awesome wave. I'll see you guys at the mid roll. Let's cook.

B

From the CISO series, its cybersecurity headlines. These are the cyber security headlines for Wednesday, June 3rd, 2026. I'm Sarah Lane. Russia claims officials surveillance. Russia's Federal Security Service, or fsb, claims foreign intelligence agencies infected the smartphones of senior officials with malware that could steal data, intercept conversation microphones and cameras. The agency opened a criminal investigation, but hasn't identified the attackers or provided evidence supporting the allegations. The claims are plausible given past state sponsored mobile surveillance campaigns, but researchers typically require technical indicators before accepting major cyber espionage claims. Project.

A

Okay, I mean, you know, for Russian. If Russian spy agencies are saying that this is happening, I, I would just argue that they're probably right. Right. This isn't a political show, Elliot Matice. But just let everybody know, like, Russia is in the United States. For that matter, Russia is amazing @SB Excuse me. spying, right? They had the Cold war. They had 70 years to perfect their craft, dude. The CIA, amazing. It's fine, dude. We like, if the Russian spy agencies are saying that foreign spies did something, I, I have a lot of confidence in it. Okay, so smartphones, dude, smartphones have GPS location beacons in them, right? So they can say exactly where they are. They also have a microphone on them. They have a camera on them. So, like, and by the, like, let's be real, like, I, I don't know, maybe this is spy tradecraft, but for the most part, my phone is always like, within a foot of me, right? So if you can find my phone, it's as good as having found me, right? It's like a neural link attached to my brain, except I have to hold it in my hand and put it in my pocket when I'm not carrying it. Like, my phone. Your phone. Like, let's be real, you're. You could look, look at your phone right now. There isn't a single person here who can't look at their phone right now. So it is a perfect spy surveillance tool for, for any spy agency. In fact, like, I'm surprised that this is a story today because this has been a thing for, like, forever. Okay? We've seen Russia. Speaking of Russia, we've seen Russia identify Ukrainian heavy heavy munitions locations by creating an app that would help soldiers put in the targeting for. For mortar rounds. But then, you know, in order to know, like, in order to know where to put the mortar around yet, the app has to know where you are physically, which you can tell it. And then it was beaconing back to Russia. So, like giving up true military value on locations of troops and heavy armor. All right, let's see here. What is this story got that we don't already know? All right, so the software steals data, eavesdrops on conversations, conducts acoustic video monitoring. Sure, sure. Guys. There's a reason when you walk into a skiff in the United States. Scif, Secure compartmentalized Facility. There's a reason you have to leave your cell phone in a locker outside. So whatever. Like, I don't. The story is fine. Yeah. In 2023, the FSB claim thousands of iPhones have been compromised by the NSA. Okay, guys, whatever. I'm happy to see. I don't know. This is like a way back Wednesday, right? I know. We talk about way back Wednesday and it's like throwback tech. Way back Wednesday on the story just feels like good old cold war espionage. Good old cold war spy versus spy stuff. I don't know. Whatever, I guess. What's the tldr, by the way? I try to like, get some type of, like, cyber value for every story. Sometimes it's more difficult. Oh, Sensitive compartmentalized Information facility. Thank you, AGFJ2VY. I. I was close. I will say skiff is one of those things that's an acronym that everybody just uses the acronym, like skip skiff. Skiff, Skiff. Like everybody says tcp, ip, right. No one's like, walking around being like transport control protocol, Internet protocol. Right. So yeah, I forget the acronym. So anyways, I'm going to try to give you value for this. If you are a very high level person or you're dealing with very sensitive conversations, consider putting your phone in a Faraday cage or leaving it outside. But this is like borderline extracting a bad tooth. As far as finding something valuable in the story for cyber professionals today, Glasswing access expands.

B

Anthropic is expanding its Project Glasswing program to roughly 150 additional organizations across 15 countries for access to its restricted, close, flawed Mythos preview model. Since launching in April, Mythos has identified more than 10,000 high or critical severity software vulnerabilities, including thousands of bugs at major organizations and more than 6,000 serious flaws across open source projects. Anthropic says AI is dramatically accelerating vulnerability discovery, but human teams remain crucial for validating, disclosing and patching flaws.

A

All right, so this is Mythos and Project Glasswing are a term I'm hearing actually quite a bit here at Cisco Live. I'm. But for those who, like, don't know, I said in the intro but, like, I'm in Las Vegas at Cisco Live. That's why, you know, this looks like a. This. It looks. That's why it looks like I'm filming a proof of life video here. Like. Like, I'm holding up today's newspaper. They're talking quite a bit about this. I actually have a. Oh. Oh, my God. Oh, dude, check this out. Hold on. This is so sick. I gotta go full screen. So I. You guys aren't gonna. I mean, you'll believe me because there's a video coming out on it. But, like, I got to interview and hang out with the CISO of Cisco, like, the guy who's responsible for information security for, like, this 100,000 person company. And I got to talk to him for, like, 15 minutes, which is like, from a GRC dork perspective, that is incredibly cool, incredibly nerdy. He was very, very generous with his time and with his answers. He wasn't like, ah, get away from me, kid. But like, yeah, dude, he was like. I asked him about. I asked him about this exact thing. Like, dude, how are you managing vulnerabilities, like, when they're coming out faster than you can deal with? And that's actually something that will be included in the video that I released. So it was super cool. It was super cool. A jazzy jazz. I will tell you, I did not get to speak to the CEO of Cisco, but I did. I did spend some time, like, around him. He's a very cool guy. Like, I like, he's like, legit CEO. Not pretentious, super thoughtful, cool dude. But yeah, the c. I mean, honestly, like, CEOs are cool or whatever and good for Cisco, but, like, for me, I love. I love information security. So, like, the CISO would be like, the number one person for me to want to meet. And I. Not only did I get to meet him, I literally hung out with him for like 15 minutes. Super nice guy. Jason Lish is his name, if you're interested in looking them up. So anyways, back to this. A couple things. Number one, I discovered that Mythos is basically like, not only is it an advanced AI model, but they've essentially taken the guardrails off of Mythos. That's. That's kind of what my understanding is, is that they've allowed it to be weaponized more. Not so they could weaponize it, but more so they could understand the. The full scope of capabilities of this thing. It was closed. Well, it's still closed, frankly, but it was closed to just a few. Cisco was one of those Organizations that had essentially like early access to Mythos and was involved with Project Glasswing. So they're well aware of this. They've expanded the scope to 150 additional organizations right now. Honestly, this is like whether you like it or not, this is the way that they're trying to manage the risk of deploying this type of technology and enabling organizations to understand what it is, if anything. If anything, like all I could say is in the world of vulnerability management, you typically want to do responsible disclosure so organizations can patch before it goes public. And threat actors are able to develop zero days. Right. This is what they're doing with Mythos, essentially. Mythos isn't a vulnerability, but what they're trying to do is allow organizations to get it, figure it out, understand it before it goes wide, and threat actors can just weaponize the crap out of it. You know what I'm saying? Because this is, this is like, I don't want to call it generational, but like, this is a capability that once it's out, it is out. And you can't be like, oh, like let's just pull the plug on it. Like it's out. So we'll see. Obviously, I, I don't know about you guys. I haven't heard or seen anything public about what are the outcomes from Project Glasswing, what are the outcomes from, from these early adopters and what their findings are. I did see that Anthropic did register for ipo, which means they are going to become a publicly traded company, which means they have shareholders to answer to and a board to answer to. So, so we'll see how that changes what they're doing at, at Anthropic. But yeah, look right here. This early, early companies, the 50 partners included AWS, Cisco, as I just mentioned, CrowdStrike, Google, Microsoft, Nvidia, Pennsylvania. So the scale of Myths Preview has already found a drawing attention across the security industry. Cloudflare identified 2,000 bugs across its critical path systems. 400 rated high or critical. Mythos was scanning a thousand open source projects, flagging 23,000 potential ones. So very interesting. Okay. The program's expansion comes as the Trump's administration signed a scaled back executive order on AI security which signed sets up a voluntary framework requiring AI developers to submit advanced models to a government review before public release. All right. I mean, you know, the contrarian me would say this just means that the government gets first taste of any new models that could be super powerful and then gets to decide whether or not they keep them for themselves or not. That would Be a cynical, that would be a cynical perspective. You know, the, the glass half full person would say, oh, this is to protect the greater public and the public interest to make sure that very dangerous models don't get into the wrong hands. But unfortunately I work in cybersecurity, so I'm cynical. And this right here screams early access for federal government. So they can decide what's good for me and what's not good for me.

B

CISA flags 2 year old Oracle fly. CISA has ordered federal agencies to patch a high severity Oracle WebLogic server vulnerability, first fixed back in 2024 that is now being actively exploited. It lets unauthenticated remote attackers access sensitive Data on affected WebLogic servers. And more than 1500 potentially vulnerable instances are still exposed. Online agencies have until June 4th to apply patches. CISA is urging all organizations to update affected systems.

A

All right, Android, okay. You know we are doing manual sign of sound effects. I did not see any first timers in chat. So that means it's just us here, everybody like it's all regulars, no first timers. So I can embarrass myself a little bit. But like this right here, two year old flobby and actively exploited like whoop, whoop, whoop whoop. Like sound the alarms, like turn the lights red in the room. Like a submarine that has a, a torpedo shot at it. Like all hands on deck dudes, when, when sissa. Here's another thing that like, you know, you'll learn after you've been in the industry for a minute when SISA announces all federal agencies have to patch a vulnerability and they give them like a day to do it. Okay, so today's June 3. Sisa gave them till June 4 to do it. What's the date on the story? June 2. So Sisa gave them like two, three days to do this. That means this thing is easy to exploit. It is rampant everywhere and the impact is gross. Okay? The federal government is a big bloated, slow moving cruise ship, all right? It doesn't turn around like a cigarette boat in, you know, like just off the coast of Miami dropping some product, you know what I mean? So like for the gut for season to be like, all right everybody like you gotta patch it. Now that means that that is a clear indicator that this is a gross problem. Now Oracle, big time tech, also Oracle, typically Oracle database, there's Oracle applications, there's Oracle ERP solutions, but for the most part Oracle develops enterprise grade product which means it's, it's, it's very involved in infrastructure. It's very involved in critical operations. So essentially I'm. I'm making the point that you don't want this to get exploited because it probably has a very high impact. I wish, I wish. You know what sucks, though? I, like, let's be real. It's day three of me traveling, so, like, I'm getting a little surly. You know what? Roger Nichols has got a point. Oh, you gotta patch it. I don't have that sound effect on the board, so it will be manual today. Let me be real with y' all for a second. CESA has no teeth, okay? And. And this hurts. This hurts to say. In fact, this is. This is why vulnerability management analysts drink frankly or have, you know, therapy support groups. We. We as vulnerability management analysts, do not patch systems. I don't go and patch Oracle. I contact the IT people that own the Oracle system or the application owner or the individual, you know, whoever, like, works that owns it. And I tell them that this is a problem, and I tell them they have to patch it and then they have to work it. Which means as a vulnerability management analyst, I'm basically. You know what a vulnerability management analyst is? Okay? I do a lot of metaphors. A vulnerability management analyst is the guy who is on the Titanic with the binoculars, doing lookout, like he's up in the crow's nest and he's screaming, there's an iceberg. There's an iceberg over here. But, like, the. The vulnerability management analyst guy doesn't go get to grab the steering wheel and move the ship out of the way. All we get to do is yell, there's an iceberg. Turn the ship around. And then it's up to the captain to be like, oh, I should listen to this dude. Or, oh, no, no, no, no, it's fine. We'll. We'll. We'll move this ship in a few hours. We'll be fine. And then the vulnerability management analyst just gets to watch the boat crush into a iceberg. And then, you know, I. I told you so just doesn't really deliver. Okay? It's just like fudge. You know what I'm saying? That I, I just came up with that on the moment. But, like, that is exactly what it's like to be a vulnerability management analyst. You see the iceberg, you're screaming at everybody that needs to know that there's an iceberg. And whether or not they take it seriously, whether or not they understand the impact and magnitude of that vulnerability and do something about it. That, that is, that is the art of selling you know, patch management, essentially. Oh my God. Like, I'm. I'm sorry, guys. Like, even just like coming to this realization is. Is sapping my, my motivation. More coffee, everybody? So anyways, what happens with this Oracle thing? Oracle WebLogic Server? Yep. It's middleware for large multi tier distributed applications. You should just read this. As enterprise grade technology. I guarantee you this thing is rce unauthenticated. Let's find out. It can be exploited remotely. Sure. No privileges. Sure. Low complexity attacks, targeting systems running web. So you do need, you do need initial access, which is something. Oh. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3. Okay, so this is interesting. They say that no privileges are needed, but it does say that you do have to have network access, which makes sense, right? Like you're. We're not, we're not Genie from the movie Aladdin. We don't get to just exploit something without having network access to it. We can't just be like, done, right? So it's kind of, I hate to say it's dumb, but like, clearly you need network access to it. Like, I, I digress. You could send a malicious USB device, but like, come on. All right, anyways, if you're running Oracle WebLogic Server version 1221 to 141 or. Oh, excuse me, 12.214.0 or 14.1100, you need to first of all go change your pants. And then second of all, get with your Oracle WebLogic server infrastructure, right? Whoever the IT people are over that, whoever owns that application, you might have to get to a executive because this is a pretty important enterprise grade solution and explain that this is a big problem. Now if you work in the federal government, you can just take the CISA order and say, we got to do it, right? Oh, you got to patch it. CISA said so. But like, again, SISA has no teeth, my man. Right? Like someone could be like, no, we're not going to do that. And then what do you get to do? Right? Like basically, I know this is going to not be exactly one to one, but like if you yell at the captain to move the ship before hitting the iceberg, the captain could be like, nah. And they're like, we got the call over the radio, like whatever. The, the. The shipping company's president said you have to move the ship. And they're like, no, I'm good. And then you hit the iceberg. Like, does the captain lose their job? I know in that story the captain dies, but like in, in. In the Real world, you just kind of, you just update your resume that says you dealt with an active breach and you've got experience and now you're a more seasoned ciso. You still got to go find another job though.

B

Patches 0day Google's latest Android security update patches 124 vulnerabilities, including a high severity 0day flaw that the company says has been exploited in limited targeted attacks. The flaw is a privilege escalation bug in Android's framework component, but Google hasn't disclosed details about the attacks. The Update also fixes 18 critical vulnerabilities affecting Android system components and Qualcomm software. Most of the remaining flaws could enable privilege escalation, denial of service attacks, or information disclosure.

A

Yeah, okay. Basically the entire, you know, like impact toolkit, right? Denial of service, data leakage system compromise. Like, okay, like all the things. All right guys, if you're running, if you're running Android or people in your environment are running Android, this like welcome to a day that ends in why threat actors can make custom code for Android and get it installed. The way to put applications in, in binaries, I guess more importantly, which could be malicious on Android devices is quite easy. Google does not lock down down what like what app stores you can use like Apple does. Apple uses the walled garden approach to app development, which is why you see less malware for Apple devices. Not, not that there isn't malware for Apple devices, just less of it. This vulnerability is being exploited in limited targeted attacks, which means they're seeing exploitation. But like I don't know, for me, I mean I don't, I don't want an Android phone anyways. I know, I know there's like Android purists out there that want to fight me. But like you're, you're probably not getting targeted. Okay. I would imagine that this is reserved for VIPs or you know, like government officials or high ranking executives and stuff like that. So it is what it is. I will say that it is a privilege escalation vulnerability which you should immediately recognize as part of a chained attack. Right? Like a threat actor has to get a compromise of a device first before they can then elevate privileges. Right? They have to have low privileges, which means they have to exploit your device in the first place. There does not to be, there does not appear to be any information on the attacks exploiting. You know what's weird to me? This is always weird to me, right? Like Google announced, you know, Google announced an Android Update which patches 124 vulnerabilities including a zero day that's been exploited in targeted attacks. Okay so the news story says that it has been exploited in targeted attacks. But then it goes on to say there does not appear to be any information on the attacks exploiting that that vulnerability. My thing is like how do you know they're actively being exploited if there's no information on it? I mean obviously Google's holding that information back. But why? You know what I mean? Like it would be nice to know what is the information on those attacks being exploited so I can then go threat hunting in my environment and actually discover if a threat actor has compromised my CEO or whatever. You know what I mean? David, the truth. Good morning. You. Let's go kick some cyber butt. I love it. All right. Yeah dude. By the way, 124 vulnerabilities. Yikes. Mobile devices are tablets. Anything running Android is fairly easy to update. I will say be careful though because there's a lot of Android operating system deployed in places you may not think of. So Amazon Fire sticks, Fire TV fire, all those things. Those run a version of Android OS I'm pretty sure or they used to there, there's a lot of like IoT type technology that runs the Android. So if you know, if you're not careful you may have devices that are not being actively maintained and patched and stuff because you just don't know. It's not that you aren't giving a crap, it's just you don't know if you can. I'm always an advocate of configuring auto updates, auto patches. A lot of these technologies can do it overnight when you're sleeping and it doesn't have any, it doesn't have any really any negative consequences or impact for you. It's an endpoint device. It's not Oracle WebLogic server where if you patch it and reboot it you bring systems down. You know what I mean? It's your friggin phone. Just patch it overnight. Ah, you gotta patch it. All right, let's keep going here.

B

Huge thanks to our sponsor Vanta. Your team just added its 67th AI tool.

A

67.

B

Also your 67th security blind spot.

A

News.

B

The Vanta agent works like a GRC engineer in the background finding every app your team uses, scoring the.

A

You stop Vanta, you take that those word, you keep those words out your mouth. You don't say GRC engineer and drafting fixes for you.

B

Vanta is the platform used by over 16,000 fast moving companies like Ramp Cursor and Harvey who Are shaping the future with AI and staying ahead of AI risk. Get started@vanta.com headlines.

A

All right, all right, all right. I'm so tired, y'. All. I'm working my butt off out here. Here we go. Hold on. I gotta turn the volume down. All right, everybody, thank you for joining us. We are at the mid roll. Thank you, thank you, thank you. I do want to say I appreciate y' all being here with me. You know what? I love. I love a lot of things. Okay? I do love a lot of things, and I love this community for multiple reasons, but I got to tell you, like, come on, look at. Look at the lighting. Look at what I'm dealing with. I've got, like, a softcore porn picture over here. Nobody in chat. There's. How many people? We got 400 people. Nobody in chat is, like, throwing shade at me. No one's talking trash. Like, you guys are always awesome. Like, thank you so much for making. I. I'm almost. I'm almost selfish in the fact that, like, I get to start my day every. Every weekday, I get to start my day with y' all like this. It's awesome. It's so cool. You guys are the best. Thank you to the stream sponsors, Threat locker, anti siphon flare for allowing me to do this show and in the way that I want to do the show. And nobody. Nobody puts baby in the corner, okay? Nobody tells me how to do the show. I just do it the way I want, guys. Every single day of the week has a special segment. And Wednesday, dude, Wednesday's way back. Wednesday. All right, so cool. I throw back. We go back in time, we look at some tech, and then we make. We make fun of casually Joseph for being young. Today's tech get ready for. For some PTSD vibes. DJ B is gonna know where I'm going with this one. Here we go. Ladies and gentlemen, may I present to you what was considered bleeding edge. Your kids want a PlayStation 5. Me and DJ Bac. This is what we got for Christmas 1985. Simon. Yes. This was actually considered fun. I. I, like, legit. Had one. Look. Look at the interface on this thing, dude. It has like. Like, bow tie. Security guy Robert Wein is probably like, oh, dude, I have some of these, like, these buttons and sliders you could buy at Radio Shack. This is legit, dude. And for you youngs who don't know, basically, this was like a memory game that had no. Like, it was infinite. There was no way to beat it. So it would be like bom and Then you. You'd push the yellow, and then it'd be like, bom, bom. And then it'd be like yellow, blue, and then. And you would see how many you got. Here's my thing, dude. After you got past like seven or eight, like, no one's keeping track of how many. So. Yeah, and the reason I even thought of this one is because there's a Bob's Burgers episode where Bob and Linda give the kids a Simon. They want a video game console for Christmas, and they give them a Simon, and they can't understand why the kids aren't happy. So anyways, yeah, Simon. Okay. It does say on Simon five ways to play. I don't remember it being multiple ways to play. I remember it being one thing. All right, so there you go. There's your way back. Wednesday. Ladies and gentlemen, let's continue on with the news.

B

New Android feature fights phone scams. In some other Android news, Google's new anti scam feature helps detect spoofed calls by verifying that a caller's phone number is actually linked to the device.

A

Oh, Rhonda Rum revealed a lot of people. Thanks for reminding me how old I really am. Oh, Rhonda. Yeah, no, I. I like it. It's not so much that the technology makes me feel old. It's that I remember being excited to play this. That's what makes me feel old making that call.

B

It's built into Google dialer and available on Android 12 and later using the RCS standard to send a silent authentication signal between Android phones, warning users when a call may be coming from an impersonator. It's designed to combat increasingly common voice cloning scams. Google says it's better than relying solely on AI to detect fake voices. Dual method.

A

Okay. Hey, you know, for what it's worth, this looks like it. This is an anti scam feature. Scams, deep fake technology, the ability to clone voices. It's coming. And there's a lot of scams, right? Like we've seen ones where, you know, someone gets a phone call and it sounds like their kid and they need money. There's been phone calls where someone pretends to be a lawyer or a police officer and say, oh, like your. Your. Your kid ran over a pregnant woman and killed the woman and the baby. They're in jail. We can. We can sort this out for $500. Venmo me. 500 bucks? I know it sounds ridiculous, but these scams exist. Google is built in a little anti scam feature that somehow sends a signal between Android devices. So I don't know how awesome this is. If your entire family is running Android devices, fine, I guess it'll work. But, like, criminal threat actors are not. They're using, like, you know, cloud services like Twilio and stuff. They're not calling you on a Android phone. So I don't know how. I don't know the extent of how awesome this capability is. It's better than nothing. So I'll take it. I'll take better than nothing. Okay. You won't mean you won't meet someone who's more a champion of, like, 1% better every day, but, you know, I don't know how great this is. Plus, additionally, a lot of the scams are like, your son is in jail. This is the, you know, Clark county, you know, court calling. So, like, e. Like, they're not going to pretend to be your son calling. They're going to pretend to be someone of authority who has your son. Right. So, yeah, it is what it is. I. I will say that my phone does get, like, I have AT&T and I will get calls sometimes, and it says potential scam. So I appreciate that. I'm sure other people in chat have gotten, you know, phone calls where it alerts that it's potential scam. I do want to make one quick point, though. There is a reason for spoofed phone calls. All right? So a lot of people be like, why do we even allow spoofed calls? On the surface, that seems like a pretty reasonable position to take. However. However, I worked in health care for a number of years. One real use case is say you're a physician. Like, say you came in for, like, a procedure on Friday. Okay. And I'm the physician, and I want to just kind of check on you to see how you're doing. So I call you from my cell phone. I'm on, you know, Folly Beach, Beachside or whatever, and I just want to give you a quick call and see if you're having any complications. All right? So I call you from my cell phone. I don't want you to have my personal cell phone number. So what ends up happening is they'll route me through the switch office or whatever, and the phone call will look like it's coming from the hospital's main phone line. That way I call, hey. You don't pick up. I'm like, hey, it's Dr. Ozier. I was just calling to check on you. If you have any problems, call back the number. And then the person either doesn't call Back because they don't have any problems or they call back and then the switching office connects the physician in. Right. So now you have privacy of the physician's personal cell phone number. That is like one example where spoofing is, you know. Okay, Right. Let me look at chat. Really? All right. Yep. So I don't know.

B

Attack on Czech orgs segregate. Researchers identified Operation Dragon Weave, a suspected Chinese cyber espionage campaign targeting government, academic, tech, and financial organizations in the Czech Republic and also Taiwan.

A

Okay, hold on. Soap Flavor says, I would argue that's rowdy, not spoofing. I mean, the capability is routing it, but your phone number. Like when. When your caller ID comes up. Right. It says MUSC's front desk. It doesn't say physician's private cell phone number. So it's spoo. The. The spoofing is the recipient of the phone call is seeing a different phone number. So let's agree to agree. It is routing and spoofing.

B

The spear phishing operation uses a dual delivery infection chain that deploys rust based malware, including the Rust cloak loader and Azure Veil backdoor, which communicates through Microsoft Azure blob storage using a stealthy dead drop command and control method. It's designed to evade analysis and lets attackers execute commands and exfiltrate data from compromised systems.

A

All right. I mean, China has long been amazing at espionage. I've said it multiple, multiple times on the channel. If I was drafting a, you know, if I was drafting a team for cyber capabilities and, like, my strategy was to go with espionage, China's like my first draft pick. I don't know what's going on with the Czech Republic. Like, I didn't realize that they were involved. This company released a research last week detailing a spear phishing campaign. Starts with sending an email to a target with a zip file and instructions to open it. Okay, like, why are people opening archives like that from random people? All right. Pretending it's from the Czech Republic. Okay, like, what. What is new here? Chinese APTS interests roughly align with the timeline. All right, there's got to be a graphic on this thing, right? Oh, my God. There's no graphic. My guy. All right, let's go direct. Let's talk about what this looks like. If you provide cyber security capabilities for Czech Republic government officials, which is probably one person in chat. This one's for you. For everybody else, it is worth studying cyber kill chains of threat actors because it helps educate us on what. What common techniques are, and then we can look forward in our own. The you know, our, our own kind of threat actors for the profile of our industry. So let's see, there's an archive contains multiple files, including an executable that opens a decoy PDF. Okay. The primary way the infection starts is through clicking on an enclosed LNK shortcut file which runs a PowerShell script. Okay, dude, tldr like a link to a, an archive or an attached archive. Can you please tell your workforce, like, stop. Like you literally have to download this. Then you have to right click and extract. Then you have to click on an executable that looks like a PDF, then you run it like, then you run PowerShell. Like there's so many layers to this thing that you could intercept on the way that like, I don't, I don't ever want a victim. Shame. Okay? We should never, we should never throw shade at our ad victims, okay? Ever. Because it doesn't do you any good. Yeah, you feel like a big, a big winner that day because you're like, oh, I, I knew, I knew the trick was there. But at the end of the day, if you shame a victim the next time a bad thing happens to them, they're not going to tell you because they don't want to feel that shame again. So don't, don't throw shade at your end users. All right? It's a self contained rust based dropper. The droppers are usually initial payloads that are lightweight and then they typically pull down second stage payloads. There is a runtime broker, underscore update exe file file names can be changed but it is worth threat hunting for that if you wanted, it'll load a malicious DLL and it runs the ultimate payload, Azure Veil, which has the C2 agent. Yep. The C2 agent is where it pulls down additional payloads and the real problem begins to happen for. Okay, so Azure Veil uses a dead drop approach for their C2. The attacker and the infected system never communicate directly. Both sides use the same Azure storage container to exchange data. Okay, that's not really that like new. If there's any red teamers or pen testers in chat, can you let me know? Like, basically the idea for the C2 is that they're using a blob storage and they're writing files to it and the compromised endpoint is reading files or writing data that's being exiled up there. And they're calling it like a dead drop approach. Sure, threat actors can remote into compromised assets, but for the most part they're usually managing several compromised endpoints. As far as I know, and they're not jumping into those always, right? They're, they're just like sending commands or, or using C2 to manage that. I don't know, maybe, maybe I'm over oversimplifying it. I will say that this, this type of C2 does make it difficult to identify because you wouldn't see a, you wouldn't see a foreign IP address making a network connection to the compromised endpoint. You would only see compromised endpoint making network connections to Azure, which if you're a Microsoft Shop or an Office 365 business or an M365 business, those network logs are going to hide it in plain sight, which is going to make it really difficult for you to threat Hunter discover that you have an issue in your environment. So a little bit of clever play there. By, by China. No surprise, China's great at espionage.

B

Ransomware automates EDR evasion Researchers at Sophos uncovered a ransomware toolkit accelerated by AI agents including Cursor and Claude Opus. The framework automates active directory discovery, generates malware payloads in rust and Go, and iteratively tests endpoint detection and response evasion techniques against products from Sophos, CrowdStrike and Microsoft. AI is said to have significantly sped up the process of turning public security research into working malware capable of bypassing security defenses.

A

FBI My Google Ads are targeting me with magic. The Gathering Sultai Horizon Commander Dex I'm going to have to end the show right now. I need to go make a quick purchase. Lol. All right, so guys, from the office of, you know, obvious comes AI's developing malware that's like very good. All right, like, of course, right? Here's the reality. I'll tell you two things. One, high level. And then two, we'll go into the details around how it's doing EDR evasion. Edr, by the way, is endpoint detection and response. It's like it's the anti malware solution that sits on your, your laptop or your workstation and stops bad from happening. EDR is more of an enterprise grade solution which allows an infosec team or a SOC engineer to be able to see, you know, the entire environment and all the compromised assets as they were. Here's the reality, guys. AI is being used to develop software that's very effective. This is like what's going on with Mythos? Not only can Mythos find vulnerabilities in code, but then it can write malware. That's the problem. We, in my opinion, we have to use AI to write software that's more secure. And I know some people will be like, oh my God, AI writes insecure code. Like maybe two years ago, AI is writing insecure code. But like that's not a difficult problem to solve, right? Just write better code. Run vulnerability, run code scanner, static analysis, dynamic analysis. Use the same tools that are finding the bugs to test the software, to find bugs and fix it before you deploy the software. So we're in this kind of like software development arms race. Okay. Now this particular one is doing EDR evasion. Let's figure out how it's working. Okay? Okay. So I don't know why they talk about Cobalt Strike profiles, right? Cobalt Strikes, a post exploitation framework that's been around for a while. They make beacon traffic look legitimate web requests. Okay. C2 compromised endpoints with like, so if my laptop right now, a computer right here was compromised, it needs to reach out to a threat actor controlled C2 server or C2 capability to get new instructions. Like, what do you want me to do, boss? You want me to excel data? You want me to pull down second stage payloads, additional payloads. You want me to move laterally and infect, you know, Haircut Fish's computer? What do you need me to do? The computer needs to reach out because it's typically going to go through a firewall or something like that. So if it's, that's beaconing. Okay. And beaconing typically happens with some regular cadence like every five minutes, every ten seconds, every six months, like whatever. So it can be detected. So what they make it do is look like it's legitimate web traffic. This is why the last story about China's espionage thing going to Microsoft Azure blob storage for C2, like that's what I'm talking about. Like that would look like normal web request. You wouldn't see it wouldn't stand out. Right. They have Telegram bot API based C2. Telegram is used quite a bit by threat actors, not just for like sharing intel and info stealer logs, but like for data exil being sent to the Telegram. Right. Lots of people in, in the modern society are using Telegram so that kind of traffic doesn't stand out. Plus it's a pretty robust messaging system. What else we got here? Python malware can inject shell code into Windows executables while preserving original functionality. This is called a Trojan. Again, like I'm just gonna move on to the next story. Like listen, don't, don't like, like Flavor Flav said, don't believe the hype. Okay. What, what AI is doing is the same thing that we've been doing for decades. Okay? It's just, they're doing, it's doing it faster, it's doing it more elegant. Injecting shell code into Windows binaries without disrupting existing functionality is trojanizing it now. It's doing it to actively running binaries, okay, which is like called. There's a technique called process hollowing that you can look into. That's basically what that is. Cobalt legitimate web request profiles. Like none of this is new, right? AI is not innovating in the, in the attacker space. It's just doing the same things. It's just doing it faster. Okay? So please don't be like enamored or overwhelmed or like, like it. I don't know, man. It's just like, it's just doing it faster. It's not, it's the same things that it's been doing. So if you're a practitioner that's been protecting organizations for a decade or more, or you're on like the CISO track or whatever, like, don't get like, don't get discouraged. Don't get overwhelmed. Like it's, it's just doing it faster. Okay? All right.

B

Kali365 expands reach phishing as a service platform. Kali365 known for bypassing MFA on Microsoft 365 is now targeting AWS, Okta and multiple enterprise and Russian services, including Max Messenger Security. Researchers at Arctic Wolf say it relies on device code phishing oauth authentication flows then valid access tokens, effectively bypassing MFA protections. Kali365 now appears to use AI generated phishing lures, automated dashboards and real time campaign tracking with at least 126 malicious hosts observed. Remember to subscribe.

A

All right? I mean this looks really interesting. I wish there was a picture or some type of graphic. Essentially what it's saying is if you've ever, like, if you've ever had a tv, like you know how like like you, you have a, you get a new TV or something and you want to log into Netflix or you, you have a, a computer and you want to use Discord and you like, you don't type in your username and password, you just like use your phone to snap a picture and it uses the authentication of your phone that's already logged into Discord or already logged into Netflix or whatever and then authenticate you or you know, sometimes there'll be like a five character random generated one time password effectively and it says, oh, type this in to authenticate. That's essentially what this phishing as. As a service service does for you. Again, I don't fully understand what it looks like. They are targeting lots of things. Like they said they're targeting Max messenger, which is a Russian based instant messaging platform that I don't really know anything about. Again, this is a criminal enterprise that's trying to make as much money as possible. So they don't care if it's Russia, America, Cambodia, Cameroon, Brazil. Like it doesn't matter. Like just straight cash, homie. It's. It's phishing as a service. They're selling their services to criminals. Roku and Apple TV devices, smart screens, etc. How does this work? Okay, it. There's a phishing email that impersonates a shared OneDrive file and then the victim authenticates and completes any required MFA steps. The attacker is then granted access to the victim's account without requiring creds. I don't know. I don't fully understand what this attack looks like. What I will say is it is worth learning that like, this is innovative. Okay, I haven't heard of this particular type of attack, so it is interesting as far as understanding, like when. I'll just say this because we're running late on time here. When Click Fix happened, right. Click Fix went buck wild. And it was important to understand how Click Fix attacks happen, right? Oh, they're making it look like a captcha. And the way you prove you're human is hitting Windows key R and then pasting PowerShell and hitting enter. Okay. Now there's been tons of variations, but we all understand what Click Fix looks like and we can educate our end users. This is another version of a new attack that is attacking a familiar workflow that normal end users are familiar with and exploiting that. So again, I would like to know more about how this particular attack vector works, but you should, you should know about it. I mean, they've got a little bit of JavaScript functionality here. This doesn't really matter. That's not what we're going to show end users. Here we go. So the victim gets presented a shared PDF document and it says, you must verify yourself using this code. Click the button below to open the windows, enter this code, authenticate with your device. Okay, so that's it. I mean, this is just. This is just straight fishing, right? They put. They think they're. This is actually. This isn't really. This is. This is not anything new. I'm. I'm mistaken. Okay. This is just looking like it's the new thing. But in reality, it's a fake landing page telling you you need to authenticate to a service using your username, password, and mfa, and then they exfil it. I don't even think that the. The pin that comes on the screen when you type it in somewhere does anything. I think that's part of the. The pageantry of this attack. All right, but whatever. You know what? It's working. Thread. Act. This. This. Whoever owns this. Phishing as a service is probably making banks. Let me see how much. Looking for a dollar symbol in chat? No, I wanted to know how much they made. Unfortunately, you can't Google annual revenue for threat actors. All right, let's go. All right, guys, we've had a good one. Today was June 3rd. It's Wednesday. Hopefully you enjoyed way back. Wednesday. Wednesday. Excuse me. This has been Simply Cyber's daily Cyber threat brief podcast coming to you live from Las Vegas. I fly out tomorrow. I actually. Dude, I have been so busy that I have to figure out if I am even here for the show tomorrow. I might have to get. Ah, dude, my knee. I. I might have to get a pinch hitter. We'll see. I'm Jerry from Simply Cyber. Don't go anywhere. We have a hidden show that's about to come up called Cyber Career Hotline. I will spend 30 minutes answering as many questions as I possibly can. My goal here is to help you level up. Whether you're trying to break in, get that auditor to position, or become a cso, I will help you. If I can't help you, I know people that can help you. I'm Jerry from Simply Cyber. You got a boogie out of here. Have a great Wednesday. Until next time, stay secure. I'm Dr. Gerald Osher. This is the Cyber Career Hotline. And if you're building a career in cyber security, this show is for you. Let's get into it. All right. All right. What's up, everybody? Welcome to Cyber Career Hotline. I am your host, Jerry Guy, coming to you live from Las Vegas. Let me throw on this thing. If it pleases the court. You're welcome, Mr. Mad Hat Tech Grunt. Hey, if it pleases the court, y', all, I would love to get another cup of coffee. Are you guys cool? Just talk amongst yourselves. I'll give you a topic. Dr. Pepper. Not a doctor or a pepper. Discuss. All right, give me a second, though. For real. I gotta get some coffee. All right, hold on. Oh, let me tee this up. Let me team this up. This is Cyber Career Hotline. If you Have a question? Put it in chat with a Q in the front, just like H. Tinsale did. Oh, you know what? I'm mic'd up right now so I can walk and talk. Let's see, what's the most memorable session you attended at Cisco Live? Okay, hold on. The music track Kitchen Infosec is Regal Estate by Stream, Beats by Harris Heller. All right, the most memorable session I've attended at Cisco Live. All right, so the keynote yesterday was pretty impressive, frankly. It's a lot of talk about agents and AI and stuff like that. I will tell you, one of the really wild things that I saw is that for, for an agent to do work, it is literally the network bandwidth is 450% more than a human doing the same amount of work, which is why just the sheer volume of network traffic and network bandwidth is going to increase dramatically. Cisco released these new chips. Okay, These kind. Actually, I'll tell you something that I had no idea about. Know everybody's talking about data centers. Data centers. Data centers, right. And the importance of them and everything. Cisco developed two chips. One can do a, literally a terabyte or terabit per second processing. So they make current data centers more powerful. And then they released a chip called the P200 which allows data centers that are, you know, separated by 100 miles, 80 miles, whatever, two data centers to be able to collaborate and look like one data center. Like the P200 has a lot of like, integrity checking and stuff. So Cisco, dude. People think that Cisco is like a networking and a hardware company. They've changed the game. Like they're developing their own silicone that like they're building the entire stack from the silicone to the data center to the, you know, the, the, the, the middleware, firmware to the apps, to the AI on top. It's like, it's kind of bananas what they're doing. So the keynote I attended yesterday was kind of the most crazy, interesting thing. There was a, there was a thing where like the CEO of Cisco sat down with the CEO of Starbucks and like hung out. I, I wasn't a huge fan of that. It felt like I was like, I don't know, like, it was like the two of them were like, had just played squash and then they're in the, the locker room afterwards with each other and like I'm hanging out there for some reason. Could have done without that. Oh my God. All right, what else we got in the chat here? I might have to blow my nose too. All right, let me know if you guys can hear me. I wasn't gonna put my audio mic back in. Curiosity says I'm a soccer ass, but I want to go into security engineering. What should I focus on? Automating stuff and connecting systems. Yeah. 100, dude, you should definitely learn how to automate as much as possible. Integrations, developing, you know, basically pipelines, curiosity, crash. Like, take something, some, you know, intel, Right? Take some type of thing as an input and then enrich it. Enrich it, enrich it. And then have it do something on the back end. Sound is good. All right. Thank you. Thank you. Zinc based supplements. Thank you, tj. Yeah, travel is tough, dude. I'm old now. I'm old, dude. By the way, when people are like, oh, you get to travel for work. It's like a hotel room in Las Vegas. Looks like a hotel room in, you know, Poughkeepsie. And by the way, I haven't been outside since Sunday. Like, that's another thing. I. I literally haven't been outside. How have you kept yourself becoming immune to the effects of caffeine? Are we immune at this point? Oh, I don't know. I. I don't know. I drink a lot of coffee. In fact, they had a cool thing here where, like, on your badge, there's a sticker station where, like, they have tons of stickers and you kind of, like, you basically, like, glam up your badge. You'll notice I put mine running on coffee. So I elected. I elected that one. Let me get my coffee. Speaking of that. All right, I'm pouring my coffee into my team sippy cup. Thank you, thank you, thank you. All right, I. I did steal some coffee stir sticks from the coffee station downstairs. Kind of a pro. A pro Road Warrior move, if you will. All right, Continuing to look at chat. You got questions, I got answers. Let's go. Also, again, guys, I know that the mobile show is a little different than normal, but Jerry isn't playing in the pyramid this trip. No, I'm actually at the W, which, by the way, normally I stay at Luxor when I come to Black Hat, but the W is really nice. I like. And it's like, it's closer. So if you're familiar with the Vegas area, when you go to Mandalay Bay, which is where Black Hat is always at, you have to walk through this, like, the shops at Mandalay Bay from Luxor, which is like this, like, mall. It basically, it's like a 1980s mall with, like, shops and restaurants and crap. The W is right on the other side of that so like I don't have to go through that concourse to go to Mandalay Bay, which is where Cisco Live is. Looking through chat here. Truly Original says, do you think the general public should have full access and range of these new super powerful Al models soon to be released? No. No. You know, here's the thing, like, I think they're too powerful. I, I, I guess I am. Okay. Like I'd have to really think about like who's allowed to have these things. I will say that if I gave, if I gave everybody in chat or you know, if we, if they made it publicly available, it's not like instantly everybody is a Red Team operator. Right? Like just because you have access to the, to the tool doesn't mean you can utilize it the way it could be utilized. Right? So I'm, I'm happy that, you know, big brains are working on it and trying to solve it. Kyle says I'm starting a business. Impact analysis. Yes sir. That's GRC all day, my man. My goal is to establish agreed priorities, update IR plans and inform Risk. I started the convo with Risk Emergency already, Kyle, that's. What's the question. Let me know what the question is. I'm happy to help. Rogue Cyber. Any update on your project to create an influencer in a month? Yes. So check this out. Let me, here's the thing, here's the thing. And I'm not, I'm not, I listen, there's, there's a, there's a member in the Simply Cyber community who is very familiar with who my talent is. Okay? Here, here's the update. Okay? I have, I have done, I have done the part that I need to do, okay? The, the, the, the, by the way, it's not create an influencer in a month. It's, it's help someone build a personal brand in a month. And I have done my part. Okay? The person has a completely revamped LinkedIn. They have a personal website. I even registered a domain name for them. I, I've done everything, I've filmed me doing everything. I have all the AI problems, prompts, I have everything. Okay? This person is young, which is not a problem. The problem is I asked this person to commit to 24 hour turnaround times and I emailed this person on Sunday or excuse me, on Saturday. I spent basically all day Saturday, like, like five, six hours doing all this work and I sent it to this person after we agreed for 24 hour turnaround times and I haven't heard anything. So it's been four Days without any response. Which is like, you know, people get on me, Justin Gold and casually Joseph always get on me about being like a type a control freak person. But like, I don't know. The update is I've done everything and I'm waiting for this person to do their part because I can't, I can't do anymore unless they do their part. I will tell you I have another person that I've identified who is very responsive that I may either pivot to or have two different case studies to share. So that's the update. The update is I've done all my work. I'm just. This person needs to be more interested in engaged if it's going to work, basically. All right, let's keep going. Can you think of any nice automations you made? You made. You mentioned Intel. Are you referring to threat Intel? And yes, that's exactly what I'm saying. Curiosity crash. Like intel feeds coming in. Also, like, you could even do some GRC engineering where it goes and like checks an environment for configurations and then if there are misconfigurations, it creates a ticket and sends it to the right person or, or potentially it logs it and then makes a configuration change, tests it and then, you know, documents it. Something like that. Like basically automate as much as you can. But also don't just like flip levers and do things. You want to be able to have a clear line, a way to like back it up. Make sure you test it. Jesse Johnson. Okay, okay, okay. What's up? Dude? Says he has the opportunity to speak to C Suite in a recurring customer experience meeting. I need to stress the importance of segmentation and user access control. What are some things I can say to add value? Oh my God. Oh. All right. This one's a tough one, Jesse. I have to think about it for a second. Segmentation. I don't know if you're going to be able to get like how you kind of attach segmentation to customer experience because, you know, essentially customers are oblivious to network segmentation, right? Like they don't care. The user access control. That one is more on brand. My immediate thoughts go to 23andMe and how shitty or I'm sorry, crappy password policy led to a credential stuffing attack and then they blame their customers. That's a terrible user experience. You could, you know, reference that as like why you might need MFA in some capacity if you're. I, I will say this, Jesse. If you are going to introduce any type of suggested changes to user experience or flows and Stuff in some type of visual. I don't know what just happened. The screen just flipped there. I would. I would bring some type of visual. Like, don't. Don't explain what the new experience is going to be like. Show. Show it. Right. Obviously you want to talk financials, dude. C Suite straight cash, homie. Right? Talk about how this improved user experience could lead to increased revenues, increased customer adoption, lower churn on customers. If you do not. If you bring any. Any information or any suggestions and you don't tie it to revenue or metrics that C Suite care about, they are going to tune you out. They're gonna literally be like this. Oh, Jesse's here. Okay. And you. You don't want that. Okay. Congratulations, though. Getting C Suite time on the regular is awesome. Oh, also, another thing with C Suite. Just go back to this. Another thing with C Suite. Try to bring, like, one, maybe two things. I would say one thing to them, and then everything that you talk about kind of supports that one thing. You want. You want to leave that meeting with that one thing in their mind. If you try to bring, like, couple things, they're gonna forget. It's some of them. All right. Continuing to look through chat here. Oh, God, this is. Coffee's hot, huh? I know. I might go out. Go outside tonight. I want to go to, like, a. A local game store and see their magic collection. But we'll see Magic the Gathering, not like David Blaine. I have a background in GRC and sock. How to combine both to stand out and find opportunities. Opportunities. Okay, I guess the question is Adj. Baku. The question is, like, what do you want to do? Like, do you want to be a GRC analyst? Do you want to be a sock analyst? Like. Like what you want to do is. Is important because that's how you need to stand out, right? If you want to be a GRC analyst and you're asking, like, how can you use your sock experience to help you stand out as a GRC analyst? That's different than if you're a. Want to be a SOC analyst and you have GRC experience. All I would say is if you do have, regardless of, I guess, what you want to do, make sure that you're framing all of your work experience to support the job that you want. Right? So, like, for example, if you want to be a SOC analyst using your GRC experience, you can say things like, you know, developed, you know, aligned with standards and protocols, familiar with. Okay, here's a good one. Like. Like familiarity or experience with Miter Attack framework, which Be kind of a GRC thing around threat modeling and threat actor behavior to develop, you know, TTPs or indicators of compromise or something like that. Here's a good example, right? Like I'm not saying do this, but it's a good example. DJ B, sec, Eric Taylor, they both have been developed their own EPSS tools. Here, let me, let me show you this really quickly, right? So just as a little quick example, Eric Taylor made this little tool here. DJ B made this little tool here. And you drop in a CVE and it gives you some intelligence on is this something I need to worry about? Yes or no? Like you could totally do that. And that's a great little tool that could help you stand out. Now I will say this now, Eric Taylor runs his own company. DJ B, SEC is a well established senior, essentially like a technical executive. So they don't need to do that. But if you, here's the missing piece. If you do the, if you do write like an EPSS tool or something like that to help stand out, you then have to regularly remind people, right? So like for example, using the EPSS tool, say like, oh, okay, I wrote this tool. This is great. Here's the value. Then like when a, when a story breaks, right? Like this Oracle WebLogic server vulnerability that says you have like 48 hours to patch. It's a major problem. Put it in your own tool, run it, take a screenshot and then post that screenshot on LinkedIn and say, hey, reminder, Oracle WebLogic has a really gross EPSS score, as you can see in the screenshot. If you want to check out my free tool so you can do this for yourself, here's a link. You know, whatever, like I'm, I'm just trying to stand out, right? Consistency is important. You do that one time, whatever, it just gets caught in the torrent that is the stream of social media. But if you do it regularly, then I'm thinking like you made it convenient for me, right? Like, oh, I regularly check out a LinkedIn page because he's regularly posting about breaking vulnerabilities with the EPSS score. That's valuable. So that's, that's what I would recommend. Lean into whatever it is the job you want, having all the experience you have supporting the role you want, and then make some. If you need, if you want to stand out, you have to deliver value into the network. The example with the EPSS is one example to deliver value into the network. But you must make the network aware that you are delivering this value or else it doesn't matter. And I'll give you a perfect example, right? Like the valedictorian who graduates first in their class, who spent all their time in the lab, and they are the absolute best security engineer ever. Like, they are amazing. They can just look at a computer and the problem is. Solves itself. That's how amazing they are. Well, guess what? Nobody knows that. Nobody knows that, right? So the person who came in, like, 15th in their class, who can look at the computer, tap on it a few times, and then the problem solves itself. But everybody knows that they are more valuable in market because people are like, oh, my God, do you know about that 15th person? They can look at something and within a few minutes, fix it. They're amazing. Let's go. So you have to do both of those things. All right. Considering doing blue team, despite my red team prior experience. Any recommendations on pivoting? Yeah. One of the great things about cyber security is the ability. Ability to matrix moshi. Like, the. The fact that you have red team experience makes you an even more powerful blue team operator, because you would know where to go look, you know, what is real and what is, you know, hypothetical. You know what the. The persistence mechanic mechanisms look like. You know what C2 traffic looks like because you've been on the other side of it, dude, Dave Kennedy said it at Wild west hack and fest, like, three years ago. The best blue teamers, the best detection engineers are recovering pen testers. All right, all right, here we go. Will you have a sticker station at cybercon? Will you get a certificate of attendance for simply Cybercon? Yes. So simply cybercon.org if you would like. Simply cybercon.org. oh, two cyber checks. All right, let me just finish this really quickly, and then we'll do two cyber checks. Let me see this really quickly. Thank you, Kimberly. Simply cybercon.org you will get a certificate of completion. CPEs. We will have a sticker station, I promise. All right, It. I'll add it to the. To the chart. Thanks. Jazzy jazz, everybody. I hope you got value. I'm sorry I didn't get to enough questions today. I kind of went long on some of my responses. Hopefully you guys are okay with that. I'm Jerry from Simply Cyber. Let's go, Raid. Two cyber chicks. Why is this not playing right now? My guy. Oh, there we go. Something's going on with my computer. Let's go, Raid. Thank you, Kimberly. Thank you, everybody. Guys, if I didn't get to your question, please come back tomorrow and ask it. I'm sorry. I went long on these things. Be well until next time. Stay secure, Sam.