Loading summary
A
Hey man, what's going on? How you doing? Today is Friday, March 13, 2026. Welcome to Simply Cybers daily Cyber Threat Brief Podcast. I'm your host, Dr. Gerald Ozier, coming to you live from the Buffer Osier Flow Studio. Got a hot cup of piping hot coffee ready to deliver the top cyber news stories of the day to you and help you basically level up as a professional, get insights that go beyond the headlines and alongside the Simply Cyber community right here with with me. Help everybody. Whether you're just breaking in or you're at that CISO executive level, whether you want to stay super technical or go the management track, no matter what, we are here to deliver insights, deliver value and deliver community. So get comfortable on this Spooky Friday the 13th and let's get ready to cook. As always, it's great to see you. I see James McQuiggin in the chat. If you didn't know, every single day of the week has a special segment and Fridays is exclusively and has been for quite some time dad Joke Friday with James McQuigging at 35000ft. So stay tuned for that. At the mid roll we're going to get some rib ticklers and have a good time. But first we have to start the cyber news. We're going to go through eight stories. I'm going to give my expert opinion and analysis on each of those stories. So obviously you can read these stories on your own. You can have a little RSS feed, heck, you can have an open claw agent send you a, you know, summarized version of the top cyber news stories. But what you're going to get here that you won't get anywhere else is just lessons learned and insights from sitting in the chair for 20 plus years. And not just me, but several community members of various levels. Right. Devin Grady's in chat working for the State Offensive skill Set. We've got Phil Stafford over in the the San Francisco next with that deep AI knowledge, James McQuiggin, 25 plus years senior executive, very focused on behavioral changes for workforce. Like we've got, we like whatever it is you want, we've got it in, you know, in deep, deep bench here at Simply Cyber. So I hope you get value from the show. Now I don't research or prep for any of the stories. Ain't nobody got time for that because it's disingenuous and like literally doing this every day is what I've done for years and years and years before I even turn the camera on. And I, you know, to me it actually makes the show a bit more interesting because I literally have no idea what stories are coming. I also have no idea what I'm gonna say, right? I mean I'm. I'm as much an attendee of the workshop webinar as you are.
B
Now.
A
Every single day this show is delivering CPEs or Continuing Professional edu crate education credits. Oh, looks like we have a first timer here. Cat Ball. Cat Ball Louie. Cat ballooey. Cat squad members, if you can, we will jump from CPS to first timers. I want to say shout out and holler to the first timers. If you're here for the first time, drop a hashtag first timer. That's the pound symbol. Shift three. First timer in chat. And we can recognize you, welcome you to the party. We have a special emote. You can see James McQuagan and Joss TX and Space Tacos dropping that John McLean emote. So Cat Ball Louie, welcome to the party, pal. That goes for everybody. If you're a first timer, I'm not saying pull over, but you know, maybe you're running on the treadmill. Just throw your feet on either side, straddle that treadmill track. Drop a quick first timer in chat. Get back on it. Okay, as I was mentioning a moment ago, every episode is worth half a cpe. So if you have cyber security certifications and you need cps, it's very simple. Say what's up in chat. You appear on the show. You appear on the show. What's up dad? 0041 asking what's up in the chat. Grab a screenshot. You'll see that it says Today's Cyber News March 13th episode 1088. Go ahead and screenshot that with you saying what's up? That's a piece of evidence for today. Come back Monday, do it again, come back Tuesday, do it again. And if you do it every day, you can get up to 120 CPEs a year for attending the Daily Cyber Threat Brief. Now obviously you need to check with the cybersecurity certification body that you're submitting CPEs for to figure out what their policies are. I know DJ B SEC did the jawjacking yesterday and it mentioned that some organizations only allow you to submit up to 10 for a certain, you know, webinar or whatever. This is an instructor led webinar after all. So you know, check your policies. But at the end of the day, each episode's half a cp. What that does for you, that's for you to decide. I'm just here Making the content and trying to deliver value to the organization. Now, speaking of delivering value, I would be remiss if I didn't share the show sponsors, those who help support the show financially, as well as just partners that I believe in and really, really enjoy. Starting with Anti Siphon Training. Many of you know Anti Siphon Training, the training arm of the Black Hills Information Security Group. And they have the Sock Summit coming up. But I want to. Where is it? Where is it? We, we have the Sock Summit coming up. Okay. So March 25th, you know, if you're not going to RSA and you want to get a six hour basically mini conference, they have that sock summit. But what I really want to tell you is this. This came across my feed this morning and I have to share with you. Oh my gosh. Anticast April 1st, April Fool's Day. You want to learn how to write sock tickets that build trust and drive activation. I mean, action. This is literally a very practical hands on webinar that is going to teach you a skill that any SOC analyst, including entry level SOC analysts, will need to know. And, and you know who's going to be teaching us? My good friend, the Haircut fish, Dan Reardon. The man doesn't just make memes. He's a sock ninja and he's going to judo chop your throat with a webinar on how to write tickets. So awesome Dan, to see you out there. This is what delivering value looks like. This is what growing a personal brand looks like. I've been, I personally, I know Dan's a big boy and, and you know, an adult and all that, but like, I personally, he's one of the people whose careers I've really enjoyed watching from, you know, from the sidelines grow over the years. Like, I, I am absolutely subscribed and hit the bell for notifications on Dan Reardon's career. So there is a link for everybody in chat. I'm gonna go ahead and pin it. So thank you. To Anti Siphon Training double Double shot, where I get to share a sponsor as well as call out, shout out to my friend. All right. Also, we got Flare Academy just confirmed my, my dinner with Flair at RSA this year. Guys, listen, Flare's offering a two week free trial for their Cyber Threat Intelligence platform. Their Cyber Threat Intelligence platform is super sick. When I say super sick, I'm talking straight up. Just, oh my gosh, is this real? This has to be fake because it's too good. If it's too good to be true. I've heard it's not real. Well this is one of those exceptions. Flare's threat intelligence platform, they go and mine the dark web criminal telegram channels, you know the CD underbelly of the Internet and go pull all that information and then they put it in a very easy to access platform where you can go look for your company, your domain, your email accounts, your see if passwords are compromised, see if there's shatter about upcoming attacks. All the things this is a gold mine. It's basically like, this is basically like X ray vision for cyber criminal underbelly and you can get access to it. Right now they're offering a two week free trial which I'm telling you is about 13 days and 11 and 23 hours longer than you need to determine whether or not you're going to get value because this is freaking awesome. If you go to simply Cyber IO Flare you will have to get verified because this is so, so valuable that a threat actor would want to get in here. So they'll have to verify you but ask anyone in the community who's using it and get their opinion. A big fan. Also just so we're all on the same page, I was calling Dan Reardon a big boy like he's an adult, like he's a grown man. He's a real boy. All right, don't try to read into it, don't try to start trouble. DJ B. All right guys. I also want to say shout out Love to FL Threat Locker. Fl Threat Locker is you know one of the end all be all leaders in application security at the endpoint in the cloud. Just adding that cloud feature recently. Let's hear from them and then I'm going to melt your face. I want to give some love to the daily cyber Threat brief sponsor. Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Don't worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business business operations flying high. Threat locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their U S based Cyber hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCybert. All right, quick shout out here in the chat y' all at B u h r Y N a J so bur yanj at B u r H Y a N J. So if you wanna. I'll put it in chat really quickly if you guys want to get on this. But get your wrecking ball emotes ready because this individual is straight crushing it like a boss. And I quote. Finishing up my first week outside of help desk admin today, got a position in a CMMC consulting company doing what I am passionate about. Thanks for being there for us every morning. Hey, hey, hey. Bureau Yanj. Nice, dude. Love it, love it, love it. Congratulations. Super pumped for you. I. I told people. I mean, whatever. It's not like I'm some like wild soothsayer and oracle at Delphi. I told you guys, CMMC jobs are going to pop off. I made a video like a year ago calling it and glad to see people are getting that access. All right, everybody do me a favor. We gotta, we gotta do the work here. We gotta do the news. Brian J. All right, Brian J. My man. Do me a favor, everybody. Brian, I need you to do me a favor. Brian, sit back. Okay, Marcus, Kyler, I need you to relax and I need everybody to just let the cool sounds of the hot news wash over all of us in an awesome wave. I'll see you guys at the mid roll. Oh, you hear that wave. Ooh, that's nice.
C
From the CISO series, it's Cybersecurity Headlines.
B
These are the CY Cybersecurity Headlines for Friday, March 13, 2026. I'm Sarah Lane. Iran boosts cyber attacks According to research from Checkpoint, Iran's Ministry of Intelligence and Security is working with cybercriminal groups to strengthen and obscure its cyber operations. Iranian apts such as Void Manticore have incorporated criminal tools like the Radomonthus infostealer and and may participate in ransomware as a service ecosystems blending state and cybercrime activity. The approach is said to complicate attribution and allows Iranian actors to buy malware infrastructure or initial access from underground markets instead of developing their own tools.
A
All right. Hey, really quick. Mad Destroyer. Did we just become best friends?
D
Yep.
A
Love it. Mad destroyer gifting 5 gifted subs. Thank you, Mad Destroyer. So if you're one of the recipients of said gifted sub, you can thank Mad Destroyer. Also huge coffee fan, also very competent Magic the Gathering player. All right, so Iran, you know, again, this shouldn't come as any surprise. Iran is got capabilities, okay? And they have cyber capabilities. And now because of this existential threat that they've been faced with, right? I mean, obviously you have been following the news. All of us have. They're going they're going ham, right? Not only are they executing all of their capabilities that they can, but they're leveraging their network as well to help them achieve their goals. Right? So they are now partnering with cyber criminals to boost cyber attacks, as the title says. Now this, this is just money, right? You know, I don't know Iranians like, GDP or anything like that, but the amount of oil going on out there, you know, their military, their research and development, like, they clearly have financing or money. And last time I checked. Hold on, let me, let me check with the judges really quick. Let me, let me just research this really quick. What is it that cyber criminals like? Straight cash, homie. Yes, straight cash, homie. So, I mean, you might get some cyber criminals that are like, whoa, whoa, whoa, I don't want to get involved in, you know, a geopolitical, you know, rock fight here, World War iii. But, but I mean, other ones, it's like, dude, show me the money. And we're, we're. We're game, right? I'm a gray hat mercenary. Not to mention there's plenty of threat actor groups that are anti Western philosophy. So, like, getting them on board, it's like double win for them. It's kind of like me talking about, I mean, Russian threat actors partnering with Iran to do cyber attacks is, is similar, although not exactly one to one. So please don't make this association to Dan Reardon working with Anti Siphon. Like, yeah, I love it. Like, oh, I get to have anti siphon as a sponsor and talk about how Dan's going to be delivering a talk there. Like, double win. Like, let's go. So again, please do not try to draw conclusions in here. Holy crap. Justin Gold, coming from the. The research department, drops this casually in chat. Iran's GDP was $440 billion in 2024. So, I mean, cyber threat actors do charge a penny or two, but my God, I think 440, $40 billion is. You can find some pennies in the couch there to pay for some cyber threat actors. So what does this mean for you and me and everybody else? It means that there's likely to be an uptick in activity, especially in the United States. Especially in the United States, since we're the ones who are effectively initiating this war excursion, as some people call it. So there's an uptick in activity. So I said this yesterday. My, my TLDR is. Unfortunately, I was hoping I'd never see this in my lifetime, but we are entering a global conflict, it would appear, which means, you know, public Private sector, they're both going to be in scope. This is very much not like, oh, here's a military area and here's a public sector area. There's one Internet, okay? So we all are now got heightened risk. The likelihood goes up, also the impact goes up. So effectively going from like DEFCON 5 to DEFCON 4, you just gotta be more vigilant. Right. And make sure that you're doing all the things a little bit better. You can even depending on the state of your business, you might be able to start sliding this in as hey, we've got some increased threat or increased risk, however you want to kind of paint the picture. But we've got an increase in concern and one that we should not be. It's not business as usual. All right, you can see here, Russian intel has employed civilian hackers. That's another thing. Again, I'm not some geopolitical expert and I'm certainly not trying to make this show about politics, but objectively, it's been shown that Russia is helping Iran with drone related information and knowledge and targeting. Right. It's being reported in the news. Right. So there's obviously a relationship there already for Russia and Iran. So you know, it would seem natural to assume that the, the resources that might be private sector cyber threat actors that are operating under or in association with Russian nation state would then get access. Right. It's like if, if, if you need someone to like, I don't know, like I, I've got a guy that mows my lawn, right. And then casually Joseph moves in the neighborhood and he's like, hey, you know anyone that can mow lawns? I'm like, yeah, I got a guy. Right. It's the same thing. It's like, hey, do you got a cyber criminal threat actor group? Do you? Yeah, I got one. I got a guy.
D
Right.
A
It's the same thing. So I could see that for sure. Obviously that striker attack recently. All right, so you can see here, this is, I'm quoting the article. The takeaway from our perspective is how deeply they embed cybercriminal activities into their operations. Yep. So that's the deal. Not to mention we saw this during the Russian, Ukrainian conflict as well. You know, cyber criminals are also humans and some of them have, you know, patriotism in their heart. So if their country is being impacted, they, they might take it as an opportunity for activism and you know, take action against the adversary of their, of their home country. So we've got a lot going on there. Absolutely. Without a question. There is an uptick in risk to all of our organizations.
B
Venon malware targets Brazilian banks Brazilian cybersecurity firm Xenox has disclosed Venon V E N o n a new Rust based banking malware targeting 33 banks in Brazil. Venon infects Windows systems via DLL sideloading social engineering campaigns like click fix and nine evasion techniques. It monitors active windows and hijacks shortcuts to deliver fake overlays for credential theft, notably targeting it. How's banking app? The malware can also undo modifications to cover its tracks.
A
England all right, so we got a malware called Vnon. It's designed to attack Windows systems and a Brazilian cybersecurity company found it. So I don't know if this is targeting Brazilian. Okay it says, literally says targeting Brazilian users written in Rust. Okay so Rust is, you know, one of these program, one of these like new age Gen Z programming languages. It's a little bit faster in the way it executes. This is banking malware, but it's targeting Brazilian people. So for everyone in chat, you know, these, these malware, these malware families can be ported over to, you know, English speaking or you know, Korean speaking or whatever with some level of effort, but it's not impossible. But this is all up in the Latin American cybercrime ecosystem. So it's Venon, not Venom. So what I would say is, you know, as a, you know, as a U S based practitioner, I'm like oh, dodged a bullet there. But again, it's good to know what these are. So banking malware is definitely made a comeback. I would say financial based malware was like very popular. 2012, 13, 14, 15. Right. This is like when PCI really got its grips and then ransomware came on the scene and kind of pushed the financial stuff. But the banking one is back now, so you should very be, you should be mindful of these basically banking financial based malware. So if you work in the fintech space or financial space things, but just know as a practitioner that there is an increased activity in this type of malware that we're beginning to see or we have begun to see. I should say it's been going on for like the last year. Yeah, exactly. So DJ BSEC kind of flippantly said in chat. It's what I was thinking as well, like just take the malware and tell AI hey, make this work for you know, English speaking, you know, victims or whatever. All right, let's see what they do. All right, so this, it does, you know, it's Interesting. It says that targets Windows systems, but part of its functionality is a banking overlay, active window monitoring and a shortcut LNK hijacking mechanism. So I feel like a lot of times when you see overlays, that's on mobile devices, like Android devices, so they, you know, it's a transparent overlay to steal your key inputs. But anyways, like, I, I don't know why, like is there bsec? Like is there. Can someone tell me, like, why are LNK files getting through so successfully? Like, I get what they are but like I, I can't really think of too many like legitimate reasons. I've seen LNK files get delivered to me, like where I'm like, oh yeah, this, like this is a real reason. This is a legitimate transfer. You know, I, I'm not saying, I mean, I guess maybe block LNK at the, at the firewall. All right, let's see. All right, so there's a little bit of IOC in here. This could easily be changed. BYST4 looks like it's the malware authors development. You know his name, so you can see That. C users BYST4. So if you see that in your telemetry, your event viewer, I mean you shouldn't be using event view, you should have a sim. But like if you see this, this is like a, a, a super bright red flag. But again this is like trivial to modify unless they're using AI and then the person, the author doing it probably doesn't know how to change it. So. Oh, see, look at this. We don't listen, I don't research or prep. I know DJ B doesn't either. But look at this. It says right here, a developer familiar with the capabilities existing in Latin American banking Trojan could use Gen AI to rewrite and expand the functionality. So. Yeah, exactly. AI can be done to do this. All right. It's believed that this initially the initial infection, you know I'm big on blocking. Initial infection is a click fix. Please, please, please, please, please educate your end users on click fix and how to prevent it. You're not going to, There is no captcha where you're going to hit, you know, Windows key R, Control V like that. There's no, there's no capture for that. Please just make that your message today.
B
HOCKEY INVESTIGATING BREACH England Hockey is investigating a potential ransomware breach after the Air Lock gang claimed to have 121 gigabytes of data and threaten to publish it unless a ransom is paid. The organization, which oversees field hockey across more than 800 clubs and 150,000 players is working with internal teams, external experts, and law enforcement to assess the impact. AI lock has been active since April of 2025 and uses double extortion tactics and advanced encryption to lock files. Players are advised to watch for suspicious activity and phishing attempts.
A
All right, at least the threat actor didn't even try to pretend that they didn't use that. They used that. They did not use AI. Like, they straight up call it AI lock and then, I don't know, whatever. Nice graphic, bruh. So England Hockey, I mean, whatever, it's one of these organizations that just helps manage a sports league. Could have been anything, could have been a publishing company, could have been a, you know, a brewery. It just happened to be a sports management league. An AI lock got them. Now they stole 129 gigs of data, which is pretty common nowadays. The data exfiltration, I believe, is more popular than data encryption at this point for. For a multitude of reasons. But let's see. Yeah, So, I mean, this is a per example, this threat actor did not encrypt the servers, right? So England Hockey comes to work on Friday morning, March 13, and they can do business. They can send emails, they can pay bills, they can take requests, they can take phone calls, they can schedule matches, like, whatever they got to do. England Hockey is not down. It's just that a threat actor has stolen 129 gigs of organizational data. So now you've got to deal with that, you know, and this is a decision from management at England Hockey. Do they. Do they care about that data? Is that data compromising to them? Is that data going to result in financial loss? Is that data going to result in customer confidence erosion? Probably not, right? I mean, they are the. They're the organization that manages field hockey in the country, right? So it's not. I. I don't know. In my opinion, like, it would be quite the mountain moving for, you know, the 800 English hockey clubs to be like, you know what? You know what, mate? Roswell, uk. You'll have to let me know how my British is or whatever. Just think about this logically. Like, would you. Would. Would these 800 clubs be so upset that they're gonna go start a new league? No. Right? I mean, that's like, who knows if there's even, like, contractual capabilities to do that. It'd be like the NFL in the United States getting hacked and, like, a bunch of data got out, and the teams are like, oh, this is ridiculous. We're gonna start like a new NFL.
D
Like, no.
A
So I don't know, man. I feel like it sucks, right? I'm not, I'm not super pumped that this company, this organization suffered a data breach, but when I think about it from a business perspective, great cash, homie. I think England hockey is just going to roll on. Of course they'll do all the PR spin, you know, private, you know, the data and security and privacy of our members is vitally important to us. We've hired third party external consultants to come in and figure out our stuff. We're going to be vigilant, et cetera, et cetera. And also, here's your one year of identity theft protection. And also, you know, they're not going to mention the threat actors leak the data. But I mean, I don't know threat actors. I feel like threat actors got to, got to choose their organizations a bit better. But anyways, like, I'm not, I'm not promoting or condoning it.
B
Form 2561 uses SEO poisoning for fake VPN clients Microsoft Threat Intelligence reports that the cybercriminal group Storm 2561 is running a credential theft campaign using SEO poisoning to distribute fake VPN clients. Users searching for legitimate VPN software are redirected to malicious sites hosting zip files with MSI installers that sideload DLLs including the Hyrax infostealer to capture VPN credentials. The malware is digitally signed to appear legitimate and maintains persistence via the Windows run once key. Microsoft advises enabling defender protections, multi factor authentication and blocking untrusted executables.
A
All right, what? Okay, I wanted to know which one they were doing. Pulse VPN download. All right, I never heard of Pulse vpn. Is it open source? Okay, so they're targeting. Okay, so it's not Pulse VPN exclusively. It looks like they're also targeting Fortinet and Avanti effectively what the threat actors are doing. And this is something you should be super mindful of, especially in the age of AI where like AI is like if you Google something, Gemini gives you your first example, your first answer. Marketing departments around the world would love to be as effective as threat actors. Apparently when you Google something, just be real. Like how often do you pick something on the first 15 results? Probably often threat actors know this and it's called search engine Optimization SEO. And essentially you stuff a bunch of keywords and you, you, you game the system as far as like the, the logic on how Google decides what results to turn to the homepage Cat Ball, Louie. I think it was a first timer. Now squad member Bro, Love it. All right, so listen, there's like, you know, a hundred thousand blog platforms, right? So when you type in start a blog like me, you know, medium comes up, right? Like how to start a blog. Okay, okay. AI overview. And right here, look at this. Whoops. First line. Starting a blog involves selecting a niche, choosing a platform like WordPress or Wix. Dude, right there. WordPress and Wix. Trust me, WordPress and Wix spent a lot of money and a lot of time and a lot of focus to show up in the second sentence of a Google query. All right? WordPress.com Top result Wix.com Second result, right? And by this point you're probably not scrolling down here anymore, right? So this is an example of like SEO now threat actors, they're like, oh yeah, this is good. People trust the results that Google provides. And if Gemini says starting in blog involves selecting a niche, choosing a platform, right? So if you Google VPN client, like your organization is like, hey, listen, we use Avanti here. You gotta install the VPN client. This is a true. This is exactly how it'll happen too. You're a new hire or you're a salesperson on the road and your computer gets screwed up or whatever. And you go get a new computer and they're like, you can't access any resources unless you are on the vpn. It's a security thing. And me and you and DJ B SEC will be like, listen, we take security seriously. You must be on the vpn. All right, cool. So then victim Google's Avanti VPN because they can't get to the internal network to download the official VPN client because they're on the road or they're at home or whatever. And the threat actors make the top result using SEO poisoning and paying money to be a sponsored post, you know, a vpn-avanti.com download and make it look just legit. And then you download that VPN client, thinking you're going to get on the internal network and instead you're loading malware onto your computer, right? And sometimes it's trojanized malware, which means that the VPN client will actually work while they still own you. Which means now you're going to connect into the internal network and give the threat actor access to that, which is absolutely double gross. So you must educate your end users on being mindful of that. But even, even then, if Gemini is like, oh yeah, go to, go to this vpn-avanti.com now you got to rely on the tech stack to prevent this and this is what defense in depth is. Okay? Application whitelisting or application allow only application execution. Right? I don't think whitelisting is a term that's supposed to be used anymore. So a tool like Threat Locker just. Again, I'm not pumping threat lockers tires but a tool like Threat Locker is an example of what they're talking about. Right? Emmett is a free tool that is very difficult to manage that comes with Microsoft technologies that you can use. Right? Sign signed applications etc. Right? So just be mindful of that. This storm 2561 it's not necessarily attributed to any known nation state threat actor or organized cyber criminal threat actor group. But they're hyper effective so don't, don't, don't, don't. Basically you can even educate your end users like listen, do not install VPN software unless it's provided to you by a IT person. Right? Official links okay.
B
Huge thanks to our sponsor Drop Zone AI. If you're heading to RSAC next week, here are three things worth seeing at the Drop Zone AI diner. That's Booth 455 South Expo Hall. Number one, watch their AI SOC agents investigate real alerts live with every reasoning step exposed. Number two, meet the AI Threat Hunter, the newest agent joining the team. And number three, enter the investigation competition and go head to head against the AI schedule your stop at dropzone AI RSA2026 AI dash diner.
A
All right. Hey Hala. Holla at the Mid roll. I've been playing Simple Minds. Don't you forget about me this week at the mid roll. But Dan Reardon made a pretty astute observation yesterday that I do go back and cut it out to avoid any copyright issues. But that means I cut out the meme of the week. I cut out James's jokes of the week. I cut out the mid roll activity. So if you're watching on replay, you kind of get hosed. So I will not be playing the Simple Minds thing because I guess I'd rather have you have the jokes than the la la la la. So I want to say shout out and thank you all. This, this just doesn't have the vibes I'm looking for, man. Can I get something with like some vibes, bruh? I need something with some like, energy, you know what I mean? Platinum streaks. What's this do for us? Oh my God. Like, how can I laugh with a joke if I'm like being put to bed? All right, here we go. This one's fine. Little upbeat guys. Holla, holler and Shout out to the stream sponsors, threat locker, anti siphon and flare. Thank you so very much for sponsoring the show. Yes, every single day of the week has a special segment, and Fridays is none other than James McQuiggin at 35, 000ft. The same James McQuiggin who did an anti cast on Wednesday this week. The same James McQuiggin who knows how to do deep fakes. This guy is amazing. If you live in the Florida Orlando space, you know dang well what James is all about. So let's do James's jokes of the week. Here we go. James wants to like this song. Like, I can't. Like, how am I supposed to tell a joke if I'm, like, freaking doing, like,'90s club glow dance or glow stick dancing, bro. Can we. Can we get something? Oh, here we go. Why is that so loud? Hold on one second. Hold on. Like, just allow me a moment while I. I am playing stream beats. Hold on one second. I don't know why that came in so loud. Give me a second here. There we go. All right. Which one of these has, like, a beat to it, bro? It's Friday. I want to get. I want to get, like, I want to get lit up here. Not put to bed, drive into the night. Okay, let's try this one final, final answer. All right? We'll work on that community. See what happens when I try to serve everybody. I end up serving nobody. Okay. All right, here we go. All right, here we go, guys. Check it out. James McQuiggin's jokes of the week. Why did the mobile phone have to wear glasses? Why did the mobile phone have to wear glasses? It lost its contacts. Okay, all right, all right. James wants to know what's another name for apple juice, everybody? You know apple juice and peanut butter and jelly. Maybe you get some goldfish snacks at snack time. What's another name for apple juice? If you are in the. At your. If you're at RSA next week and you're not into drinking alcohol and you're looking for some apple juice, you can just ask for an iPhone charger. An iPhone charger. All right. Why do horses have a hard time using the Internet? All right. Why do horses have a hard time using the Internet? Now, this is interesting. If you didn't know about this, a lot of horses are actually online. There's a couple influencer horses in the equestrian space. There's like, an entire dressage market full of horse content creators, so. But the reason that they have a hard time using the Internet is because they require a stable connection. A stable connection. All right, that equestrian themed joke and mobile phone joke brought to you by James McCoogan at 35, 000ft. There we go. And look at this. That's coming in live right now. This is actually the leading content creator in the dressage space. This is Skippy. Hey, Skippy. Be sure to like, comment and subscribe to Skippy's a dressage channel, as always. All right, guys, thank you so very much. It's all about good times here on Simply Cyber. Let's finish strong and do the back half of the stories.
B
Foreign. Uses AI assisted Sloppily malware IBM X Force researcher Golo Moore said in a report shared with the hacker news that Hive 0163 is using AI assisted malware called Sloppily to maintain persistent access during ransomware attacks. It's deployed via PowerShell scripts and scheduled tasks and functions as a backdoor beaconing system. Info and executing commands from a C2 server. AI helped generate readable, well structured code. But the malware is reliant on standard persistence and post exploitation techniques. Hive0163 often uses click fix malvertising and access brokers to deliver malware like Node, Snake, Interlock Rats and Interlock ransomware operation.
A
All right, yeah, this is the, this is, this is where we live now. Like I feel like we've been training as cyber professionals for years. And this is, this is our, you know, this is, this is what we trained for. Okay. So AI is making developing software incredibly easy. Right. Vibe coding at least the threat actors now are like being transparent about it, calling this one sloppily meaning AI slop. And they're using it to help with persistence C2 capabilities during ransomware attacks. Also there is an entire like malware as a service criminal ecosystem, which means they don't need to develop their own malware. They can just purchase malware through like a ransomware as a service affiliate market. And let's see what Hive0163 is all about. Yeah, they're using AI to move faster, of course. Right. IBM X Force researcher is reporting on this. I love IBM X Force as far as, like their, their annual report is a very good one. If you're looking for solid informed, well, like, well informed on real like facts and statistics and telemetry. IBM X Force is very good at that. All right. Yeah, X Fill and ransomware, sure. Those are like the two. Like this has been the Data XL and Ransomware have been, you know, like what we've been doing since 2017. So if this is new to you, welcome to the party, pal. All right, let's see. All right. Yep. So, again, ransom, Just so everybody's on the same page. Ransomware isn't the first stage. It's not like you click on a link and ransomware takes over your company. It is a post exploitation tool. You are already owned. It's like the threat actor owns your box and is now going to do whatever they want. In looks like you can set up a detection. To see it running as a task called a scheduled task, called runtime broker. So for persistence, remember, if you reboot your computer, like, if the malware is just running in memory, when you reboot the computer, it clears the memory and their malware goes away. Right? But by not writing it to disk, the EDR might not see it. So in this instance, they use scheduled task, which is essentially like a cron job on Windows, to, you know, restart the service. Right. It does say that it's likely deployed in the runtime folder, but it doesn't have to be. You can have scheduled tasks that run anywhere. Oh, my gosh. DJ B sec wants to create a new word, and I kind of like it. I hate myself for liking it, but I kind of like it. We can call Vibe coded malware. Vibeware. Who's with me? Vibeware. All right. You know, I wonder if we could do this. Dan Reardon, I've got, like, a challenge for you. I mean, this would be. I don't think you can do this very quickly, but in my mind, I just want to share this right away. In my mind, I guess I don't know what the exact one would be. I think it's this one more than. More than any other one. But basically, Night at the Roxbury, guys. Okay, I feel like it's this one, but then their eyes should be like the red laser crypto Bitcoin crypto bro eyes. And that. This is like Vibeware. You know what I mean? Like, it's, like, cringy, but also it makes a lot of sense. All right, what's the initial infection vector? Right. It's probably, what, Click fix or some other stupid. Here we go. Oh, click fix. Yep, there we go. Now, this is this. This, by the way, just as a. As an aficionado, as a bit of a connoisseur of infographics, this one is pedestrian at best. This is not really an infograph. This is. Come on. What are we doing here? So, you know, basically, they fall for click fix. Here's an idea. Let me Let me walk through this kill chain and break it down. Number one, click fix. Educate your end users on not falling for Click Fix. Number two, executes PowerShell. If you can have your end users not have permissions to execute PowerShell on their own machines, there's an idea. Number two, or, excuse me, number three, it downloads malware. Download means it comes from the Internet somewhere. If you got a firewall rule or like, you know, threat intelligence fed real time blocking on the firewall, like Wildfire is the one I always reference. Put that in place. So then even if onto Orthea falls or Click Fix and PowerShell runs on the box because she's got permissions to do it, when it goes to download, it gets stopped. All right, all right. Then it downloads. Okay, so interlock rad is running right here. Here's an idea. Edr have it not, you know, have it. Stop it and prevent it. And then once you're at this point, once you're at the bottom part of the execution, you're screwed. Like, at this point, I did everything I could. Like, I tried to stop the tide from crashing over the breaker wall, but at this point, we're all wet. All right, looks like they're employing click fix and malvertizing for initial access. Malvertizing, that's, you know, like, that can come in a different couple of different ways. But imagine like an iframe with malicious app saying, like, click here for, you know, whatever, 50 bucks off X, Y and Z. Or like, you know, vpn, you know, free VPN or whatever, whatever. Malvertizing is malicious advertising. We see ads on everything all the time. So that's what that is.
B
Lightning takes down SOX Escort proxy network. Law enforcement from eight countries disrupted the SOX Escort residential proxy network in an operation called Operation Lightning, seizing 34 domains and 23 servers across seven countries and freezing about $3.5 million in cryptocurrency. The service infected routers with AV recon malware and sold access to roughly 369,000 compromised IP addresses used for fraud, ransomware, account takeovers, and other cybercrime that caused tens of millions of dollars in losses. Authorities say the network had about 124,000 users.
A
All right, a couple things. One, there's a typo on this thing. Not that I'm gonna, like, dunk on it, but like it says, stuck down. I think they meant struck down, not stuck down. But, hey, law enforcement, regulators, I love it. Operation Lightning. Kind of a pedestrian operation name now that, you know, America's into, like, Midnight Hammer and Epic Fury, but whatever. International law enforcement kicking the door in on Sox escort. I love this, by the way. Eight countries. Coordinating law enforcement across multiple countries is awesome. All right, so, dude, this is no joke. Tens of millions of dollars in losses to victim organizations. Let's see, what does this actually do? The FBI was involved. That's cool. 34 domains, 23 servers, seven countries, three and a half million dollars in crypto frozen. You always got to follow the money guys, right? I mean, if you can lock down the money, The servers that were seized will lead to additional evidence. Now, of course, like law enforcement definitely want to say says this to like, basically scare the cockroaches into the dark, right? Oh, no. Like I've actually used soccer score. It's like, I hope they don't find me. So I'm going to lay low, right? So this is like not collateral damage, but collateral benefit to law enforcement to kind of help curb people that they may have not caught just by association with this thing. Especially since it had 100,000 users of the platform. Each one of those users is probably puckering their butt right now. Unfortunately, this service hacked residential and small business devices. My suspicion is hacked. Hacked means use default credentials as residential and small businesses typically forget or do not know any better. To change those credentials, go look at Mirai Botnet as a classic example of how effective that can be. Upwards of 600,000 compromised assets due to default creds on, you know, basically home or small business devices. Let's see. Yeah, I mean, this is. This is a pretty effective business, right? Man, they defrauded a customer of a crypto exchange who lived in New York, defraud them up to a million dollars. So I mean, if someone can. Here's the thing. If someone can control your router, that means they in very likely that's where your DNS is going to be. Like, they can control DNS in a lot of cases and make it look like you're going to legit sites. They can, you know, like force you to go to certain sites. They can change. Like, they can do like proxying of graphics and change things. Like, it's. It's pretty powerful to be able to control a network's router. Right. So let me look at this really quickly. So I hope. Did they say arrest? Unfortunately, the story, the word arrested doesn't show up, which means that the FBI was able to coordinate with the ISPs who are hosting that infrastructure. Probably put some. Put some lean and not Memphis lean. Okay, Jay Gold, so calm down. Like put the. Put the screws to these ISPs and said like, listen, we'll, we'll wreck your whole business if you don't basically give up hosting this, this malicious infrastructure. So unfortunately, threat actors are going to just find new malicious infrastructure. This will disrupt but not disable or destroy this proxy service. Especially remember, like, this business is probably making a ton of money. It said tens of millions of dollars, right? Let me see. Yeah, millions. Tens of millions in fraud, right? So if you're making tens of millions of dollars, right? I mean, here's a perfect example, right? Like, let's just pretend for a second in a fantasy world that the Buffer Osier Flow Studio made tens of millions of dollars a year, right? Like simply Cyber has gone global, right? I'm like pitbull over here and we're making tens of millions of dollars, okay? And then I come out to work one day and law enforcement has taken the Buffer Ozer Flow Studio and yeeted it into the sun. Do, do you think I'm just gonna like, oh, all right, I guess I don't have a studio anymore. I guess I'll just go get a, you know, get one of my old jobs back and get to work? No, I'll just go buy another studio. It'll take me three months to get it set up, get all the gear in here, figure out that I shouldn't use a hundred foot ethernet cable, and then get back to work making tens of millions of dollars. So I say it all the time. You have to arrest the people behind it because they have the knowledge and the capital to be able to reset and rebuild the infrastructure and they are hyper incentivized to do it.
B
Great cash Homie warns of flaws exposing backup servers to RCE attacks. Veeam patched multiple vulnerabilities in its backup and replication software, including four critical remote code execution flaws that could allow low privileged users to run code on backup servers. The bugs could also enable privilege escalation and credential theft. The fixes are included in versions 1232-4465 and 13.0.1.2067. Veeam warned attackers often reverse engineer patches to target unpatched systems, noting backup servers are frequent ransomware targets.
A
All right, so Veeam is a very popular, very powerful, very good, very good. By the way, like not a sponsor, but like, you know, if there's a product I like, I'm going to tell you guys, I'm not like some type of jackass who's like, well, I only talk about people who give me money. Like Veeam is good. Veeam to me is like a great enterprise backup business continuity solution, okay? Which means lots of enterprises have them. You might even have them in your environment, right? If you, if you work in cyber only and you know, talk to your IT team. The reality is you should know if you're using Veeam or not. You wouldn't use Veeam for like a couple servers. Like Veeam is an enterprise, you know, enterprise infrastructure solution. So if you have been working at this organization for any time, you probably have talked to your IT team about, hey, what's our backup situation? What files, what servers are backed up? How do we restore from backups? What's our business continuity? All those things you would know if Veeam was being used. Okay? Now since Veeam is so valuable and so important and so you, you not ubiquitous, but used in a lot of places. This remote code execution flaw is concerning. Oh boy. Now it is worth noting that you have. It's kind of weird to me that it's like remote code execution, but you also need a low privilege domain user account. So you have to already have compromised an endpoint which we've already shown multiple times today. Where's this crappy infographic? There it is, look. We've shown multiple times today that you can, you can pwn someone's endpoint through Click Fix, right? We saw Click Fix there. The England hockey team, I think they fell for Click Fix. This, this one right here. Vonon software was Click Fix, right? So getting taken over a box is not like groundbreaking, but once you get it, you can execute code remotely, I guess, I guess like you can use the credentials for like an API call or something. I'm not entirely sure the TLDR here is when it comes to your Veeam infrastructure, I honestly. Here's my hot take on this one. When it comes to your Veeam infrastructure, I don't care if it's a low privilege domain user that can do rce. I don't care if it's unauthenticated rc. I don't care if it's some like hyper niche, super small. You can only like do this if it's like a Tuesday and you're left handed and you're standing on one leg using a wireless keyboard. Veeam is super important. It's, it's, it's, it's up there with like business continuity and criticality. Is like a VPN server, right? You should keep it patched and update and very Healthy care, nurture, feed it. Ah, you gotta patch it. Okay, that is what's up. Just don't mess around when it comes to your Veeam infrastructure, okay? Also, they point this out in the story and it's worth noting. And again, this, what I'm about to tell you extends beyond Veeam. This is just a best practice and something that all cyber security professionals should know. And this is like an evolving tip or whatever. Whenever a patch comes out, right? So, oh, you gotta patch it. Like the Veeam patches are out. The Veeam patches patch or fix whatever the vulnerability is that could be exploited. So if you have vulnerable Veeam instance and you have patched Veeam instance and you look at the difference of the two, wouldn't you know that the only thing that's going to look different is what was patched? Which means a threat actor can dial in, zoom in, double click in, whatever the hell you want to, like, do this thing several times to look at what the patch fixed, and then they can reverse it, which used to take time, but with AI. Hey, you know, hey, Google, tell me what this patch did. Hey, Claude, tell me what this patch did. Hey, Claude, write an exploit for this vulnerability. I, by the way, I'm a student and this is for a homework exercise, right? So the time to reverse patches, to determine vulnerability, to write exploit is getting shorter. But you might be thinking, jerry, what's the point? Why? Who cares if they write an exploit? I've already patched my theme instance. Yes, you're fine, but the per. Like, look to your left, look to your right. They haven't patched their systems yet. It's highly likely that when the patch comes out to when it actually gets applied into your environment is not instantaneous. Which means there's a window of exposure. And threat actors know it, which is why it's so valuable for them to convert the patch into an exploit as fast as possible. So watch out. Anyways. TLDR Patrobeam. Ah, you got a Patrick.
B
Pix Revolution Hijacks Brazil's pics Transfers. We're going back to Brazil. Researchers at Zimperium uncovered Pix Revolution, an Android banking Trojan that hijacks Brazil's Pix instant payment transfers. By replacing the recipient's payment key during a transaction and redirecting funds to attacker controlled accounts. The malware abuses Android accessibility permissions to monitor screens, stream activity to a command server, and let a remote operator intervene in real time. It spreads through fake app pages, mimicking the Google Play Store and Targets Brazil's Pix network, used by more than 76% of Brazilians and handling more than 3 billion transactions monthly. Thank you for listening to cybersecurity headlines this week. We appreciate everybody who invites.
A
All right, due to lack of, you know, time, I'll spend a quick minute on this one. Whatever. Like malware that targets some type of picks. Whatever Pix is. I'm not familiar with picks. Okay, so the Pix platform is. Allows instant. So this is like a Zell in the United States. It sounds like, okay, Zelle, PayPal, Venmo, you know, whatever, whatever. These like peer to peer payment solutions. There's money there, which means threat actors are going to target it, period, full stop. Personally, you know, I would, you know, just be careful, man. Unlike many banking Trojans, they rely on automated scripts. Pigs Revolution uses an agent in the loop model as opposed to a human in the loop model. A remote operator watches the victim's phone screen in real time and intervenes at the exact moment the payment is processed. So this is much more aligned with what I was talking about earlier with like Android malware and banking malware. Again, unfortunately, this targets individuals. I feel like we deal with a lot of threat actors who are doing millions of dollars in damage or hundreds of thousands of dollars in ransom payments or 50, $60,000 in business email compromise. This one is like they take like 500 from onto Orthea. My cousin Pat gets screwed for $284. You know what I mean? Like, so I'm for sake of time, just. If you're using Pix transfers, you may want to look at this. I know our Brazilian demographic here in Simply Cyber is not very large, so I won't spend a ton of time on this. But just know, like, on balance, financial apps are going to be a hot target because it's where the money is.
D
All right, foreign.
A
Guys, thank you so very much for being here. It is Friday the 13th. Boo. This has been the daily cyber threat brief. Again thanks to Flare Anti siphon Thread Locker. Thanks to the mod team. Don't go anywhere. Quick shout out. Dan Reardon. Not to be. Not to be, not to accept. The challenge has developed Vibeware. This is Vibe malware. We're working on the title. We're workshopping it, but here we go. This is the graphic for Vibeware. All right, I'm Jerry from Simply Cyber. Don't go anywhere because we're going to some jawjacking in just a minute. We got a panel. Because it is Friday, we love having our panels. We got James o' Quicken and DJ B Sec in the panel. So we're going to be bringing that to you for about 24 minutes, and then we're gonna start kicking off the weekend. Guys, I'm Jerry. Don't go anywhere. I got you covered. Till next time, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking foreign. What's up, everybody? Welcome to Jawjacking. I'm your host, Dr. Gerald Ozer. Wait, wait. Ah, it's Jerry Guy coming in. I forgot to put my glasses on. It is Friday, which means we do it a little different. We add more value. This is something that I've. I've noticed that the community likes. And we're actually in April going to be start doing. We're going to be rotating because, you know, Tuesdays and Thursdays I teach at Citadel, and we have Jawjacking hosted. We're going to be rotating hosts in order to give a bigger variety of bigger diversity and give more, you know, opportunity to people to kind of get in front of the camera as well as giving different perspectives on the, you know, on the questions that you have. Let me bring in the studio. First off, TJ B Sec enjoying his spring break. H town's own ghetto boy zone.
D
DJ B Sec, good morning.
A
All right, audio sounds good, man. Looking tight. All right, also at 35, 000ft, dad jokes galore. Let's welcome in James Aquigan.
C
Yo, good morning. Glad to see the audio is working there.
A
DJ I love it, I love it, I love it. All right, guys, so here's the format. If you have a question, drop it in chat with a Q and we will answer it. We've got probably, you know, collectively 60 years of experience, maybe 70 years of experience here on the panel at this time. So we'll do everything we can. Do it, do it, do it. I do want to point out really quickly, James McQuiggin over there on the far side of the camera is the one responsible for the dad jokes today. So if you had a problem specifically with the stable connection horse one, you can take it up directly with.
C
I like that one. That was a good one.
A
I liked it, too. I like to be able to work dressage in.
C
You've been waiting all week to use that word, haven't you?
A
Yes. Have you guys ever seen the. The video of like the dressage horse. Like doing dressage to hip hop.
D
Yeah. With Snoop Dogg.
A
Yeah, Snoop. I love it. It's my favorite. So let's talk about Striker Medical while the questions roll in. Well, really quick. Space Tacos has a question. So I do want to reward people who ask questions. Does Friday 13th give you Heebie jeebies? It does not me. I, I To me it's a day.
D
I don't think anything of it ends in Y. Right.
A
Yeah, exactly. So let's talk about Stryker Medical. This was in the news yesterday. Massive Iranian wiper malware took it down or alleged. I always, I don't know what's official and what's not. We got more information on it. DJ B Sec brought it to light. I had some information from people who are dealing with it, but it was in like private dm so I didn't know what was public and what was not. DJ B Sec, let's talk Stryker and what people should know.
D
Yeah. So what I heard yesterday publicly was that this was not wiperware, it wasn't malware. It was that they actually got into the tenant, into the Microsoft tenant, had access to intune, I'm assuming because they talked about the MDM and then wiped the machines that way. So if that's the case, it's still bad because they've got tenant access. But it's not like they, they executed malware or wiperware or ransomware or something on there. But I would say this, if they were in the tenant and they had access to intune, that means they had admin access probably inside the tenant. When it comes to them wiping the machines, a lot of people are saying hey, we need, we need backups and so forth. In that sense, in that ecosystem you'd have OneDrive and that should back up the machines because those that if you have it set up right, it should back up a lot of the informations on the machines. But in that sense I don't know what the environment is. So they may not be using OneDrive, but when it comes to the backup stuff they, in thinking about it, they would have already had the backups. They would, because it would have been files and personal stuff that you were working on on your machine. But that's, that's what I've heard publicly. Whether or not that's all true, seems we, we yet to be determined.
A
Yep, really quick. So Kyle as a follow up question says why not have multi factor on Global Admin for Intune? Why don't you answer that question?
D
Dj who, who Said they didn't. Right? Yeah, yeah, they could have got around maybe, maybe they didn't have passkeys. Maybe they actually had MFA and it was for whatever reason, maybe they had MFA and it was sms. Maybe that mfa. And I mean in all real session key, all you really have to do is steal a session. They got to send one email to one admin or to one person that's got access into the tenant, get that session key, get in and create their own account real quick. That's where your defense in depth goes in place. Right. So now you need to have alerts that when an account is created that has elevated rights, you're getting an email. There's a whole bunch of different things that you need to have in place for. But yeah, I mean in all reality this is a huge company. You would think that they have logs and they would have seen that.
A
Yeah, it's pretty nasty. Again, this, it's. This is not exactly living off the land attack, but it's, it's, it's like a cousin to living off the land because they're using the functionality of mdm which allows you to wipe devices for reasons, right? Oh, you lose the device, you leave it in an Uber, you leave it on seat 3B. Whatever you can definitively say, hey, there's no risk to the organization because we wiped it remotely. The problem is it's basically a baked in wiper. Malware. It's not even malware. Like to call it malware is not accurate. They probably use malware to get in, but they just used built in functionality to get it. All right, so a couple questions coming into chat. Jerry, did you get your AC fixed? Yes, I did. Cost me $1,000. Yay. Yeah, well, the thing is not too bad.
D
At least it wouldn't hold brand new AC.
A
It. Well, hey, I put a brand new AC in for 12 grand three years ago, so I was a little bummed out to find out. But what, what ended up happening? In case you're wondering, it was kind of a multi staged failure. The outside piece had a short in it, which then caused the power surge to go into the unit in the attic, which somehow bypassed the circuit, the fuse and blew the transformer out. The fuses protect the transformer, but I think it spiked so the transformer exploded. Thank God my house didn't catch on fire. So they had to replace the transformer. And then once they figured out that there was a short somewhere in the cert, you know, so there was multiple pieces replaced. The good news is we are we are chilling LOL in Charleston here. Spam says, when will the retro synthwave compilation come out? Yeah, I mean, it can come out if you want. You can just sort by the midnight play all. But I, I can make a retro synthwave one. FM FM84. He put F84, but it's FM84. Time Cop 1983. Like definitely good stuff. Maybe I will do that. Spam Musubi. I, I, I have a playlist, actually that Mrs. And I fall asleep to every night. That's, you know, basically a retro synth wave. So maybe we can share that in chat. I'll have to check with Mrs. On that one. Let's see. Okay. Space Tacos is his cousin of living off the land, living in a van down by the river. Hilarious. That is a drink reference, if you will.
D
In a van down.
A
Lazlo UK says, how did you fix the background? This is a lot of questions for me today. Which is okay. Which is okay. The background here is corrected. The thing is, that's a YouTube video playing like a 10 hours background screensaver. So if I were to change to the Karn openclaw AI instant, you would be presented with my infuriating Urza's Castle from Magic the Gathering. So it's not actually fixed, it's just like Milton and Office Space. I fixed the glitch.
C
Your red stapler. I fixed the glitch with my red stapler.
A
Yeah.
D
Cole has a question. S. Cole has a question.
A
S. Cole has a question. Start answering it B sec while I find it. I can't.
D
Here, I got it. I'll put it up there. Okay, cool.
A
Go ahead. Is it uncommon to ask company to pay for home office equipment instead of using company provided equipment? All right, let's do this. DJ B Sec, you go first.
D
That's going to be 100 dependent on the company and depending on what you're talking about. Home office equipment. Are you actually talking like desks, monitors and things like that? That's a. That is a possibility. More than likely they would purchase that stuff. They should inventory it, have it in place, and then send it to you. And then whenever you leave the company, you should ship it back.
A
Okay. James?
C
Yeah? Echoing what DJ B said, it depends on the organization. Some I know will give you extra money in your paycheck to cover for phone expenses, Internet expenses, you know, to have a proper work environment. If they're having you work from home, then they'll contribute toward. They should be contributing something to, you know, that way you're not just sitting at A sitting on your bed or sitting at the kitchen table, that you actually have a proper environment, desk, lighting, whatever. And so if they're giving you another 100 bucks in your paycheck or 200 bucks in your paycheck, it is just going to depend on the organization. Can't hurt to ask. See what they say.
D
And FYI, if they are not, it is tax deductible.
C
It is tax deductible,
A
but it's definitely a company culture thing, company policy. I mean, I wouldn't lead with that during the interview, but it is, it is nice to know. I mean, if I hired you to work for me, I wouldn't want you to be sitting on your bed in like client calls and stuff like that. You know what I mean?
D
Also, we're IT people, not tax or CPAs. So go talk to your tax people about it. But it is tax deductible. And I think you can deduct like, like for instance, the room I'm in, I can deduct that square space. So you conduct the, in the electricity that that space takes up the Internet, air conditioning, the Internet. So it's a piece of what the whole house has. So yeah, if it cost you a hundred dollars for your Internet for the, for the months, then it may, you may get a deduction of like five bucks or eight bucks.
A
Oh yeah. Oh yeah. Or you can spin up, I mean again, this channel, I mean this, this jawjacking is for cyber career and stuff like that. But like if you spin up your own llc, all of this can be.
C
Yep.
A
But definitely speak with a tax professional before you go YOLO and just start doing everything else. Y Cyber risk, which has a question, what's your preferred AI platform? There are like a hundred thousand AI platforms out there right now. I will say I like Claude. I've been using Claude cowork Claude code quite a bit and open. Well, I, I don't. You know what's funny? Karn, Karn emails me or sends me a telegram every single morning with like, you know what it's going to be working on today and what it did yesterday and some stuff I, I have like unread, like several like 10 unread messages from Karn. And I'm not really hyper motivated. Like he's, you know what? Like it's not real. He's not real. He's disappointing. I'm disappointed in Karn's capabilities, like not meeting the expectations that I had set for performance for Karn. I'm actually probably gonna have to do a Performance review with him. Put them on. Oh, I'll put them on. I'll put them on.
C
Put them on a plan, you know, just be careful he doesn't delete all your emails.
A
Yeah. So BSEC, what's your preferred platform?
D
It depends on what I'm doing. 100 depends on what I'm doing. If I'm doing something coding or something along those lines. Definitely Claude. Sometimes I'll, I'll use Chat GPT to actually create the specific prompts that are going to use for Claude. Each LLM has its strengths and its weaknesses. Somebody out there, I don't remember who it was, did a fantastic like write up an overview of each one and how ChatGPT or OpenAI is really good if you give it specifics like this is what I want you to do and it'll give you down to the t. It'll follow 1, 2, 3, 4, 5 where Claude may not do that but if you're going to code Claude, you know, out outperforms everybody. So it just depends. There's perplexity that gives you a whole bunch of stuff. Hell, even now guess what Copilot has in it. Copilot. You can now use Claude and OpenAI. So I think Copilot Copilot also created a coworker as well. Okay, using CLAUDE now. So you can see as we all know Microsoft is the hey, let's wait and see what everybody else is doing and then pull it into our infrastructure. And that's what they're doing right now. You can can tell.
A
There you go. All right, so thank you very much and James, the quiggin drop a knowledge since you are, you know, you're AI deep fake guy here so.
C
Well, it's actually funny yesterday I I use Claude for anything creative writing I'm using Claude code for vive coding actually developed started last night developing a deep fake detector leveraging several deep deepfake detector API key APIs that are out there. This way I can run a video or an image or audio or whatever through it and it'll hit a whole bunch of different deepfake detectors. Still driving me nuts that so many false positives with regards to that. One of the things I did yesterday that I thought was really cool DJ B sec in your website which I love the fact that you're doing it on GitHub now that I've done it with mine, I was just trying to look for it but you've got something where you tag out or connect to somebody that's got a whole slew of quad skills.
D
That's me.
A
Oh, no, no, no.
D
Yeah, yeah, yeah, yeah, yeah, I know you're talking about.
C
Yeah, you know what I'm talking about.
D
Yeah.
C
If we can. If I can find it while we're on, I'll drop it. Or I'll give it to Jerry to
A
drop it in, but he's like, put in private chat.
D
Yeah, I'm gonna find it.
C
The, the cool thing about all the different skills, one of the things was collaborating and communicating with C Suite. It was for a CTO and a CEO. And I thought that was really cool. And I'm like, well, what if I want to talk to a ciso? So working with Claude and those. The MD files, I was able to create my own one for ciso. So, yeah, it's really cool being able to leverage. Nowadays, Gemini I use for video generation images. I'll ask it go through general type stuff. ChatGPT is if I need a second opinion now or I just need something quick for me Chat GPT used to be number one. Now it's kind of slid down and it's goto cloud. Go to Gemini for me.
A
All right, I'm going to share this really quickly on stream so everybody can see it. Let me see here.
C
If you haven't checked out DJ B sex website, go check it out.
D
Yeah, I just. I forked that one into. It's just a. I put the link in there, but it's just.
A
No, no, I saw it, but I wanted everybody to see the main landing page. So this is the main landing page of dj b sec, which is a GitHub repo. And it's a great example of how you can use free platforms in order to have like your home landing page on the Internet. But when you click here, you can see AI tools and prompts, which I believe is the same link, right?
D
No. Okay, those are. Those are ones that I've got. The link that I sent you actually is a fork off of somebody else's GitHub. There you go.
A
Okay, so here we go. This is the link. That's it. Of Claude skills that DJ B provided. I'll drop a link in that. I'm telling you right now, Claude skills. Like, if you're doing prompts right now, you need to start thinking about skills, because skills are basically like mega. Instead of like copy and pasting mega prompts over and over again, you can use skills which are the mega prompts. And then, you know, you train it up and stuff like that. There's a whole bunch of examples here. This is a great. This is a great little repo. I'll check this out myself.
D
When I told everybody yesterday, if you are wanting to get into Claude and wanting to understand that Chase AI on that's YouTube is ridiculous. He's so good.
A
Only 60000 subs too. So that's great.
D
Still he puts stuff out constantly, this guy. Yeah, he's. He's got so much stuff and I mean he puts something out every single day. He's built a lot of stuff but he goes through a ton of different things. Like if you're using how to make God mode using Obsidian. What is it? Notebook LLM and Claude together. Because now you have as much memory as you want. You don't have to use tokens because Notebook LLM is actually going to do all the behind the scenes stuff for you and then dump it to Claude. So you're not using Claude tokens. It's. There's a lot of stuff. I like that one right there that says Explain Claude in six levels. Yeah, that's a great one. Hey, this is what it is, you know. Level one is you're just typing in Claude. Level two is you're actually giving it prompts. Level three, it goes through a lot. So if you're into that and you want to learn. He's got a lot of information on there.
A
I love it. Thank you DJ B Sec. Thanks James and Cyber Risk which thanks for the question. I just want to take a quick minute since we're 9:24 and let everybody know a little bit of an update. Simply Cybercon 2026 is live right now. We did some work. Justin Gold and Kimberly can fix it. Put some work in and this thing is up and running so if you want you can register now. Early bird pricing is $40 a ticket. After July 31st it becomes $50. You will get fed breakfast, lunch, breakfast, lunch, maybe even dinner one of the days it's definitely. You're not paying for the AM like you're paying less than what you'll be getting for sure. There's. The whole thing is here. If you're interested in learning more about it. You can also stay at the Tides Folly Beach. There's a link here for room registration at whatever you want to call it like discounted group, block rate etc. The dates are November Eigth. No, I don't want to delete the group. What the hell are you talking about? You check in Saturday, check out Tuesday. Besides Charleston it. What is the matter with you? Besides Charleston is that Saturday. So we're Kind of partnering with them again as like a sister conference.
D
Your crow's messed up because you have 1800 tabs. That's why.
A
Hey, hey, hey. And I just want to let everybody know too. Call for speakers CFP. This opens on May 4th, so may the 4th be with you. So you cannot submit CFP until then. And it will close July 31st. Speakers will be given free tickets to the conference as well. So that's the big update. People have been asking about updates for Simply Cybercon. So I wanted to provide that while we had. Since we made so much effort this week and I promised people that I would give them an update on Friday. All right, so real quick, Code Brew
D
said that they love. He loves Claude, but he doesn't like the limits. I know what you're talking about with the limits. And that's what I say, go find on Chase AI. That's how he gets rid of those limits. By using Obsidian and using Notebook LLM. Because you have 200,000 tokens, but you can basically take those 200,000 tokens and turn them into a million that way because you're offloading a lot of the stuff right.
A
Really quickly. Legrat. Funny going back to my AI tool that I'm gonna have to have a PIP or fire. Appreciate the hard work. It seems like you're not working with the team. I don't want to name names, but, you know, I'm the only person who works. That's a very funny. I might. I might even if I do decide to shut Karn down, I might have that conversation. Screen share. Not screen share, screen record. Just to see what's happening.
C
It might threaten you.
A
You gotta be careful.
D
Bruising hacks. Replied to car to. To legrot. Karn, you're not in trouble per se. We're just gonna, you know, set some goals.
A
Take your project. That's so funny. Space Tacos talks about virtual. Simply Cybercon. Yes, there will be that. I. We forgot to. I forgot to bake that in space tacos. So that's an easy fix. And we will.
C
So I'd be able to watch from Copenhagen then.
A
Cool. Yeah, it'll be good. It'll be good. Let's see. We got a couple minutes. I don't see a ton of questions. Bsec, do you want to share anything you're working on or share some updates on things or what you just shared?
D
What I was working on. I did update some more. I did some more stuff on the site last night. Creating. I had a cyber security explained area on my site and I. I've kind of updated that, added some more stuff in there. So it kind of goes through and explains what is mf, you know, what is mfa? What is a God. There's so many.
C
You got rid of the cool little pictures.
D
Yeah, I made it more. Now you can sort. You sort by over on the right.
C
And filter out the different.
D
Yeah, you can filter out, you know, what's the antivirus versus EDR, CV versus EPSs, all those different things in there.
A
So if you hear a term that you don't know or an acronym you don't know. Yeah, you could Google it. But you can check out bsec, where he very likely goes beyond just the definition and gives real world examples. Yeah, this is great. Nice resource, dj bsec. I'll drop a link in chat for everybody.
D
Hey, you build something that you want to use, not what everybody else wants to use, and then everybody else can use it.
C
Everybody else comes for it.
A
I love it. Let's keep looking at chat while we got a couple questions in here. All right, James McQuiggin, you want to share any updates? I know you've got a lot going on yourself.
C
A lot of irons in the fire and they're glowing hot. Not to kind of. Well, there's an interview today and I'll just leave it at that. So like I said, working on a bunch of stuff, like I said was vibe coding the deep fake thing last night and having fun with that. It's really neat just to kind of go through and be able to give it, you know, information. And you get a tool and an application that comes out of it. I've got some talks coming up. I'll be at cyphercon. Michelle and I, the other day, we are working on a joke book. We're looking at updating his. His book that he created. We're gonna have a megabyte of dad jokes, so we'll see.
D
Oh, my God.
A
So we're.
C
We're collaborating on that and that. Real excited for when that does come out. So expect book signings because we were talking about it yesterday, so don't know when it's coming out. Don't come at me when. When it's ready. It won't be. We're still working on it, updating it and that kind of stuff.
A
So maybe send me a copy and then I'll just read from it on Fridays for a couple weeks and. And use it as a, you know, a way to help let people know that it's out there.
C
Well, then, yeah, there we go.
D
So Look. Look what Roswell said. True story. I dropped the transcript from Jason Blanchard's last three hours of whichever session it was into the hack, how to Hack your Into Gronk, and told it to use that as the basis of the Persona to respond to me.
A
That's very cool. I like it.
D
Interesting.
A
I'm going to be doing a talk at Wild West Hack Infest Deadwood in October on how to use AI to. To get you a job. Like. Like. Like, I might even do. I might even do six levels of using AI to get you a job. I was going to do only four, but now I feel I have to do six because Chase AI is doing six.
C
Did they. Did they already do the CFP for that?
A
No, no, I. I just got a special invite.
C
Okay.
D
Oh.
C
Oh, you're just. Yeah, okay, we know.
A
Yeah. Well, I mean, I've got a little bit. No, no, you got. You got. You're the Reader award winner.
C
You know, you're.
D
You're.
A
Yeah, hold on. Let me. Let me denote it another year.
C
Yeah, we. We know. You're special, Jerry.
A
It's all right, bud. We love it. I know. Hold on. I just, you know, for the sake of everyone, because, you know, people like to make fun of me. Here we go. Like, you know, I was thinking, all right, guys.
C
Bowler Hat Man. That's the best. That is really the best.
D
Ask how do I have time for everybody? I try to make time for you guys from 7 to 8. Yeah.
C
Now compartmentalize, it's like, okay, between, you know, 8 and 10 o', clock, it's, you know, simply cyber time. And then after that, it's working on the next thing, and then the next thing, and the next thing, it's a deep fake AI James McQuiggin. That's a Q, not a G, by the way. But anyway, that's fine. Instead of feeding all of YouTube videos.
A
Yeah. Real quick, Dan Reardon had a question in chat. I think he asked it in private chat, but. And he said it kind of is a joke. But just so everyone knows right now, speakers for Simply Cybercon will get free tickets to the conference. I would love to help, you know, supplement the cost of travel and lodging. I can't guarantee that, though, because as you notice, the tickets are $40. And, you know, I'm feeding each person probably a hundred and twenty dollars worth of food. So we're already taking a loss on feeding people.
D
So just buy brisket and have everybody.
A
Yeah, it depends on the sponsors. It always depends on the sponsors. The conference is a non Profit, it's a separate business entity from my business designed to be a non profit. We're trying not to make money. So I know, I was gonna say
C
give everybody a fishing pole, you walk out onto the beach.
D
Yeah.
C
Catch your fish, right?
A
Yeah, exactly. So there might be, there might be a, an honorarium, right? Like, oh, here's 250 bucks for every speaker. Especially since we're having fewer speakers this year because of the way I've set the conference up, the format of it. So possibly stay tuned. I mean if, if you're, I, I will say this. If you're submitting a CFP in order to, to get 250 bucks, like I don't know, like don't, don't bank on it. So. All right, I want to let everybody know that Daniel Lowry does his show. Daniel Lowry, IRL at 10am I'm trying to get a link right now to that and it's been a minute, but I guess he's been doing that like completely ever since he stopped coming around Simply Cyber, since he started doing his new job and stuff like that. So if you're interested in doing, you know, more of this fun stuff, hanging out with lots of people who are in the Simply Cyber community. Also, I just want to let you know I'm dropped. I'm pulling this up right now while I dance on stage for you guys right here. Daniel Lowry, IRL network. Chuck hates AI. Okay. Build your own hacking lab. There you go. Luke Canfield, Carrie, a bunch of people already in here right now. I'll drop a link in chat, go check that out. Maybe hit the head, grab a egg McMuffin or something and then sit down and get some Daniel Lowry and Simply Cyber community in your life. Final thoughts. You just want to say goodbye, DJ B sec.
D
Yeah. See ya.
A
All right. Good stuff. Hey, will we see more of you now or was it just because it was spring break?
D
Well, it was because it was spring break, number one. Hopefully stuff is gonna settle down in the next month or so when that should be good.
A
All right, well, we hope to see more of you, DJ B Sec. You always bring value to the community. James Aquigan. I know you got jobs and stuff, so good luck with all of your irons and fire and definitely hope to see you more on Simply Cyber.
C
Yeah, definitely. Well, next Friday I will be cruising, so I will be sail. I will be watching from sea level
D
next weekend, cruising 405.
C
Well, it won't be 405. It'll be the Gulf.
A
So Gormos or whatever the hell it is. Yeah.
C
Not that golf.
A
Yeah. All right. All right, guys. And I'm Jerry. Guys, everybody, have a wonderful weekend. Thank you so very much for being here and engaging and making this community phenomenal. I'm Jerry for Simply Cyber. On behalf of James and DJ B Sec, until next time, stay secure.
Today's episode delivers practical, expert-level analysis of the top cyber threats making headlines as of March 13, 2026. Host Dr. Gerald Auger, along with community panelists, breaks down eight major news stories relevant to security professionals, from nation-state collaboration with cybercriminals to fresh ransomware tactics, banking malware evolutions, and practical defense advice. The tone is upbeat, peppered with humor, dad jokes, and a collaborative spirit aimed at all experience levels—whether you’re just breaking into cybersecurity or work at the executive tier.
[12:28 - 19:55]
[19:55 - 25:29]
[25:29 - 29:45]
[29:45 - 36:01]
[41:57 - 49:13]
[49:13 - 55:27]
[55:27 - 61:25]
[61:25 - 64:04]
[36:47 - 41:57]
[66:15 - End]
“I'm Jerry for Simply Cyber. On behalf of James and DJ B Sec, until next time, stay secure.” (Dr. Gerald Auger, [End])