🔴 Mar 19’s Top Cyber News NOW! - Ep 1092

A

All right, what's up, everybody? Welcome to the party. Today is Thursday, March 19, 2026. This is episode 1092, I believe, of Simply Cyber's daily Cyber Threat free podcast. I'm your host, two Thumbs, all smiles and a big old cup of coffee, Dr. Gerald Ozer, coming to you live from the Buffer Ozer Flow Studio. We got a great show for you. If you want to stay current on the top cyber news stories and be given additional insights and value on what these stories mean, what these acronyms stand for, how do the pieces fit together and absolutely level up like a boss in cyber security. Whether you're going from I'm cyber curious, maybe I want to work in this industry all the way to I'm a senior, you know, practitioner, and I want to get into the C role or whatever. There is something here for you. I promise that. Sit back, relax. We got a great show. Let's get cooking. Yeah. All right. Good morning, everybody. I hope you are doing well and had a lovely Wednesday. It was great here in the low country. It's great to see so many familiar friends and faces. Marcus Kyler, ad tech. Nick Dixon, recent first timer, now squad member. What's up, Nick Dixon. Oh, yes, guys, we got a great show for you. We're gonna go through eight cyber stories. I'm gonna break them down, give you the headlines, and then me, alongside this amazing community directly above my head, just flowing like a raging river, will dissect and deliver, you know, some type of additional value, whether it's how to do tabletop exercises. What does this mean for you? You know, backgrounds and stories. Right. Cyber Loom Technologies. Are you excited about rsa? Yes. RSA is kind of a. It's a mixed. It's a tale of two cities, if you will. Cyber Loom Technologies. And I can certainly get into that later if you'd like, but for right now, let's talk about the show. Before we get into it, let me tell you. Cyber Loom Technologies, Nick Dixon. This episode, just like every episode of the Daily Cyber Threat Brief, is worth half a cp. So if you have cyber security certifications that require annual maintenance, well, don't be shy. Say what's up? In chat, grab a screenshot. You're part of the show. Ensure that you include the title of the episode, which conveniently has today's date, March 19th, as well as the unique identifier episode number 1,092, and save it off, right? And then once a year, count up those screenshots, divide by two. Remember, you don't need the screenshots, unless you get audited, they're basically evidence to support your claim that you were here. And the last thing you want to do is try to go through, you know, 240 days of podcast episodes, scrubbing, looking for your name on the stream. So just, you know, do yourself a favor, do the future you a solid and just take a screenshot right now. It's very easy. It's very easy. Right? Hold on one second. I'm just asking the mod chat if they see the today's CISO series news blog post. Because I don't see it when I. When I go here. I see March 18, which is not today, and we don't live in the future. But you know what I'm talking about mods. I'm talking about CPEs, RSA. You mean you may be like, wait a minute, what is all this? I don't get it, because I'm new here. Oh, I get it. I hear you. Listen, if you're here for the first time, don't just get comfortable. Let me personally welcome you to the community, to the show, to the vibes. If you're here for the first time, let us know in chat. With a hashtag first timer. In chat. Just grab your phone, grab your keyboard, grab your remote control. If you're watching on the tv, take a hot minute, Say, hashtag first timer. We have a special sound effect for you. Welcome to the party. Welcome to the party, pal. Nick Dixon knows what I'm talking about. Louise Gonzalez with the squad membership. Thank you, Louise Gonzalez. And Kevin Beck or sub to the channel, dude. We'll welcome you. We've got a special emote that we rain down on you in the most loving way possible. It's very much a group hug type situation. If you're familiar with the magic the gathering group hug. Okay, so say what's up in chat. Let us welcome you with a hashtag first timer. Hashtag first timer. Thank you, ad tech, welcoming the first timers. All right, guys, what do we got? Oh, today is Thursday. Oh, my God. Okay, so every single day of the week has a special segment. And this guy right here, this guy is on fire as far as personal branding and getting out there. Dan Reardon, AKA the Haircut Fish. Not only is this guy a treasure, but he. Hold on one second. I gotta. I guess I'm gonna have to email Rich Straffolino and tell him that the blog post isn't up. This has happened, like, multiple times this week, which is totally frustrating. Blog not up, bruh. All right, hey, listen, Dan makes a custom meme for our. Okay. Blog. Oh, of course. Like blog up immediately. Now it's up. All right, hold on one second. Oh, God. This is what it looks like when you're actively producing and hosting a show. It's, it's kind of a. It's a. It's a. It's a little bit of a hot mess. All right, cool. Guys, I gotta tell you something. I don't censor literally. Dan's been doing this for three years and every one of them has been good. There's been one, one time that I had to push back on and I forget why it was. Maybe it was political or something or too, too spicy. Right? But today's. If you ever thought for a second that I might censor Dan's memes, today will prove to you that I do not. The meme today is so devastating to me personally, and I'm gonna show it to you. And you are going. You might want to grab a second pair of shorts because you might absolutely lose control of your faculties when you see this meme. So stay tuned for that at the mid roll. All about good times. Now, before we get into it, let me say shout out and love to the stream sponsors, those who enable me to bring you this show unfiltered, starting with anti siphon training. Yo. Anti siphon training is disrupting the traditional cyber security training industry by offering high quality, cutting edge education to everyone regardless of financial position and they don't play by the rules. What do you mean by that? Well, how about a full day? One day con, basically sock summit, 10 experts giving 10 talks. It is free to anyone who is motivated to want to learn and level up. Definitely take advantage of this. March 25th. So just less than a week away. Go here, link in the chat. And you guys know I'm so excited for these guys. Look at these speakers. Okay, I just want to pull your attention to Wade Wells, CheddarBob, aka Chad Wiggins, Dan Reardon. All right. Hayden Covington, my guy. I love it. Carrie Roberts. Guys, like, this is a banger. Banger of a summit. Like normally this would cost like literally eight, eight hundred, a thousand bucks to get to. This is a full free day thing. Go check this out. You're not going to be disappointed, trust me. I also want to say shout out to Flair. Now I've got a special, special couple days, special thing for flair. Flair just wrote this report and they asked me to share it with you and I'm very happy to 50 minutes to read this thing. Is dense, man. They wrote a report inside the North Korean infiltrator threat. All right, North Koreans are getting all sorts of IT jobs, insider threats, you know, laptop farms in Tennessee, all these things. Flare paired with IBM X Source. And if you guys know for a minute, I, I love flare. I've been very open about that. But I also love IBM X Force. Their reports are phenomenal. Right? Unit 42's reports, Cisco Talos reports, Verizon data breach incident report and IBM X Source. That's like my Mount Rushmore of cyber security reports and threat researchers. And Flare has done this amazing job. You can get massive insights into how North Korea is operating. This is a smorgasbord for people to learn and level up their current knowledge of cyber security. Practicing in 2026. I'm going to drop a link to this. I'm telling you, go check this out. You will absolutely get value. Go to simply Cyber North Korea report. Dude, when they dropped this, I was like what? I'm actually gonna print this out. And print it out. Because I'm, I'm not, I, I like to read reports like this. Print it out, read it on the airplane to San Francisco. Believe that.

B

All right.

A

I also want to say shout out to Threat Locker. Threat Locker, long time sponsor, love what they're doing. Congratulations to them for pushing up not just from the endpoint but to the cloud. Let's hear from Threat Locker and then I'm going to melt your face. Any first timers in chat? Drop a hashtag first timer. I'm scrubbing the chat, looking for it. Let's go. I want to give some love to the Daily Cyber threat brief sponsor, Threat Locker do zero day exploits and supply chain attacks. Keep you up at night to worry no more. You can harden your security with Threat Locker worldwide. Companies like JetBlue Trust threat locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right guys, guess what? It's that time. So do me a favor, everyone sit back, relax and let's let the cool sounds of the hot news wash over all of us in an awesome wave. I will see you at the mid roll where that meme is going to be. Oh boy. Oh, boy. Let's go.

B

From the CISO series, it's cyber security headlines. These are the cyber security headlines for Thursday, March 19, 2026. I'm Sarah Lane. Dark Sword emerges from suspected Russian hackers.

A

That's a cool.

B

Researchers from I Verify Lookout and Google identified a new iOS exploit kit called Dark Sword, linked to suspected Russian backed groups and targeting users in Ukraine and beyond. The kit can steal passwords, messages and crypto wallets and may impact millions of iPhones running older iOS versions, though vulnerabilities have since been patched by Apple. ShieldGirl.

A

All right, we've got a first timer in the chat and I appreciate Corporate Kevin for saying what's up? And letting us know it's his first time. Corporate Kevin with a K. K Corporate with a K at Corporate Kevin, welcome to the party, pal. Corporate Kevin, welcome to the party. And Kevin, I hope you have a very nice time with the stream today. All right, so check it out. This, this kit, which is basically a malware collection named Dark Sword. I gotta tell you, I don't know who names these things, but Dark Sword's pretty, pretty awesome. Okay, Like I, I like, I low key, want to go infect myself so I can say I have dark sword, okay. IOS exploit now in use by Russian hackers. IOS is not, you know, it's the operating system for iPhones, iPads, etc. By the way, just fun fact, a little nostalgia. IOS is actually the operating system for Cisco networking equipment. But they never really tried to like, you know, brand it. So like Apple, Apple is kind of taking that moniker. All right, so researchers. Oh, the point is, iOS is not in, in unbreakable or. Oh my God, I'm having like a brain fart. It's. It's not invincible. Okay, it's not invincible. It's just harder to get the exploits or the malware payloads on the devices because they have to go through the Apple store in the walled garden of all that. But if you have an exploitation and you can send a text message or get someone to open a, like a file that, you know, the font rendering engines gonna exploit something on the device, well then that doesn't have to go through the walled garden, right? All right, so let's see what's up. Russia is targeting Ukraine users specifically. So I mean, that shouldn't come as any real surprise considering they're at war with Ukraine. I will say, just on surface, like, there's a. I would assume that the operating system for the iPhone in Ukraine is very similar to the operating system for Users in the United States, for example. So the portability of this exploit is. Is probably pretty high. You might have to tinker with it a little bit and. Okay, okay, so it targets iOS 18 and earlier, which I think we're on, like, iOS 20 or 26 at this point. So, like, basically patch your stuff. Ah, you gotta patch it. In my opinion, there's absolutely no explanation, reasonable explanation, on why you can't keep your mobile phone up to date. Right. I mean, it's like, I can understand if you're running, like, a Windows 7 machine or a Windows XP machine in a corporate environment because it does a thing or because it has an access database that someone developed, like, 30 years ago that does a thing and you guys don't know how to port it. That's fine. But, like, your mobile device, there's no reason that you're like, oh, like, only. Excuse me. But only, like, hipsters who are wearing, like, ironic hats and drinking crappy beer are allowed to be like, oh, I run iPhone3. Oh, it's so good. Like, look at the icons from my Instagram app. It's so. It's so. So retro like those people. Fine, you can run iPhone3 and take on the risk of getting exploited, but for the rest of us, just patch your phone, bruh. All right, all right. So these iOS exploits were actually developed using AI, All right? And they're saying that this is good. So here's an insight that I pick up from this immediately. Okay. Both kits suggest cyber attacks are mitigating toward mobile phones as they make up a bigger portion of the Internet's traffic. Okay, I can see this. What they're saying is, like, you should take note of this when you're doing your threat modeling that mobile devices are increasing in attack surface. Not attack surface in a. In focused attacks from threat actors. I will say this, though. Like, both kits suggest cyber attacks are migrating toward mobile phones. Like, dude, pump the brakes. Like, there's. There's two exploits, and all of a sudden we're, like, turning the cruise ship around because, like, mobile phones are now targeted. Like, I would. I would. I would push back on that statement. I would just say, like, okay, this is interesting that mobile phones are becoming more part of the attack surface. But number one, you should already be thinking of mobile devices as part of your kind of endpoint ecosystem and. And protecting those things that is using mobile device management, user posture checking, using profiles on those devices to ensure, you know, they meet minimum requirements and such before connecting to sensitive devices. Yeah. So, I mean, I don't know, like, here's my thing. Like here's my thing. And someone, if you, if you want to fight me on this one, we can fight. Okay. I would argue that the browser is materially increased in Attack Surface and Cyber attack focus because the browser is where most people are using. Browsers are what most people are using to interface with the Internet and do work. Right? Like everything's a SaaS app now. And how do you access that through the browser. And if you have a, an app on your phone, chance, like not all instances are like this, but a lot of times it's, the app is just a wrapper for a browser interface. Right. It's just API calls and stuff like that. So I, I, I'm not ready to like throw away my information security program and re rewind it. Yes. FedEx points out that the Striker attack, Striker Medical, the Iranians did use MDM to wipe out, you know, using the admin wipe feature to wipe all those endpoints. For sure. For sure. But I would say to FedEx this report and this attack is targeting the mobile device specifically. The Stryker Medical attack targeted the management console for centrally managing all endpoints through mdm. Right. So that wasn't really an attack on mobile devices specifically, but I mean, whatever, it's worth noting since it just happened. Yeah. Dude, this is horrible, right? Ukrainians getting infected. I don't even know what the exploit does. Chances are they can read your text, disable your phone, wipe your phone, whatever, dump your contact list. All I would say is, and I, and I mean this in the nicest way. I know this is having real life impacts on people, you know, sometimes resulting in being unalived because you're, how, how could this turn into someone being unalived? Let me explain. Your phone is beaconing where you are right now, right? Like everybody turn on location, turn on location. If I infect your phone with a location and it starts beaconing where you are, I can send a missile there. Okay. Like just to be blunt, and this has happened. Okay. That's not like I came up with that on my own. So this has real world implications. What I would say is this is an example of why I love cyber security as a discipline. I'm a lifelong learner. I love intellectual stimulation and like the, the, the, the, the, the, the playing field is constantly changing, adapting, moving. And this is just another adaptation that's really interesting and worth talking about and protecting from.

B

Dismantled after malware discovery, Okta Threat Intelligence uncovered and helped dismantle ShieldGuard, a crypto scam posing as a browser extension that claimed to protect wallets, but instead harvested sensitive data from platforms like Coinbase and Binance. The malware could capture wallet data, browsing activity, and execute remote code via command and control servers. Researchers linked the campaign to a broader network and worked with partners to remove the extension, shut down infrastructure, and cut off attacker access. North.

A

All right, so Okta. I didn't, I didn't. Oh my God. Fortunately, I've got some like bonus water from yesterday. There's probably dust floating in it. All right, so I didn't realize Okta had a threat intelligence arm, but way to go, Okta. They identified a malicious browser extension. And this is so funny. If you like airdropped it to a friend, meaning like you know, within your personal area network. Yes, exactly. FedEx. Charles Finfrox, a crypto evangelist. He loves it. He loves it. He loves it. If you could airdrop someone, they would give you like a token or some type of crypto piece. Justin Gold, by the way, in chat is our resident crypto crypto, bro. That's so funny. So this malicious extension use social engineering to get people to install it. It was designed, it was marketed as being able to detect suspicious transactions before the user approved them, which is hilarious. Dude, I'm telling you, some of the best malware out there hides in plain sight. Right? Like, or social engineering attacks. Right. Criminal calls you and they're like, hey, someone's trying to break into your account. Like fails to mention it's them. Hey, someone's trying to break into your account. I need to confirm your information. Like give me your password and I to send you a six digit pin and then you roll in. Right. All right, so this malicious browser extension would harvest wallet addresses. Sure. Execute remote code via C2. Right. So this is a full featured thing. They said that they intercepted it. I, I would assume that some victims were impacted by this. Right. Because the way that they, the way that they kind of position this is that they got in front of it before bad happened. But in reality this was happening. Octa threat intelligence discovered it and went through the proper channels to get the extension removed from the Google store to hopefully let people know that they were infected and that they should remove this extension. Very, very cool. I guess. How did they discover it? That's really, that's really the question I have. Of course it doesn't friggin say it in the story. Awesome story, guys. Great reporting here. Okay, hold on. There's an advisory from Okta. Let's see again, like, to me, this is an interesting cyber story. Academically only like, but I, my, my users that I protect aren't using crypto. If you use crypto, there's like inherent risk that you're taking on. Anyways, Diane Watson, welcome to the party. Welcome to the party. I love it. Thanks, Diane Watson, for checking out the show. All right, so the shield guard got onto the look. All right, so look at this. I mean this is, look at this web page. So if you're listening on audio only, we're looking at the landing page for this malicious extension. And I'm telling you, this is not a seedy, underbelly dodgy looking website or anything. This looks like legit. This looks very real. Which further conveys like how, how effective these threat actors are. Honestly guys, I gotta tell you, using. Hold on, we got another one. Nikiva at Nikiva. Welcome to the party. Nikiva, let me just tell you this and then I'll move on. Number one, super pumped that this Chrome extension has been dismantled, okay? And that the, these criminals are not going to rob any victims. Number two, Claude code, for example, like I have personal experience using Claude code and, and having it write landing pages, which, which if you don't know the terminology, if you've ever like gone to a, a product web page, like, oh, hey, check this out. Like, like someone says something on social media like, oh, cool, cool extension, cool app, cool thing, come check it out. And you like click on something and you go to a page that has the information where you can sign up or download it. That's called a landing page. All right? I have used Claude code to like basically pump out landing pages. I was doing it like as a student in a workshop, so it wasn't like I was using it, but dude, it was pushing very, very great looking landing pages. So threat actors can develop these very real looking, professional landing pages in a few minutes, honestly. So you can't rely on like kind of the integrity or the quality or the professionalism of these landing pages now because threat actors don't have to invest a lot of time or effort into making it look real. So this one right here, this was hosting malware. And yeah, I mean, look at this. I mean it's got, the whole website's quite, quite thick. They had a very professional looking Twitter page. This, for all intents and purposes, this looked like a very real product. And you just got to be careful, guys. This is why I say it's tough to educate your end users on this one because a lot of people just click, click, click. I'm going to give you a tip that goes beyond crypto extensions or whatever. Really, you should be very judicial about selecting browser extensions to install. As I just mentioned a few minutes ago. Nikiva, if you're just joining us, maybe you missed it, but the browser is a massive attack. Surface and threat actors know it. So they are focusing on getting the attacking the browser and these Chrome extensions is a quite a popular way. Now legrat just said a professional Twitter page. What are you talking about? I mean look at this, look at this. On stream legrot twitter account blue check mark 15 days left join phase one like it's you know, a quality landing page announcement soon. Great colors. Like I'm not saying it's a professional Twitter page. I'm saying like the posts themselves. This to me, if you look at this, you're like that's a business, that's a tech startup, that's legit. That's not you know, North Korea or you know, Eastern European threat actor. Right? They're putting some time and energy into the, the, the facade of it, but the reality is AI lets you vibe code these things super easily. Yeah, no problem.

B

Legrat fake IT worker army rakes in 500 million per year Researchers at IBM X Force and Flare Research report that North Korea runs.

A

All right, a really quick guy named 303 says how does one verify browser extensions or something like this? It's very difficult to guy name 303 number one, only get them directly from the Google Chrome, you know, store like extension store and even that's not going to work out for you all the time because this, that malware was in the store. But don't download or you know, a lot of threat actors will just have like a pop up saying that you need to install this extension to use the thing on the web page. But that's a, that's a social engineering attack to infect you. I mean dude, just, just run lean, review the extensions you have. There's no, there's no silver bullet network

B

of up to 100,000 fake IT workers across more than 40 countries, generating roughly $500 million per year for the regime. The operation uses recruiters, facilitators and western collaborators to place workers and remote tech jobs under stolen or fake identities. The researchers say these workers infiltrate companies, earn high salaries and can access sensitive systems, highlighting a large scale revenue and espionage pipeline tied to North Korea.

A

Jesus. Okay, so first of all this is pretty cool because this story is Flare and X Force, which is also like literally flare's one of the show's Sponsors. And that's the, you know, the asset that they asked me to tell you about today. It's being covered in the news. So, like, further in reinforcing that, this is super dope right now. If you go to the pinned comment in YouTube chat, this is actually a link directly to that report. I'd also ask that you use the. I asked that you use the link that I pinned simply because like every time you click it, it like increments a little tally counter which tells flare that people are using the link. It happens. It helps support the channel. So if you like the channel and you want to support it, that's a way to do it. All right, guys, we knew that the North Korean fake IT worker was legit, right? But dude, half a billion dollars a year, Great cash, homie. My goodness. Dude, who knew? Like, this is, to me, this is eye opening. I. I really did not know that it was this level of success. They have built this thing out quite intensely. They have like recruiters, you know, they're using deep fakes to get jobs. And it just goes to show too, like if you suspect you're interviewing someone and you suspect that they're North Korean deep fake or whatever, and you're like, hey, put your hand here or whatever, and they won't do it. They just hang up and get on another job interview. Like, it really is wild that they're able to achieve this. A hundred thousand strong. One thing that really sucks about this, I want to point out two things. One, that's a hundred thousand. You know, again, I don't know if this is in the United States exclusively, but for the sake of this argument, let's say United States exclusively. This is wild that there's a hundred thousand Americans, right? Hold on one second. Okay, okay, okay. So there's a hundred thousand Americans who don't have a job, right? So if you're currently, you know, looking for work, if you're currently in between jobs, you know, because you got rift or laid off on a Friday or something, dude, they're taking our jobs. You know what I mean? Good God. Also, half a million dollars. I mean, that's like, you know, unfortunately, that's half a million dollars of business that businesses are doing with a company that is sanctioned to the roof on not doing work with. So very wild. Again, go to Simply Cyber IO Flair to get this report. I'm going to read it on the, on the airplane. As I mentioned earlier, again, not only are they making money for North Korea's regime, but they're also Got insider access to threat to information and intelligence. Right. You hire North Korean and they're working, they are doing some work there but they can also just download sensitive information that could be disruptive. James Quiggin 35, 000ft just recorded a podcast yesterday. Yeah. Nikiv is trying to get back into IT cyber and saying no wonder entry levels obfuscated. Absolutely. I don't know man. Half a million dollars, really quick. I do want to say shout out to DJ B sec DJ B Sec. Making the stories available to us today. Can't do it without him. He's absolutely mission critical to the team. Again, if, if anyone else is going to read this report, let me know. I would love to discuss it with you afterwards. Appointment reading on Sunday for me.

B

Official says no uptick in cyber threats Cybersecurity and Infrastructure Security Agency Acting Director Nick Anderson said the US has not seen an increase in Iranian cyber activity despite recent military strikes. Describing the threat landscape as steady while warning other actors remain active. Anderson added the agency is prioritizing faster vulnerability response timelines and monitoring AI driven attacks while continuing to work with Stryker following a cyber attack linked to the Iran Associated Group Hondala.

A

Okay, so check this out. Look at this. Dude. This was on yesterday's news. Okay. Cybertext spiked 245% in the last two weeks. Also in today's news, CESA says no uptick in cyber threats. What are we doing here? Okay, first of all, this is more of a meta lesson learned. But it's, it's important to get information from multiple sources, not just one feed, okay? Because things like this happen, okay? And guess what? And I hate to, I hate to dunk on anyone, I know no one here would fall prey to this, but like, there's a lot of people who just don't think for themselves. They're just fed information and they're like, like parroted back. Okay? There's a lot of people who do not think for themselves in 2026. It's wild to me, okay? This is one of those ones where here's an opportunity to think for yourself. One report says it's almost 300% increase. Here's another one that says it's, it's, it's, you know, basically not a thing. So you tell me, all right, let's say top US Cyber says not an increase in threats. This could, I mean, God, I don't want to get into disinformation, misinformation, which is a dimension of cyber security that we have to be mindful of from a Social engineering and cyber terrorism perspective. But this is kind of catches me off guard. Let's take a look at this really quickly. Here's, here's my thought process on this one. Okay. Where is this information coming from? Security researchers with akamai saw a 245% increase in critical business and institutions across North America, Europe and Asia. Now, Akamai, if you didn't know, Akamai is heavily distributed across the Internet that you don't really see them on the front end. But Akamai is all up in the Internet. So guess what? Their intelligence is founded on what is actually happening. So right away, I give the nod to this report's validity. Now let's see where the cease is getting their information from. We've not seen a rise in threat activity, which is fantastic. We can't take our eyes off of it. Okay. Cisa, continue to work with medical manufacturer Striker. Okay. Cesar's working to shorten the timeline. Okay. All right, so here's what I would say about this. Unfortunately. I don't believe this. I don't believe this. I love cisa, okay? I think CISA is great for America. I think it's great for the cybersecurity industry at large. I, I don't know what they're looking at to come to this conclusion. Okay. I don't know what they're looking at. But the final thing I'll say, for better or worse, is you can use this report to help bolster your information security program. You can use this report to help get budget. By using fear, uncertainty and doubt. Okay, But I, I, I just don't know what to say about this. This news story right here.

B

Huge thanks to our sponsor, Adaptive Security. This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI powered social engineering. Picture a new hire who interviews well. Except they're synthetic AI, video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality. The attack surface is trust itself. Adaptive fights back with realistic deep fake simulations and training that actually sticks. Learn more@adaptivesecurity.com yeah, I would agree.

A

Also, DJ B Sec mentioning in the chat that, like, Sisa is like, actively helping Stryker Medical, which suffered a massive cyber attack directly from Iran. It's like the house is on fire and they're like, like not even. They, like, the house is on fire right behind them. And they're just like, No, I don't know what they're doing. All right, so check it out really quick. I want to say shout. Before I play the music and blow out the copyright, I do want to say shout out. And thanks to the stream sponsors, Threat Locker, Anti Siphon, and Flare. Bringing the heat. As always, links in the description below. If you want to support the channel, go check them out. Like I said, that North Korean report from Flare is pretty dope. Yep. So there it is. All right, Dan, we're gonna figure out a way to do this. All right, guys. Hey, I want to say shout out to all the first timers. We got Nikiva Corporate Kevin. I hope you guys are enjoying the crap out of the show. I'm certainly enjoying being up here and spitting into the microphone. You know, the five greatest rappers of all time are. Dylan, Dylan, Dylan. Dialogue. I spit hot fire, man. Every single day of the week has a special segment. And Thursdays, my good friend and absolute talent, Dan Reardon makes a custom meme for us in what's your meme Thursday? I don't censor these ones, as you're about to find out. All right, here we go. Here, let me. Let me pause the music. So when. Oh, my God. So when Replay Team Replay watches this, they get it in all of its glory. So some of you may. Some of you like to get Come on it. Career questions. Some of you like to guess what the meme of the week was. He did pull something from this week's show. So for you first timers, Nikiva Corporate Kevin, it Career questions, you do not know. But we talked about tattoos earlier this week, and it was revealed in. No, no, no short terms about my tattoos. I have two tattoos. Both of them are on my back. One is on my upper back. One is on my lower back. All right, so I give you your. I give you your. Dan Reardon's meme of the week. I can't believe it. Ladies and gentlemen, the meme of the week. Oh, my God. Okay, here we go. There we go. Yes. Yes. I do have a tribal tattoo across my lower back waistline. It goes. You know, it's there. It's a thing. And I will say Dan was very kind to have the. The heart with my wife's name on it. This is not what my upper back tattoo looks like. My upper back tattoo is actually in the middle, and it's a. It's a wolf. It's a. It's a Pacific Northwest, Indian, Native American insp. Like a graphic tattoo. I will show you in San Francisco if you'd like to see it. In fact, I'll probably just show you on the stream if you want to see it. Here we go. Here we go. Want to see the tat? Want to see the ink? There we go. I'll drop it in chat. So, Dan, thank you very much as always. I don't censor this. Dan, you are. I, I, I, I owe you one, Dan. I do owe you one. We'll have to figure out how to do it. All right, let's get the la la. All right, here we go. All right, while the la la's going, I will show my lower back tattoo. You guys are the best. I can't, I can't really. I can't get up there. Here, I'll try to do it before the end of the show. Go. La la la la sa. All right, let's finish strong, everybody. We got work to do.

B

How SaaS apps enable massive breaches. A new report from Grip Security finds Shadow AI embedded in software as a service apps is driving a surge in breaches with a 490% increase in attacks and 80% involving sensitive data. Researchers say stolen oauth tokens can let attackers exploit AI agents to access connected systems and trigger cascading compromises across organizations. The report points to the 2025 SalesLoft drift breach which impacted more than 700 companies. As a model for how a single SaaS compromise can spread widely. The company warned 2026 could see even larger incidents without better visibility and control over AI enabled apps.

A

US, look at this stat, man. Grip Security looked at 23, 000 SaaS apps. Okay, again, I told you guys, the browser is where the attacks are happening now. Like that story earlier about mobile phones and an increased threat. Yeah, sure, like, cool story, bro. Like for me, If I have $1 to apply to cyber security, it's going to the browser. They, they analyze 23, 000 companies, a hundred percent of them, every single one, which is wild. 100% of them had some embedded AI in it. So you know that joke about the sticker saying now with AI, it's not a joke, it's legit. 100 thou, 100% of these mother truckers are all using AI. Okay? And honestly, the problem is they're saying that a lot of businesses, I mean, a lot of users of these products might not even know the AI is there. It's not accounted for. It's very easy to get the AI. Shall we play a game? It's very easy to deploy the AI and just like all of a sudden it's a new feature. And you, you reviewed it originally, right? So if we do third party risk and vendor management and stuff like that. You as a GRC person, maybe you did review this platform when you purchased it or when you signed up for it, but then they're constantly adding value, constantly adding functions. You're not going to re evaluate these platforms. There's just too many of them that businesses use and this is what's causing a problem. Now I do want to say identity is the new perimeter. I, I would agree that this is fairly accurate. Identity is the new perimeter. You got to be careful with oath tokens and session tokens. MFA should be enabled conditional access, all the things. And it's going to get even crazier when we start doing non human identities and giving agentic AI, you know a friggin speed pass or a fast lane pass to get, to get going. What I will tell you is I actually this is like wildly coincidental. There's a company called island that I, I checked out and I've been messing with and I'm actually going to do some work with them. Like their whole thing. Not their whole thing but one of the things they do is provide essentially visibility into AI usage in your corporate environment. It's actually a pretty slick product. But, but anyways. Hello, I'm, I'm boring. Okay. Hello, I'm, I'm actually, I would like to point out that the number one control like AI is hot. Oh it's so hot. AI that Hansel's so hot right now, my guy. Can I just tell you the boring stuff is what's up NIST CSF function 1 identify control objective 1 asset inventory. Hello. Asset inventory has been a mainstay critical control since the dawn of time. If you don't know what you freaking have, you can't protect secure detective. Something bad is happening with it. You can't. Shadow AI is the new shadow it. It's the same thing. We still have the same problem. Just because AI is cool and it can do things right, just because of that doesn't mean it's a new problem. You need visibility. That's step one. If anything the visibility problem is even more important because these, these apps are getting deployed at like freaking innovation speed, not business speed. So I'm not surprised about this. If you're not doing something about shadow AI, you are in trouble, my guy. Okay. And I'm telling you I, I, I would imagine a lot of businesses are going to be coming out with like AI visibility, right? There's definitely going to be a move in the market. I mean Island's Doing it. Like I said, I saw their product. It looks great. But this is a real problem that needs to be solved. And I'm not just talking about you installing Claude code on your workstation. I'm talking about anything Gemini in the browser, chat, GPT installed, fat client, you know, just anything. Like the visibility. Here's my thing. The visibility is important, and I want to point this out really quickly. Look at this, okay? Stealing this from James, the quiggin at 35,000ft. Like, this is just the Gen AI cyber security market. Not. Not the market around like productivity or utility. This is just the cyberspace, okay? Look at all these businesses, tons of them there. There. People are using AI all over the place. So my, my entire point of sharing this is you can't just be like, oh, we block Claude and Gemini. Ah, we are very good at our jobs. It's like, no, dude, there's like thousands, thousands of AI products out there. You don't know about many of them. Okay?

B

Intelligence chief grilled on absence of election threats. US Intelligence chief Tulsi Gabbard defended leaving foreign election threats out of this year's global threat assessment and explained her presence at the FBI raid on Georgia's 2020 election office. Gabbard says the omission reflects threat prioritization, not absence of risk. Lawmakers raised concerns about foreign influence, citing prior Iran, Russia and China operations and about Gabbard observing the FBI action at the President's request.

A

What? I thought that Tulsi Gabbard was being grilled about intelligence on Iran, like, not being a real threat. I guess we're doing election stuff still, the Georgia election. This show is apolitical. It is not designed to get into the. It's. We stay focused on cyber security up in this piece. Election security does fall under sisa. There is, you know, voting village at defcon. So, like, there is overlap with our community. The fact that we're still the. Talking about the election from six years ago gives me a popsicle headache. Yeah, I. I don't know why. I mean, here's the thing. Foreign threat actors have meddled with elections for years. Remember Russia breaking into the DNC's. The, like the head of the DNC's email and Hillary servers, you know, you, like, they've been doing this for a while. Sand worm is. Was involved. So, like, I don't know why foreign threats would not be part of the. The assessment on election security. Honestly, I don't see how this is a news story for us to go over today. Like, this is not to me, this isn't really cyber security related. So I'm going to go ahead and do the MTV dating game show Next.

B

Next beats 99% of humans in hacking competitions. Israeli startup Tenzai tested an AI hacker and six elite capture the flag competitions, saying that it outperformed 99% of 125,000 human participants. Using models from OpenAI and Anthropic, the AI was good at exploiting software vulnerabilities and manipulating AI apps. CEO Pavel Gurvich warns that such capabilities are spreading beyond governments, raising risks and regulatory questions. Amazon.

A

Yeah. Okay. So this should come as no surprise to anyone. AI is. Shall we play a game? All right, here's the thing. We're all aware that AI is very good, right? Very effective. You can train it on these things. This company, it's a startup, it can hack. Now you might be like, what's the big deal? What's the value in hacking cyber games? It's not. Think of the cyber games as just a test bed to demonstrate capability. You can use this to pen test your website. Right? So this is one of those examples where this could disrupt the industry, where I don't know, someone who co owns a pen testing company like myself, Kairosec. You know, if you're trying to sell a $15,000 pen test to a company and they're like, well, yeah, we should, but you know, this thing's, you know, 99 effective and it costs 200 bucks a month. So we can do this every day for $2,400 a year. I'm going to go ahead and choose that option. This is an example of it disrupting industry. Now, of course I will say that humans, especially pen testers, can do very nuanced, very, you know, novel attacks. Right? So this is, this is probably taking on more of the, the more mainstream, you know, blocking and tackling type attacks. Not thinking innovatively I would assume, but that's what you got to look forward to, unfortunately. I hope our. I hope global leadership has a plan for like Universal basic Income. Again, I'm sorry, I, I have very dark thoughts about AI in the future, which I try not to have overflow and seep into this community since we're all super positive. But yeah, so this, this group crushed a ctf, by the way. I just really quickly. How fun is that? Not right. CTFs are fun. CTFs are a great opportunity to network and share knowledge and challenge yourself. And having AI just steamroll you is not. Doesn't feel good. Right? It's like playing a stacks at Bracket four at Deadwood Wild West Hack and Fest, and someone's just got, like, a goblin deck, and you're straight up just ruining their life. So, anyways, I do want. I do want to say one thing really quickly. If you don't know what a CTF is and you want to learn. Hold on it. Career questions. This guy right here, Zach Hill, who's live in chat right now, 293,000 subs on his channel. He actually. Where is it? Here we go. He recently did a video on ctfs. So I want you to think. So if you want to know what the heck a CTF is and why it's valuable, Zach Hill's got your back. Let's look. How about this guy you want to talk about? Not all heroes wear capes. Check this out. And the only reason I'm. The only reason I'm sharing this is because ctfs, despite the fact that AI can steamroll you, ctfs are a awesome, awesome, awesome networking, relationship building opportunity. And the problem is a lot of people are intimidated by CTFs, okay? They're like, oh, I'm not good enough. I won't get one. I'll be exposed for getting zero points. No. I would challenge you to step into being slightly uncomfortable and taking on a ctf. Usually there's like a CTF group chat on the server and you can meet other people. Organizers will give you hints if you're struggling. It's fun. It's fun. It's like. It's like doing the crossword puzzle or something. And it's great for networking, okay? So don't sleep on that.

B

Says Cisco firewall flaw abused weeks before disclosure. Ransomware group Interlock exploited a critical zero day in Cisco Secure Firewall Management Center 36 days before Cisco patched it on March 4th. That's according to Amazon CISO CJ Moses. The flaw let unauthenticated remote attackers execute Java code as root. Interlock's toolkit collects detailed Windows and browser data, uses custom rats and Java implants for persistence, and deploys legitimate software like ConnectWise to evade detection. The group has hit hospitals and municipal targets using multiple redundant access methods to maintain control and pressure victims for ransom. Yeah, we know.

A

But don't worry. Don't worry because, you know, federal officials say there's no uptick in cyber threats. Okay, so Cisco, max security flaw. I mean, this was a unauthenticated remote code execution over a enterprise grade networking device that's supposed to provide security capabilities. Two things. One, oh, you got a Patchett. Okay, Yeah. A guy named 303. Don't have imposter syndrome around it. Just sign up, lean into it. I will tell you also a lot of ctf, the first challenge is designed to be like easy, right? So everybody kind of gets a feel for how, how it works and everything. Yeah. If you're running Cisco Secure firewall management center software, you, you've already patched this. If you have not out of control, you should absolutely do this. The Amazon boss is saying, hey listen, this was getting exploited before we even discovered it. Tldr, if I were you, if I were you, right, you probably already got hit by this because interlock ransomware was hitting this. Ransomware threat actors are going to exploit and then immediately exile and then let you know as a victim that they have your data. That's how ransomware threat actors get paid. There's no, they're not cyber, you know, they're not Chinese based threat actor doing espionage, laying in weight in the environment. They, they punch you in the mouth, they steal your data and then they tell you they'll sell it back to you. Okay, so chances are if you had this and you have not gotten punched in the mouth yet, you probably were not impacted by this. However, as a best practice, since there was a exposure window of a couple weeks where active exploitation was going on, but patches were not available, it is a best practice and one that you should consider to look up the indicators of compromise, the artifacts that would suggest that you were exploited, and go threat hunting in your environment to see if those indicators of compromise exist. Especially since like this was a few weeks ago. So depending on how far back your logs go, your sim may not even be able to see it if you wait too long. All right, so by the way, a lot of people who don't aren't familiar with like sims and socks or they're new to industry, might just think that there's like infinite logs so you can always go back and look. That's not the case. Logs take up space. Space costs money. And you know, like basically there's a rolling timeline where you just delete old logs. I mean you can write logs to write them off to like cold storage or something, but like that's not really how it works. A lot of times like you just have like 90 days of visibility, for example. In fact, that's how Splunk charges so much. It's not about the technology, it's about the data storage and the data query capability. So anyways, go look for the IOCs. Other than that, just be aware, you know, Even, even high end product like Cisco does have challenges. I'll be doing a lot of work with Cisco at RSA too. So I'm, I'm quite, quite well informed on them right now. All right, yo, that is going to do it for today's show, Paula. All right. All right, guys. I hope you had a great experience today. I, I certainly did. I appreciate it. I gotta go teach at the Citadel. By the way, for you first timers, corporate Kevin Navita or Navima, I hope you enjoyed the show and I hope you come back tomorrow. Welcome to the party, pal. Just as a, a reminder, this happened very, this happened this morning, like last minute kind of thing. On Thursday afternoons we have Simply Cyber Firesides. Unfortunately, our guest Sabrina, who is going to be talking about AI governance career, she actually had a personal conflict that presented itself last minute. So we are going to have to cancel today's fireside. So don't sweat that. The Fireside is not happening today, but we will be back as always on Thursday afternoons for a great show. No jawjacking today. I want to let everybody know I am working on a plan. I've kind of teased it out. Eric Taylor mentioned it a couple Tuesdays ago. Starting in April, we're gonna have a whole new format around jawjacking. I'm going to standardize jawjacking a bit more. It's a little too free freestyle right now and I want it to be more standardized. So we're going to be doing that. Stay tuned for that. I'll handle everything. You guys just can consume it. I'm Jerry from Simply Cyber. Be well everybody. Have a great day. And until next time, stay secure.