Loading summary
Dr. Gerald Ozer
What's up, everybody? Welcome to the party. Today is Tuesday, March 19, 2026. I'm Dr. Gerald Ozer, your host for Simply Cybers daily Cyber Threat free podcast coming to you live from the Buffer Osier Flow Studio. This is episode 1090 of the show and if you're looking to stay current on the top cyber news stories while getting expert analysis and insights and community that goes way beyond any other stop on the information superhighway, then you are ready to lock and load because we are off and running on this beautiful Tuesday morning. For the next hour, we got you two hands, full grip and we're going to be ripping apart the top cyber stories. Let's go. All right, what's up, everybody? I hope everyone had a lovely Monday. Wherever you are doing your Monday thing. I slept like trash. But that doesn't mean I'm not here to prepare to do this show with you. Got my cup of coffee. The last cup of the entire French press. So we are locked and loaded. Listen, guys, you can go through the top cyber stories on your own time, but here at Simply Cyber, we go through those stories, which checks the box for you staying current for your threat intelligence gathering on your daily tip. But the benefit is with 20 plus years of experience myself and a collective thousand years of experience with this Simply Cyber community right here, you're going to get insights that go way beyond the headlines. I'm talking things that you would only get by sitting in the chair. And what better way to learn those practical lessons than. Than from someone who has already lived it. That's what we're doing here at Simply Cyber. I can't wait. Now, every single day of the week has a special segment and Tuesdays is lovingly referred to as tidbits. Tuesday, where I share a little bit of something about me. We see if we vibe on it, it kind. It's a very fluid segment. We get all over the place and we just see where it goes. We just kind of like vibe with it, right? Little method acting, just like, oh, let it wash over you. I don't even know what it's going to be today. I'm coming in hot. We'll figure it out. Also, did you know that every single episode of the Daily Cyber Threat Brief is worth half a cpe? That's right. If you have a cyber security certification and you want to get it, get the CPE requirements sorted out quickly and easily, well, it's very easy. You're already here. BW5542. Face Doyle. Hey, face Doyle. Happy, happy St. Patrick's Day. I mean, all right, guys. It's wicked easy. Just say what's up. In chat, you'll appear above my head, which is part of the show. You're part of the show. Welcome to the party, pal. Grab a screenshot. You'll notice that the episode title happens to have the date and unique identifier. 3:17 Episode 1090. Include that in your screenshot. File it away once a year. Do it every day. Submit your CP's. If you get audited. The screenshots are there just in case you get audited. That's it. That's what it's all about. You can get up to 120cpes a year from the show. So that's very nice. Be sure to check your cybersecurity certification bodies policies around CPEs. This would basically qualify as an instructor led webinar. Cyber Loom Technologies is in the chat. Also a squad member. Cyber Loom Technology says, what's up? Back for my second day. Hashtag, first timer. Welcome back to the party, pal. All right, hey, if you're here for your first time or your second time, kind of like Cyber Loom Technologies. Marlon J. Hi, how are you? Good to see you. If you're here. Oh, hold on. Yeah, I'm sorry. Jesse Johnson, AKA the Cosmic Cowboy, pointing out a production issue. Hold on one second. Stand by, standby. Check this out. Yes. Magic. All right, so now chat's popping. We got. I put some grease on it, sprayed a little WD40, gave it a little, and now it is flowing. So as I was saying, good morning to everybody. It's great to see you. Cyberloom Technologies, if you're here for the first time, drop a hashtag first timer in chat. Hashtag first timer. And chat. As I already demonstrated with Cyber Loom Technologies, we have a special sound effect, a special emote, and, you know, basically we want to welcome you. Here's my thing. I am passionate about cyber security. I'm passionate about educating others, and I'm passionate about inclusion. You know, we all have a story. We all have our own kind of like, background in history and stuff. And for me, having people feel welcome and included is very important to me. So I push it. Key core values here at Simply Cyber, just touch on them. Support inclusion, empowerment. We want you to feel supported. You're here. Come on in. You're included. Yes. Here's some tools, here's some training, here's some education. Here's some links. Empower yourself. Get going. Thank you, Cosmic Cowboy. As always, all right, now, every single episode of the Daily Cyber Threat brief, including episode 1090 has show sponsors. You could see them across the bottom Threat locker, Anti Siphon and Flare. These sponsors, not only do I really enjoy, you know, who they are as a business and the people behind them, but I also think their product or service is super awesome. So let me tell you about them really quickly, really quick. Flare, guys. Flare is a cyber threat intelligence platform that is phenomenal. Again, I told you guys, I love, I love the monthly webinars they do. I like their product. If you work for an organization, any organization, and you don't have any visibility into dark web operations, you're missing a kind of a big piece of the pie. Here's the deal. You could have great controls in place, edr, all those things, and then Carl and accounting falls for something. You've got a compromise endpoint. Threat actors aren't hacking in, they're logging in. We saw yesterday with the Starbucks story, MFA bypass. What Flare does is they go on the dark web, they go into the grimy telegram channels, they pull all that data and they make it very easy to query. Which means at the end of the day, what's the impact for you? You can go into Flare and just type in your business domain name, your ad domain, your end users, VIPs, whatever, and you can see whether or not credentials and tokens have been compromised. You could see malware loaded on endpoints in your environment before the threat actor realizes any value from it. This is incredible insight. Go to simply Cyber IO Flare. You can sign up for a free two week trial, which I've said on the channel before is like literally 13 days more than you need to know if how good this product is. I, I, within the first three hours of using this product, I was absolutely flabbergasted about how powerful this, this tool is. You will have to fill out this form to verify that you're not a cyber criminal because the value of this information is bonkers if you are a cyber criminal. So check it out, we've got some first timers in the chat. Lorenzo. Welcome to the party, pal. Thank you, BW5542. I also want to say shout out to Anti Siphon training. Anti Siphon training. Disrupting the traditional cyber security training industry by offering high quality, cutting edge education to everyone, including you, Outpost Gray. Including you, Space Tacos. Including you, Christopher Lycia. And did you know on March 25, just eight days from today, set your calendars. They are offering a free six hour virtual conference called Sock Summit. You're gonna get 10 talks March 25, 10:00am to 4:00pm they're kind of burying the headline in here because the. The professional networking is going to be popping off in the discord. Pretty sick for a virtual conference. Come check it out. At minimum, guys, sign up for it and if you can't make it, fine. If you can just jump in and jump out, fine. But if you don't sign up, well, you know what I mean? If you don't put your galoshes on, you can't go walking outside in the puddles. You know what I mean? So throw on your galoshes, register for Sock Summit, tell them simply Cyber sent. You represent Team SC and go get, you know, skilled up. Man, I haven't even seen the agenda. The agenda is probably sick. Oh yeah, like Ashley Knowles is in here. Wade Wells. Wade. Well, Chad. Chad Wiggins. Are you serious, broseph? Our very own Cheddar Bob is up in this mother trucker dude.
News Reporter / Cybersecurity Analyst
Ch.
Dr. Gerald Ozer
Cheddar Bob? Why didn't you tell us? Is Cheddar Bob in chat? This has got a hold on. Yes. I love myself some Cheddarbob. Oh, I hope he's in chat right now. All right, so go check it out. It's all about good times. Finally, let me holler at Threat Locker. Threat Locker. Zero Trust architecture or Zero Trust Endpoint? Endpoint. They just added cloud, which is pretty dope. Check it out. I'm going to run a quick ad for Threat Locker and then I'm going to proceed to melt everybody's face. So get ready, get some, get some. SPF30,000 because I'm about to go full nuclear on this on these cyber stories. Let's go. I want to give some love to the daily Cyber Threat Brief sponsor, Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com dailycyber. All right, everybody, do me a favor. I didn't. If any first timers came through that I didn't see, please let me know. Space tacos. I know you're always really good about that. I. I do want to welcome all the first timers. I do take it as a point of pride to welcome the first timers. All right, everybody, do me a favor. Loom Cyber Loom Technology. Sit back. Marcus Kyler, relax and code brew lead the charge. As we should all let the cool sounds of the hot news wash over all of us in an awesome wave. I will see you at the mid rol.
Eric Taylor
From the CISO series. It's cybersecurity headlines.
News Reporter / Cybersecurity Analyst
These are the cybersecurity headlines for Tuesday, March 17, 2026. I'm Sarah Lane Stryker Update hospital tools Safe digital ordering services down Medical device maker Stryker said its hospital equipment and connected products remain safe after a cyber attack disrupted internal systems and shut down electronic ordering for more than a week. The incident reportedly wiped thousands of company devices through its Microsoft Intune management system and forced factories to close, with staff handling orders manually while systems are restored. Incident responders at Cisco Talos said the attackers likely compromised high level admin accounts and used Intune's remote wipe feature to reset devices. Iranian aligned group HANDELA claimed responsibility, though Stryker hasn't confirmed attribution models.
Dr. Gerald Ozer
All right, so really quick super chat from Space Talk was letting us know that the. The Tiger MMA first time or welcome to the party. The Tiger mma. All right, so check it out. This is an update on the Striker one. Remember, just to refresh everybody. Striker is a medical device technology company. Big bucks. They're making straight cash, homie. And as part of this just chaos that's been going on in the world, like if you haven't been paying attention, the world is in, in absolute. Someone has taken the snow globe of the, of the world and just given it a very vigorous shake. Things are out of control right now. Iran is facing existential threat. So they're, they're pulling out all the stops. They do have a very effective cyber capability to notably muddy waters. But they have other, you know, cyber capabilities as well as allies, you know, with very effective cyber capabilities that operate in asymmetric warfare types. Anyways, Stryker Medical, for whatever reason, they got caught in the crosshairs of allegedly an Iranian based threat actor or an Iranian hack, uh, activist base threat actor like an Iranian not sympathizer, but someone who aligns with Iranian values and they got wiped. Now what's really interesting about this one is when we talk about living off the land, right? This is a term that everybody in Chat should be familiar with. So if you're not familiar with this term, allow me to introduce you to it. Living off the land is where you use native binaries or native applications, native executables typically to the Windows environment, but you can do it in Linux to achieve whatever malicious operations you want, right? So there's a really popular website called Low Boss bro. All right, Lobos here, I'll drop it in chat. It's a GitHub repo and you can see here all these Windows binaries can be weaponized. So like whatever Command exe is an obvious one, right? You can download, upload stuff, con, host control, all these things come native. Like I don't care where you are, I could go to Best Buy right now and purchase a Windows box and all of these binaries are going to be on there. This is what Living off the land is. Not only does the threat actor know that the binaries are going to be there, but it also does not flag EDR unless you have a really well tuned EDR for anomalous behavior. It doesn't flag EDR because it's a native signed Windows binary. All right, so why the hell are you telling me this, Jerry? Like, what's this got to do with anything? Well, Intune is a mobile device management commonly referred to as mdm. And this is an enterprise solution that allows you to allow workforce to use their personal devices, phones, tablets and even endpoints, excuse me, like workstations, laptops, whatever, to be centrally managed. That way if I'm, you know, a big VIP and I've got my big VIP phone with my big VIP information and data on it, and then I leave it in my big VIP Uber, you can wipe my phone remotely and know without doubt that that information has been cleaned. If I'm a threat actor and I steal a laptop, you can wipe it. So the Iranian people got into the MDM administrator console effectively. Now, I don't know what level permission they had, obviously some type of admin, but they got into there and they disassued the wipe command. So effectively they acted like every employee at Stryker left their phone in the Uber and issued the wipe command. And that's what's causing the problem. Okay, so that's, I mean, you know, weaponizing a known capability that it shouldn't have been. Hey, King Midas dtx. Welcome to the party, pal. Welcome to the party, pal. All right, yeah, so you know, as DJ B is pointing out really quickly, this, if you have backups, this is trivial to just restore from backups, right? If you have images, restore the images, etc. Etc. The problem is if you hold on. Here's the problem. For real, hold on. How many employees does Stryker have? Here we go. Check this out. 56,000 employees. Holy Jesus. All right, so check it out. 56,000 employees. Let's assume all of them. Let. I mean, let's assume they all have a cell phone. Enrolled in mdm, okay? And let's assume half of them have laptops, right? Which probably. Probably more than that. Enrolled in mdm. Like, imagine if you will. Imagine if you will. Each one of us almost always has reloaded a. A machine. Let's say at best, it takes 30 minutes. Okay, what do your 30 minutes times 56, 000. Okay, that's like, what is that, 26, 28, 000 hours. Gee, how many hours are in a. Like a normal person works 20, 80 hours a year. So if you had 10 people or, or, you know, 15 people working full time for a year, that's how long it would take to restore this. That, like, again, I'm being silly with the. The numbers here, but. Okay, so Paul Savage says over 200,000 devices wiped. Thank you, Paul Savage. So just. Just do the math here for a second. Like, this is why people don't kind of like wrap their head around it, because the scale is just out of control. If it takes 30 minutes to restore. I mean, hell, let's just. Let's just be hyperbolic for. For argument's sake. Let's say it takes one minute to restore a machine. One minute. Which is ridiculous, right? We can all agree that's ridiculous. With 200,000 endpoints wiped, it would take 200,000 minutes, right? So let me. I mean, of course this is going to be ridiculous, but 200,000 divided by 63,333 hours, it would take 3.3333 hours, right? So even if you had. Even if you had 10 people working on it, it would still take two months. If you had 10 people working on it from. From sun up to sundown and it took one minute to restore, it would take two months. Okay? Like, do you get the scale of this now? How insane this is? So this is obviously really devastating for Stryker. I'm sure it's all hands on deck there around restoring data and restoring information. The only other thing I'll point out really quickly is that they. They mention that the medical devices were not impacted. Of course, of course, of course, of course. Listen, two things. One, the medical devices are not part of the striker kind of enterprise, right? Typically, they're. They're. They're on the Hospitals networks or hospital systems etc. The other thing I want to point out, basically the medical devices wouldn't be enrolled in intune. Okay, so they're not affected. The other like I wanted to make a joke too. Like also lol. Get ready for this. The medical devices probably are running an operating system that doesn't even support intune. Oh Jerry, you, you, you, you jester. You make funny. I'm just saying that like medical devices typically run on like XP and 7. All right, all right, so Phil Stafford gets the joke too. Let's see. DJ B sec is quite chatty on this particular topic. Let's see what he says. He says you don't need to reimage the machines. They just have to add the machine back to intune ad and everything will auto push while they continue to work. Bigger issue is they are still in the environment. All right, so threat actors up in that piece you do. Mara Levy did say earlier she was wondering how they got in initially, if I had to guess, compromise credentials, you know, fishing kind of thing. Why they went after Stryker specifically, I have no idea. I would say it was a crime of opportunity, less a crime of deliberate intent. Like as far as I know, Stryker isn't. I mean this is. This just occurred to me. This is kind of ridiculous but like it is a medical device company. But I would say that Stryker does sound kind of like a defense industrial based tip of the spear missile weapons company. Right? You know what I mean? Like, And then you know like this scene right here, like wasn't the. Wasn't the missile that Tony Stark launched? I'm. If you're listening on video, I'm showing the scene from Iron Man 1 where Tony Stark is doing a demonstration. Just absolutely obliterates a mountain. I feel like that was a Striker. Okay, so my hot take that there was a naming collision around missile systems is not true. Apparently Striker does work with Israel, which obviously is the root of the. Of part of not the root of the conflict, but part of the conflict. And Stryker bought an Israeli company. Okay, Rogue cyber chiming in. So at the end of the day this all maps to politics and you know, basically politics and you know, world power, national security. Thank you.
News Reporter / Cybersecurity Analyst
Apply to be the face of AI scams. A Wired investigation found dozens of Telegram job listings recruiting AI face models. Often young women to appear on deepfake video calls used in romance and crypto investment scams. Applicants record large volumes of calls, sometimes 100 to 150 per day. While AI software swaps their faces onto fake Personas, they to Build trust with victims. Researchers say the roles are tied to large scam compounds in Southeast Asia where some workers may participate voluntarily while other face coercion or even trafficking.
Dr. Gerald Ozer
What? Okay, so, all right, so to me this is just a, a slight refinement on an existing crime, existing scam, as we know. You know, Southeast Asia, like India for a long time has these scam call centers. But Southeast Asia, like Cambodia, I think it's in Vietnam and the Cambodians are coming in or the Vietnamese are going into Cambodia. I think it's, I think Cambodia is where this going down. And it honestly, this is like, this is like a human rights crisis or like a humanitarian crisis. People looking for work. The Vietnamese, they go to these opportunities in Cambodia. The Cambodians take their passports. Hold on, I might be getting this backwards. Hold on. Pig butchering. Allow me just one second because I, I don't wanna. Pig, bro. Pig butchering. Southeast Asia, Cambodia. I think it's Cambodia because Thailand cut the power on Cambodia. Yeah, yeah, here, okay. Cambodia government allows slavery and torture. Okay, so as I was saying, Vietnamese come into Cambodia, they take their passports and then they basically just put them in effectively like labor camps. And if they don't hit their metrics on romance scams and just straight up call scams, they get beaten and stuff. It's a horrible, horrible situation out there and a horrible life for these individuals. They're just adding AI to the people's faces on the FaceTime calls. That's it. Right? So now when I call you not I don't look like a Cambodian. I look like a very attractive. Whatever you're into. Okay. We do some, you know, they're probably not doing OSINT on like whatever casually Joseph. I pick him because he's probably asleep right now. They're not doing research on casually Joseph and finding out what he's into and then deep faking a model on it. This is maybe, in my opinion, this is maybe making it a little bit more effective for an attack. I don't know why they're re using real models. Like deep fake technology is pretty good now. I don't, I don't see why you need to include a human in the loop as far as the women whose faces are being used in these romance scams. Because I can do it. So anyways, this is just interesting. What I would say is I would caution your friends, family and loved ones around responding to gig opportunities from a telegram channel. You know what I mean? Like to me, like, I don't know, I don't, I make some Assumptions as to like, what is obvious. But like, dude, if someone messages you and like, hey, would you like to come on a web chat? I'll give you a hundred bucks just to like show your face. I mean, I get, I actually, I guess that is kind of feels like low risk for these women. But I don't know, I, I just don't know why the threat actors would even bother with real humans when they can just do deep fakes. Also really quickly, because I watched James McQuiggin's training and if you are suspicious that someone's doing a deep fake, have them do this like very slightly put their fin hand, spread their fingers slightly over their face and have them just kind of do this a little bit. The deep fake tech will not, not handle that. Basically, like, you'll do this and like your mouth will appear over your hand and stuff like that. Just a fun fact. So Phil Stafford, who's our, one of our two resident AI experts, is chiming in saying real models are cheaper at scale right now. Give it six months and it'll change. All right, there we go.
News Reporter / Cybersecurity Analyst
Cybercrime up 245% since Iran conflict. Akamai reports that cybercrime activity has surged 245% since the start of the Iran war. With botnet scanning credential.
Dr. Gerald Ozer
I'm sorry, I paused this mid one just because like what? Cybercrimes skyrocketed. We can do that. James McQuigan, who's an, who's a deep fake expert, is saying you can ask them questions too, right? Of course you can't. Deep fake knowledge. I just want to share this really quickly because I, I, I heard it and I love it. I don't want to disclose the organization that did this, but you know, a lot of people are now using AI to transcribe the conversation and, and get real time answers. So if you're job interviewing someone and they're absolutely destroying the answers and you think that they are cheating using AI. I saw, I saw. Well, I heard a business say this on a job interview. Okay, so pretend I'm inter, Let me interview someone. 1990s Brenda. 1990s Brenda. Okay, I'm interviewing 1990s Brendan. Brenda's absolutely slaying it. And I'm like, wait a minute. Like Brenda's like, well, obviously the Bella La Padula system would. And I'm like, okay, Brenda, here's the easiest way. Ask them to turn around and then answer a question. And if they're like, I'm not going to turn around, be like.
News Reporter / Cybersecurity Analyst
And reconnaissance, targeting banks and critical businesses. Banking and fintech account for about 40% of the malicious traffic, followed by E commerce and gaming. Although the campaign is tied to geopolitical tensions, only about 14 of source IPs originate from Iran, with many attacks routed through proxy infrastructure in Russia and China used by hacktivist groups.
Dr. Gerald Ozer
All right, so war. War breeds. Hold on, I gotta stop. I. I was doing these talking points for a while. You see these talking points, but, like, they're, they're. It's like annoying to manage and no one really seemed to care. Dude, war breeds chaos and chaos and crime loves chaos. So skyrocketed 2, 4, 245. Not really surprised, honestly. I mean, I don't know if this is a hot take, but, I mean, I would argue we're effectively in the, you know, in the opening act of, like, World War 3. So there's a lot of players on the board, A lot of them have cyber capabilities. A lot of businesses and, you know, not law enforcement, but a lot of people's focus is on the world stage and, you know, Iran and, you know, what's going on and all these other things. So I'm not saying that, like, you know, you work at a company like, like you work at a publishing company in, in Spartanburg, South Carolina, and you're like, oh, my God, I'm not gonna, like, do my job today because I'm going to be watching the news on this Iran thing. Not like that, but just threat actors know that they can go crazy. On top of that, you know, I, as I mentioned earlier, the Iranian government, the Iranian people, this is existential threat. So, like, they're throwing everything they got at it. And then of course, like, Russia's, you know, arguably using Iran, you know, for proxy. Right. I don't want to get. This is not a political show. I'll leave that to Elliot Matice. Of course. Let's see. Banking and fintech have been the hardest hit. Sure, dude. You want to know what, why banking and fintech is hit? That's where the money is, in case you haven't been paying attention. Despite the, the fact that we have arsenals and we have tanks and boats and missiles and everything costs money, right? Everything costs money. So go get that money. Let's see what else we got here. Sure. Credential harvesting, recon. Dude, another thing, another thing worth pointing out, like, dudes, cyber in the, in the, in the context of military conflict, in asserting national power on somebody else, asserting your dominance on another entity. Right. Cyber is a very solid Complementary capability. I always thought cyber was going to be the end all, be all. In reality, cyber is a complementary capability that's hyper effective to disrupt communications, to do espionage and figure out get intelligence, etc and we are escalating obviously to this global conflict. You know, it doesn't look like, well, I won't get into all that, but like we're escalating into a global conflict. So of course everybody is turning their cyber capabilities to 11 because it's this. The cyber kill chain starts with reconnaissance and whether you're trying to steal money or steal intel, you need to do recon. And that's why credential harvesting and all sorts of targeted attacks are happening. That's why there's an increase. Now what does this mean for you guys? There's only one Internet. There's only one Internet. The Israeli Iran conflict. Iran, you know, Palestine, Israel, Russia, Ukraine, all of them, all of the attacks is one Internet and collateral damage happens. Go ask Mondelez and Merce Shipping about collateral damage during the not Petya attack. Okay, so anyways, Shields up, guys. DEFCON like somebody activate the DEFCON 3 thing from War Games drink flags.
News Reporter / Cybersecurity Analyst
Wing FTP server flaw as actively exploited. CISA warned federal agencies to patch a Wing FTP server flaw that exposes installation paths and can be chained with a critical remote code execution bug. The vulnerability was discovered last May, was used in active attacks and affects the cross platform FTP software used by organizations including the US Air Force, Sony and Airbus. Agencies have two weeks to secure systems under BOD 2201 while CISA advises all defenders to apply vendor mitigations or discontinue use if unpatchable.
Dr. Gerald Ozer
All right, we're not gonna.
News Reporter / Cybersecurity Analyst
Huge thanks.
Dr. Gerald Ozer
We're not gonna spend a terrible amount of time on this. This always blows my mind. I feel like I've been around the block once or twice. Okay. I feel like I've got, you know, I've got some stripes on my belt for the, for the martial arts people in the chat, okay. And then I hear about something called Wing FTP Server and I'm like, I've never heard of that. Who the who is using Wing FTP Server? And then it comes out, it's like Sony, US Air Force and Airbus. Reuters, Sephora. What? Okay, all right, all right. So anyways, if you're using. I'm just going to do this really quickly. If you're using Wing FTP, you got to patch it. Ah, you got to patch it. All right. It's actively being exploited. It's in the Kev, the known Exploited vulnerability catalog. Go patch it. For the sake of time, we're going to keep on moving. Also, fun fact, Wing FTP. Not to be confused with Winger. Not to be confused with Winger. Oh, yeah, she's only 17. Like, apparently in the 80s, that was considered socially acceptable. Like, Epstein's got like this poster on his wall. All right, let's go.
News Reporter / Cybersecurity Analyst
Our sponsor, Adaptive Security. This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI powered social engineering. Today's phishing doesn't just hit inboxes. It can sound like your CFO or look like your CEO. On zoom. AI voices, video and deep fakes are turning trust into the attack surface. Adaptive fights back with AI risk scoring deep fake simulations featuring your own executives and interactive training that your team will actually Remember. Take a three minute tour or request a CEO deepfake demo@adaptivesecurity.com.
Dr. Gerald Ozer
yeah, sorry, that was a little spicier than I was expecting. I. I'll tell you though, that whole. That whole story arc like that, like, deplorable, disgusting. All right, let's do this. Hold on one second. All right, hold on. All right. Hey, really quickly, I just want to say shout out to all you all. For those who are here live, you get to listen to Simple Minds. If you're watching on replay, you don't see this part because I go in after the show and carve out this segment. If you are on, if you're here live right now, but you're not normally, you're normally on replay. Let me know if it bothers you that I cut out this segment. I don't know, man. It's hard to serve both audiences. Okay? But I do. Cut it out. All right. Yo, Shout out to all the stream sponsors. Threat Locker, Anti Siphon and Flare Academy. I mean, Flare Cyber Threat Intelligence Platform. Remember Anti Siphon Stock Summit. Next week, members of the Simply Cyber community will be speaking there. D.N. reardon has an Anti cast coming up. All right. Every single day of the week. Every single day of the week has a special segment and Tuesdays is tidbits Tuesday. And I just wanna. I share a little bit about myself and we see if we vibe on it now. You know, I guess one fun thing is I don't know what was your first concert you went to? First concert I ever went to. I'm not. I'm not huge into going to concerts, but it is a. It is an experience going to a concert. I'll just share. My first concert was my uncle Gregory, who I love dearly.
Eric Taylor
He.
Dr. Gerald Ozer
He's very, like, kind of like, I don't know, like, I guess, Grateful Dead kind of guy. He took me to a Steve Miller band concert when I was 11. Me and Uncle Gregory at Greatwoods, now the Tweeter center, or whatever the hell they call it now. It's. It's. It was. Everybody calls it Great woods and. Yeah. Steve Miller Band. 11 years old. I also want to say I saw God smack, which is ridiculous. I saw God smack on New Year's eve. I think Y2K. And they. They detonated their tour bus at midnight and a couple others. So what. What was the first concert you ever went to? Drop it in Chat. Would love it to hear what your. What's your first concert were? Code Brew was Kiss. Chuggy was Journey. Very nice. Pink Floyd. Dale Hutch. Damn, that's. That's awesome. Michael Fink saw 311. Nice. I. Hey, really quickly, Michael Fink, I saw Offspring at. Oh, my God. What the hell is it called? Woodstock 99, dude. Offspring at Woodstock in 99 was lit. All right, so drop your. Your. Your concerts in chat. Fush Nickens cybersecjs. Wow. Boys to Men. Michael Andruzzi. Nice, dude. Incubus. Christopher Lycia. I hope you saw Incubus before they became, you know, emo pop incubus. Like, I hope you saw him when the Science album was touring. Public Enemy. Wow. Andre Mack bringing the heat. All right, guys. I love it. I love it, I love it. Do me a favor. Let that la la la wash over you. Let's go, let's go, let's go. Oh, man. The 9:30 club in D.C. that's a. That's a gem. The 9:30 club in DC is like a. A great spot. Also, really quickly, final fun fact for everybody. The. The. The band that I have seen more times in concert than any other band you may not get. But let me tell you, the band that I have seen more times than any other band. The Roots. I have seen the Roots probably six times in concert. All right, let's keep cooking.
News Reporter / Cybersecurity Analyst
Luxembourg overturns privacy fine against Amazon. A Luxembourg Court vacated the 746 million euro fine and imposed on Amazon back in 2021 for alleged GDPR violations, sending the case back to the National Commission for Data Protection. The court cited procedural issues, including the CNPD's failure to assess whether Amazon intentionally violated GDPR or consider alternative penalties. The ruling didn't invalidate the CNPD's findings that Amazon's data practices were non compliant at the Time. Amazon says it's plain pleased with the decision. While the regulator may review the case and potentially issue a new fine.
Dr. Gerald Ozer
Yeah, live. Amazon's pleased with the decision. Buddy. If I had a parking ticket for $858 million and I was able to get it overturned, I would also be pleased with the decision. I would throw a rager at this decision. Pleased with the decision. It would be a three day bring a tent, bring a. We've got, you know, 45 porta potties being brought in. We are. You're like, you're not leaving. We're doing it. We're celebrating this. Overturned. So gdpr man, this thing has teeth like a great white shark. And it's a privacy regulation for the European Union and organizations like big tech organizations, Meta, Amazon, Google, they are constantly getting bamboozled by. By this GDPR regulation and getting fined. Specifically in Ireland where Meta h. Like, a lot of. A lot of these big tech, billion billion dollar companies will host their. Not host their company. They'll establish a company proper in Ireland because of the tax rules and the way they can kind of not pay taxes. So what is Luxembourg all about here? Amazon's reliance on legitimate interest is the legal basis for processing was not justified. I mean, that just means like a bunch of noise. Here's the deal. If, if the Luxembourg people want to fight this or like whoever the. The prosecutor was wants to fight it, I guess they can. It turns into a money thing, right? Like, how much money are you going to spend to try to like win this Amazon, you know, I'm sure they paid quite a bit in lawyer fees to do this. This might be the largest single fine that I have seen in my experience. I mean, there's been 200, $300 million fines, GDPR fines. Largest. I'm just really quickly, holy crap, dude. Meta got fined 1.2 billion, $1.3 billion by the Irish Data Protection Commission in 2023. Yeah, so this is why Ireland is always involved because these companies set up kind of headquarters in Ireland for tax reasons. Amazon got hit for 746 million. This is the one that just got overturned. So not a big deal. And then meta again. 405 million. Here's my thing, man. Think about this. Think about how much money Facebook Meta must be making where they can just eat one and a half billion dollars in fines and be like, cost of doing business. Hand me another yacht, will you please? Thank you. Like, it's insane the amount of money that they're. They're dealing with in there. Like, absolutely Mind boggling. Anyways, if you handle private personal data, GDPR related, I mean, excuse me, European Union citizen related, you should be mindful of gdpr. I run Simply Cyber Academy. Right? There's, you know, European Union citizens in Simply Cyber Academy. So guess who's got two thumbs and has to deal with gdpr? This guy
News Reporter / Cybersecurity Analyst
abused to fish credit card personal data. A new phishing campaign abuses the live chat platform, impersonating Amazon and PayPal to trick users into sharing credentials, MFA codes, credit card info and other personal data cofence. Researchers found attackers using two tactics, a PayPal refund lure and a generic order confirmation prompt, both leading to live chats with human operators posing as support agents. The campaign relies on real time social engineering to make interactions seem trustworthy, which ups the chance of successful data theft cyber attack.
Dr. Gerald Ozer
So I haven't heard of live chat before, but this is pretty clever. So normally when you think. This is clever, okay, so this is one that you're going to have to educate your end users on like today or like this week. Okay. I might even make a, a YouTube short for this one for LinkedIn. Here's the deal. When a threat actor sends a phishing email, it's asynchronous, right? Think about it. I send a phishing email, it sits in your inbox until you open it, potentially. Then you read it and have to take some action. And then maybe I grab your creds or whatever. But like, the threat actor is not actively engaging. They lay their, you know, their rabbit trap, right? They put their box with a little stick in it and the carrot underneath it, and you either get the box over your head and you get trapped or you don't, period, full stop. This one adds a dimension of interactivity and synchronicity that can increase the likelihood of the threat actor's success. Which is why I want to call your attention to it and why you should be calling this to your end user's attention. So in this particular instance, they send the same phishing email. Hey, bro, here's a PayPal refund. Or we're having a. We're having a tough time processing your refund. Or we're having a tough time processing your payment and your service is going to be canceled. We're having a tough time. Hey, like we accidentally charged you a thousand. We. I could see this working super effectively. Hey, we accidentally overcharged you $35 on your last Amazon delivery. We're trying to refund you, but we're having issues confirming something. Please connect with a Amazon associate in order to get your money. All right, sounds real. Sounds good. Then you get, you get into this Live chat and you're talking directly to a threat actor. But the, the authority and the social trust that you're talking to Amazon has already been established. So now you're going to fall for it. And at this point they can, they, they can interactively mess with you, right? Oh, hey, like we need to confirm your identity. We're going to send you a six digit pin. Please let me know what it is. Multi factor bypass. Hey, it looks like I, you know, the classic one. Hey, I'm sending you $35. Oops, I accidentally typed $350. You need to send back $325 or $300 because I sent too much to you, right? There's a bunch of ways to do this scam that the new dimension is that you can get on Live Chat with a threat actor, which also, by the way, spoiler alert. If you get on like a chat and you're talking to someone and you can tell, you know, they're, you know, maybe they have an accent, maybe they don't understand English well, maybe they have an, you know, something about their tone raises your alert. With Live Chat, you don't have any of that. So this is really interesting. I will say two things. One, number one, educate your workforce, end users. Like I said, if, if time allows, I'm going to make a video today that you can just forward to your workforce. Okay? Like I literally, instead of being like, hey, it's Jerry from Simply Cyber and I want everybody to know about this thing. I'm going to make it as a piece of end user awareness training that you can just snip up and throw over and, and, and use it for yourself. The other thing is Live Chat. Live Chat should be aware of, you know, consumers of their platform impersonating popular brands. But, but Straight Cash, homie. Straight Cash homie. Live Chat is not financially incentivized to stop that because the threat actors to use the Live Chat platform, right? I'm a criminal. I signed up for a monthly subscription to Live Chat. Live Chat's making that paper. So if they do the right thing and remove these threat actors from their platform, their revenue goes down, right? So there is perverse incentive for Live Chat to have these threat actors on their platform, which is gross.
News Reporter / Cybersecurity Analyst
Disrupts parking payments in Perm. The Russian city of Perm restored its parking payment system after a DDoS attack last week forced it offline. The temporarily making parking free. Authorities confirmed all payment methods are now working and said drivers won't face penalties for missed payments during the outage. It is at least the third recent cyber disruption of Russian city services following attacks in Krasnodar and Tiber. No group has claimed responsibility and it is unclear if this incident is linked to prior attacks.
Dr. Gerald Ozer
UK all right, for the sake of time, I will speed run this one. All right, here's the deal. This is a distributed denial of service attack. If I had to guess, Ukrainian based or Ukraine Ukrainian activist aligned threat actor, if you want to use the term threat actor. And they basically just pointed all their compromised hosts or their botnet or did some type of like memcache misconfiguration attack, whatever they call that a reflection and amplification attack. Whatever it is, they basically nuked from low orbit this parking system. Now you might be like wait a minute, how the hell is a parking toll meter get nuked with a distributed analysis tech? A lot of these new parking meters are all you know, connected like a little LAN in the parking lot and then it goes to a central router and then it communicates out back to some home base that's managing the network of parking meters. So if you can nuke that cloud based system then the parking meters can't communicate back and they're basically screwed, right? So you put money into the, into the parking meter. It can't communicate up to the server that it's taken money and etc. So anyways to me like I mean this sucks, right? I mean that, that company probably, it sounds like a boring company but it probably makes a lot of money because of parking fees. But I mean whatever. At the end of the day this is not devastating like basically you just got free parking. Like whatever you, you roll, you rolled a 12 in Monopoly and you landed on free parking and you got to scoop up $200 and pass go like whoop dee doo like I don't know. Usually denial of service attacks are much more devastating. Like look at Stryker, Stryker is screwed. 200,000 endpoints were wiped. That's denied service. This one, like free parking is Companies
News Reporter / Cybersecurity Analyst
House flaw exposed business data Companies House temporarily shut down its web filing service after a vulnerability exposed data from 5 million UK registered companies between last October and March of this year. The flaw let logged in users access other companies dashboards revealing sensitive information including directors, dates of birth, home addresses and company emails. No passwords or identity verification data appear to be compromised and filed documents couldn't be altered. The agency has reported the incident to the ICO and NCSC and is investigating potential exploitation security.
Dr. Gerald Ozer
All right, Roswell uk, Can you chime in on this thing here, buddy? Can you get yourself a. A pint of warm beer and please comment on this one. This is gross. So here's the deal. While this is a British company and it has business data, etc, the flaw is like such a ridiculous 9 or, you know, early 2000s web application vulnerability that it's stunning that this worked. Okay, all that was required was to log in with your own account. Okay? So you have to have an account, no big deal, and then opt to file for another company and enter that company number for any of the other 5 million companies. So you, if you knew the company number, you could just type it in, or you could just randomly guess one and show sure enough you'd get it. This goes back to like basically where there's a unique identifier in the URL and you just basically manipulate the URL to iterate over businesses. You could use a tool like Burp Suite to automate iterating over all these businesses. Oh, they do have a little bit of security. They'd say they'd ask you for an authentication code which you didn't have, but then you could just press the back button a few times to return to your dashboard. Except it isn't your dashboard, it's the other company's dashboard. Okay, so you would request. This is so dumb. You would request the company's data and it would challenge you for authentication, but the variable in the web application would update prior to the authentication being validated and then you're in. So bit of a trashy bit of software development. Someone at the company who developed that web apps probably going to be Tisk Tisk. Tisk. I would say this sounds. This cup, this bit. This application does sound like it's been around for a minute. So not a vibe coded vulnerability, but certainly possible example of a vibe coded vulnerability. Ryu Sec says idor. Yeah, URL manipulation, I believe qualifies as idor because IDOR is indirect object. Oh my God, bro. Web indirect object reference or insecure direct object reference. And this is basically where you're changing the URL so you're directly addressing that particular asset or resource on the server instead of following like whatever GUI interface and UX you're supposed to. TlDr. Ros, Phil Stafford, Elliot Matice, me. We're good to go. Roswell UK. You should expect some letters in the mail soon. Although this is more of business data, not individual data. Whatever. It's kind of a fun, easy one to to end on. All right, y'. All. Holla, holla, holla, holla, holla. The stories are done, the coffee is empty. It's Tuesday, which means I'm going to teach at the Citadel. You didn't know? I'm adjunct faculty at the Citadel military college here in the low country, and school is in session, so I'm gonna go. We were on a spring break last week, so. Jerry gone wild. All right, guys, this has been Simply Cybers daily cyber threat brief podcast. I was your host, Dr. Gerald Dozier. Now, the show might be over, but don't go anywhere because we are going to pivot to the next show. You don't have to go anywhere. I handle the transition. The show is Jawjacking. It is a 30 minute AMA. So all you have to do is put a question in chat with a Q at the beginning. And Eric Taylor is going to be the host of Jawjacking today. Eric Taylor has deep blue, like, you know, incident response, digital forensics experience. So if you have any questions specifically around that area, that would be optimal for Eric if you want to get those answers. But career questions, cyber security certification questions, platforms, tools, techniques, industry, whatever it is, the whole point of Jawjacking is to get you those answers and, you know, basically level you up. Guys, have a great day. Thank you so much. William Bailey. I just explained jawjacking. I hope the definition made sense. Jawjacking is a 30 minute AMA. All right, guys, I'm Jerry from Simply Cyber. Be well, have fun, and until next time, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about about the cyber security field. Live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking.
Eric Taylor
Good morning, good afternoon, good evening, wherever the world you are. Thank you so much for tuning in for Jawjacking. As Jerry said in the beginning, my name is Aaron Taylor. Deep forensic information. Definitely talk about some career things every once in a while. I do like to get in on the tidbits Tuesday thing that Jerry does, and I want you all to help me out. I'm going to drop it in chat here, and if I can get obs to play nice with me. I was trying to get it to work right before the show. I couldn't get it to freaking show what I want to show y'. All. Give me one second. I'm. Can I. There we go. I think that's it. Yeah. Perfect, perfect, perfect. Okay, let me zoom this in. So help me understand where you are on this. Okay, so let me, let me place the stage here. So I was having a conversation with my daughter and I was picking on her because she was doing, she was getting ready out in the living room before we headed out. And I was noticing a trend where she had put on her sock and then her sock and then she'll put on her shoe and then her shoe. I'm like, why are you doing that? You're taking too much time. You should put your sock on, then your shoe on, then your sock on and then your shoe on. And apparently this is a phenomenon. Like, she even went to her school and was asking her teachers about this. Like, do you do sock, sock, shoe, shoe, or sock shoe, sock shoe? So I posted it in, in the chat and there's a poll there. And I want to, I really honestly want to hear what everybody is doing right when you're getting dressed. I know Roswell. I know when you're getting dressed in the morning or whenever you're getting ready to head out, are you doing sock, sock, shoe, shoe or sock shoe, sock shoe? And I just threw one in there for the, for giggles. For those who wear only wear flip flops in their life, water socks. So definitely let me know what you think. I'm literally having, you know, debates with the family about this particular situation. So definitely know, let me know what you think about what I think in the chat. And go, Sock, sock, shoe, shoe. Okay, There's a lot of sock, sock, shoe, shoe people in the chat. Sock, shoe, sock, socks. So I, I may be. I see a lot of people saying, sock, sock, shoe, shoe. So literally you're saying, I'm like, I'll put up my left leg, I'm gonna put on my sock, then put on my sock and then put on my shoe and then put on my shoe. It seems non productive. It seems like you're doing more work. You're. Your foot is here. You can't see it because of the camera view, but your foot is there. I'm about to lose it on somebody because they keep calling every 15 seconds the. But you, you have your sock here. Might as well put your shoe on. Put this sock here. Put, put your shoe on. Why? Let me just send this dude up. Let me send this dude a message like, dude, chill out.
Dr. Gerald Ozer
We.
Eric Taylor
I'm on something.
Dr. Gerald Ozer
Shop
Eric Taylor
outlook. Phase one, socks. Phase two, shoes. All right, so definitely, if you have questions, I, I need to start searching because I've been going on a rant for this for a few Minutes. Okay, I don't see any questions. If you have questions, put it down into the chat. Put a Q colon mark in there so that way I can see it. Roswell's got a third foot that we didn't even know about. Ladies and gentlemen, Roswell does sock, sock, sock. While waiting on questions, I need to fire off an email real quick. It's so quick. I'm using my cell phone. Sam, Call you back. All right, thank you. The living are the. The moments there. Let's see. Question, Johnny, does sock shoe introduce a vulnerability to the barefoot? If you need to evac because of a fire or other emergency, one foot is naked. To be honest with you, I think at that point
Dr. Gerald Ozer
did.
Eric Taylor
I think you just go and do barefoot or you throw on the flops or crocs and put your crocs into sport mode or something maybe. So. This guy is responding to the wrong thread.
Dr. Gerald Ozer
Okay,
Eric Taylor
Taiwan gone. Did you see me on the new Jerry video? No, sorry, Tai. I'm not sure which one. What video you're referring to. To be honest with you. I've been in a massive bubble lately. Unfortunately, I'm not sure. Can y' all hear the music? Okay,
Dr. Gerald Ozer
sounding pretty good.
Eric Taylor
It's sounding pretty good. Question from Brown Coyote. Do you think some anks could be what that is a key term for? I think I know what you're asking, but I'm not 100 positive. I'm old. I've heard the kids say unk before, but I don't know the difference between the capitalization and the lower. Lower. Maybe some of the. The younger kids in mod Chat. I do have discord actually open for a change. Make sure I'm in the right darn server.
Dr. Gerald Ozer
All right,
Eric Taylor
Let's see. Got a new question in. What are you working on this week that is interesting? To be honest with you, most of it's a lot of rinse and repeat. I mean, the one thing that we are looking at. Oh, you know what? Let me. Let me bring up another thing real quick. Hold on. I gotta log into one of my portals. So I know it was talked a little bit on the show when I was listening backstage about the striker situation. Maybe I just need to open up my other blind or by the window lines and see if that helps with the lighting in here until I can get with James McQuiggin. I feel like I get washed out a little bit. But I mean, there is a YAML roll that was pushed out. If you're in 365, I need to. I need to Pull up the article real quick.
News Reporter / Cybersecurity Analyst
Right,
Eric Taylor
Here we are. Okay, so let me switch this over to this other screen and I'll put the chat. So threader or threat hunter AI. I've never used the platform by any means, so please don't take this as an endorsement of the product. But I did find it was very interesting, you know, the Iranian leaked Hidaya. Hindaya. I don't know how to really pronounce it. You know, wiped 56000 employ
Dr. Gerald Ozer
whatever.
Eric Taylor
But they've got a YAML pack here that you should definitely take a look at. It does have 10 YAML rules. Our Sigma Rent ammo rolls. That's pretty, pretty interesting. So definitely take a look at that. If you're in 365 you want to hunt to make sure you're looking for device wipes, things of that nature. So you know, building that into our EDR platform, that's kind of interesting. Trying to figure out how some of this stuff goes and trying to figure that whole situation now. So it's.
News Reporter / Cybersecurity Analyst
All right.
Eric Taylor
That is what I am seeing. Let me just check my chat. You're killing the AMA for non or for new viewers? Roswell uk. I hope that means I'm like killing it. Like I'm bringing the heat, I'm doing a good job. Or Roswell uk. Are you saying. Please be quiet about what? All the. The craziness I was talking about earlier.
Dr. Gerald Ozer
All.
Eric Taylor
Right, I answered that one. From Roswell uk. Sock only or socks and shoes in the sock. All right, all right. If you're going to be. I don't know how other people's socks are and as in the security operating center or the noc, the network operating center. Whichever company you're working with. I know with. So a lot of times you would. In fancier companies. When I worked at Black Box, it was a fancier company. We actually had glass doors or glass. Yeah, glass doors, I guess glass windows, whatever that would look out into the server rooms or the room. The racks for the server room. And all of our workstations and everything was facing that way. And then on the walls over here we had just, you know, every news channel you can imagine, weather channels, all that stuff. Right when we were in our working space, people would wear just socks or barefoot or flip flops or whatever. But when you went into the network room. Yeah. You had to have, you know, your socks and your shoes, things of that nature. So I do love the plays on the plays on it. Anyone come here just for jawjacking that I don't know. That'd be a good. That'd be a good question for you. Those who are, you know, listening to the replay or watching or whatever, let us know. Are you just here for the job jacking? I can't imagine anybody is. You know, you're missing so much of the news, right? There wasn't a question. But all hear about the air snitch Bones. I've been getting caught up on that. I do not know it. I would say over 60% of the situation at hand to ed properly educate the group. But yeah, definitely go take a look at the air stitch vulnerabilities. It's an interesting situation. So.
News Reporter / Cybersecurity Analyst
Happy saint.
Eric Taylor
What is St. Patrick's Day? I feel. I feel it's coming up or it just passed because I've been seeing a lot of people talk about it when a St. Patrick's Day. Oh, that is today. Okay, well, happy St. Patty's Day. I did not. Well, I. Oh, I do I in. So my daughter's in archery, and I'm wearing archery dad shirt. So I unintentionally wore a shade of green. So. Unstar that or star that. But stop, Bill, as Nightbot said, you know, if y' all get in three seconds, hit that thumbs up. Tell somebody about the show. Tell somebody about it. Tell somebody about it. Don't call me auntie. I think I've heard that from the youngs Foreign. Don't call me auntie highlights an often constitute debate surrounding ageism, respect cultural. While traditional use the term of respect endearment. I mean, women now feel it imposes on unwanted aging and stereotypes.
Dr. Gerald Ozer
Okay,
Eric Taylor
so pretty much don't call me auntie is saying don't call me old. Yeah, I'm right there with you. I forgot about it being safe. Like I said, I knew it was coming up. But seriously, guys, ladies and gentlemen, I mean, I don't want to waste anybody's time. If y' all are a little light on the questions, that's quite all right. But I definitely want to make sure we are getting questions asked. I'm going through my two colons now. I know I kind of sent everybody on a tangent with sock, sock, shoe, shoe. Sa. Foreign. I'm feeling pretty socks. Shoe, sock, shoe, sock. Oh, so that back when that actually reminds me when I did electrical work for many years, those foot booties, those little blue bags, garbage bags type things that you would put over your shoes when you walked into the client's houses, did that with electrical. And when I worked for Comcast. Oh, the years ago. Oh, here we go, Why is it. Stop it. Sometimes my restream doesn't want to work right. Question. Any advice for newbie home network hardware software security options beyond the router? Any advice for newbie quit home network hardware?
News Reporter / Cybersecurity Analyst
No, it's definitely sticks.
Dr. Gerald Ozer
Mean with sticks.
Eric Taylor
All right, go get them. I would say, you know, after you've got your network secure security in place, I would start ingesting logs. I would get, you know, the router has syslogs available so you can get like a elk, elk stash stood up, little small VM or something like that, start ingesting and start looking through that. I was just trying to think if there was anything else. And once you figure out or start looking at your elk stash from your foul firewall or router logs, that will start opening up a whole new Pandora box of like, what in the crap is all this stuff? So. Welcome to the program.
Dr. Gerald Ozer
I'm sorry, I thought the show was over.
Eric Taylor
It started.
Dr. Gerald Ozer
Yeah. Oh, yeah.
Eric Taylor
Okay, let's see. Anything else? By the way? It's sock, sock, shoe, shoes. Sometimes I don't need to put on my shoes right away.
Dr. Gerald Ozer
J. James.
Eric Taylor
And that's a different situation altogether, sir, we're not talking about. You're just, you know, putting around the house. We're talking, you've got to get out the door, you're getting dressed, you gotta head out. You're, you know, you got out of the shower, you put on your clothes, you did your makeup, shoe or whatever, you shower, you shaved, you deodorized, you know, your. The last steps of being able to run out the door. Are you doing sock, sock, shoe, shoe, sock, shoe, sock, shoe. I am curious, though. Let's refresh. And we are coming up toward the bottom of the hour.
Dr. Gerald Ozer
There we.
Eric Taylor
Go. Let's see what. What kind of craziness have y' all been posting? There's 23 votes. So many socks on. Shoe, shoe. Nobody in the club foot. Nobody is club flip flop. You are looking a little brighter today. Question comes from. Yeah, because I've got so normal. I got two windows here, right? So normally this one is automated open. This one I kind of leave close because, you see, it's like a black. It's like a yang and yin yang or whatever. So like, this side is completely white and this side is just like all dark. So. Yeah, I mean, I've got to. My whole desk setup needs to be revamped. Like, I. I honestly need more monitors. So. All right, what's every time up? Oh, got a question. I'm Graduating with cyber security with a cyber security degree in May. Congratulations. Let's take a moment. You don't hear the clapping loud enough. Congratulations. Congratulations. Seriously, congratulations. I feel, I feel still unprepared. What would you do? Sorry, I'm going full goofy here and I feel still unprepared. What would you work on entering cyber security industry. Seriously, in all honesty, and I'm not even gonna try to pronounce your name there because. But go in realizing yes you have. So there's two, there's two mindsets. There's book knowledge and practical knowledge. You learn the book, the theoretical. Now you need to learn the practical and the applicable, you know of actually implementing what you're doing. Go in knowing you're going to sound goofy, you're going to sound like an idiot and you're going to feel like an imposter. I've been doing this for 20 some odd years. I still feel like an imposter a lot of times. Like I don't know, right the, it's, it's interesting. But go in with the mindset. You are there to suck up as much knowledge as humanly possible. Like literally you're going to ask questions until you understand it. You are going to read books, you're going to read blogs, you're going to going to read articles.
Dr. Gerald Ozer
Like
Eric Taylor
school will get you the foundations and the theories but actually processing the information and applying it to real world situations, you're only going to get with hands on experience, no offense to graduates or anything like that. If anybody's been in the in school before, put hashtag preach in chat because you know it will give you some fundamentals, it give you some nice labs and stuff like that. But you're going to get opened up to so much more when you actually do it. That's why like we had several of the company that I used to work for before we went with ccna, got our CCNA Cisco Certified Network Associate and our CC M np the Cisco Certified Network Professional. Especially when I was at Blackbox C, the the manager is like don't worry about the course. You're in this thing 24 hours a day, seven days a week, 365 days a year. You may pick up a couple keywords that we don't use here by that practical thing, but you're in it all day long. You know the stuff, don't sweat it. So you're just doing a little bit back, which is fine. There's nothing wrong with a degree by any means. Just go in there and don't feel like you're Billy Bad and you know everything and nobody can tell you anything. Seriously, go in there and ask questions and I'll tell you that to everybody. Like, even I. I am not afraid to say even after all these years, I have no idea what you're talking about. Can you break that down to me like a 3 year old so that way I can grasp it and understand what you're talking about? I have no problems with it. We are never a master at everything, ever. You could be a master at certain things, but never a master at everything. They can be a jack of all trades or a master of some.
Dr. Gerald Ozer
All right,
Eric Taylor
let's search. Let's search. Oh, I went a little long on that one and need to get caught up. How many NARs are there now? I've only got two. I probably need to get four. Or I might do three. What? Stop it. Do you think it's worth it to get the Burp Suite cert if you're in pen testing? Absolutely. Probably.
Dr. Gerald Ozer
So.
Eric Taylor
That one's always one that runs along with me. And Jerry, if you. I see you're in the green room. I know you ran off. Hopefully Jerry let me know in discord if I can run a few minutes over, please, if you're still listening, and if you're not, please forgive me for running a few minutes over the Burp Suite cert and like the E Council's. Cea Certified Ethical Hacker. Did I not have enough coffee this morning? Holy moly. I just. I can't process things. And I've had my ADHD medicine. I don't know how relevant they are anymore. They weren't. I don't think Burp Suite really had a certification, or if it did, I just didn't pay attention to it. But to properly answer your question, I say this a lot. Go see the organizations that you look at as industry leaders in the pen testing space, like does Black Hill, does Red Canary. Because I do know they do some. Some penetration testing, I believe, if I'm not mistaken. But go look at some of the other penetration test firms and see are they looking for that's going to tell you how valuable that certification is. I'm just one dude yelling at the
Dr. Gerald Ozer
Internet
Eric Taylor
looking at the organizations that you would potentially go work for and what they is going to be all of it. Because I can tell you the completely wrong thing and you're going to come back and like, Eric told me a lie and probably. And I don't want to do that to you. So go look at Those other organizations. My niece just graduated with a degree in AI engineering. Heck yeah. Heck yeah. That's an interesting degree. Not to like I didn't even know they made a degree in something that's so advancing every day. That's crazy. What kind of jobs should I tell her to be looking for? I honestly don't know to be I think if AI engineering and I'm going to take this because for some reason I don't know if this be is to going true or not. But when I see AI engineering I I think of manufacturing organizations and I think a lot of the AI really is cutting edge. It's either in the tech space itself or it's going to be in manufacturing. At least for right now. So depending on exactly what engineering you're talking about. Because when I think again engineering I'm thinking about electrical engineers, mechanical engineers, things of that nature. Just where my mind gravitates to and it may just because of my past and being an electrician and you know, I said that's Tuesday before I got back and really got back into it as a whole. I entertained going to become an electrical engineer for a little bit. Even went to school, was going to autocad trainings and load calculations and stuff like that. So when I say when I see engineering engineering that's where I'm thinking that's where my mind goes. I could be completely off basis but if you're. If that's what it is, I would say go look at manufacturing and freaking crush it. That would be my. Let me know if I am mistaken though. And I'm looking around and I'm not seeing Jerry comment in discord or anything. I am going to try to wrap it up to be respectful but I did want to make sure I get some some of these because I went long on some of the other chitchat. How's your hiring journey going? It's going okay. I think we're down to three candidates that we're getting ready to go with the second round interview. So thank you for asking. It's definitely a process. All right, I'm looking over in mod chat. Haircut Fish. Thank you so much. All right, so this bright Dennis, Keith, Love and Peace 33. We are at the bottom of the hour and I gotta be respectful because this is supposed to be a 30 minute AMA. I am going to save those three questions from those three users Event Spikes 403, Dennis Keefe and Love and Peace 33. I'm going to save them. Thank you Haircut Fish over in the mod chat for putting them over there. I for some reason I did not see them when I was scrolling through. I will answer those at Next Jawjacking on next Tuesday. And with that, thank you so much for hanging in. It's been a, it's been crazy good time. I've really enjoyed it. I hope you have as well. And seriously, if you find any benefit to any of the stuff that Jerry is doing with Simply Cyber, the job jackings, all the other stuff that we're doing, please share it with somebody. And I keep mentioning it to you out there in podcast land. I see you out there. I, I hopefully I don't know Jawjacking makes it to Podcast Lamp. Hopefully it does and if so, I see you. Drive safe to work. We love to know that you're out there hanging out with us. And if you're there, once you get to the parking lot, do us a favor and leave us a five star review over there on your podcast to play platform of choice. All right, ladies and gentlemen, again, thank you all so much. I do greatly appreciate it. As you know, I was kind of fussing. I need to go return some phone calls and I will see y' all hopefully Friday, I don't know, but if not, definitely next Tuesday. I know Jawjacking presences will be changing soon. I am eager to see what comes of that, but definitely looking forward to some of the potential changes that are coming and hearing more about that. Again, thank you all so much. Until next time, ladies and gentlemen, stay curious. Go out there and crush it today. You know you can.
Dr. Gerald Ozer
Hey everybody. I hope you enjoyed that content. Keep the cyber security train going by connecting with the other Simply Cyber community resources. We have the Discord server that's lively and always keeps the conversation going. You can connect with me directly on LinkedIn and also every single weekday morning on the Simply Cyber channel. We're doing live daily cyber threat briefings, 8:00am Eastern time as well as Thursday at 4:30pm we're doing live stream interviews with industry experts experts and we produce videos that we push out every Wednesday morning. I'm Jerry from Simply Cyber. I hope you enjoyed the content and we'll see you in the next one.
Podcast: Daily Cyber Threat Brief
Date: March 17, 2026
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Guest Host (Jawjacking): Eric Taylor
Main Theme: A fast-paced and insightful rundown of the top cybersecurity news most relevant to insiders, GRC professionals, and the wider cyber community—delivered with a balance of expert advice, practical takeaways, and community vibes.
Today’s episode takes listeners through the most urgent and interesting cybersecurity news from March 17th, 2026, highlighting practical lessons from each story, with a particular focus on recent high-profile incidents, threat trends related to the Iran conflict, advances in social engineering, and patch/update urgencies. The episode also features Tidbits Tuesday (personal insights about the hosts) and an interactive live Q&A (Jawjacking).
[12:08–22:55]
Story:
Medical device giant Stryker suffered a cyberattack: internal systems were taken down, factories shuttered, and over 200,000 company endpoints were remotely wiped using Microsoft Intune, disrupting digital ordering and forcing manual workarounds.
Key Points:
Takeaway:
User/administrator credential security and MDM system admin access are critical; organizations must plan for large-scale recovery and regularly test response plans—even to “living off the land” tactics.
[22:55–27:42]
Story:
Wired reports on hundreds of job listings for “AI face models”—real people whose faces and voices are used (via deepfake overlays) in video calls to run romance and crypto scams out of Southeast Asia scam compounds. Some participants are trafficked or coerced.
Key Points:
Takeaway:
AI is supercharging scam effectiveness and scale. Caution friends/family about dubious gig work abroad and always verify the identity of video callers, especially when money or credentials are at stake.
[27:42–33:47]
Story:
Akamai reports a 245% surge in cybercrime since the Iran war began. Major targets: banks, fintech, e-commerce, and gaming. Most attack traffic is routed through proxies (Russia, China), not directly from Iran.
Key Points:
Takeaway:
All organizations—globally—must adopt a “shields up” posture during major geopolitical events. Robust detection, credential management, and network segmentation are crucial.
[33:47–35:53]
Story:
CISA directs US federal agencies (and recommends others) to immediately patch an actively exploited Wing FTP Server vulnerability—can be chained to achieve RCE (Remote Code Execution). Users include the US Air Force, Sony, Airbus.
Key Points:
Takeaway:
Immediate patching of internet-exposed services is non-negotiable. Security teams must monitor CISA’s KEV catalog for priority vulnerabilities.
[41:49–45:51]
Story:
Luxembourg court overturns Amazon’s record €746 million GDPR fine—on procedural, not substantive grounds. The case will be reconsidered.
Key Points:
Takeaway:
Compliance with evolving privacy regulations is business critical. Even technicalities can change outcomes, but risk is ever-present for global tech firms.
[45:51–50:45]
Story:
Attackers are weaponizing LiveChat’s real-time support feature to phish for Amazon/PayPal credentials, sensitive data, and MFA codes by impersonating customer service in live chats.
Key Points:
Takeaway:
The phishing landscape is evolving—user awareness must evolve too. Real-time scam chats demand immediate, targeted security training.
[50:45–53:25]
Story:
Perm, Russia’s parking payment systems were taken offline by a DDoS attack—resulting temporarily in free parking for all.
Key Points:
Takeaway:
IoT/infra system resilience is critical, but some disruptions (like free parking) may have minimal impact compared to others (e.g., mass endpoint wipes).
[53:25–54:04]
Story:
A web app vulnerability in Companies House (UK) allowed logged-in users to access other companies’ sensitive data—including director info and addresses—by manipulating company numbers.
Key Points:
Takeaway:
Old web app vulnerabilities are still live in critical systems; security reviews and pentesting for IDOR and similar flaws must not be overlooked.
On practical incident math:
“Even if you had 10 people working on it from sun up to sundown and it took one minute to restore, it would take two months. Do you get the scale of this now?” — Dr. Auger [16:33]
On GDPR fines for Big Tech:
“Think about how much money Facebook Meta must be making where they can just eat one and a half billion dollars in fines and be like, 'cost of doing business.'” — Dr. Auger [43:58]
On evolving scams with AI:
“They’re just adding AI to people's faces on the FaceTime calls… That's it. Right? So now when I call you, I look like a very attractive—whatever you're into.” — Dr. Auger [23:32]
On teaching users about live chat phishing:
“This one adds a dimension of interactivity...increases the likelihood of the threat actor’s success—which is why you should be calling this to your end users’ attention.” — Dr. Auger [46:28]
[38:48–41:49]
[59:16–77:45+]
For daily CPE credit: Grab a screenshot of the live show, use the date/episode title, and file it—up to 120 CPEs per year!
Join the Daily Cyber Threat Brief live every weekday at 8:00AM Eastern—hear the news, get expert analysis, and level up your cyber game with #TeamSC!