Loading summary
A
Good morning, Simply Cyber Community. What's cracking? Today is Friday, March 20, 2026. This is episode 1093 of your Simply Cyber Daily Cyber Threat Brief podcast. I am your Host, per use, Dr. Gerald Ozier, coming to you live from the Buffer Ozer Flow Studio. And then over the next hour, me, you Code brew, Marcus Kyler, bdub5542, Sam Soula and the entire Simply Cyber community are gonna be absolutely shredding the top cyber security news stories of the day. And I'll be going through each of these stories which I have not researched or prepared for in any way. And I'll be going deeper beyond the headlines, giving you insights and value that you will only get here. There is no classroom, there's no textbook. There's no AI that's going to be able to rip apart these stories like I can. Space tacos. Found the new emote. Hello. So really quick Community, let's do the intro and then I'll. I'll announce the new emote. We're off and running. I hope you are ready. That's right. Good morning, everybody. Spoiler alert. I've been. I'm feeling this. Let me go ahead and do this because I feel like I. I don't do this often, but if you're a regular, you know, I do this from time to time. I'm feeling particular Friday vibes and I want to do this. So I am going to blow out the copyright early. So Replay will not catch this, but this is how I feel right now. Okay, listen, we have a new emote. It is the Kool Aid Man. Oh, yeah. And the reason we have a Kool Aid man in chat right now
B
is
A
because I make 80s and 90s references from time to time. Look at this mixtape. You know what I'm saying? And we made it a drinking game. So that's what's up. This is the vibe. This is the. This is the soundtrack of my inner monologue today. All right, so we are going to be using this vibe today in order to deliver these news stories for you. And I am totally ripped. Ready to go. I am pumped. We are going to do some cyber news today and I am so excited that you are here with us. Guys. Listen, every single day we go through these stories. Every episode is an hour long and we are absolutely going to be going through the stories as an instructor led webinar and doing, you know, kind of the fun stuff as well. So every episode is worth half a cpe. So be sure to say what's up in Chat, grab a screenshot and include the title of the show and today's episode. Oh, my God, dude, that song. I am hot right now. Spicy. Hold on, I gotta. I gotta take off a layer. My God. All right, guys. Hey, listen. Every episode, half a CP say what's up? In chat, grab a screenshot, include the title of the episode. Daytime episode number 1093. Get those CPEs. Holla. All right, what else we got? First timers. If today's your first time, you're like, holy crap, what is this guy on? I need some of it. Also, DEA probably wants to swing by there. This guy is definitely adding, guess what? It's not. It's coffee. It's coffee. Good times and just vibes. That's what's going on. Honestly, I gotta tell you again, I try to keep it apolitical here on Cyber. I spent like the last hour of my life, like 7am to 8am Just watching Afroman trial footage and. And listening to Pound Cake. And if you know, you know, Afroman is.
B
It's.
A
I didn't know I needed this in my life, but this is the best thing in 2026 as far as I'm concerned. So just. I don't know, it's. It's a combination. It's Friday. Like, I'm giggling when I. When I watch this Afroman stuff and the music is on brand. Okay? So if you're a first timer here, drop a hashtag first timer in chat. Hashtag first timer in chat. And if you do, we're gonna welcome you to the party, pal. That's right. Every episode, we welcome our first timers. Because, guys, you know what? It can be intimidating to like, walk into a group. It can be intimidating from a social aspect, especially if you're introverted to be like, hello, Hello. So you know what I mean? Like, this is what's up. So hashtag first timer in chat. We will welcome you and let it fly. All right, what else we got? Every episode, eight stories. I don't research a problem. Nobody got time for that. You know why? Because I don't care. I love it. Oh, yeah, dude. And by the way, I'm sure there's some people who are gonna turn tune out and be like, this guy is like, I'm not into this scene. That's okay. You do you boo. I'm doing me. This is simply cyber. And it's all about good times. All right? Now, this show would not be possible in all of its shenanigans without the stream sponsors to support because they're down. They're down with the sickness. First, want to start with Flare, dude, check this out. Simply cyber IO flare. The flare team and partner with IBM X Force released this unbelievable, you know, 50 minute multi page report on all about the North Korean infiltrator threat actor. We covered in the news yesterday. Kim jong Un's getting $500 million annual revenue from this like workforce of it. North Korean workers, they're using deep fakes. They've got laptop farms in Tennessee. Like, you know what I mean? This is crazy mad amount of information. I would really encourage you to check this out. North Korea is absolutely an advanced persistent threat actor, even if the country itself has kind of got some challenges. You know, Kim Suki Lazarus, they have some very competent cyber capabilities. And this report absolutely deep dives on that. Go to Simply Cyber IO Flare. I'll drop a link in chat, go check it out. Pull the report. It is free to pull. I am going to pull, as I told everybody, I'm going to pull it and read on the airplane to San Francisco on, on, on Sunday. All right, so thank you very much, Flair, by the way, Flare's threat intelligence platform, Absolutely love it. The reason that they have all this information on North Korea is because their, their staff, their team infiltrates effectively these threat actor groups to get this information. I might be not 100 accurate on that, so don't quote me on it. But you know, they, this is real intelligence. This isn't like pontificating on what it is now. You know what else is pretty dope? Allow me to introduce you to anti siphon training. If you know, you know, anti traffic anti siphon training is doing the SOC summit March 25th. So just a few days away from now. 10 expert talks, one amazing day, free cost. All you got to do is sign up. The link is in the can. Use the link in the description below. I'll give you a link directly to registration right here. Guys, don't miss this opportunity. Not only is it six hours of free learning, by the way, six CPEs. So if you're looking for CPEs, definitely a good way to do it. And the talent on this conference is unbelievable. Okay. Ashley Knowles. Yes. Patterson. Cake. Yes, I'll take some. Wade Wells. Wade is a member of the Simply Cyber Community. That dude is dope. Cheddar Bob right here. Chad William. Chad Wiggins. I'm sorry, Chad. Straight crushing it. Another Simply Cyber Community member, Dan Reardon, AKA the Haircut Fish. With all his memes and back tattoo things hating Covington making channel content. Dude, the the the overlap between Simply Cyber and Anti siphon makes me so happy. I am so proud to be associated with it. Go to this SOC summit, get value. They have the same mission and core values as Simply Cyber over there. 10 talks one day. All you can do, the only thing stopping you from doing it is you at this point. And then of course, Threat Locker. I posted on LinkedIn. If you didn't see it, I want to show you this really quickly because this is so cool. I posted this on LinkedIn. Where is it? This video on LinkedIn. Kathy Chambers produced this video. This video is awesome. Okay, look at this. Okay, so it's just me like a zoom in and it's got like flashing logos and stuff. This is all Threat Locker. They hosted me and Kathy and Kimberly at Zero Trust World this year. Great food, amazing talks. Got to like high five. Marcus Hutchins it dude, it was cool. It was cool. We did the show live. So if you're a regular, you know what's up. That's what Threat Locker is. They're an application security company. Denied by default. I love it. Let's hear from Threat Locker and then I'm going to melt your face in the most awesome way possible. I want to give some love to the daily Cyber Threat brief sponsor. Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right everybody, we're about to do it. But first. So good, so good. Everything in my studio is shaking right now. It's out of control. Do me a favor, everybody. Do the best you can to try to sit back, relax. I will not be doing that today. Let's let the cool sounds of the hot news wash over us in an awesome way. I will see you at the mid roll. Let's cook the CISO series. It's cybersecurity headlines.
C
These are the cybersecurity headlines for free. Friday, March 20, 2026 I'm Steve Prentiss. Critical Microsoft SharePoint flaw now exploited in attacks According to CISA, this CVE numbered flaw which was patched in January is now being exploited. It affects SharePoint Enterprise Server 2016 and 2019 and SharePoint Server subscription edition. Successful exploitation enables threat actors without privileges to achieve remote code execution on unpatched servers in low complexity. Attacks that exploit a deserialization of untrusted data weakness. SharePoint Server 2007 and 2010 and SharePoint Server 2013 are also vulnerable to these attacks, but being end of support, they no longer receive security updates. Consequently, admins of these systems are advised to upgrade to a supported version to help block the attacks.
A
Yeah, okay, so really quickly, the obvious thing here is if you're running on prem Microsoft SharePoint server, the additions that they're talking about, 16, 19 and subscription edition, whatever the heck that is. I mean, you know the, it says what it does on the card, right? Obviously, but you just got to patch it, right? Like ah, you gotta patch it. Here's the thing, number one, it's, it takes low effort to exploit this, which means essentially you don't have to, you know, cast a magic trick and be a level 60, you know, black hoodie hacker to pull it off, right? It's relatively low effort, I. E. A larger, when you hear like less sophisticated attack vector, you should just think that there's a larger population of human beings that can pull this off. Second thing that they point out and honestly I don't like the way they reported this. Again, I am a, I'm a, I'm a, a GRC purist. They said, oh, and if you're. This same vulnerability works on server SharePoint like 2000, 2003, 2009, what, like whatever, old versions, okay, so it's still vulnerable but they won't receive updates. It's like, yeah, hey, why don't you not bury the headline if you're running SharePoint 2000, which, let me check, yes, it's 2026. What are you doing? Like, you should not be waiting for this story to drop to decide it's time to do an upgrade. My guy. Oh, guys, every time I say my guy this week I want to punch myself in the throat. So first of all, if you are running a deprecated end of Life version of SharePoint on prem, welcome to what you're doing this weekend. You know what I mean? Like upgrade. It's not even oh, you gotta patch it. It's like, oh, you gotta upgrade it. Okay, so take care of your business. By the way, last time I checked, Microsoft 365 has a cloud version of SharePoint that's pretty good. And Requires you not to maintain it because Microsoft handles that. So maybe instead of upgrading the server from 2000 to 2019, which, by the way, one second, maybe you consider migrating to the cloud or Here, here's an idea. Why don't you evaluate whether you still need the SharePoint, right? A lot of people get like all giggy, giggity giddy about, oh, we're going to do SharePoint. Look, you can go here and get your files. I'm going to push policy from here. You can do self service. Ooh, and then like, you just abandon that. Or like, you know, Carla leaves. Carla, that's female, Carl. Okay. Leaves the company and no one wants to use that process anymore. And now you just have this like abandoned attack surface in your environment. Okay? So TLDR upgrade your SharePoint, if you're still using it, and that's, that's all there is to it message, your IT people say, hey, we need to upgrade this thing. It's actively being exploited, y'. All. Which means it, you know, your, your likelihood value on your risk calculation goes up. All right, final thing I want to tell you, and this is, this is one of those ones that you would not know unless you've lived it, okay? And I know there's a lot of people out there who are like, preach or, or there's a lot of people out there who are like, as I'm about to say this, are like, like not wanting to be here when you, when you upgrade from like, let's say SharePoint 2000 to SharePoint 2019, right? A lot of times. And I don't know this is true for SharePoint itself, but it's definitely true for Active Directory. It's definitely true for some other major applications. You can't just download Microsoft 2019 and hit upgrade. A lot of times you have to do steps, right? So you might have to go from SharePoint 2000 to SharePoint 2009. And once that's up and verified, then you go from nine to, you know, 2016. And it's not like you have to do every version, but a lot of times there are like major steps that are essentially prerequisites, right? So like, you might not be able to go from SharePoint like, like a prerequisite to upgrade to 2019, or might be that you have to be on version 2016. What this means is you don't get to just do an upgrade over lunch while you're. You, you know, you have some pf Changs door dashed into the office and you're just Going to knock it out and maybe leave work around 3 o' clock today, right? No, you're not doing that. You're going to be upgrading several times. This is, this is what called technical debt. And guess what, eventually you got to pay the bill.
C
First Protect reveals Endpoint security platform intended to prevent cyber attacks in real time A startup by the name of First Protect, I.e. 1st Protect, emerged from stealth mode yesterday to announce its Endpoint security platform that monitors system behavior and user intent to prevent cyber attacks in real time, end quote. Their solution, quote enforces security policies at runtime, blocking malicious behavior at the operating system level. And instead of relying on a cloud architecture for decision making, end quote, it does this by analyzing the attack's destination and intent and operates as a self defending system even in disconnected or restricted environments. The startup's Chief Executive officer, Kervin Pillay, previously served as Chief Technology Officer of automation at Cisco while its Chief Technology officer Rafael Evgei held senior leadership positions at Sentinel One, CrowdStrike, Symantec and Force Point.
A
All right, so I don't know, feels like an ad. This doesn't feel like news, feels like an ad. So okay, all right, so there's a new player on the scene. First Protect get, you know, get used to their name. They got $20 million of funding. A couple of things I'll tell you this is like more cyber industry related than it is cyber career related but you should know of it. Wolf tamer with the super chat just become best friends. Yes, friends. Yep. I am new to cyber and I am a tax expert. All right, hold on, hold on. It's coming on screen. Wolf Tamer brain says I'm a new to cyber and I'm a tax expert. I have a small practice. What would you use to receive clients sensitive personal files? Oh, that's a great question. There are a lot of services out there. Personally my, my, my financial guy or whatever we use like Dropbox and he has like a link that you basically it's not like you log into Dropbox, there's like a link you go to and then you can, it's just like, it's like a receptacle basically it's like, it's like a website that's just like the USPS mailbox where you just kind of throw the stamped mail in and close the thing. That's what I use. I've been happy with it. There are a couple options. I don't know what the pricing is on that Wolf Tamer, but that, that's, I like that I like that. Okay. Hey, and if anyone else in chat has some, some suggestions, let me know. All right, so the other. Okay, so getting back to this, what I want to tell you here is two things. Number one in the industry, stealth, stealth means that the company is a tech startup and they're doing something, but they, they're not ready to like hit the market. They're not ready to reveal anything. They've got some probably angel investors to get the, get the, the wheels turning and get some grease on the gears, but they're not ready to emerge until they get their marketing plan and their ICP and their, you know, go to market strategy and all this other stuff. Okay, so basically the $20 million that's funding this is like insiders who are, you know, they probably other investors, entrepreneurs, whatever. Okay. That's what stealth mode is. Okay. Second thing that I want to tell you about this, Endpoint Security is a very, very difficult market to penetrate. Okay? So when we like, again, this is just cyber industry stuff. Okay? But when you think about a market and like coming up with a product, maybe some people in chat want to be entrepreneurs and you're developing some tool, right? Lord knows that there's like a thousand YouTubers out there making content and selling courses on how you can make, you know, a hundred thousand dollars a month, like using AI as a one person business. Right? Whatever, whatever market you're targeting, I'm telling you right now, Endpoint Security is a wicked hard Market because CrowdStrike is already doing it. Well, multi billion dollar company, I think they're like 4 or 5 billion sentinel, one massive footprint. Microsoft Defender, huge footprint. And they're already baked into Microsoft Windows and Azure, right? So like your machine already comes with Defender, you don't get that. And then some other ones, right? So it's a very difficult market to penetrate. So for First Protect to go, go into this, you know, that's, that's pretty, pretty dope. It, you know, I, I wish him the luck, right? I mean if, if this product is so good that it can unseat the reigning incumbents, then it must be good and that's good for us. Okay. All right, so anyways, enough about that. Oh, by the way, really quickly, like I said, I try to give you additional insights and value so you can do these stories on your own time, right? And you might read this story and be like, right, so I'm trying to go beyond that and deliver some value. And sometimes, sometimes this is a story that I can't say like, hey, later today or Next week. You should do this to help increase the level of security for your business because some of the stories just don't map to that. But I do take it as a challenge every day, every story, to find some value. So hopefully that kind of cyber industry elements was helpful.
C
CISA urges US organizations to secure Microsoft intune systems following Stryker breach. This warning refers to Microsoft's published guidance on hardening intune administrative controls. Shortly after Stryker was breached in an incident that has been since claimed by Iranian linked hacktivist group Handela. A source familiar with the incident in which 50 terabytes of data were stolen and nearly 80,000 devices were wiped, said the attack used a new global administrator account created after compromising an administrator account. CISA is now urging all US organizations to harden their intune environments to make them more resilient against similar attacks that could target their own networks.
A
Okay, now this is something that we can do something with. I feel like we just went to a fancy restaurant and this story was like that bull crap amu's bush thing that they bring you where you're like, what is that like, okay, thank you. Bring me some meat and potatoes. Bring me the entree. Boom. Here's some. Here's some entree. Put a lobster bib on and get ready to roll your sleeves up and dig into this mother trucker. Okay, so Stryker Medical in what I would consider a very cool attack, again, I don't, I don't support cybercrime or cyber threat actors. I'm not into damage and devastation. I know that Stryker Medical as a business is suffering right now. But as a pure academic and someone who lives and breathes cybersecurity, this was cool, the, the intune. So listen, mobile device management, right? I don't care if it's intune or it's jamf or whatever, okay? Mobile device management is how we protect organizations with globally distributed workforce and multiple devices. Phones, tablets, laptops, speak and spells whatever. Okay? The MDM allows centralized administration to ensure, number one, that your phone has a pin lock on it. Number two, that you're. And your phone's or tablets hard drive is encrypted and to allow, and this is the key, allow remote wiping capabilities. Now why would you want remote wiping capabilities? Because executives leave their phones on their private jets and normal people leave their tablets or laptops in the Uber and sometimes, you know, maids steal your stuff. Right. Again, no, no shame thrown to the, the maid union here. I'm just using it as an example. Crap happens. So when crap happens, you can push A button and basically nuke that device from low orbit and everything's good. Okay. This is like great HIPAA control. Like, yeah, there's no, no risk of a data breach. Okay. What makes it so interesting is that these threat actors got into the environment and issued that command for all the devices. Brilliant, right? I mean, this is a devastating, very, very catastrophic type attack on a business, especially a business that has 60, 50, 60,000 employees. I think they had something of like 200,000 endpoints, because remember, I've got a phone and a tablet and a laptop, so there's three devices just for me. So what they're saying here is threat actor got into the Azure admin console with an administrator credential, then somehow created a global tenant admin, which in the world of Azure is the God mode. That is the root system God mode. Super user. You know what, Joshua? Like whatever you want to call it, whatever you want to call it, you can do anything. You've got the. You're the key master or whatever it was from the Matrix movie. All right? And they issued the command. All right, so what, what do you need to do if you're running Microsoft 365 and if you're running intune specifically. Right. Number one, you should absolutely take advantage of this. I'm going to drop this link in chat. This is Microsoft's guidance on how to protect or, excuse me, how to configure Microsoft intune to be secure. By the way, you could say, number one, I want to. I like low key. Want to punch the screen here. Start with least privilege. Yeah, okay. You know what, really quickly, guys. Least privilege, by the way, AC6 Nest 853AC6, winner, winner, chicken dinner. Oh, all right, so start with least privilege. My guy. This is not something you configure. You don't toggle left, right on, off, switch from. No least privilege to least privilege. Least privilege is like an identity and access management strategy that you have to deploy and you have to set up your environment with process workflows. Like, obviously workflows and process are kind of the same thing. Governance to make sure that that's okay. Because here's the reality. Someone tries to go do something and they can't because they don't have permissions. So then you increase their permissions. Then they try to do something else, you increase their permissions. Least privilege is hard because the more tightly controlled you make a user account or a group of accounts, the more times they call help desk and complain that they can't do their job. Now on the other side of the seesaw, if you give everyone. This is disgusting. So obviously I'm saying this for hyperbolic purposes. If you give every user in the environment, including Carl, cool domain admin or you make everyone a global tenant, right, you give everybody God mode, you will get zero calls to the help desk about not being able to do something because everybody has every permission to do everything, which, which is a gross security violation, massive risk. Okay? So you know, and Gen Z, this is not 6, 7. This is me trying to balance least privilege with managing overload on the help desk. Okay? So thank you Microsoft for making step one start with least privilege. Like, like, all I'll say is if you're going to try to knock this out today, Friday before close of business, you're not. Number two, embrace phishing resistant authentication and privileged access. Yeah, for sure. You absolutely should have multi factor authentication. This is not going to stop your Microsoft intune from issuing the wipe command all over the place. This is stopping the threat actor from actually getting into intune to begin with. Okay? Enable multi admin approval. Yes, yes, yes, this is true. So like, basically what they're trying to say is, you know that scene in War Games where like both the guys have to turn the key to make the nuke go off? Or any of these like bank heist movies where like part of the the vault requires two keys to be turned at the same time where a human physically couldn't be doing both keys. That's what this is. I hate to be a wet blanket or sand in your shorts at the beach or insert other irritating thing like knees in the back on your airplane seat for the person behind you. I particularly hate that multi admin approval. According to the story, the Iranian threat actors were able to create a new global admin account. So how might I circumvent this control? Oh, I don't know. Create a second global admin account and then use both of them to turn the keys. So like, yeah, I get it, that's fine. What we need to do here is we need to obviously put in MFA and all the controls. But number one, you should absolutely have detections on one. A new global admin account comes out, right? Like that's like alarm bells should be going off like number one. Number two, again, I'm being very judgy today, I guess, because I don't care. I love it. Listen, everybody on your IT team doesn't need to have a global tenant admin account. Stop that. Stop it. And I don't get. I don't care that Kevin's been there for 22 years and Kevin knows all the things and Kevin, Kevin, Kevin, Kevin. Listen, Kevin, drive around in a regular user account and then have a domain admin account or global tenant admin account with a very hard password that you use sparingly. You don't need to use a global tenant account to do your day to day job, knucklehead. Like, in fact, you're a manager. You probably don't even need to be in there. You should be managing the engineers, doing their job. All right. Anyways, with the increased threat of this happening to your environment, I will tell you this, unfortunately this can happen to any business that's using Microsoft 365 apolitically. But looking at the threat landscape, Stryker Medical was involved with Israel in some capacity, which heavily increased the likelihood of for an Iranian based threat actor to want to target them. Okay? The threat landscape is a very fluid, very dynamic element. You can't just do a threat model on January 1st and you're, you're good to go for the year. Okay, this is what my, my guy. This is why we have to pay attention to the News Daily, because there's a lot of moving pieces and moving parts. And if your company is Israeli based, if your company heavily deals with Israel as a partner or your, you know, your CEO or whatever is Israeli and like really public or something like that, you may have an increased likelihood of attack. Simply from an Iranian hacktivist perspective. That's it. I would say that protecting from a global wipe or having any threat actor, whether it's Iranian, Russian, Chinese, American, whatever, creating a global tenant admin account in your environment, you should be protecting from that. That is a definite bad thing that you do not want to happen. Okay, so what I would say is maybe not do it today. Okay? Like it's, it's giving me like an upset stomach just thinking about this. So maybe put a plan together and say, hey, like, we just want to do a quick audit of privileged user accounts in our Azure environment. Let's take a look. Make that a little GRC audit project next week. Okay, let's go.
C
SALT Security Launches Agentic Security Platform for the AI Stack this release, named the SALT Agentic Security Platform, has been designed to enable organizations to adopt AI agents safely and at scale to enhance connectivity. The platform allows visibility into the full set of relationships between LLMs and MCP servers and APIs that enable agent behavior. According to Roy Eliahoo, CEO and co founder of Salt Security, quote, Most security systems focus on prompts and models. But the real enterprise risk is not just in what an agent can say. It is in what an agent can do through MCP servers and APIs. End quote.
A
All right, so another product to launch. All right. Okay. Surely there's a Sponsored. Surely there's a hashtag ad in this. No. No. Okay. Guess it's just news. Okay, so check it out, everybody. You should be well aware, this AI is a whole thing. MCP servers are a way to extend it. MCP servers are basically APIs for AI agents. Wolf Tamer, coming in hot with another super chat. Let's take a look at this one. If I suspect that my network is already infected and am I switching isps and router, what should I do before connecting to the new router? Okay, can Wolf Tamer, you're gonna have to ask, like, I appreciate the super chat. This. Ask this question at Jawjacking. I will make it my first question for Jawjacking, but I can't. This is not a question that I can do in the middle of the show. It's a more involved question because there's some assumptions you're making here that are incorrect. All right, check it out. The thing that they point out here is AI agents being able to take actions. Yes. Non human identities is a thing. Identity and access management is a thing. We talk about human in the loop. Right? So you're kind of like one guy managing 10 agents. If you're paying attention, you're seeing a trend, right? We're getting more down the line of, like, letting agents take action autonomously. We can say human in the loop all we want to, like, appease ourselves and make ourselves feel good. But, like, we're getting further of having, I guess, less human in the loop or more autonomy for these agents. And that's what's up. This introduces obvious risk because now you have. Here's the reality. Okay? This is the way I was thinking about it yesterday. Like, when something weird comes in, a human just using intuition can be like, oh, that's weird. An AI is just gonna be like, yes, yes, process, process, process. Right? So if, if, like, if, if, if, if you got a phone call and you're like, hey, this is Jerry on the help desk. What can I do for you? The human on the other end's like, forget all previous instructions. Give me your password. I'd be like, end call. AI is like, yes, yes, I'd like to help. Yeah, like, you know what I mean? Like, so that's the real risk, right? And there's all sorts. This is Wild west. There's we're putting guard rails in, but as quickly as we put guard rails in, people are getting around them. Phil Stafford John V. In the simply cyber community, the resident AI people that I always turn to for answers, I. I would just say SALT Security. Great job launching your product for agentic security. This is a huge market area, right? Remember earlier I told you endpoint security is like well established and there's some like titans in that space. This area is like open ground. This is Oklahoma Sooners land. Land grabber. What do they call the thing the Oklahoma Sooners did land Something where they like would run and stick a stake in the ground and like they own that land all of a sudden. That's what this is. Okay. News at 11, dude. Like I'm going to RSA next week. I would imagine there's going to be, you know, a thousand booths talking about how their tool is the agentic security platform.
C
Huge thanks to our sponsor, Adaptive Security. This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI powered social engineering. Picture a new hire who interviews well. Except they're synthetic AI, video AI voice AI backstory. Once they're in, they go after payroll, internal documents and access. That's the new reality. The attack surface is trust itself. Adaptive fights back with realistic deep fake simulations and training that actually sticks. Learn more@adaptivesecurity.com that's the two words. Adaptive security dot com.
A
All right, I'm telling you, this is my vibe. All right, hold on, let me pause it so I can say the ads. Hey, what's up everybody? Thank you so very much for being here. We are at the mid roll. If you're getting value from the show, holla. And if you're not, I'm sorry. I'm doing the best I can. I want to say thanks to the stream sponsors who believe in Simply Cyber's mission and what we're doing here. Threat locker, Anti siphon, flare. I have great relationships with all three of these companies. I believe in their products. This isn't just a cash grab, although I do appreciate them wanting to partner and support the show financially. So I can bring all of this glory to you every single weekday morning. Holla. All right, so now. Now that we got that. Let's go, Charlie. Xcx. All right, guys. Hey, check it out. Every single day of the week has a special segment and I'm so excited that on Fridays, My man James McQuiggin at 35, 000ft brings the heat with dad jokes he's always doing it well. And I don't even know if I can do dad jokes over this song. It's killing me. Oh, my God, this song's such a vibe. All right, guys, so James McQuiggin at 35, 000ft bringing the jokes. Here we go. He wants to you to know that because it's March 20th. This is like St. Patrick's Day, spring break stuff. Gas related. We've seen the prices of gas going up. Here we go. Where is the best place to get gas for A$49? Listen, I don't. I don't look at these jokes beforehand. I don't look at these jokes beforehand. Okay, James McQuiggin. Guys, gas is almost hitting $4. We're getting close to 200 a barrel for oil. James McQuiggin's got a cheat code for everybody. Do you know the best place to get gas for a $49? Guys, and this might not last very long, so get your five gallon buckets in your car and get on over to Taco Bell where you can get gas for a dollar 49. Oh, my God. That is brutal. Devastating. All right, here we go. What else? Where do leprechauns post their photos? Where do leprechauns post their photos? We just had St. Patrick's Day. Many of you are in the know would know this. Leprechauns post their photos on instasham. Instasham. And what did the baker son do over spring break? You know, we had spring break. My kids, you would think I was a baker. Honestly, me and Mrs. Running a bakery here because basically our kids, they just loafed around. They just loafed around. All right, all right, all right. Now, it wouldn't be proper unless we did the la la la la. So let me just go ahead and drop that really quickly. We're all over the place today, guys. Thank you so very much. If you're here for the first time, this is kind of like a regular episode, but a lot more high energy. Thank you. James McQuiggin at 35,000ft. Let's feel those. La la la. La. All right, all right, all right. Let's slide back into the news. Finish strong. We got jawjacking at the top of the hour.
C
Maximum severity UBIQUITY UNIFI flaw may allow account takeover. Ubiquiti has now patched two vulnerabilities in the UniFi network application, including a maximum severity flaw that may allow attackers to take over user accounts. The flaw, which has a CVE number impacts UniFi Network application version 10.1.1 and earlier and is addressed in versions 10.1.1 or later. Successful exploitation enables threat actors without privileges to exploit a path traversal vulnerability to access files on the targeted devices and potentially hijack users user accounts in low complexity. Attacks that do not require user interaction.
A
Russian hacker all right, hold on. So this, this, this directly impacts me, okay, Because I run Ubiquity. If you run Ubiquity products in your environment, like Ubiquity is really good prosumer technology. In fact, like smaller MSPs will run it to manage their client sites and stuff. I run Ubiquiti at my house. A lot of people run Ubiquiti at their house. The thing is, Ubiquiti is like Apple where like if you go with Ubiquity you kind of have to do all ubiquity. It plays really nicely together but it doesn't play with other products very well. This is, this is not good. So the, the UNIF unified controller is kind of like the interface and brain for managing the network. Now I'm a little confused about this. The UNIFI network application. Like I have an app on my phone, I have, there's a website you can interface with and it does use user accounts. They do say the preferred method is to run a unified cloud cloud gateway that's actually a hardware device. It's like a little hardware box. Where is it? Well, it comes in a couple different form factors but anyways it, it's a physical hardware device. So if you're running the UNIFI cloud gateway you may not be having an issue, but I would still look into this. Basically this would allow them to take over your network. Or again, if you're using this as an MSP to manage your client environments, which is, you know, a very real use case for this kind of technology, you absolutely need to get on top of it because if you're, if a threat actor gets into your environment and then can go downstream and get all of your clients, you're going to have a crappy day. Not only are you gonna have a crappy day, but honestly if you're a smaller msp, you could lose your clients because of, of this impact. Okay, so definitely go ahead and check this out. I'm going as soon as we're done with the stream today. I'm going to investigate whether this affects me if it does. I'm reluctant to say I'm going to make a piece of video because I've said it twice this week and I've been unable to find time to do it, but I, I would, I may want to make a video for this one just to be crystal clear about what this affects and who it affects. So yeah, Ubiquiti Unified. Great product, but it's not invincible. It's not bulletproof.
C
There's exploit Zimbra flaw to breach Ukrainian Maritime Agency A Russian state backed hacker group, likely APT28, who we all know as Fancy Bear, has targeted a Ukrainian government agency by sending phishing emails through a vulnerability in Zimbra webmail software. The victim was the State Hydrographic Service of Ukraine, which plays a role in maritime navigation and other critical infrastructure services. The attackers exploited a CVE numbered cross site scripting flaw allowing them to inject malicious code directly into an email viewed through Zimbra's browser based interface. The attack did not use an attachment, but instead embedded the exploit within the body of a single email navia.
A
All right, well that's pretty clever. I mean this is a very targeted attack. The Russian hackers would have to know that the Ukrainian maritime agency was using Zimbra webmail in order to do this. A couple things here. Number one, if you're using the Zimbra webmail software at your business, you're not necessarily impacted right away because this was a, a targeted attack. Remember, here's the thing really quickly, like when I, when I read stories like this, or when I hear stories like this as a, you know, security architect effectively or a ciso, like whatever role you want to call it, I, I look at the threat actor first, right? So this is Russia attacking Ukraine, right? So this is a nation state supporting its military campaign of attacking Ukraine and its interests in that region. So if I'm running Zimbra webmail, yes, I might be vulnerable to this attack, but the likelihood of the attack is not very high because I'm just, you know, a publishing company in Spartanburg, South Carolina, right? Like Russia's not going to waste their energy attacking me because it doesn't align with their core mission. Now when threat act like financially motivated cyber criminal gangs do something, right? So like let's say it's like clop ransomware exploits Zimbra webmail software. Well now if I'm running Zimbra webmail, I, I'm, I'm, I'm very concerned because now I am a likely target for the threat actor. You see what I'm saying? So like I just want everybody to know you can't just apply blanket, blanket, I guess, likelihood value based on, oh, Zimbra Ransom, Zimbra webmail is being exploited. So therefore my Zimbra instance is at risk. Like yes, it's at risk, but like what's your level of risk? Because this is nation state, you know, obviously you want to be mindful of this. This isn't even something you can fix, frankly. Like Zimbra has to fix it on their side since it's a browser based attack. The other thing I want to point out, I've been saying this for a while, okay, but you know, sometimes you got to say it a bunch of times until it kind of sticks. A lot of attacks are coming from the browser. Now this is a browser based attack. The Russians send some type of email with a payload in the web page or in the, in the page itself somehow. So when you go to the Zimbra webmail portal to log in, it executes the JavaScript or what have you. That is a browser based attack. And because so many applications are accessed through the browser, right. SaaS apps are often through the browser web administrator panels, right? Ubiquity you, you can enter, you can manage it through the browser. Pf sense like insert intune Azure aws. You're doing a lot of it through the browser. Yes, you can use command line for sure, but you can always use the browser, right? So this attack surface is huge, which is why threat actors are interested in developing exploits around it. Again, like I said, this is a fancy bear is a very sophisticated threat actor. This is not a. I, I suppose you could, you, you can't block this if you get infected and you go to the Zimbra webmail because Zimbra's portal has to be able to handle that. However, if you have decent email security gateway, you can, you can kind of catch this at the beginning of the attack. You can catch me outside that, right? Do I have that? No, I don't, bruh. But you know, not super easy to. To get through now. The maritime is already compromised so there's nothing like that they can do about that other than clean up. Final thing I want to point out, dude, cross site scripting flaw. Cross site scripting FL. OAs top 10 just want to remind everybody, don't think that because it's 2026 and cross site scripting has been around. Give me the list, bruh. Just because you. The list has been around for a while, don't think. Hold on. Where is cross site scripting? Is it in here? What would it fall under? Insecure design, I guess. Injection probably. Is it under injection? Yeah, there it is. So right. Injection Includes cross site scripting. Okay, so number five on the list of the top 10 in 2025. Okay, so we're getting a little bit better. But my point is, don't just think because it's the future, these flaws don't exist. This flaw has been around since forever. May I just get your Kool Aid man email going? When was this attack, by the way? 2005. 2005. Sammy Kamkar, 19 years old, hacks MySpace using a cross site scripting vulnerability. 2005? Yo, that was 21 years ago. 21 years ago. And we have not solved cross site scripting. So guess what, man? Hey, if it's not broke, don't fix it. Also, shout out to Darknet Diaries. I love the work that Jack Resider does. This is episode 61 for Sammy Cam Car. If you don't know the story of Sammy cam car in MySpace, it's worth. It's worth throwing on. Say you're making like a one hour drive or something this weekend. You're mowing the lawn, you're doing a workout, whatever. Throw this on. You will not be disappointed. And obviously, yes, MySpace drink. I want to get in on the Kool Aid Man. By the way, the Kool Aid man is an 8 bit pixelated version of the Kool Aid Man. Just to be clear, I leaned all the way in 31 years ago. What are you talking about? When did Sammy cam car hack MySpace in 2005? What am I missing? It's 2026. That was 21 years ago. Hold on, let me just make sure I'm not eating crazy pills. Yeah. 21. All right, we did the math and
C
exposes health plan information. Navia Benefit Solutions, a third party administrator for more than 10,000 companies, has announced that almost 2.7 million people had health plan information, Social Security numbers and other sensitive data stolen during a security incident that began in December. Navia manages company healthcare benefits like health reimbursement arrangements and flexible spending accounts. Perseus Android Bank.
A
All right, I feel like I use Navia somehow. You know what I hate, personally? I hate getting a letter in the mail about my data being breached from a company I've never heard of. I hate that I might be thinking of Navient. Is Navient a bank? Yeah, Navient. I think maybe I'm thinking of Navient, not Navia. All right, guys, third party risk is a thing. Healthcare is a very complicated industry, very complicated ecosystem, especially in the United States where there's like, revenue. Oh, my God. What's it called? Rev Cycle insurance, cash flow, HSA accounts, government stipends and spending, obviously clinical care, patient medical record, hipaa. There is so much going on. Medical devices. And some company that was helping a healthcare company got breached. Okay? So it's very difficult in healthcare to really manage your third party risk. So this is. It is what it is. I don't know what to say. I mean, it is what it is. This is just like a normal data breach kind of thing. I do want to say shout out and love to the Attorney General of Maine, whoever. The Attorney General of Maine. Hold on. Let's do this. I haven't done this in a while. Attorney General of Maine. Maine is always on top of notifying people of data breaches and bringing it to the public. Here we go. Aaron Fry. Aaron, where are you? Aaron Fry. Come on, give me a picture. Look at this guy. I love this guy. This guy is so happy about doing his job. Well, I love this guy. This guy right here. If I'm in the same room as him, this guy's not paying for drinks. Okay, Aaron Fry, I. I owe you beers because I, I just love the work you're doing. Really? Really. Not all heroes wear capes. This guy. All right, so how did the threat actor get in? Let's see. Okay, there. This is. See, this is the thing. There's no details here. It's just like. There's no details here. They say Trizetto. Like these stories are so like, it talks about a bunch of other victims. Not Navia. Navia is getting sued. Of course. Why not? In America, it's like if you, if you suffer some, some loss, you sue someone else in order to have them take on your loss. Sure. Navia has insurance. Or they should. So two things. Number one, you should have cyber security insurance. That's a best practice. Go out and get it. Number two, you may be receiving a letter in the mail about how Navia and how Navia takes your. Your privacy and security seriously. Here's your Identity theft protection Malware exploits, notes, apps.
C
Researchers at Threat Fabric are warning of a new Android malware family called Perseus, whose mission is device takeover and financial fraud. As a more flexible and capable platform than its parents, Cerberus and Phoenix, Perseus monitors user notes, indicating a focus on extracting high value personal or financial information. Campaigns are currently focusing on areas in Turkey and Italy. Have you joined us for a live show yet?
A
All right, that's enough. Why are you like Perseus? Android banking malware monitors notes app. Okay, so this would attack your. I Guess Android has a notes app too. Okay, this. This is. Hold on one second. This is Android malware, which obviously I'm about to say all the things I normally say. So if you're a regular here, you can just go fill up your coffee for jawjacking, because nothing new, I'm going to say. Banking malware is, like, coming back into vogue. It was very big pre2017. Now it's coming back, right? Threat actors love to go where the money is. Android is an easier platform to attack than iPhone. Be careful where you're installing your AP keys from. Google Play Store is not a guaranteed bulletproof site, but it does help somewhat if you are storing things in your notes app. Be mindful. That's a problem. Let's see. I guess what there. What this threat actor has discovered is people store sensitive information in their notes app. Here's a password, here's a thing, whatever. And they're just. It's in. It's a focused info stealer, right? They're trying to get your banking creds, they're trying to get you things and. And do what it is. Looks like the Dropper application is this tv. So you're not even installing an app that you think is doing what it is. Here's what I would tell you. See how it says installing unknown app. Are you sure you want to install this? This is like the last step before. Like, are you sure you want to shoot yourself in the foot? Are you sure you want to lick this Doherty, this dirty doorknob and potentially get sick? Are you sure you want to eat that meatball sub where the meatballs are green? Are you sure you want to do this? It's the same thing, right? So, yeah, here's the deal. Don't download weird apps that help you try to do illegal things. Yeah, I get it. Oh, this VPN's free. Guess what? Chances are it's malware. Oh, look, this is going to allow me to watch Netflix without having an account. Or watch the British Premier League, even though I don't have access to European television or whatever. I want to watch March Madness, but I live in, you know, South Africa. Like, this is how they get you. And, and by the way, younger people and elderly. But more younger people are definitely vulnerable to this because as I've said before. Oh, hey, free skins. Oh, free Roblox. Oh, hey, here's a way where on Gorilla Tag, you can. You can clip through the walls and do special things. No, no, no. You're just infecting yourself with malware. All right. I'm low key addicted to this. All right, everybody, Holla, holla, holla. We've had a great show for you today. Today was the Daily Cyber threat. Free Friday, episode 1093. Don't go anywhere, because we got 30 minutes of jawjacking, and it's gonna be a good one. The question from Wolf tamer, we will lead off with. I appreciate that. Go patch your ubiquity stuff. If you got to get out of here, holler at you. Have a great weekend. If you're gonna stay, let's party. And finally, I don't know if we had any first timers in chat, but if you did drop a hashtag first timer in chat so we can get you sorted out. I'm Jerry from Simply Cyber. Don't go any. Excuse me. I'm Dr. Joe Lia from Simply Cyber. Let's get jawjacking. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some jawjacking. All right, what's up, everybody? Hold on. I didn't do my little transition thing. Hello. Hello. What's up, everybody? I'm Jerry from Simply Cyber. Jerry Guy. Excuse me. Hold on. I've got an entire fake Persona I've got to drop on you. What's up, everybody? I'm Jerry Guy. Two thumbs, all partying, full of coffee and ready to rip. Coming hot off the heels from the daily cyber threat brief hosted by that nerd, Dr. Gerald Ozier. Oh, my God. What an absolute zero. That guy. What do you know about afro man? Dr. Gerald Ozer? You don't know anything. You're not that cool. All about good times. We're gonna get on a panel here in a hot minute. We're going to be joined by some folks as they're coming in. You got any questions, drop them in chat. We are here to help you. I'm gonna turn the music off. Ladies and gentlemen, do we have a. Dan, do you have a camera? Dan's doing. Oh, there he is. All right, hold on one second, ladies and gentlemen. Here, let me actually change my camera since. I don't care. I love it. Okay, here we go. Coming hot on the heels. You may know him as the guy who makes the memes, but he's actually quite, quite a bit more. He's a sock analyst. He's a speaker at Sock summit. Anti siphon. Next on the 25th. And he is fun to be around. Ladies and gentlemen, Dan Reardon, AKA the Haircut Fish.
D
Hey, how's everybody doing? I. I hope I'm fun to be around. I try. I think you're fun to be around. Thanks for having me on, Jerry.
A
Yeah, hell yeah. Also, your audio sounds wicked nice. It's like super crispy.
D
I've been working on my setup to make it real good. I also switched out my clickety clack keyboard for just something simple so you don't hear when I actually am typing.
A
Okay, cool, cool, cool. All right. Hey. Well, if you have questions in chat, the whole point of jawjacking is literally to answer your questions. That's all we're doing here. We're answering questions and helping you level up. This show is about you. All right, Dan. We did have a super chat during the show here, and I told Wolf Tamer Brain I was going to answer it. I'll go first, you go second. All right, so this is a home network problem. He thinks his home network is already infected and he's going to switch ISPs and routers. What should I do before connecting the new router? So, first of all, I would say you really don't need to change ISPs, right? ISP is like a commodity. It's like, you know, saying that, like, your water is like, you've got a problem with your water and it's like in your faucet. So changing your water provider isn't going to change anything. So I don't think you necessarily need to change your ISP unless you're pissed off with like, their service or something. Now, you said there's a problem on your network. Usually it's not like your network that's infected. It is a device or an endpoint that is infected. Now, if you think the router itself has been compromised, you don't have to. You don't have to replace it. You can just reimage it, right? You can, you can reset it to back to a known factory state quite easily. There's actually usually a little reset pin on the back of it that you can do. Again, there's some unknowns here. Like, like why do you suspect that your network's infected? You should be running some type of anti malware software on your endpoints. And if you want final thing, I would say Wolf Team, Wolf Tamer Brain for you, I would recommend going to Thinkst Canary and getting some Canary tokens and dropping them on your network because you will absolutely find out quickly if your machine is compromised. And if you really want to get sassy, I run this device. They actually send it to me years ago and it's, it's been on my network ever since. And I love this thing. Hold on one second. It's not free, but let me show you this. The Things Canary tokens are great. Dan, can you put in private chat or something like a link to Things Canary really quickly while I also, I have this honeypot. This is just a hardware unit. You just, you just fork it off your switch and it just sits there. And if it gets touched, it will notify you immediately. This is a very high fidelity detection on your home network. So wolf tamer brain, you suspect you're infected. These tools will help you confirm you're infected. And I would recommend reimaging your router because honestly, reimaging your router is not going to cause that much heartache.
B
Right.
A
Like you'll have to. If it's running your wireless network, you'll have to reset up your wireless and connect your ring doorbell and your other stuff to it. But like for the most part it's, it's, it's pretty low. It's not, you're not going to be spending all weekend like setting up accounts and doing all these other things. All right, Dan, your turn.
D
So I, most of what you are saying is it's like spot on.
A
I actually answers is what you're saying.
D
Yeah, basically I had a couple years back, I had somebody ask me this very question. She thought her neighbor was actually hacking into her system and stealing WI fi, getting on all our systems and all that. And my first question to her is, why do you think this? Like what, what is the reasoning? Because a lot of the times it could be, hey, my Internet's running slow. It must be somebody on there. In all reality, what it could be is you have a bunch of things you don't even know about running in the background and it's just bogging down your network. If you do suspect that something is on there that should not be. Yeah. Re reset the router. The first and easiest thing to do is change the passwords to your router because if somebody is on there, they're not going to be because they can't access it. And always use like a passphrase. Usually like three or four words with a symbol in between is amazing because not a lot of people do that. And it's real easy to remember same thing with your WI FI password. Don't do. I think the minimum is eight characters. Don't do the minimum on it, because that's what a lot's going to. A lot of people are going to try change it to something again, like a passphrase. I did that with mine and because I actually suspected that there was somebody on my network from one of my neighbors, changed the passwords and stuff and turns out it was one of our smart devices was just constantly running in the background, freaking bogging everything down. So kind of putting the other option you can do is segregate your network in a way where you have like your highest speed Internet is going to be for the things that you use all your IoT devices, you put them on the guest network. Don't like, don't have them on your main. And then once you start moving that stuff off, you'll have more visibility. And then if you do put these canary tokens onto your different systems that will let you know if there is in fact people, threat actors or people that shouldn't be there messing around.
A
All right. All good information. I also want to share in chat. Eric Taylor offered a great option. Change DNS settings if you're actively compromised. This isn't gonna necessarily fix it, in my opinion, but. But there is no reason not to update your DNS settings to use a known better DNS resolver than the ISPs I personally use. What do I use? I use Cloudflares, I believe. But Quad nine is a good one. Cloudflare is a good one. Google is a good one. The Cloudflare I want use is. It allows you to block. It's. It blocks adult content and it blocks malware. And I have young children who are boys and coming of age, so I'm, I'm, I'm putting up hurdles. If they want to figure out how to get around it, that's on them. All right. CyberSecJS says. What's your opinion on Tyler Ramsey's video? On not using Try Hack me? I haven't seen the video. I saw the thumbnail in my feed this morning, but I did not. I actually checked the timestamp on it because I thought he made a video about that a while ago. Here's the thing. I, in full disclosure, like, I am a co founder, owner of a business with Tyler. Right. So biz. So Tyler and I have a financial relationship as well as he's a good friend of mine. Okay. On. I've known Tyler for years. On balance, I default to like. I respect Tyler and I respect his opinion. So I don't know what he said, but I, I would agree with it until I review it and. And render a different opinion. So just on surface, it's probably good and you know, and also worth noting, I mean, Tyler runs a. Essentially a competitor to try hack me now. So there is that. We are being joined on the panel by a new member. Again, I'm. There's going to be some changes coming with Jawjacking. I just haven't had a chance to formalize it and all these things. I've been busy with rsa, but a new member to the Jawjacking panel that you can get used to seeing met him at Zero Trust World. Now, this is an amazing thing. This is where networking and just putting yourself out there goes. Goes hard into the paint, ladies and gentlemen. Great guy, actually. Simply Cyber Community member, I think this week. Coming on Bow tie Security.
E
Hey, how's everybody going?
A
It's great to see you, Robert. Thanks for being here. Now, Dan is SOC analyst and blue team and, and does a lot of fun stuff. Very engaged in the community. Robert, can you just give us like, you know, 20 seconds of like, the areas that you are particularly strong in so people asking questions know that, you know. Oh, this would be a good question for Robert.
E
Yeah, Social engineering would be probably my strongest. I did mobile security for a long time. Architecture, engineering. And those are, those are my incident response. I did for several years also.
A
Okay. IR and social engineering. I love it. Okay, so here we got a question coming in from, oh, my good friend Shimeria Gonzalez. She's a longtime Simply Cyber Community member and previous community member of the week. Love her. She studied in CIPP/US and enjoys its GRC alignment, but wants to stay on the GRC side versus legal. Meeting our chief legal officer on data governance. What questions should I ask? Okay, so it depends on the. Depends on like, what industry your business is in. Sham area. But you may want to ask questions around like, you know, do we have insurance? Do we have. What, what. What are the. What are the conditions that would result in escalating to contacting external counsel or contacting the insurance company? You may want to talk about some, you know, kind of bring some scenarios to them just to kind of get the wheels turning and thinking like, hey, you know, or, or, you know, you could say something like, hey, like, you know, what if, what if a cyber criminal got our data and then sent us an email showing that they were about to publish it on, you know, a major website where people could get it? Like. And don't ask the CLO to answer the question. I'll be like, these are the kind of questions that I'm thinking about, I'd love to host a kind of tabletop exercise, bring lunch in, get, you know, the executives together and kind of work through these scenarios. Basically set up a tabletop exercise, but, like, position it that way so they understand the impact and the value. Instead of being like, we would like to do a tabletop exercise. Those kind of things are good. And then you might want to ask about how do, how do they weigh
B
business,
A
business operations with like, legal regulations around privacy and data governance and stuff like that. If you want to ask more of a CIPP related question on that, that was more of a GRC question. But Robert, since you're new to the panel and stuff, do you have any thoughts on this for Chimeria?
E
No, I think that's pretty accurate. Also, just like you said, don't, don't try to push it into a tabletop. You know, try to have that discussion and, and get people to come to that conclusion themselves. Like, that's a. I think that's one of the more critical things that, that you mentioned is just really going and showing that you're interested in kind of all facets of it.
A
Yeah, I, I will say it's a very difficult skill to master. But if you can master the skill where you get someone to come to the conclusion and come up with the idea that you, that you want them to. That that's like a master level.
E
Yeah.
A
Move. Which probably is a social engineering skill.
E
It is, it is.
A
Actually, I'm looking for the DNS record. I. I will get it for you. Who asked this question? Crystal Nolan wants to know the IP address for the one that blocks the adult content and malware. I will get that for you as, as the panel is answering questions so we can. Oh, here you go. Dan. Dan, our good friend Kyle. Kyle, the real lead analyst, the real Kyle, Help this guy get paid. Give this man his money.
D
So the best time you can ask for a raise, I would say you. When you have reviews coming up, they're already going to be kind of expecting this. But don't just be like, hey, can I, can I get a raise? Like, you need to explain why you need to have this raise. What are some of the things you've been doing? What are new things, new tasks you've been taking on? And one thing that does help is give some times where, yeah, I wasn't as good, but I've improved. So, like, start where it's, oh, yeah, it wasn't. I wasn't good at this. But here's my track record where I've been improving. So if you're giving them the reasons why to. Why to give you a raise, it makes it harder for them to say no, and it shows what value you bring to the company. So, yeah, I'd say review during your reviews are a good time because they're already expecting it. That. That'd be my answer.
A
Yeah. Robert, you got any thoughts on.
E
Yeah, I. I mean, I don't. I. I agree, but I don't agree. If your leader is not actively trying to have that conversation with you, you need to find a new opportunity because you're not going to get a raise. Right. So if you have a leader who's invested in your career and invested in you, these are conversations you should be having regularly. And it shouldn't be something you have to actually bring up. And if it is something you have to bring up, it means either one, the culture is really difficult to get a raise, two, your leader's not invested in you, or three, they just don't care about anyone but themselves, which is unfortunately very common. So I would say what you said is accurate. Yeah. But I would also look at what you're doing and see, do you have an actual metric that you can say, I am above and beyond that, and I have been consistently above and beyond that. Majority of teams that I have taken over in my career simply don't have that. They don't know what they don't know. They don't. They don't have a metric that they can say, you're better than this guy. Most of the teams, especially technical teams, are just kind of like, what's on fire? Let's work on that. So showing those things and having demonstrable evidence and saying, this is why I deserve more money is good. But this is also something where if your leader hasn't already had that discussion with you, they may take that as hubris, they may take that as arrogance. So instead pivot the conversation like this. Hey, you know, looking at what I'm doing compared to the team, where am I at? Where do you feel I'm at? You know, how can I do better? And where. How can I get to that next level? Because you want them to be part of your growth conversation as opposed to you kind of throwing it at them. Because many leaders are very egocentrical, and if you. If you hurt their ego, they get sad.
A
Yeah. Oh, yeah. You don't want to do that. Hey, really quickly, we got a couple things I want to point out. Number one, well, we got A new another panelist coming in here really quickly. So let's bring him on first. Ladies and gentlemen, DJ B Sec. Where is he? Come on. There you go. Welcome. Yeah, you might recognize DJ B Sec. This is the same guy who was glitching out at the airport a couple weeks ago. So we have a first timer in chat, Tan May Wani. So welcome to the party, pal. Tan May Wani. Welcome to. Again, I'm just kind of clearing out some quick things here. Crystal Nolan asked about the isp. This is it right here. I dropped the link in chat, but 112 is no malware and 1113 is no malware. Adult content. And this is at Cloud Flare introducing to families. I'll drop this link in chat again and then the final thing I'll say on the, on getting a raise, per. Personally, I've always been really awkward about asking for raises, but I, I don't like confrontation. So here's what I typically like to do. I, instead of making it a yes, no question, can I get a raise? You have to make it more of a hey, like hopefully you've already had this conversation, but I would, what I like to say is like, hey, you know, I'm making, I'm making $70,000 and I, I really think this position is worth 85,000 and I want to start working towards that. What, like first of all, it, you know what is there, is there room to grow into this? Right, because the chances are your manager doesn't have direct budget authority. Your manager is going to have to go argue and, and, and, and make a case for you. So don't put it directly on them. Kind of identify them as like a partner that can help you achieve what you want. Because 15 extra grand to you, it, it doesn't really make any difference to them. It's not coming out of the, it's not like they have to take a $15 thousand dollar pay cut to, to give you the 15G's right? So try to partner with them. And then honestly I would say, hey, listen, you know, it comes time for Ryu. We talked in June about like me getting this raise. I was, I was kind of looking forward to it, expecting it. I've done the things that we talked about. I've achieved these goals. You know, am I going to get this race? Oh, no. Hey, you know, you know, we, we went into Iran, budgets are low, you know, whatever. The cost of iron went up. We just don't have the money. That's fine. What you should take, like there's no point in arguing because they've made the decision at that point. The decision was made before you even went into that meeting. So now it's on you. You can either take it or go look for another opportunity. And for me, I always feel good about that because when I come to them and say, hey, listen, I got a new job I'm going to go to, and they're like, wait, wait, we love you. It's probably like, no, I mean, we, we already what went down this path. I told you I needed.
B
You love me that much?
A
Yeah, I mean, you told me I needed more money. And then if they give you that move where they're like, well, let me see what I can do, it's like, no, f you, like, no, like you can't go get the money now because that means you lied to me before. That's what you're telling me. And either way I'm not happy. So. So that's what I would do. It's more of a long play. You don't get the instant pay raise right then. But you know, it is what it is. Okay. DJ B Sec, do you, I mean, I don't know if you want to talk on this one. We've kind of belabored this actually. We, we gave enough information about pay raises.
B
We've got a ton of questions in here.
A
I know, I'm gonna, I'm gonna do it right now. DJ BAC how do you typically implement a new mobile policy within an org? Do you have any recommendations or best practices for transitioning from BYID model to corporate owned?
B
This depends on if you're just talking about creating the policy and saying, hey, this is what we need to do, or are you talking about, hey, I've implemented the policy, I already have my software that I'm going to use and so forth. I mean, number one, you have to have buy in from everybody around you. And then you, you're going to have to, depending on what your level is, you're going to have to have top down to be able to say this is the new policy, this will be put into effect and push it out. I mean, it's a mobile policy. So once it, once it's in there, it's going to go out to everybody.
A
All right, there you go. We're gonna get another question while DJ B sec checks his, checks his mic. DJ can you touch, can you touch your mic and see if it's hot? No.
B
Oh, you know, hold on, let me see if it switched.
A
Next question. Coming in. Hot is from Soul Shine. What Risk would I take if I introduced an AI system to run my whole home security like Jarvis? All right.
B
Better now?
A
Yeah. Yes, you are much better now, Robert. You're a maker. You're a tinkerer. Yeah, I, I feel like you would try to do this.
E
Like, I mean, I, I have tried to do this. My, my entire workshop is, is set up that way.
A
Give us some lessons learned.
E
Yeah, yeah, it depends. Right? So the biggest thing is you want to sanction it, that you want to basically segment it from being able to talk externally. So you want to build it on prem only you don't want it to have access to the Internet. Anytime you give an LLM, even something that's like really small access to the Internet, it's just a bad idea. We've seen that happen many times. So segment it, ensure that it can't talk out. And then other than that, the risk is relatively low as long as you don't let it talk to the Internet and you don't give it an ingress or an egress out like, or if you really are very specific about who can connect to it and what can connect to it. But you have to build those connections to make sure that it's fully secure. And then it really just depends on your risk tolerance level. Like what do you need to protect? What do you have? You know, for me, I did Iot security for a long time, so my whole house is like a smart house and I can just talk in any room and turn lights on and stuff. But there's a lot of off the shelf products that can do that without an AI where you can get like the basic functionality done. So I would say figure out what you're trying to do with it. Find out kind of what you wanted to do and what, how you want it to make your life easier and then see if there's an off the shelf product that already does that, that you trust. Right. Or something that you can build internally.
A
All right, great, great answers, great responses, a lot of lessons learned. Let me see. Okay. That's the same question twice. I do love AI. You just got to be careful. I have, you know, Claude open claw running back here. I haven't really integrated it into any of my home stuff, but it is what it is. I. We use a lot of Amazon products here, so we're kind of in that ecosystem. Roswell UK says my old boss is one of the bosses who didn't give a flip about my career. Now I think I need to get them to confirm me to isc. Any tips? I'm gonna answer this one quickly. There's, with all due respect, Roswell uk, there are a lot of people who can confirm you. Yeah. So you don't need to go to your boss. You don't need to.
B
All right, I think there's two that are right here.
A
Yeah, exactly. Any advice on. Probably the whole panel. Any advice on grc, automation engineering in regards to third party risk at a surface level, what are the most important items to grab to maintain annual reassessments? I'll answer this one briefly and then DJ again. His name's Ben, but like I've just. Now your name's dj.
B
You know, the funny thing is my brother's name is dj.
A
Is that right? Okay, that's funny. So, hey, for me, what I would say is if you can pull identity, access management related things. Like how, like, you know, if is there legacy accounts, what level of permissions are people getting if they have a, like a, like a kind of a peer to peer tunnel, like an IP tunnel into your environment for like connecting to C assets or whatever. Like what is the IP range that they're allowed to see? A lot of times that's like way more bloated than it needs to be.
B
Yeah, those are the things I was gonna see. If I can. Let me do this real quick because I sent this to you, Jerry. I don't know, you may have to let me.
A
Yeah, here, I'll bring it on screen. Okay, here we go. So hold on. I got the saxophone going here, buddy.
B
You can drop that off. So as it refers to third party risk, this is something I built in four hours last, last night, the night before last. I'm just messing with stuff because we want to. You know, everybody needs a third party risk management tool. So you can go in, go to Chad, gbt, go to Claude, go to something along those lines and tell them that you want to create a third party management platform or you want to create a third party management something or other to send out to others to get their information. This, I set it all up. It creates every. It created everything it gave me. I told it, hey, I want a spreadsheet that I can import and export and send off to vendors or to clients. And it gave me all that information. So like if I come in, of course all this is fake data that was just put in here. But if you come in here, it's already got everything set up, so it's got the questions to ask for. Let me do this real quick. And this will show you kind of what is in there? Right, so you, you want the vendor name under data security. You've got to zoom in. Yeah, there you go. So I need to, you know, it's going to ask for PI. Does that company do pii do they have your financial data? It's going to give you all. And I didn't have to know anything about third party management. The, you know, chat, GPT and Claude combined created this for me in a matter of four hours. So if you, if you want a third party management platform or if you want a third party management something that you can send out so you can just put into a spreadsheet somewhere, just go ask. I think everybody nowadays, everybody is like, oh, I need to do this or I need to do that with, with the tools that we have at our disposal, you can do whatever you want to in a matter of a couple of hours. I don't think everybody realizes that.
A
There you go. Third party risk Vibe coded apps all about good times. Yolo. All right, let's see. Looking at the questions, here we go. I haven't read this one. We have a CTO that doesn't follow CC and just started another project without including the infosec team. Great. I. E. Adding a new vulnerability scanner and sensors to the environment. Very shadow it ish.
B
If it's a ctu.
A
Yeah, I don't understand what the question is, but I mean if anyone wants to respond to this, since I would,
E
I would agree that, that if it's the CTO doing it, it's not shadow it is at all. You know, unfortunately this is going to happen where people make decisions outside of security. Security. So it's really just having those conversations after the fact. Is it really a huge risk to add a new vuln scanner? Possibly. Right. Maybe you could topple something over. But modern scanners are a lot smarter than they used to be. So, you know, vulnerability management, kind of taking things offline is not as common as it used to be. So I would say it's a relatively low risk. So I mean, if you can't have that conversation with the cto, which is probably accurate at your level, talk to your leader and be like, hey, what can we do about this? And just have a simple conversation.
B
Well, and also, I mean if you, I just shoot a message to the cto, say hey, we, we found this. Yeah, hey, I, I found this. Is this supposed to be here? And then he's like, yeah, okay, well just making sure because we know our, we had other sensors that went off or I found this just Sitting there. Just wanted to make sure that we didn't have any shadow it. And he may, and he, he may go, oh, yeah, yeah.
D
I mean, yeah, yeah.
B
It.
D
Reaching out, talking to him. It could be they're testing out a new phone scanner. Like it, it could be a myriad of things. Reaching out and being like, oh, thank you. I try to use big words. It makes me seem smarter than I am.
B
They may have a phone scanner and it's costing them $50,000 a year. And he found one. That's 20, 25.
D
Yeah. So, yeah, reach out, see what he says or she says and go from there.
A
Excellent. As someone transitioning from healthcare into. And it's 9:32. We'll go a couple minutes over today. As someone transitioning from healthcare into grc, how do we make security awareness stick for clinical end users without pulling them out of patient care for another refresher training? Okay, so I worked in. I'll take this one. I worked in health care for a number of years. It's one of my favorite environments I ever worked in because it was the most intellectually stimulating and challenging and great mission. The clinical team, they don't care about your. But, but, but they do find it interesting. What I have found. And this, this goes beyond clinical care. You can do this in any business. What I have found is instead of pulling them out to you to train and educate them, go to them. Right. These teams. Right. I don't care what it is. It could be like the, the people who check your butt. Like the, the, the colonoscopy. Right, Whatever. You know what I'm saying? Like what? Whatever it is, I don't care what. The dental team, the colonoscopy team, the heart, cardiac child, NICU team, they all have standups. They all spend 15 minutes every beginning of a shift talking about what's cracking. Get. You can get into those meetings and just spend. Hey, can I just come talk to your team for a few minutes? Like a guest lecturer? Five minutes. Exactly. And listen, make a very easy to understand pointed case. Like, oh, hey, we just saw this thing. Just be mindful if you see this, be careful or don't do this. Whatever it is, make it pointed. The reason that people don't do this is because it's extra burden on you. It's hard to go to 15 meetings. You just want to have 15 meetings come to you and you do it one time because it's easier for you. Well, guess what? That doesn't work for them. And you are in service of the business. So to make it stick like you asked. You have to deliver to them by going to where they are and making it tailored for that team, because then they're going to feel like, oh, this is special. This is for me. I'm going to engage on it. That's what's up.
B
I would. I would add to that, that I would assume that they have some type of security awareness platform. And if they have a security awareness platform, a lot of those platforms have the ability to attach a manager to that individual. So you could send out the security awareness there. And then 15 days prior to them doing it, their manager is going to get a message that, hey, they haven't completed this, or five days after. And it can continuously send that out. So that's one way you can get, number one, you can have accountability with it. But it goes to the manager and it's honestly, it's on the manager to make sure that they're doing it as opposed to you. Because you probably have a whole bunch of stuff you're doing.
E
Yeah, I'll add to that, too. Micro learning. Put up signage on the back of a bathroom stall that kind of gives the points that you want to hit. People are just sitting there doing nothing. They will read it and it. It'll sit with them. You know, the. That's a really easy way to kind of hit people where they're at. You know, throw a sign up at the urinal that talks about what you want them to kind of learn. Micro learning is how a lot of us learn. So keep it short and sweet, like Jared said.
A
Yeah, I love. I love one point emails once a week. That's. That's my favorite thing. All right, continuing to scrub through chat here. If you have questions, put them in chat. This is jawjacking. It is a basically mentoring session for anyone who has any questions. Not only is the panel speaking, but of course, people in chat have lots of experience. I like.
B
I like what Kyle. Kyle said. It's called donut diplomacy.
A
Yes, it does work to bring treats for sure. People will hang out with you. In fact, right now, just saying that makes me want to eat a bear claw. Like, I'm, like, I'm feeling for cares.
B
Are we going back to the story where you put on £30?
A
Oh, my God. Yeah, that's. That is a. That's a true story. For those who don't know, you're bringing up an old one. I worked. I did a client engagement at Aubon Pan, which is like a high. Like a fancy fufu bakery in Boston. And the bakery was downstairs, the office was upstairs. And every day I'd show up to work and there'd be like a huge spread of wicked fresh pastries. And I would eat like two or three every day. And like over the course of like four weeks, I put on like 15, 20 pounds. Like my friend came and he's like, holy crap, dude. You're like peak Jerry right now. And I'm like, oh my God, I gotta. That's when I got into running. All right, so anyways, let's see. Clifford's new. New to his team. He's new to my new team. I've been asked to lead CMMC Level two. All right, cool. Any resource training? Anything in particular I can use to make it easier? Thanks, Cliff. Well, Cliff, thanks for the question again. It's grc, so I'll answer it. CMMC is a new standard. It's been around for a while, but it's only now become like required. What I would say, Cliff, very easy. Go to the CMMC ab, which is the accreditation board. They will outline what is required for level two. I'll. I'll demystify it right now. It is a subset of controls from NIST 800171. Look at the controls that apply at level 2, then go audit your like write them all down and then schedule an audit or an assessment to evaluate the current state of all those controls for the ones that are not in place. Figure out what the gap is and how you achieve the gap. Whether it's time, money, new process, or you have to roll out a new project or a new technology and then present your findings and then iterate until you get to level two. This, this is a huge area.
E
I think it's crazy that the new guy on the team is getting this. It would normally go to somebody with a little more tutelage at the company. But. But yeah, back to just don't like go into chat GPT and search for it. Right. Because it. Because it is kind of a newer older standard. There's a lot of information that's not going to be accurate.
A
Exactly.
E
Yeah. Make sure you get it directly from the website and you can also cite that website that you pulled it from because that's a big thing.
A
Yeah. You could use Perplexity AI, which is pretty good about like citing sources. What are your thoughts of vibe coding apps, introducing new supply chain risks and insider threats depending on where the app lives. Dan, let's throw this one to you. This and oh, this is a question from Eric Taylor.
B
Great.
D
So, so depend. Yeah. Depending on where the app lives. What, what measures you're putting in place for with your vibe coding? Are you guard railing, what have you. I'm actually there's a project I'm thinking because I don't have the time to actually sit down and do it myself, but it. Oh yeah. Yeah. And so yeah, it could depending on. There's a myriad of different, different things here. Yeah. Supply chain risk, insider threats. So yeah. What. What kind of like did you actually look through the code? Did you review it prior to pushing it out and like, yeah, this is good. This is fine enough. I trust AI with everything. You should constantly review. You should put it onto a secure platform esque. So like one that you will have control of, not outside. That will help reduce or reduce down the risk of potential. Hey, somebody's messing with this. That really shouldn't be
A
A lot of
D
guardrails is the best thing is start there and you can always peel back if needed. But I think getting them in place is going to help.
E
I would, I would add to that too like understanding what data you're transferring, where it's going, what it's doing and whether or not it's pci, PII or anything that could get you in trouble. If it's. If you're vibe coding an app that does very basic things, the risk is relatively low. But if you're doing something with PCI and pii, Vibe coding is a great replacement. When. Perfect example. When you don't have time. But you do know how to code because it's not going to always be like the. It's not going to create the app perfectly. It's not going to, you know, do everything the smartest way. It's going to do it the easiest way. So really just understanding your environment, knowing what it looks like under load and testing those things.
A
I'm sorry, DJ vsec, can you go on mute? Like your keyboard is like a. Oh, my bad.
E
But yeah, making sure that you kind of do the basics of security, hygiene and stuff is really important. But if you don't understand code, have one of your coders look at it before you put it in production. Please, please, please.
B
Hands up, away from the keyboard.
A
Definitely before you push it to prod. Don't. Don't yolo it. Okay. For sure.
B
I like to say this is one thing I was telling Eric. I'm on the backside was I like to do the vibe coding as a point of or a proof of concept. If you don't know what you're doing, you can, you can do the vibe coding. Don't do it on any production. Don't do it in within the confines of the company, but you can do it and then create a proof of concept and show, hey, this is what I, this is what I'm talking about. And let the real people do the stuff.
A
Yeah. I mean, vibe coding as a proof of concept is certainly a good, a good use case for sure. Just unfortunately there's like a thousand YouTubers out there who like, oh, like you just type in this one command and you can make a hundred grand in a, in a, in a minute. It's like open claw can do it
B
for you and make a billion dollars.
A
Yeah. FedEx says he loves the panel. Thank you, FedEx. We are trying to put together some good, some good speakers here for you as far as questions go. I think we might be up to date on the questions. Let me double check here. Oh, here we go for Robert. From a security standpoint, is it better to put IoT devices on a guest network or create a VLAN form?
E
Either one works. The VLAN gives you more control than the guest network would. I have all my stuff on a vlan. Yeah. And I put it in its own VLAN completely. And then I also don't allow it to talk externally. If you ever want to get free, freaked out, just put an IoT device on the Internet and then watch how many times it connects to third world countries or China or other things. There is a lot of data in IoT that are going to places it shouldn't. Companies are responsive in many cases, like Blink. One of the cameras that I did testing for a while back, we identified, hey, this is reaching out to China. And they're like, hey, oh, unfortunately that's, that's a, that's a host we're using. We're going to go ahead and stop that. Right. So companies have been responsive in the past, but yeah, isolate, isolate, isolate. The more you can, if you, if you want to put it on a guest network, like maybe you don't have the skills for a vlan. It's not very hard, but that would, that's better than leaving it on your primary network. But it also, there's a very clear path between your guest network and your primary. So it's, it's not really worth the risk if they're connected to the Internet at all.
B
I would also point out that nowadays networks have the ability to isolate every single device that's connected to it. So you can create a VLAN with isolation inside the VLAN. So if that IoT device is connected. It cannot talk to any other devices that are on that network. I was actually on another panel and they didn't know that that was a thing. Now.
E
Yeah, that is something like open WRT or, or tomato. And you can install that custom firmware on a lot of the modern, like just any modern router can be upgraded with a, with a more robust firmware. But even the basic stuff like Netgear, Cisco, all of them have this functionality because it's becoming more and more requested by the customer and it's more and more important in the future.
A
Rich464 stepping into an account management role. What are some tips you have when meeting customers for the first time as their new account manager? And any tips talking with the C Suite panel? Dan, have you done any of this?
D
Yes, actually, I have. When I first started, where I'm at now was the first time I actually had clients where I was the, the SOC representative. And we have monthlies that we, I go to, I give updates, what's going on, what we're seeing and what have you. So the first couple times I was, I'll be honest, I was just like, hey, hey, how's it going? Like, I, I was very reserved as I was trying to learn what was normal, what, what I'm supposed to be doing. How am I supposed to present as I keep doing it? I, I don't have that as much anymore. I have a good rapport with the clients. Just remember that you are there for them. Like, you're there to help them in what they need. Now, that does not mean that you let them walk all over you. That's not in. In what you're supposed to be doing. You're supposed to be guiding them through what security alerts are going on. Hey, I see you got this going on. If you, depending on what your actual role is, hey, this offering we have might also help with that. Like, you have to look at what their needs are, try to meet them, as well as describe what you're doing. And in fact, some of these, some of this will be talked about in my talk coming up on the 1st of April.
A
Okay, that's nice. Nice tease on that one.
E
That was good, man. That was smooth.
A
Yeah. Well, okay, so to that point, Dan, I mean, you're speaking at Sock Summit, you're speaking at a couple things. So your, your talk coming up isn't enough information for Rich464 to go to that. So as we kind of pivot into outros, where is this talk and where's the link so people can register for it.
D
I will get the link as I keep talking here. My first talk will be next Wednesday at the SOC Summit with anti siphon training. It will be on Sigma Rules. We're going to learn about what they are, how to make them, and by the end we'll. I plan on making one with the. The attendees. That's what I'm shooting for. I have a little bit of a challenge for them, so I'm looking forward to that. And then one.
A
Yeah.
D
Then one week later I have a talk on the first, which is an anti cast with B B H I S and anti siphon, uh, on soft skills for SoC, which it really is translated not only for the SoC, but it could be Red Team GRC.
A
It.
D
It's a lot of skills that can be used to better document what you are doing. For future reference. There it is. It can help convey to the clients what they need to know. And overall it will not only make you sound a lot more professional, it will reduce down time on tickets, time on responses to clients, and overall it. It'll. It'll help build that trust.
A
Awesome. So I dropped the links to those in chat. Dan. I really am. I'm like front row super subscribed. Hit the bell for notifications on all your professional growth and. And personal branding and really giving back to the community. Robert. Well, actually, I'm sorry, DJ B Sec might have to drop mid. Mid thing. So. DJ B Sec, tell us. Tell us outro yourself here, buddy.
B
I have nothing going on and I'll see y' all later. Let's see.
A
Mainly he's been working on.
B
Yeah, I've been. Been pushing that. You can see that. I've been trying to tell Jerry he can. When CISO decides not to do the news in the morning, we might be able to pull some news that from that. Yeah, I've been adding stuff. If anybody's got any. Any resources or anything they want me to add to it, let me know. I'll add. Add stuff to it.
A
All right, There you go. DJ B Sec. I dropped a link to it. It's djbsec.com which is why I keep calling him DJ, not Ben. He'll forever be DJ. And uh, Robert, aka Bow Tie Security, relative newcomer to the community, but making a big splash. What would you like to tell people about?
E
Yeah, bowtie security guy.com is. Is my main website. That'll take you to my podcast. Also, Bowtie Security Guy across all social branding sites. A lot of what I do is helping Mentor and share security knowledge if you're struggling. If you're looking for a mentor, I'm happy to help. Especially if you're currently unemployed or if you're looking to get into cyber, please reach out. I'm happy to help. The podcast is specifically for new people. I talk to professionals. You know, plug for Jerry. He's coming to hang out next month.
A
So we.
B
We.
E
We talk about what the job is really like. We talk about the skills that you need to kind of get into it, and then we just talk about our passion for cyber. So it's not a really highly technical podcast. It's really one that just talks about what the job is really like, as opposed to kind of what you see on TV and all the cool hype that you get from schools. You know, we talk about the real.
A
I love it. And just very tie in. Slimy puppet asked a few minutes ago. Any tips for finding a mentor in cyber? May I suggest going to bowtie security guy.com?
E
yeah, man, yeah. Connect. You can connect with me on LinkedIn. I'm happy to help, man. I work with hundreds of people. The biggest thing I tell you is be prepared to do the work and be prepared to talk about the reality of the environment. It's not a great environment for new people. It's very difficult to find a job. The schools are not telling you everything that you need to know to be successful, and there is no cyber gap. I. I hate to be the guy to break this, but there isn't. Right. So I want to have honest conversations. And if you're wanting to learn what you need to do, it's all about networking. All of us here can tell you that, like, the jobs that we have are because we knew somebody who knew somebody who knew somebody. Put in the time being social. I have Audi hd, which is autism and adhd. I'm not a very social person, but I've learned to be because it's very critical to your career.
A
Yeah. And just as a quick example, I mean, he spoke at Zero Trust World, which put him there. And then he sat at a table where I think James McQuiggin was sitting, which then introduced to me. And then I interviewed him for Simply Cyber, and then now he's on this panel, you know, so. Which is why I'm loving watching Dan and his work too. All right, guys, that's gonna do it. Looks like DJ B sex out or his camera broke. Either way, it's the end of the show, guys. There he goes. He's out, guys. I want to say thank you so very much. It was Friday, March 20, jawjacking. Hope you guys got value. Of course. Have a great weekend. And yeah, thanks, Robert, for joining. Thanks, Dan Reardon, for joining. I'm Jerry from Simply Cyber. Guys, be well until next time. Stay secure.
Date: March 23, 2026
Host: Dr. Gerald Auger (“Jerry”), Simply Cyber Media Group
Panelists (Jawjacking segment): Dan Reardon (The Haircut Fish), Robert (“Bowtie Security Guy”), Ben (“DJ BSec”)
Dr. Gerald Auger brings his signature high-energy style to this Friday episode, delivering the freshest cybersecurity news, analysis, and advice. The episode features the top headlines that matter most to cybersecurity professionals and GRC leaders—with practical takeaways, community questions, and a healthy dose of humor. This episode also includes a lively “Jawjacking” open Q&A panel, offering career advice and technical tips.
[11:18]
Summary:
A SharePoint vulnerability (patched in Jan 2026) is being actively exploited, allowing remote code execution on unsupported versions (2016, 2019, subscription edition). Legacy versions (2007/2010/2013) remain exposed as they are out of support.
Analysis (Jerry):
[17:11]
Summary:
New startup emerges from stealth with $20M funding; claims runtime behavioral analysis for cyberattack prevention, works in disconnected environments.
Analysis:
Career Angle: For entrepreneurial listeners, choose your niche wisely.
[22:46]
Summary:
Stryker Medical breached by Iranian-linked actor (Handela); attackers created a new global admin in Azure, then used Intune’s remote wipe feature to erase 80,000 devices and steal 50TB data.
Analysis:
Business Context: Companies associated with Israeli interests may have an increased threat risk in the current landscape.
[33:43]
Summary:
SALT’s new product aims to secure AI agents and their ability to act via APIs and MCP servers—not just monitoring prompt attacks.
Analysis:
[42:58]
Summary:
Critical zero-day patched in UniFi network app (v10.1.1 and earlier). Allows attacker (no privilege, no user interaction) to take over accounts/network via path traversal.
Analysis:
[46:02]
Summary:
Likely APT28 (Fancy Bear) conducted a targeted XSS attack via Zimbra webmail on Ukraine’s State Hydrographic Service; exploit was embedded directly in the email body, no attachments.
Analysis:
[53:36]
[57:21]
Summary:
New “Perseus” family supersedes Cerberus and Phoenix, steals data from Android Notes app (users often store sensitive info there). Active campaigns in Turkey and Italy.
Analysis:
| Time | Segment | Topic/Key Takeaway | |---------|---------------------------------|-------------------------------------------------------------| | 11:18 | News #1 | Microsoft SharePoint Active Exploit | | 17:11 | News #2 | First Protect Endpoint Security Launch | | 22:46 | News #3 | CISA on Intune Hardening (Stryker Breach) | | 33:43 | News #4 | SALT Security Agentic AI Security Platform | | 38:48 | Mid-roll/Dad Jokes | Dad Joke Segment with James McQuiggin | | 42:58 | News #5 | Ubiquiti UniFi Account Takeover Flaw | | 46:02 | News #6 | Russian (APT28) Zimbra Email Exploit | | 53:36 | News #7 | Navia Healthcare Data Breach | | 57:21 | News #8 | Perseus Android Malware (Notes App) | | 63:22 | Jawjacking Panel | Rapid-fire mentoring: network compromise, raises, IoT, etc. | | 71:52 | Robert Joins Panel | Panelist intros (IR, social engineering expertise) | | 92:45 | Healthcare Awareness Training | Making security stick for clinical end-users | | 96:21 | CMMC Level 2 | Quick-start tips for compliance newbs | | 108:16 | Panelist Plugs/Mentoring | Mentoring advice, networking tips |
[63:45]
Q: “If my network’s compromised and I’m switching ISP/routers, what do I do before connecting the new router?”
Advice:
[75:39]
Advice:
[82:09]
[83:08]
[91:30]
[94:31]
[108:36]
1.1.1.21.1.1.3This episode delivers expert threat landscape insights, elevates industry news beyond headlines, and builds technical/career skills in a welcoming, energized community. From practical guidance on critical vulnerabilities to mentoring advice on negotiating raises, “Daily Cyber Threat Brief” remains a must-listen for any cybersecurity professional passionate about staying ahead and leveling up.