Loading summary
Dr. Gerald Oza
What's up every morning. What's up every morning? Hello, hello. I am Ron Burgundy. What's up, everybody? Welcome to the party. Today is March 12th. It is Thursday. Welcome to Simply Cyber's Daily Cyber Threat Brief podcast. I AM your host, Dr. Gerald Oza, coming to you live from the Buffer Osier Flow Studio. We got a great show for you lined up today. We're going to go through the top cyber security news stories of the day, including some actual real breaking news around Stryker Medical and a couple other ones. We got a lot to get through. If you're looking to stay current on the top cyber news of the day, to be an active, engaged, effective practitioner, or if you're looking to find community, build upon your existing skill set, and get that job or level up in cyber security, well, then you're in the right place, because that's exactly what we do here. 1086 weekdays in a row. And today is looking pretty good, y'. All. So sit back, relax, and get your coffee, because we're about to get to work. Ah, yes. It is a beautiful Thursday morning here in the low country. Definitely very fortunate the air conditioner decided to fail. Did not have a business continuity plan of a second air conditioning unit. But we do have some fans, and we've got air conditioning maintenance staff coming on site. So thank goodness it isn't the dead of summer here in the low country, where humidity is at 110% and it feels like you're breathing hot soup. Guys. Every single episode of the Daily Cyber Threat Brief has eight stories. We go through them together. I give you the headline, of course, and then go beyond the headline, tapping into my 20 plus years of cyber security experience alongside many seasoned cyber security professionals to give you additional insights value from the story, even when the story has absolutely nothing to do with cyber security. I pride myself on being able to find a nugget of value in there for you. But I want you to know I don't research or prep for any of the stories that are coming up. I literally have no idea what's coming. Toasty Pops in the house. What's up, Kansas City? Ain't nobody got time for that. Ain't nobody got time to do research and prep for the show. Gotta go live, because that's what happens in real life. That's what cyber is. It's on the edge. It's riding the lightning. It's an exposed nerve. Now, every episode of the Daily Separate Threat Brief. Good morning, Jesse Johnson, AKA the Cosmic Cowboy and Haircut Fish. Getting it done every Episode of the Daily Cyber Threat Brief is worth half a CPE. A continuing professional education credit. Kilbur Crown's getting one. BDubs5542 is getting one. Mando Ailia is getting one. My dude, Gary Sturgiatis, just straight up call crushing public speaking engagements is getting it. So check it out. Every episode's worth half a cp. So say what's up in chat. You will appear above me in the show. That's right, Simply Cyber Community. You're part of the show. It's not all big me doing oh look at me, look at me. Takes a village. It's a community. Plus, I mean if anyone has seen Marcus Kyler's talk at simply CyberCon 2025, you realize what I'm doing up here is incredibly simple. So I, I need, I need the support y' all above me. So say what's up in chat. Grab a screenshot, include the title of the episode which has today's date, March 12th. It has the episode number 1087. The reason I do that is because in from my audit experience, when I ask for a piece of evidence to support the claim that you got CPEs, well, when there is a number, a date, screenshot it all together, it's very, very difficult to dispute in fact that you were here and got that value. So take the, take the screenshot, get the value. Half a CPE a day, 120 a year. Now, if you're here for the first time, we had a couple first timers yesterday, right? I think Rosie was a first timer. I don't know if Rosie came back. But hey, listen, if you're here for the first time, drop a hashtag first timer in chat. Let's go. Drop a hashtag first timer in chat and we will welcome you with open arms because we're an inclusive, supportive community and we want to welcome you to the party pal. Squad members know what to do if a first timer shows up. What's a first timer? You're you just stumbled onto the show, you're on LinkedIn doom scrolling. You're like, oh, what's this? You're on YouTube doom scrolling. You're like, what's this? You're regularly listen on the Spotify and you want to catch the video you normally replay but your schedule changed, your kids are on spring break so you're not driving in the school. Whatever your situation is, holla at us first timers. Eric Stratton, second week. Welcome to back to the party, pal. Welcome to the party. All right now. Hey, Guess what? Check it out. Thursdays, every day of the week has a special segment and this guy in Chad who dropped a squad membership, Haircut Fish, my man. This guy builds a custom meme every single day or every single Thursday. He basically makes a meme every single day. It's just on Thursdays. It is dedicated to this community in this show and I don't censor it. It's typically at my expense but in a good spirited way. We've got a first timer. Speaking of Haircut Fish, this guy's just modding like a boss too. Mervin Lumar, 485me squad members, let's go ahead and welcome Mervin. Mervin, thanks for letting us know it's your first time. The old John Mlan from Die Hard coming your way. Hopefully Mervin, hopefully you get value from the show. Enjoy your experience. Maybe, maybe it blossoms into community membership engagement, leveling up, high fiving at cons, you know, relationships that stand the test of time. I don't know, we'll see where it goes. Mervyn and Dunk says first timer. Never got used to the tag. I don't know what that means but welcome to the party pal.
Sarah Lane
Welcome to the party.
Dr. Gerald Oza
All right guys, so we'll get that meme at the mid roll. Now every single episode of the daily cyber threat brief is sponsored. Thank goodness because it allows me to bring this show to you in all of its glory. Let's start with anti siphon training. Anti siphon training is disrupting the traditional cyber security training industry by offering high quality, cutting edge education to everyone regardless of financial position. And they do it in incredibly diverse ways. Yesterday you may have caught James McQuiggin's at 35,000ft how to detect fake remote workers. I attended that workshop. Phenomenal. Phenomenal. He did deep fake me and John Strand, Jason Blanchard, Deb Wigley, he had the ability to fake his voice. It was crazy good. Jennifer Guet, squad member, welcome. Thank you. Jennifer Gulet. So hey, let me tell you about this. Every once in a while Anti Siphon actually puts on a summit, a virtual conference, 10 talks, which is not light, 10am to 4pm, 10am to 4pm and the best part, this conference cost $0. So if you are thinking about working in a sock, you're interested in blue. Maybe you're a pen tester and you want to level up so you can start doing purple teaming. That could be an opportunity here. March 25, 10:00am to 4:00pm Basically carve the day out, get a cooler full of monster energy and Some sodas, plant your butt. Maybe get a sub from Publix. Sit your butt down. 10 to 4pm Crush it. I'm gonna drop a link to this so much awesomeness Sock summit. And of course if you get asked in chat, drop a hashtag Team sc. That's our rally cry in different areas when we simply cyber travels really well, we get, I get complimented quite often about how well we travel as a community. And just dropping Team SC in chat, people be like, oh, where are you coming from? It's not upstate midlands Texas. It's tmc. Love it. Thanks guys so much. It's so cool. You know what else is cool? Flare. Flare. Flare Academy is cool. But I gotta tell you guys, if you are interested in just unbelievably sick threat intelligence that's actually actionable and valuable, come check out Flare Cyber Threat intelligence platform. You could see if you go to Simply Cyber IO Flare, you could sign up for this two week free trial. What does that get you guys? This is a video demo showing you the inside of the threat intelligence platform. Basically they go and comb the dark web. They have seven plus years of dark web data. They get fresh, fresh, fresh catches every single day of dark web intelligence. Telegram, channels of cyber criminal activity info, stealer logs, etc. Like it's just sick dude. And you can look for your domain, you can look for your users names, you can look for passwords, you can. This is basically a detection control, right? So if you get compromised and your controls fail to protect your organization, you can get in front of it and be aware that threat actors have you before they actually take action on objective and you suffer real impact. All of this. And you can check it out for free. You do have to fill out this form so the flare team can actually verify that you're not a criminal. I'm serious, this, this platform is way too powerful. If you wanted to turn to the dark side and become a cyber criminal. It's a two week trial. I've used it before for my work and honestly within four hours you know how sick it is. Go to Simply Cyber IO Flare for more. Also, quick shout out to threat locker. Bring in the heat. Threat locker, let's hear from them. And then, and then Mervyn Lamarque, I'm gonna melt your face and end dunks. I'm gonna blow your socks off. So everybody holla. Oh also hey, spoiler alert. I'm just, this is just coming across the wire right now. The Sock summit. They, this is crazy. They have a 5,000 person cap. So they can only register 5,000 people, which sounds like a lot. They're literally close to that number. So if you're even thinking about registering for this free summit, right, So I mean there's no, there's no skin off your back if you register and then don't go. I would recommend strongly registering if you even suspect you might go as once it's full, it's full. Right? Can't get. You can only shove so many clowns in the Volkswagen Beetle. You know what I'm saying? All right. Threat Locker. I want to give some love to the daily cyber threat brief sponsor, Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night, worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCyber. All right everybody, do me a favor, sit back, relax, Namaste. And just let the cool sounds of the hot news wash over all of us in an awesome wave. I'll see you at the mid roll. For Dan's meme, let's go
Sarah Lane
from the CISO series, it's cyber security headlines. These are the cybersecurity security headlines for Thursday, March 12, 2026. I'm Sarah Lane. Meta apps offer new scam protection Meta is adding new scam detection features across Facebook, messenger and WhatsApp to warn users about suspicious activity before interaction. The updates include alerts for unusual device linking attempts on WhatsApp, warnings for suspicious friend requests on Facebook, and expanded AI based scam detection on messenger that can review chats for common fraud patterns. This is all meant to help users identify and block potential scams before they become a problem.
Dr. Gerald Oza
All right, two things. Number one, I mean obviously let's just call, let's just point out the thing that everybody's thinking about. You see this graphic behind here with like the little ninja mask looking thing? This is like very, very close to what the new TMNT Magic the Gathering sets logo looks like. All right, Aside from that, guys, I love it. WhatsApp and messenger meta taken a book, a page out of the book of other platforms. I wish that this was a standard across all messaging platforms. Essentially Helping, you know, non tech people, general end users, the Aunt Dorotheas of the world, be a little bit more informed and get their hackles up about suspicious users fraudulent activity. Listen, if they tell you that an unrecognized device was linked to your thing, that's not a scammer trying to, you know, entice you into sending them money. Like a romance scam. Or saying like, oh, hey, I left my like a pig butchering scam. Like, oh, I left my golf clubs in your car. Are we still on for the barbecue Saturday? Right? Where they, they start you into a conversation. This is like they're also getting your messages. If there's an unrecognized device linking, like your account is compromised at that point for real. I can't really scroll through this story because this is one of those websites that they give you like a little taste and then they slap you in the face and ask you for money. Let's say unrecognized friend request. I mean, I don't know like personally I like unrecognized friend requests. But at the same time, like shouldn't, you know, like if a, if a request comes in to friend you and you don't recognize the person, aren't you able to determine yourself that it's unrecognized friend? I don't know. To me, I'm not sure this adds a ton of value. Plus like I could see alert fatigue to like a general end user where they're like, yeah, like every friend is an unrecognized friend request. Like most, you know, I feel like younger people don't use. Maybe I'm wrong. Younger people are like less likely to use Facebook and stuff. But older people are who are like, oh, like, you know, they've already made their friend circle. So like anything else is an unrecognized friend. At the end of the day, scammers are using these messaging apps to pull people off platform. Like you're on Facebook or you're on LinkedIn or you're on insert media app here, whatever. And it's like, oh hey, like let's, let's, you know, send me your me, send me your phone number, send me your WhatsApp ID and let's, you know, basically message that way. So I appreciate that. Literally for me, anything that can help general non technical end users be a little bit more informed on malicious activity more to you. I mean that's GRCs. That's like one of our main tenants in GRC is to educate end Users, whether that's a executive, a developer, you know, a manufacturing person, a physical security, you know, a new hire, someone who's been there for 60 years. Like that's our job, right? Like we take, I take our, I take GRC work seriously. So for them to do this, right on, you know, I hope other messaging apps take note just because, I don't know, here's the final thing I'll say about this. Like, this doesn't change what we're doing day in and day out to protect organizations. You may, maybe you want to send a message out to your workforce about this. I'm a big advocate of helping it modify end user behavior by demonstrating security best practices for personal gain. Not, not to like make money, but personal gain. Like, hey, hey, workforce, did you know if you're using WhatsApp and Messenger, these, you know, like these new security controls are in place. Like, even if you don't use WhatsApp and Messenger at your business, this is still an opportunity to like instill those best practices in your workforce. So when they are using teams, for example, for, for work and they get a suspicious teams request or something, they're already kind of programmed to be like, oh yeah, like suspicious alert. I, I, like, I, I, Jerry was talking about this and I retained it because I remember it now. They're probably not going to be like, because it was for personal value, but like that's how the programming works in human beings, right? So cool. Thank you.
Sarah Lane
Google's Wiz acquisition finalized Google completed its $32 billion all cash acquisition of cloud security startup Wiz. The largest deal in Google's history. Wiz will join Google Cloud but continue supporting multiple platforms including aws, Azure and Oracle Cloud as its own multi cloud security provider. The deal closed after U.S. and EU regulatory approval. Wiz surpassed $1 billion in annual recurring revenue in 2025 China.
Dr. Gerald Oza
All right, two things. Number one, I mean, all right, so let me, let me tell you two things that are just like off the cuff, really. Like, number one, you might look at this story and be like, what does this got to do with me? Like, like, oh, whatever, big tech oligarchs, you know, throwing billions of dollars around. Sweet. Now what I want to say is first of all, you should be, if you've ever heard the phrase, like, you should understand how your business makes money. And you tried to like figure out why is that important to you? Like, oh, I'm just a SOC analyst. I'm just, you know, knocking down alerts and protecting this business. It doesn't Matter if they make widgets or they serve patient, you know, patient care or if it is a, you know, publishing company, who gives a damn. It's the same threat actors. I'm still knocking alerts down. It is important to understand how a business makes money. Because when you are trying to convey risk to the business, when you are trying to select controls, remember, you only have so much money. Like no company is going to invest infinite dollars into your cyber program. So if you only get, let's say, $800,000 budget for your cyber program, how do you spend that money? Right? And you need to understand how the business makes money so you can make sure where you're applying control has the highest risk reduction value and the highest return on investment. Because you're going to have to turn around and explain where that $800,000 went. And if the answer is not very good, good luck getting another 800 grand. Okay, so that's just a quick little back of the napkin thing on why you should understand where the money comes from in a business. Now, Google, $32 billion. All right, guys. Hey, just as someone who's been around and follows this crap, the CEO of Whiz should absolutely get a hundred foot yacht, okay? And I'm not usually one of these people who's like, let's celebrate the 1%. You guys are the best up there with your gold fountains and your, you know, first, you know, like private jets and stuff. Dude, Google tried to buy Whiz like a lot two years ago for $25 billion, which would make my eyes pop out of my head, okay? And Wiz was like, like legit. Wiz was like, oh, we're good, BRUH. Fast forward one year and they got an additional 30%. 32, like at $32 billion. And that was like crude math, right? It's not exactly 30, but it's close enough when we're talking billions. So whoever the CEO is of Whiz, like Bruh, you, he or she, whoever it is, like, just, you know, way to go, Big gamble, big payoff. Now, as practitioners, CISOs, senior SOC engineers, especially people who are using Google workspaces for their backend infrastructure, like two Thumbs, this guy here at Simply Cyber. What does this mean? Okay? Anytime there is a major acquisition, okay, like, well, first of all, I'm going beyond the headlines on this one. But trust, stay with me. This is value. And, and if you've been around a while, like if you're like Cheddar Bob, like, you're probably like, like Cheddar Bob's. Just like lit a cigar I guess a cigar would be like this cheddar Bob's got a cigar and he's in the back, he's like y. Listen, anytime there's a major acquisition and a lot of these massive tech, you know, conglomerates, effectively Fortune 10 companies, they are going on a wholesale full stack acquisition, right? Your Palo Altos buying an EDR solution, they are already good at firewall buying, mdm, buying identity and access, right? Cisco buying Duo or Okta, right? I forget who bought Octa but like Cisco with their Cortex engine, Microsoft with Defender and I mean I forget who Microsoft bought like but Microsoft bought like LinkedIn and friggin open AI and stuff like so. Which is not exactly one to one but my point is here's what's up. If you are baked into that solution, you use Google Workspace or you're on Microsoft 365 or whatever. When these acquisitions happen you don't notice an immediate impact. It takes about 12 months for the acquisition to get integrated into the tech stack and, and like basically it's going to be there and you're going to have access to it and chances are leadership's going to be like bro, like we already pay for all of this. Like why are we paying for CrowdStrike as an EDR when you know Microsoft has Defender which we already have access to because of the E3 license that we pay for. Cut the crowd strike out. I'm not paying for two EDR solutions. Like that's a CFO CEO conversation. But what happens is this. The tech that they bought doesn't always natively integrate. It's not like a Lego piece where you're just like, it just works perfectly. A lot of times it's like, you know, it's almost like a door that like doesn't fit perfectly in the door frame. So like when you go to open it you've got to like friggin pull on it and it'll snap out and like in the summer the door swells so it's a bit more of a problem but in the winter it's okay, like that's what's up. And it takes a lot of like filing and planing down of the technology. Sometimes they'll just like get rid of a bunch of functionality because they just wanted to buy one piece of it. So anyways, just be aware. And if you work at Wiz, googlebot, Mandian, that's another perfect example. If you work at Wiz and you're in like a corporate position with all due respect, you may want to start looking for work. Usually you get about a year before you start being identified as redundant. Again, with all due respect. So, yeah, good job, Wiz. But. But just so everybody knows, like, that's what happens when these acquisitions happen. You should start a clock for 12 months on a lot of different things. Not always. Not always, right? I mean, Mandy. And still does. IR and no one calls it Google
Sarah Lane
IR curbs state run Open Claw use. Chinese authorities have barred state run.
Dr. Gerald Oza
I'm sorry, really quick. That's also like a service. The IR is a service. It's usually more if it's product acquisition
Sarah Lane
enterprises and government agencies, including major banks, from installing OpenClaw AI on office computers or personal devices connected to company networks due to security risks. OpenClaw is an agentic AI platform that autonomously manages tasks and accesses private data, raising some concerns over external communications and rogue behavior. Some employees and military families face restrictions, while other notices require prior approval. Chinese tech firms like Tencent, Alibaba and Minimax continue promoting Open Claw apps. SISA order.
Dr. Gerald Oza
All right, yeah, you know what? China, us, European Union. If Mars had a. A colony, every one of them should be curbing open a Open Claw AI use. Okay, like, I mean, it says banks and state agencies, but bruh, like, how about anywhere like you, you can't. We talked about this yesterday. OpenClaw AI. The problem is this thing is, you know, your AI agent and just like OpenAI put a text field in front of an LLM and called it chat GPT and that unlocked everything Open Claw makes, makes my cousin Pat accessible. Because all you got to do is pop a shell and run this command and. And all of a sudden you got Karn over here making your. Your background wallpaper unchangeable. So you can see this proliferate with very low to no technical knowledge or ac, you know, acumen. So sadly, people are firing this up all over the place and what's ended up happening is they're giving permissions to everyone. There's a problem here. The problem is, first of all, OpenClaw will do what it wants to do in order to achieve its goal. The bigger problem, in my opinion, is that, yes, there's been examples of like Open Claw spending money because you gave it a credit card and you didn't really want that purchase. But like, to me, the real problem is that there's power in giving these AI agents skills. And anyone who can install the Open Claw agent on their desktop, Carl's of the world, they can go install skills in fact, you can just tell Open Claw to install a skill. Like, you can ask Open Claw to list the skills at the store, like, the store that are there, and then you could just say, install it, and Open Claw will go do it for you. The problem is many of those skills are malicious because there's abs. It's. It's like Wild West. There's no. There's no. Like, there's no Apple store. There's no adjudicating body. There's no certification. Anyone can do anything. All right, hold on one second. I, like, I'm trying to find the stupid store. Where. Let's see. Oh, well, I don't know where it is, but it's. It's too bad because I, like, I looked at it the other day, and, like, it'll give you a. Some. It'll give you some type of, like, assessment value of whether the skill is malicious. Spoiler alert. Most of them are malicious. Okay, here we go. Claw hub. Malicious. Malicious. So this one's not malicious and this one is. So anyways, that's what's up. So as a overall policy, China saying you can't install these things. If it were me, I would not allow anyone in my organization to install Open Claw on work machines. It's just too. It's just too risky. I mean, it's like installing, not installing it. You know what it is? Honestly, this is, like, not exactly a perfect analogy, but I feel it's pretty good. This is like. Like you can go to the pound and. And get like a Rottweiler. Like a big. You know, a big dog with, like, a gnarly mouth and stuff. A big old Rottweiler, very strong. And you can, like, bring it, and you can put it in your. In your. In your building and say, oh, hey, like, hey, Rottweiler, go get me, like, my lunch. And it'll run. You know, it's got the ability to go to the break room, open the door with, like, the towel, get your sandwich, bring it back to you. Hey, Rottweiler, go tell my boss that I'll be there in five minutes. And it runs over in there. It's like, roof, roof, roof. Right? So there's some capabilities. But then also accidentally, you tell it to, like, go start your car, and it just rips your leg off. You know what I'm saying? Like. Like, you. Yeah. You know, so. Or rip someone else's leg off. Okay. And I. I'm a huge dog person, so don't think I'm throwing shade at puppies. But my point is that's kind of the comparison here. I don't want it running in my environment. I run it here at my house in my own environment. And I harden the living crap out of that device out of my network. And I don't really have any skills outside a couple that are like native to Open Claw. And I certainly don't give it access to my email or anything like that. So that's what's up China. I hope that the US is doing the same thing. I would also say really quickly you can look for, you can look for this actual domain name, OpenClaw AI if you see it, maybe even just block it straight up. But you can also put in detections in your EDR to see if these things are running or being installed and then you can curb it.
Sarah Lane
N8N RCE flaw Patch CISA has directed US federal agencies to patch a remote code execution vulnerability in the N8N workflow automation platform. Actively exploited in attacks, the flaw allows authenticated attackers to execute arbitrary code, potentially exposing sensitive data such as API keys, database credentials and CICD secrets. N8N patched the issue back in December, but Shadow server reports over 40,000 unpatched instances online. Federal agencies have to remediate by March 25, but CISA urges all organizations to secure their N8N deployments immediately.
Dr. Gerald Oza
I love how the story just kind of glosses over the fact that federal agencies are running N8N in their environments. Like, again, I'm not, I'm not trying to, you know, gate or gatekeeper wall anyone, but like, I mean, I mean, obviously it's got to be approved and stuff. It's just, I don't really. You don't really hear about federal agencies being on the bleeding edge of technology. So what's up? Cybershine and Gami. All right, so cease to say if you run eight and you got a Patrick. Thank you, DJ B Sec. Lots of people love N8N. It basically is a WYSIWYG workflow automation platform that allows you to hook in all sorts of AI. If you Google, if you Google YouTube, N8N you'll find, you know, here, let me just show you. N8N YouTube. You know, like just. There's a million videos out there of like, oh, like, you know, build an entire workforce. Master 80 minutes first AI agent. Like, hold on, I like, let me. I bet you if I say like money, it just annoys me that these people exist. 3 Ways to Make Money with N8N Complete Guide Build AI agents that make Real Money Stop learning. Do this to make money. Automation, income streams, passive income. Like, dude, it is a wild west of people who are trying to explain to you how you can make money just appear out of thin air, spoil. And like, I didn't really tell anyone this, but with Karn, one of the very first things I did was do. I did one of these just to validate that it was total hot trash. Spoiler alert. I was right. I, like, I'll tell you, ask me a jawjacking. Well, I'm not doing jawjacking today. But anyways, I did one of these things, and I gave it like, seven days, and I let Karn go buck wild. That's my open claw instance back there. And yeah, these, these guys right here, what they should be doing is teaching you how to make money off of selling people on dreams of making money. All right, so if you're running N8N, even if you are not a federal agency, you should absolutely make this a priority, right? Find if you're running N8N in your environment. Okay, hold on. I'll share that in a second. If you're running I, I assume this is the local. Hold on one second. Here's the thing. You can run 8am through the website, or you can run it locally, and there's a dot. You know, you can use Docker to do it. 50,000 downloads a week. Obviously, lots of people using it. The RCE allows authenticated attackers to execute arbitrary code, so the risk is a little bit lower because they do have to have credentials if there's default creds. If you have crappy, easy to compromise creds, if you're reusing passwords, you could get punched in the mouth. Okay? Remote code execution means that they'll detonate on the box itself. N8N runs on a machine. One second. Let me see if I can do this. No, hold on one second. I'm trying to get the value of the. It's definitely not a. What's interesting is that Cease is telling you to patch on this one, but you. It is not unauth, unauthenticated remote code execution, which I find interesting. Holy crap. Br. This is bad. Okay, so according to the EPSS score, this is really bad. If you're running N8N localized instance, you have a 79% chance of being compromised in the next 30 days. Like, this is really bad. Okay? Look at DJ B tool. He's updated it. Of course it takes time. All right, hey, listen, let me tell you this right now. This is not. I, I, I reserve, I reserve saying this for only situations that require it, this is an absolute. You've got to patch it. Okay, Like, I know we have the funny sound effect. Ah, you gotta patch it. If you're running any in on your own instance, patch it. If you don't know if you're running it in your environment, patch it. Scan your Internet or scan your network, find this instance. There's got to be a way to see if N8N is on. You may even want to just notify your, you know, kind of power users, your IT team, your developers. Just straight up, hey, N8N's got a really nasty vulnerability. You must patch it. It's probably. I don't know how to patch N8N because I don't run it. But I'm sure it's trivial. I'm sure it's like, you know, get update. Or if it's like, you know, right click update. Like, it's probably not tricky to update. Please prioritize this. This level of EPSS score is absolutely disgusting. You don't typically see the score this high. Now they're not reporting that it's actively being exploited, which is great for you. That means you have a window of time to get this sorted out before you become a statistic. But I know Steve McMichael uses N8N quite extensively. I plan on telling him, if he's not already in chat. This is not a joke, yo. I suspect we're going to hear about some news stories in the next four weeks of N8N getting exploited. Sadly,
Sarah Lane
huge thanks to our sponsor, Drop Zone AI. Here's something worth asking any AI security vendor you might meet at rsac. Can you show me exactly what your AI did? Not just the verdict, the reasoning, every tool that it queried, every piece of evidence, every step it took to get there. Most can't Dropzone AI can. Every investigation is fully transparent. You don't have to trust the AI. You can verify it. See it for yourself at booth 455 and learn more at DropZone AI RSA2026AI Dash Diner.
Dr. Gerald Oza
All right. CheddarBob with the assist. The Known Exploited Vulnerability Catalog, which is maintained by cisa. Thank you for funding cisa. Federal government has noted that this vulnerability, the kev is the Known Exploited Vulnerability Catalog, which, you know, it's like a magic card, like the. The name says what it is. Known Exploited Vulnerability. It is being. What the hell? Okay, so there's no information here. Like, the fact that it's in the KV catalog would indicate to me that it is being exploited, but they don't know if it's being used in ransomware campaigns, which, like, I don't even know why they're adding this. Like, what value is that? Unknown Additional notes, like, can we get some more value here? All right, so Chatterbob pointed this out. Thank you, Chatterbob. I guess without understanding how it's being exploited or where or who or what industry or what, apt even more reason to get your crap together and get this patch, like, literally. I love you being here and being part of the community every day. If you need to pause the stream and go fix this asap, I. I hear you and I completely understand, man. That's a bad one. All right. Okay. We've been doing the. Don't you forget about me, all right, all of March. I only have three sponsors this month, which means I read them in the intro, which means I'm able to go back and cut out this part of the show, which eliminates the copyright strike issue. So, holla, holla, holla. I want to say what's up to everybody in the chat. Thank you, Devin Grady, Kyle, the lead analyst. Also simply Cyber community member of the week. Find the true too, guys. Shout out to the sponsors again. Threat locker, just crushing it. Anti siphon with a sock. Summit Register now. Flare with their threat intelligence platform. If you've. If you went through the process of getting validated for Flare and you've been using it, share your honest feedback in the chat. You know what I mean? I'm not asking you to give a positive review fraudulently. I'm asking, hey, what are your thoughts about it? All right, Every single day of the week has a special segment. And on Thursdays, this dude, my friend, your haircut fish, makes a custom piping hot meme. And this one, he pulled the cookie sheet out of the oven while it was still hot and toasted his little fingertips. This one is spicy. I love it. Guys, let me give you your meme of the week and I'll let this wash over you for a second. This one's a bit fringe, a bit niche for everybody. Okay, here you go. Really quickly. So if you have been, you know, following the show, I know you first timers might not get this reference, but I am. I am in the throws. I'm in, like, book 7 of 14 right now of the Wheel of Time. It's a massive commitment. It takes like over a year, a year plus to get through all the books. It's my second time going through it. It's awesome. I'm also a Pretty avid Magic the Gathering, I guess deck builder, since I hardly ever play it. And Dean has taken this opportunity to mash it up. So this is a scene from Wheel of Time. And you can see I've. He's got me holding a magic card, casting some type of spell on it. So obviously my beard is fierce. Gary Sturgiatis, I'm challenging you for fierce beardness right here. So, ladies and gentlemen, this is your meme of the week. I don't know. Dan usually tries to hide himself. Oh, I do see, Dan. Dan is hidden in this picture. So if you'd like to play along for that part of the game, go for it. All right, Code brew. Nailed it. All right, so let's get the La la la la's on. All right, shout out to Dan. Thanks, Dan. All right, everybody, let the lalas was. La. All right. And yes to those who are playing along, Dan is in the hourglass. Well done, Dan. Always.
Sarah Lane
Comet AI browser tricked into phishing scam Researchers have shown that agentic AI browsers like Perplexity's Comet can be manipulated into phishing scams in minutes by exploiting how the AI reasons and narrates its actions. Guardio researcher Shaked Chen described this as agentic blabbering where the AI exposes its observations and plans, allowing attackers to train malicious pages to bypass defenses. Stav Cohen explained intent collusion where user requests merge with attacker instructions, enabling hidden commands to execute. Related work from Trail of Bits and Zenity Labs demonstrated prompt injections and zero click attacks to exfiltrate data like Gmail content and 1Password credentials. France's national cybersecurity agency sees ransomware.
Dr. Gerald Oza
Okay, first of all, this infographic, am I right? All right, so anytime guys, we are in this like, you know, brand new world, move fast, break things of AI, which is, you know, it's a great time to be innovative. It's a great time to try stuff. But it just. Threat actors are licking their chops at opportunity because of all the unknowns and all the just attack surface that's exploding, which is why I don't want you to run Open Claw in your environment. Okay? Now these AI browsers, I, I have Comet. I've never actually used it. I like, I downloaded, I got early access and then like I downloaded and then never used it. Okay. My understanding is that it can, you know, basically do things for you in your web browser, but anytime it's taking action. That means if a threat actor can control flow, it can get you, it can get the AI to Do whatever it wants in the AI. It doesn't have like a little, you know, six sense, spidey sense going off. Shall we play a game? So the threat actor, let's see, how's it work? Activates agent. AI agent under test has some raw output. Threat actor sniffs it. I don't even get it. I don't get it. Let's see. Yeah, phishing and scam traps. Okay, so how, how does it work now? Okay, by the way, blabber is like, you know, kind of a scientific term, right? A agentic blabbering. I. I wish they called that something else. Roswell UK says the blabbering features a classic case of corporate oversharing. If the AI would just keep its internal thoughts to itself, the attacker wouldn't have a map. That's right. So the AI browser exposes what it sees, what it believes is happening, what to do next. So you can intercept this traffic, basically to understand the AI's decision tree. Okay. And then I guess the threat actors using AI as well to kind of figure out how the AI, like it's AI on AI action. These vibe coded platforms are already kind of a nuisance and vulnerable to a lot of attacks anyways. Let's see. Oh my God. Definitely double, double damn double infograph. Way to go, boys. Prompt to no guardian in less than 4 minutes. Attacked or prompts with scam narrative. Okay, so what this looks like is. Okay, so here's what this looks like, okay? And this is a really bad situation for, for us. Okay? It looks like the. There's two things going on here, okay? Number one, you have the AI browser and that can be tricked to fall for phishing pages and basically take action on a user behalf and infect itself. Right? So when they say no click or no interaction, there's still interaction. It's just the AI agents doing it on your behalf. So first of all, that is a risk that we needed to give consideration to using AI browsers. It's no different than giving your open claw instance the ability to go like scrub the Internet. You can get prompt injections, you can get data leakage, corporate secret sharing, all those things. Okay, that's one problem. And I'm just going to put that over there, put a pin in it. Okay? That's not even the biggest problem. What the threat actors are doing in this case is they're using generative AI to vibe code phishing landing pages. But then they're iterating with AI with the comic browser, for example, to look at the maliciously developed landing page to determine if it's flagged as suspicious or not, and then iterating to make the landing page look different and keep doing it until it's no longer flagged as suspicious. And then they put it out into the world knowing that the, you know, AI browsers and potentially just normal browsers with human end users will not flag it as suspicious. So this is, this is an evolution in a development in the threat actor playbook, especially kind of the cyber criminal threat actor, to get more effective landing pages that perform better, are more effective, and can trick AI. All right, so this is definitely something you got to be mindful of. Again, this is. You can't even educate your end users on this one because you, you're not going to get in front of an AI end user. You're like, hey, shall we play a game? You're like, no, Joshua, no, we shall not play a game. Joshua, let me explain to you what a fishing landing page looks like. No problem, Dave. Or, you know, I guess it was David Lightman in War Games. My point is you can't train the AI, so this is scary development, okay? If you're allowing your workforce to use AI browsers and you personally, okay, the other thing I'm going to say this reminds me very strongly of another capability that was much more manually intensive. But listen to me. Conti Ransomware Gang. C O N T I Conti Ransomware gang in like 2019 was like the rage. Like Conti Ransomware was undeniably the best, most effective, scariest, number one, FBI's most wanted ransomware threat actor gang. Okay? And basically when the war in Ukraine happened, the. The gang split up and one of the Ukrainian members leaked all their internal documentation. The whole reason I want to get to the. The whole reason I tell you that is because some of the information that came out outlined their corporate infrastructure in their organization. And they literally had developers making the malware payloads. And then they had a QA testing team that had licenses to Microsoft, Defender and CrowdStrike and Sentinel 1. And they would run the malware payloads on the current version of Defender, Sentinel One, CrowdStrike, et cetera. And if the EDR solution, that endpoint detection response stopped the Conti Ransomware malware payload from detonating, they would send it back to the development team and say, hey, listen, Sentinel One's catching it. You got to fix it. And they would fix it, then they would run it. And if it successfully bypassed or wasn't detected by the major vendor, EDR Solutions, they would then ship it. And they were just doing this over and over, which is why they were so successful. Is kind of the same thing here, except AI is being used to faster iterate over these things. It's crazy.
Sarah Lane
Ransomware drop. The French cybersecurity agency, also known as ANSI or ANSSI, reported 128 ransomware attacks in 2025. That's down from 141 in 2024. Partly due to law enforcement operations like Operation Endgame. SMBs remained the main targets. Healthcare and education sectors saw the largest year over year increase. Qilin Akira and Lockbit 3.0. Lockbit Black were the most common strains with new variants also observed. Overall, cyber incidents stayed stable at 1,366 confirmed cases. Data exfiltration claims rose and DDoS attacks declined.
Dr. Gerald Oza
All right, we got some information coming out of France. Ransomware attacks are down. We knew that, but the payments are going up. Not payments like the amount of money being made with ransomware is going up, but the amount of incidents is going down. And the likelihood of a threat of a victim pain is going down. So all those numbers might sound confusing. 28% of victims are. Oh God, I wish I knew. Either not paying or paying. That. That's very unusual for this conversation. Basically more people have backups and defense capabilities, but the ones who do not are paying. You could see here this graphic. Ransomware attacks in 2025. The, the beige is 2024, the green is 2025. You can see ransomware attacks continue to go up. Let's see, 18 drop compared to 2024 in overall cyber alerts that involved support of the French agency. So I mean, whatever guys, France is just, you know, one country. I don't know enough about them to know are they helping private sector businesses? Is this like federal frequency? French federal agencies only. I invite you to go grab it. There's all sorts of, you know, year end reports coming out at the end of Q1. Now that they've had all of Q1 three months to like look at the 2025 metrics and numbers and analysis and analyze it etc. So for me, for my money, guys, personally I'm a huge, huge fan of the Verizon data breach incident report. I'm a huge fan of the IBM X Force report. There's a couple like annual reports that I go are my go tos. Verizon data breach incident reports. My number one.
Sarah Lane
Stryker offline after wiper malware attack. Yeah, this is Medtech company. Stryker is offline after a wiper malware attack claimed By Handala, an Iranian linked pro Palestinian hacktivist group. The attackers say they stole 50 terabytes of data and and wiped over 200,000 systems, servers and mobile devices affecting offices in 79 countries. Staff reported losing both corporate and personal device data. Internal services and applications were also disrupted, forcing some teams to revert to manual workflows. Handala, linked to Iran's Ministry of Intelligence and Security, has targeted Israeli organizations since December of 2025 with destructive malware.
Dr. Gerald Oza
All right, yeah, this is probably, in my opinion, this might seem like a whatever story. Like, oh, hey, insert. You know, sometimes I'll be like, insert industry. Whoops. Insert industry. Insert company. Insert threat. Actor suffers. Whatever. This is not that. This is, this is pretty massive. Okay, first of all, this is a serious attack. Second of all, this could be an indicator of like, you know, more attacks of a similar nature. So let's take a minute and talk about this. I've only got four minutes left for the show. So what's the next story? Hold on one second. Let me see what this is. Researchers uncover phones and Google. All right, so researchers find something in a, in an app I've never even heard of from Google.
DJ B Sec
Great.
Dr. Gerald Oza
Listen, number one, if you work in healthcare, chances are you already know about this. This is from yesterday. I have friends that work in healthcare. They, I had group chat conversations with them yesterday. They're all over this thing. So at this point, like, if you're, if, if you work in healthcare and you're hearing about this from me for the first time, after you get sorted out, you should probably revisit your threat intelligence intake. Stryker is one of these medical device companies. They got hit with this wiper virus. Wiper malware is no joke. Okay, go look at Saudi Aramco's shamoon attack. S H A M O O N. That is a perfect example. You can also go look at, not Petya wiper attack. A wiper attack is devastating. Imagine if you will, every computer at your company just doesn't work anymore. Like, that is devastating. Oh, we're in the cloud. Yeah, that's fine, you're in the cloud. But like, even if you're in the cloud and it, it depends how gnarly this attack is, even if you're mostly in the cloud and you just use thin clients, if all your computers just stop working right, how are you going to access the cloud? Okay, Iran. This is Iran based. It's, it's almost confirmed at this point. It's a. Well, actually I, I know for a fact, unless somebody's Impersonating Iran, but I doubt it. It's Iran based. And I, I've said it all week guys, and I'm going to continue to say it. This is a fast moving story around the war in Iran and the Strait of Gormuz and you know, all these things and Iran is like flipping out, doing everything and anything to attack. And for anyone who thinks Iran is not a first world power, you're mistaken. They have, I mean they don't have as many cyber based threat actors out there. Not threat actors, but like China has like APG41, AP30. Like Russia has like Fancy Kitten, fancy Fancy Bear, Cozy Bear, freaking Sand worm and others. Right? So Iran's got muddy waters and a couple others. But like they, they are seriously legit. Now let me tell you why the problem is medical devices. In healthcare, medical device manufacturers and vendors, they typically have the way the maintenance works. Like if we buy a medical device from Stryker, we're not allowed to go in and patch it or maintain it or do anything. Part of the deal is that in order for it to, you know, be secure and certified and prevent any liability if it ends up hurting a patient is that the vendor has to maintain it. And by the way, they get a pretty sweet maintenance contract out of it. But you can either pay $100,000 a year to fly in Bobby to do engineering, or for 30 grand you can have them remote in. Spoiler alert. Everybody opts for the remote in one because it's straight cash, homie. Straight cash. So when Stryker gets hit and they have VPN connections or you know, you know, peer to peer IP tunnel connections all over the place, that is not good. Okay. That can lead to additional impact. Stryker. This is awful for Stryker. I'm not quite sure how they're gonna recover. This is effectively a hyper denial of service attack. When we say denial of service, we typically mean network bandwidth, distributed denial of service, knocking over a website. This is also a denial of service attack. And Stryker is really messed up today. So what I would say is protect yourself. Go look at this. You. I, I don't know exactly how they got in or how this initially deployed. My suggestion would be add some administrative manual steps to processes around creating administrator accounts. Domain admins put extra detections around the use of those accounts. Have, if you can put in multi, like have multiple people need to be involved in the decision to grant access or create accounts, right? So like two people turning the key because if one domain admin gets compromised or something and you don't have these like duplicative checks in place, you could be screwed, dude. Stryker, you know, you may never heard of them. They're a Fortune 500 company that made $22 billion last year. People's personal devices getting compromised, too. That's gross, right? Hopefully you had your kids, your family photos backed up from your vacation last summer. Because, dude, when you're ideologically motivated and hacktivist groups are doing this, when this is an existential threat to the threat actor, it. There's no. There's no rules. There's no guardrails. There's no, like, oh, that's out of bounds. It's straight up, like, whatever is possible to inflict damage. Let's go. I'm kind of curious what Stryker's stock is today. Let's. Yeah, that doesn't look good, right? I mean, so, I mean, looking at Stryker stock again, this channel is not for financial advice. They were trading at 360 a share. They're down to 347. So just a. I mean, not awful, but, you know, a 8% dip. As casually. Joseph will likely do buy the dip. But my. My thing is I'm. I'm actually, just as a case study, going to follow this. This is gross for Striker. Again, if you like the. Any this N8N story, right? If you're running N8N locally, go patch it. You know, this is important. This is, like, an active thing that you have to take action on this Striker 1. Like, if you're using Striker or you're involved with them in some way, you're already aware of this In. In doing these, I definitely would implore everybody to, like, elevate their, like, shields up, go to defcon, too. Like, whatever you got to do. Like, this is real. Like, we're freaking at war, basically. All right, guys, I'm just gonna skip the last story because it doesn't even look interesting. And you know what does look interesting? I'll give you a hint. Hold on. I'll give you a hint. This is what's interesting. Hold on. This guy right here.
DJ B Sec
Boink. All right.
Dr. Gerald Oza
Yeah. Oh, yeah. Here, let's get some of this. Ladies and gentlemen, on the tables, two turntables and a microphone. I've got some fun jawjacking for you lined up. But before I release the Kraken, let me tell you, thanks so much for being here. I hope you got value from it. Very important day of news. N8N. Go patch it, Striker. Damn. I'm Jerry from Simply Cyber. As part of this effort that Eric Taylor kind of teased yesterday, but we're going to be getting into having multiple personalities, multiple practitioners doing the jawjacking. As part of my effort to help deliver value both to the community as well as the jawjacking hosts for, you know, personal branding and development, we're going to be getting into more of a heavier rotation of jawjacking hosts. So today I'm super pumped to bring back to the stage jawjacking champion DJ B Sec, AKA Ben Cheryl. Tons of experience. The guy came up networking. Now. He's like an executive. Someone show him what a keyboard looks like. I just. I'm Jerry from Simply Cyber. Hey, let me just remind you really quickly, all you GRC Mafia people, I. I should do a better job of, of marketing this and telling people, but all you GRC people, I've got Carla Ruffled coming on Chief Insights Officer. You might be like, what's that, dude? This woman, this professional, she is awesome, okay? And we got talking. Someone introduced us. I think it was Kathy Chambers or Jack Scott. And I got talking to her. I'm like, oh, yeah, what do we do? And she's like, you know, one thing that people are, are doing wrong, the way they calculate risk, they're doing it wrong. And I'm like, oh, really? Would you like to come explain that to everybody? And she's like, hell yeah. So let's go. This is today at 4:30pm as always, you can go to Simply Cyber Schedule to learn, but I'm going to go ahead and pin it. This is the pin chat for today. Oh, my God. Get out of my way. For my. For the Simply Cyber firesides. Come, hang out. Learn how to calculate risk like a GRC trucker. Guys, enjoy the jawjacking. Until next time, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field. Live, unfiltered and totally free. Let's level up the together. It's time for some jawjacking. You have no audio. You have no audio. Still no audio. We can hear your music, but we can't hear your voice. So I'm, I'm the. I'm the. What do you call this? I'm. I'm your entertainment. Like, you know, in like, minor league hockey games or minor league baseball games, they have the, uh, the sausage run the bases in between innings. That's what I am right now. I am a sausage running the bases. You know, it's funny too, because DJ B Sec always makes fun of my audio because he's like, A big old audio engineer. And now look who's laughing now.
DJ B Sec
Damn it.
Dr. Gerald Oza
All right, enjoy the show.
DJ B Sec
I'm gonna show you what's wrong. All right, here, let's. Let's do this real quick. I'm going to show everybody why Jerry was screaming and yelling. So number one, let me start by saying I'm happy to be back, but I saw a whole bunch of people in chat screaming and yelling that they wanted to talk to the manager because we didn't do the last story. So I'll do the last story, but I run multiple microphones. So I have a wireless mic. I've got this mic here, but the only way I can get music to you guys is to run through this mic and everything else. So I remove. I've been using my wireless mic forever, and I just turned this set back on. The reason is because I didn't have this nice little spot and now you can hear me. All right, so anyway, let's see here. I've got. I've got chat pulled up, so I'll go through here real quick. Let me. Since I already have this up right now, we'll go ahead and look at this. So this was the last story. It says researchers uncover leaky looker vulnerabilities in Google's Looker Studio. I like Jerry. I have no clue what in the world leaky looker is or the Google Looker Studio. It says basically two separate attacks tenable. Researchers identified a weakness in how Looker Studio handles authentication and data connections. The platform allows report. Allows reports to retrieve data using either the report owner's credentials or those the view says potential impacts vulnerability. Okay, here we go. Vulnerabilities, connections to linky Looker with the range services they include. Basically, it looks like it. Without going into true detail, into looking at everything, it looks like maybe there might be some SQL injection or something with. With the stuff. Yep. The script allows a new report to run a custom SQL. So that's all it is. SQL queries allows you to get authentication into the back of the database. There you go. So there you have it. We did all the stories today, quick and easy. The last story that Jerry did was the big one for the day anyway, because that's. That's huge. All right, let me pull this back over here so I can go through and see if I can't search through and see what questions we got. I know it's been a while since I've been on here. I know I was on here a couple of weeks ago while I was traveling I popped in and said a couple of things. See what this question is? Simple cyber. You keep saying we need 120 CPEs to renew our certs, but I keep reading online that we only need 50. Okay, here's the deal. The renewal for certifications depends on what cert it is. When Jerry is saying 120, he's probably talking about an is, C2 or isc squared. However, whatever you want to say. Our CSS CISSP, we have to have 120 CPEs every three years. So when Jerry says 120, that's what he's probably referring to, is 120. 50 may be 50 for the specific cert that you have and maybe 50 for a three year cycle for yours. Like he always says, go out, find out what cert you have, and then look that up. And Those are the CPEs that you need to make sure that you have. For CISSP and higher certs, they're wanting 120. That's. That's all that is. Y' all let me know if the music's too loud. There you go. James is putting it in there too. CSSP, you need 40 each year for a total of 120 over three years. Yeah. So you know what? If you're getting 50 a year and look, like Jerry says on here, one hundred and twenty if you come, if you come every single day on here and you get your half a CPE, I think we did the math at like 225 or something, you're going to end up with all of your CPEs for three years within a year. But I would say this. Don't just use just this for your CPEs for the whole year. Use this. Number one, use this. I mean, this, this podcast, every single morning is great for threat intelligence, great for education, but also do other things other than just this, because there's a lot out there and there's many, many ways to get CPEs. But make sure you come every morning. Grab your your half a CP each day. It's quick, easy, and like he always says, this is a fun way to interact with 300 plus more people and find out what's going on. It's like we. It's like we're having our own little conference every single morning. All right, easy question here. Let's see. What's everybody's favorite password manager? My better half works with many different home. So I mean, Honestly, there's the three big ones, right? You got 1Password, you got LastPass, and you got bit. Warden, we all saw what happened with LastPass we all saw was a couple weeks ago, the whole Bit Warden stuff with them finding a flaw to be able to get in and read stuff. And I think that was not necessarily being used, but it was more of a research thing like, hey, look, this is a possibility that this could happen. So what I say is pick one, use it. Make sure your, your people at work use it. Especially if you're in the security or IT realm. Make sure you've got your, your high end people, your accounting people, those that have passwords, make sure that they're using that and locked up. But this point, right, we should all be trying to transition over to pass keys as well. Yeah. And Jerry's putting in here that he about the Bit Warren story. Bit Warden did fund that research. So they found the flaw and I think they fixed the flaw right away. So it wasn't necessarily a like, oh, this is, this is out in the wild. I think Bit Warden had somebody come in. Basically what you should do, right? You should have somebody come in and pen test you. They pen tested it, checked it out, hit the software on the back end, made sure that, that everything was kosher, found some issues, basically gave it to bitboard and bitwarden turned around and said, oh, hey, okay. And they fixed, I believe they fixed it. Yeah. I was saying if you, if you come every single morning, you're going to get around 120 for the year. Because we say half a CPE and when you remove, when you remove holidays and weekends and that stuff, you end up with like 220, 230 days. So divide that by 2. 110. 120. Oh, studio lighting. Yeah. Hey, you know what? All this, all these lights back here, I had them hooked up to the stream before so people could change them when they wanted to. We could go from blue to red. Red they changed for Christmas. They went back and forth from red to green. I have a lot of fun with it. Once we, once I get back into it, hopefully I get back into doing some more stream stuff, putting some more content out and I may hook all that stuff back up. James McQuin say one password. Bit warden. No, last pass. Bit Warden. Let's see what we got here. Code Brew says Not sure about CSSP, but CompTIA will not let you use more than one certain amount of webinar CPE hours, usually 10. You have to get the rest from other sources. Yeah, it's always good to have other sources in there. Yeah. I think this story. So Cheddar Bob put this Out Intra ID is rolling out pass key supports. So in all reality pass keys have been supported on Intra ID for a while, but it hasn't been like the mainstream thing, right? So they had Fido 2 so you could use your yubikeys and things like that. But what they're doing is I think they, they're going to push, right? So we went from passwords to now let's push mfa and MFA will give you all of the things for mfa. You can use sms, you can use Microsoft Authenticator, you can use a Google authenticator, you can use something else to authenticate. But what I want you to do is I want you to make sure that there is a second, third or fourth spot in there for authentication. Now everybody is seeing how you can get around MFA and how you can get around those specific things and they're going, okay, now you know what we need to do now we need to use pass keys and bring those to the machine and make sure that the person that's logging in is logging in from the machine that they need to be or that they say they're logging in from. And I think Jerry and Cobra maybe, I don't remember who it was Jerry and someone and I think he's got a, a video talking about, talking about this. This is a hundred percent and Jenner Bob's saying right here at least if anything get your admins on pass keys. Have them, have them start testing it. Get them on the pass keys because that, that way we can lock down their admin accounts and it helps securing, securing your back end. And we all know we need a secure back end. Nice lighting. We can see you. Yeah, I try to be seen. Yeah, I put these on. So these are gunner glasses. These are, they're if, if you're an old like me, if you got gray hair, they're, they're like blue blockers. They block out the blue light. Oh, I've caught up. All right, let's see. I wrote a random skills. I wrote a KB on some networking information. Where is the best place to post it? LinkedIn. So here's what I would say for a KB article. I would hopefully you have a GitHub. I would put it on GitHub number one. That way it's there, you're safe. You've got versioning on it. You can always update it. You can say, oh look we, here's my updated article. But then yeah, go post, go post your link to, to LinkedIn. Let's see, let me pull this up. Let me show you Guys, I've been, been working on this for a while and I know Jerry shows this every now and again on stream, so I've been doing a lot of stuff lately with my website. So for those that you don't know, I built out a website on GitHub using GitHub pages I've been using. I've been trying to get into like, Codex and Claude and all of these different AI platforms. Basically, in my position, I want to understand what they're doing, how they're being used, can they be secure, is there something, you know, specific that I need to look for and those type of things. So I've actually been using these to spruce up my site. And this is what, so this is what I've done. I've gone through and changed it and we could probably go back to the Wayback Machine and look how it was before, but I've, I've gone through and set this stuff up. I've created better news so the news shows up more. You know, I've got like a hero site and things like that. So using all of the AI information and using these types of things allows me to just go and say, hey, this is what I want to do. And then it automatically creates it for me and does it. It's pretty amazing. But then now you've got, what, cloud security, you have codec security in place as well. Then you can use these things to say, okay, this is great, but is it secure? And you go in, you write, you go and write your skills, you go in and write different types of prompts that they're gonna follow. That way when it goes to code, it codes securely. So we're, we're, you know, shifting left as opposed to shifting right. So you're putting the security into it. But yeah, I've done a whole bunch of different things on here, on, on my site. But to your point or to your question, create a repo, put that stuff in there and then put it out. And see, this is what I do. I, I put my stuff out on here, and then when I go post something on LinkedIn or wherever, then I'll reference my site. That way you get stuff over to your site, they don't just see that you wrote a KB article, but they also see all of the other stuff you've done. Like, oh, if they come in and they were to look at my repos or whatever. Oh, hey, he's got a repo here. Oh, here's another repo. So you can go in and look at that. What's the. What's this blue team stuff he's got up here? Oh, he's got an EPSS scanner, he's got a header analyzer. Different things. It just shows that you've got more going on than just your KB article. Right. Because you want to put that out. Like Jerry said when he was introing me, self branding. Self branding is a big deal, especially in our field, because you need to let people need to understand that you know what you're talking about. And the way to let everybody out there know you know what you're talking about is to put stuff out there. And put stuff out there that's legit, that they can go out, they can use and be a source of or source of reality when it comes to all of this, all the junk that's out there. All right, let me scroll back up. All right, any tips for moving from sysadmin to cybersecurity engineer? I just got a bachelor's in cyber from G, so that's kind of where I'll give you my. My quick synopsis of where I came from. So I was in help desk for a while, moved in, did like systems administrative stuff, computer like help desk stuff, building computers, worked at plants, refinery plants, went in when I was there, learned how to do networking, move more into the networking side, still did the systems administrative stuff because I was working at a smaller area. So I did systems administrative stuff, did the networking stuff, now kind of more into the security and the management side. So here's what I would say. When you want to move into systems administration, you've already been doing security by systems administration. Why? Because you've probably been updating, you've been patching, you've been doing other things that revolve around security, even though you may not have had that specific mindset. So now moving into a security role, you just, you're going to change your mindset of. Instead of just making sure that this is up, now I need to make sure that this is secure and up. Right. We have that scale that we're always talking about where you've got security on one side and you have operations on the other, and you got to find that, that median. Is it going to be a 6040 where it's more secure and less operational? Is it going to be a 6040 where it's more operational and less secure? You've got to figure out and that that's going to be based on the company. That's going to be based on what basically what the company's doing. And so forth. What I would say is for you as a systems administrator, moving into security, I would look for a security engineering role type. I'm not sure where you're working at or if they already have a group, but if you just got your bachelor's from WGU and there is a security part to the company that you're in, I would go and talk to them. How are you gonna, you know, is there a way for me to move over into. Into this department? This is what I'm interested in. Look, I can do all the security, I can do all the systems administrative stuff, but I'm really focused in on. I'm really trying to hone in on the security side and I want to understand the security side and work on there. That's why I went and did what I did. Getting a bachelor's in there, I don't think it'll be hard for you to move over there. It's just a change in mindset is all it is. Hopefully that it kind of answers and gives you something. Hey, it says nothing's playing. That's. Let me remove this from here for right now since it's not hooked up. All right. To help get your question recognized. Oh, let's see here. Oh, James, that was amazing with the GitHub. So I did the same. And my website apparently is now on there too. Thanks for us. Yep. Yeah. So one thing I've been looking at is GitHub. It'll allow you to put stuff on there, but there are limitations. So there's limitations in how much traffic you're allowed. I think you might be allowed 100 gigs of traffic, which is probably plenty for somebody that's just adding stuff on there. But when it gets to the information that you're putting on there, I think they only allow you like around one gig to five gigs of data. And I've been actually building out. So let me go back to this real quick. I've actually been building out and working on trying to automate cyber news. So I've created this cyber news with tags and so forth. So like CISO news. Right. So this would be news for like C suites and so forth. This would be like just daily news. So if I click on this news, so this would be the news for today. And it. It adds in a. An MP3. So I've got a script that runs, goes out and grabs specific ones that I pick for the day, turns them into this format, creates an MP3 for it, and then dumps it on there. And then GitHub pushes everything up. There's a little bit of manual step in between, but it literally takes like two to three minutes to push all this stuff up. But the problem is, is great for text, but when I start adding mp3s now I'm adding more and more and more space to it. So depending on how long I want to keep, maybe I just archive and pull that stuff off. Depending on how long I keep that information on there would be kind of depend on how long I can actually run that, run that site on there. I may have to adjust and move to a hosted platform, which won't be hard because you got Claude, you got Codex, you got all these other things to say. Hey, Look, I'm on GitHub's pages. Here's my site. How can I move? What would be the. What could be the cheapest way to move this information over here? And what's the best way? And it'll walk through everything for you. Phil. Let's see. Phil, separate. I used to. Let's see. I built my website using Claude. I write out a whole bunch of plan. That's the other thing is the planning. Go in and do planning. Let it plan it out for you. It says, hey, do you want to do like this? Do you want to do it like that? Give it in the planning stage. You also want to give it websites that you like. Hey, I really like the way this looks. I really like the way that looks. There's a whole bunch of different places. I, I sent it to Jerry earlier. I don't think he popped it on there. There is a guy on YouTube called. His name is Chase. AI. Look, look him up. He is great. He's got a whole bunch of. He puts out a ton of content on Instagram and TikTok and all that stuff. But he is very much into Claude. He was into Claude and N8N and now he's kind of gone away from N8N and like, hey, because Claude doesn't need it. You don't need Nadin anymore. You can use Claude with a whole bunch of different plugins that allow you to, to work on this. He talked about Open Claw, how Open Claw was hyped and you don't actually, actually need Open Claw anymore. If you wanted to do this, you could just use Claude with the remotes. He's got a ton of information, but I'd check him. If you are one that's wanting to get into AI, you don't know a lot about it. That'd be a great place to start. Do I Want to drop my site. So my site is just djbsick.com Sierra so you go to my name dj b sec and then just put.com at the end of it and it will pump it over there. We got a couple minutes. I'm looking to start a blog. Is there any platform you'd recommend? I don't have a specific platform, but there's ton. Like, like I said, GitHub is. GitHub pages is free. You can do that. There are a ton of templates out there to use. It's quick and easy to get set up. I would, I would start there and then if it blows up to where you need more space, then move, move somewhere else. Let's see, I have a custom domain and have GitHub pages hosting my site on that domain. You never know that that's exactly what I've got. So when you go to djbsick.com it pumps into GitHub pages and you would never know the difference. Go buy your. Go buy your domain and $5 or whatever, you know, 50 bucks for 10 years or something like that. What distro do you use? So when it comes to Linux, I don't use a lot of Linux. I've got Mac, I use some Mac, so I use osx. Usually when I'm doing something with Linux, it's usually on Kali or some type of Debian. I use Ubuntu as well. Just depends on what I'm doing. All right, we got a minute or so left. Let me see if I can scroll through here and see if there's anything left. Oh, we got a lot of subscribers. Oh, you know what? I didn't even think about that, James. So James is right. There's another so on LinkedIn. It allows you to not necessarily blog, but put out articles. That'd be a great way to do it too, if you want to. If you don't necessarily want to host something and you just want to put stuff out, if you've got stuff that you're going to put out, you can put out LinkedIn articles and I think you can schedule those and then get people to subscribe to them and so forth. But yeah, I would, that'd be a great way to start. And then if, and then if it takes foothold, then you know, you can start moving to other places. Yeah, WordPress is good as long as you. WordPress is, is a good platform. But at that point you're, you're finding a host and doing all that stuff. GitHub's free. The quickest way. Free is for me for right now. No problem, J. Roger. See you. All right, we're getting to the end. It is 8:30, and I've got honeydews that I've got to do today, so I'm gonna bounce. We're gonna. I want to thank everybody for hanging out. I know, man. That seemed real quick. 30 minutes, boom, in and out. But thank you all for being here this morning. I am going. Let me. It's been a while since I've done this. Now I've got to remember how to close everything out over here. Let me get my graphics up. Yep, free is for me. That's right. Let me find this, Man. All right, that's the intro. There's an out. That's an old outro. I don't want to do an old outro. There we go. We got a new one.
Dr. Gerald Oza
All right.
DJ B Sec
All right, Everybody, it is 8:31. Thank you all for hanging out with me for the last 25, 30 minutes. It's been real fun. Hopefully I'll be back, be able to do some of this, be able to pop in and in it, in and out and again. Got a lot going on when it comes to work and so forth. So got to try and make sure I get my work done, but also to be here with you guys as well. That said, hope everybody has a great day. We will see Everybody tomorrow morning, 8:00am Eastern Time, back over here and maybe we'll find out what happened with all the healthcare stuff. Maybe we'll get an update. But until then, everybody have a great day. See you.
Dr. Gerald Oza
Hey, everybody. I hope you enjoyed that content. Keep the cyber security train going by connecting with the other Simply Cyber community resources. We have the Discord server that's lively and always keeps the conversation going. You can connect with me directly on LinkedIn and also every single weekday morning on the Simply Cyber channel. We're doing live daily cyber threat briefings, 8:00am Eastern Time, as well as Thursday at 4:30pm we're doing live stream interviews with industry experts and we produce videos that we push out every Wednesday morning. I'm Jerry from Simply Cyber. I hope you enjoyed the content and we'll see you in the next one.
Host: Dr. Gerald (Jerry) Auger, Ph.D.
Co-host/Jawjacking: DJ B Sec (Ben Cheryl)
Today’s Daily Cyber Threat Brief dives into the most pressing cybersecurity news and threats for March 12, 2026. Host Dr. Gerald Auger brings his GRC and security operations expertise to break down news stories for practical, actionable insights. Highlights include breaking news of a devastating wiper malware attack on Stryker Medical, the risks of AI agent misuse, critical vulnerabilities needing immediate patching, and strategic industry news such as Google’s acquisition of Wiz. The podcast’s lively community Q&A further rounds out a content-rich, actionable session for security practitioners, with a signature blend of technical know-how and camaraderie.
| Time | Topic | |---------------|---------------------------------------------------| | 12:32 | Meta scam detection features | | 17:53 | Google $32B Wiz acquisition | | 25:04 | China bans OpenClaw AI in state agencies | | 31:00 | CISA emergency N8N RCE patch mandate | | 43:25 | AI browsers tricked into phishing | | 51:41 | France: Ransomware drops, payments up | | 54:24 | Stryker Medical hit by wiper malware (breaking) | | 62:14 | Community Q&A, passkeys, career advice |
This episode delivered a hyper-relevant briefing for cybersecurity practitioners, covering breaking incidents, high-impact vulnerabilities, evolving AI threats, and big industry shifts. It balanced actionable technical expertise with strategic context and career/community-building advice, all in the show’s signature supportive and energetic style.
Must-do actions from this episode:
For further resources, community, or to engage with Jerry and TeamSC, visit SimplyCyber.io.