Summary7 min read

Daily Cyber Threat Brief - Ep 1094

Mar 23’s Top Cyber News NOW!
Host: Dr. Gerald “Jerry” Auger, Simply Cyber Media Group
Date: March 23, 2026

Episode Overview

In this candid and lightly chaotic episode (broadcast live from a makeshift San Francisco mobile studio), Jerry Auger reviews the top cybersecurity news stories affecting practitioners, analysts, and leaders today. Despite technical mishaps, Jerry offers expert insights on current threats—from botnet takeovers, ransomware targeting municipalities, Azure Monitor phishing, and AI bloat, to practical career and skill-building advice during an energetic Jawjacking AMA. Jerry’s signature humor and actionable analysis help decipher what really matters behind the headlines and how to use that knowledge to reduce cyber risk for your stakeholders.

Key Discussion Points

Janky Broadcast: Setting the Stage (00:01–12:27)

Jerry apologizes for major technical issues with the live stream/podcast (“This might be the most janky episode I’ve ever done…today it looks like we might be at 51%”).
Emphasizes the value of the community, the learning experience from "demo God fails", and determination to deliver insightful analysis despite audio/video setbacks.
Shoutout to community members and encouragement to participate for CPE credit (Continuing Professional Education).

Community Engagement: Jawjacking AMA (60:30–End)

Key Topics & Notable Insights

AI & Automation in Pentesting:
- Discussion about TryHackMe’s AI-based “NoScope Pentesting” and whether AI can replace human pen testers.
- Conclusion: AI augments, but can’t replace, creative human-driven pentesting—critical thinking, novel attacks, and client/business context matter.
- Quote (73:00): “I do not think AI will replace pen testing...You’ll always need a human in the loop.”
Solving Security Problems with Money vs. Developing People:
- Leadership often prefers buying tools over staff training/development—easy to justify to the board and buys them “runway.”
- Recommended strategies: Always ask about human resource commitments when adopting new tech and pitch cost–benefit arguments for internal training.
GRC Skills and Resources for Beginners:
- GRC career build advice—start with hands-on training (mentions Simply Cyber Academy and UNIX Guy’s GRC Mastery).
- No one-stop “platform” for GRC labs/adversarial simulation yet.
Soft Skills: Political Capital in Security:
- Don’t overuse alarmist messaging (“Chicken Little”); save influence for critical hills.
General Career Advice:
- Encourage networking, leveraging faculty or employer support, and continued certification for career switchers.
- For SOC analysts: learn red-team skills to better detect/defend (well-rounded defenders excel).
Practical Life Tip:
- Jerry’s favorite travel hack: Text your own phone number with your flight number, and smartphones will display flight status/arrival details—better than most airline apps!
Community Shoutouts:
- Recognition of community member “Sunshine” for key contributions to Simply Cyber’s local connections in San Francisco.

Memorable Quotes & Moments

On Technical Snafus:
- “If you’re new to the industry and you haven’t figured out what happens when you do demos in real life—no matter what you tested in advance—this is what a ‘demo God’ fail looks like!” (03:05)
On Career Growth:
- “You have to get some dirt under your fingernails before you come in talking about what’s a good idea or not.” (86:30)
On the Overhyped AI Revolution:
- “If you can lower expenses, that’s good for business, and your labor is the number one expense on any balance sheet. Spoiler alert.” (54:10)
Humor:
- “Copilot is like an AI version of Clippy. If you’re old enough to know Clippy, you know how annoying Clippy was!” (53:56)

Timestamps for Important Segments

Technical Challenges, Episode Preface: 00:01–12:27
Botnet Infrastructure Seized: 12:27–18:56
Foster City/LA Ransomware Attacks: 18:56–23:59
Azure Monitor Callback Phishing: 23:59–31:59
Russian Signal Phishing PSA: 37:00–43:48
Quest KACE/Oracle Vulnerabilities: 43:48–52:55
AI/Windows Copilot Pushback: 52:55–End of News
Jawjacking AMA: 60:30–End

Takeaways for Cybersecurity Practitioners

Botnet Takedowns: Reinforce device credential hygiene, but also advocate for improved vendor default security.
Municipal Ransomware: Prepare for ongoing attacks on thinly-resourced local governments; mind legal nuances about ransom payments.
Azure/Callback Phishing: Heightened awareness and user training needed for new forms of legitimate-seeming phishing (cannot rely solely on email security checks).
Signal Phishing: No support team should ever proactively ask for secret codes or device enrollments; security is still centered on trustworthy people.
Critical Vulnerabilities: Patch anything enterprise/identity/security-related urgently; wield your internal influence wisely for highest-impact risks.
AI Bloat: User pushback is real; don’t let tech enthusiasm overshadow end-user practicality or emerging societal/digital risks.
Career Growth: Cross-train, network, and always advocate for internal skill-building—not just shiny new security tools.

Final Note:
Despite the “51% jank factor,” this episode delivered actionable, experience-rich summaries and advice for cybersecurity practitioners at all levels. Tune in live for future episodes, bring your coffee, and expect an honest, lively mix of news, analysis, and community Q&A.

Loading summary

Transcript21 lines

[00:01]
A
All right. Good morning, everybody. Welcome to the party. Today is February 20, March 23, 2026, episode 1094 of Simply Cyber's daily Cyber Threat free podcast. Now, let me. Let me just take a minute here and introduce you really quick and say, hey, listen, over the next hour or so, we're going to go through the top cyber security news stories of the day, and I will be giving my expert opinion and analysis on each of those stories on what it means to you as a practitioner. So how can you use this information to drive cyber risk reduction for your business stakeholders? I am coming to you live from the San Francisco mobile studio up on Bush Street. And guys, I got to be real with you. This might be the most of the janky episodes I've ever done. I have spent the last 35 minutes casually Joseph's been with me in the studio trying to solve a problem and. And the problem is not solved. So normally we want to go 100% here, and if it's not going great, we'll go 80%. And today it looks like we might be at 51%. So better than half. But we are going to have some challenges. So stay with us. You're going to have a rare episode today, I promise you. I'm Jerry, your chat. Let's get cooking. Get your coffee, let's go. Yes, yes, yes. Good morning, everybody. Welcome to the party. Today I want to say what's up to Chuggy Marcus Kyler, obviously casually Joseph for all he did. Mar Levy net setup. So many green badges in the chat. TJ code brew. Thank you very much, guys. Yeah, seriously, listen, let me just preface this really quickly. If you're a first timer here, I apologize in advance. Typically, this is a much more well constructed show. However, last week we set this whole thing up. I'm using like a lighter. I don't have my microphone and mixing board because I wanted to make my overall package lighter. And we did this and I tested it and Joseph was there and. And everything worked perfectly. And then of course, I get up at 4am today, set everything up, and literally nothing works. My stream deck is failing. My voicemeeter banana for software routing is not working. And before you ask me if I've turned it off and on again. Yes, yes, I have. I've done it twice, actually, just to be sure that the computer realized I shut it off and on again. So having said that. Yeah, I know. And the video is pausing. Marcus Kyler. The video pausing was happening on my last computer, which is literally, I tried to fix everything and Then just bought a new computer. So guess what? It's definitely not at the computer layer. That's the issue. So, anyways, the thing that you need to know is that even the audio podcast. The audio podcast. This is probably the most janky thing that I'm going to do to you, squad. And I will try. I will try to get this fixed before tomorrow, but I will have to play. You get to see my beautiful wife. You get. I'm going to be playing the audio through my phone into my DJI mic for the podcast. So if you have. If you're upset about the audio, I apologize in advance. I'm doing the best I can with what I have at my disposal. I absolutely did test this all. But guess what? If you're new here and you're new to industry and you haven't figured out what happens when you do demos in real life, no matter what you tested in advance, this is what a demo God fail looks like. So, anyways, let's get cooking. Now that I've prefaced this whole show and kind of set your expectations low. All right, guys. Hey. Every episode, we're gonna go through eight stories. I don't research or prep for the stories because I'm spending all the time getting my audio set up. But what I do want to tell you is we're going to go beyond the headlines. We're going to go way beyond the headlines. Better than what you would get in a classroom or a textbook. And, you know, with my 20 plus years of experience, several people in chat, with years and years of experience, you're going to be getting just value. And seriously, there's a. There's a reason so many people show up regularly. Like they're giving back or they're taking. It's very. A supportive, inclusive community. So welcome. And I appreciate you guys showing up on this lovely Monday morning. I want you to know every single episode is worth half a cpe. So say what's up in chat? Grab a screenshot. You'll show up on the chat over here. At least I got that part working. And include the episode title, which should say top news now, March 23rd, as well as episode 1094. Go ahead and put that in a screenshot and then save it off. And then once a year, count the screenshots, divide by two. As easy as that. Very, very simple. Here. I'm actually going to play some music here anyways. Like, I need the music, man. It makes me feel better about all of this. All right. Plus, by the way, can I just give A quick shout out to Mrs. Ozer who told me like, hey, whenever things are going to sideways with a show or an interview or something, just be chill. Just be chill. So guess what? This is me being chill. So we got the cpes guys. If you're a first timer, holla. Christopher. Lya. Yep, I've been up since 3:30 in the morning. West coast is brutal, bro. But you know what? I always get up on the left coast because there's people like Sierra Montgomery, Wade Wells, Phil Stafford, Elliot Mati who get up real Bilbo, Nick Barker. There's so many left coast people who get up on the regular, the least I can do is get up a few times a year. I'm over here. So coffee cup. Cheers to you guys. If you're here for the first time and you are not embarrassed to let us know that this is your first episode, drop a hashtag. First timer. As I said at the beginning, this is a unusual episode of the Daily Cyber Threat Brief. But it is, it's real. Welcome to the real guys. So I'm super pumped. What else? Oh, let me give a little love and shout out to the stream sponsors, those who are like probably reconsidering their choices, starting with anti siphon training. Anti siphon training is disrupting the traditional cyber security training industry by offering high quality, cutting edge education to everyone regardless of financial position. And I am so pumped to share that just in a few days, this Wednesday, you can go to the soc summit. It's six hours, 10 expert talks free and it's virtual so it can be accessed from anywhere with an Internet connection, which if you're here right now watching us on the show, you have access to an Internet connection. Look at these talks, man. We've got squad members like Wade Wells, Cheddarbob, Dan Reardon, AKA the Haircut Fish, and so many more. Hayden Covington. I'm super excited for not just for this event, for you to level up and learn, but also for the speakers to be able to give back and continue to develop their own, you know, career and branding. So love it. Let me drop a link to that. Go check that out, if you would. I, I won't be able to go. I'll be, I'll actually be flying all day on Wednesday. I'm flying back to the east coast on Wednesday, but I'm excited for you guys to giddy up and get on top of that. Got a new, new one from Flair to tell you guys. Flare Academy. Right? So Flare Cyber Threat Intelligence Platform. Hold on, do we have a first timer. Shadow 1 7x. Shadow 17x. Welcome to the party, pal. I. My soundboard doesn't work, so I guess let's do this. Like I like, I like doing welcome to the party Pal so much that we're gonna do it this way. Okay? We're having a little bit of a laugh today. Okay? All right. Shadow 1 7. Shadow 1x7 or whatever it was. Welcome to the party, pal. I hope you enjoy the show. Like I said, Shadow, this is definitely not a normal episode, guys. Flare provides these flare academy trainings that are so, so awesome. Two hours on March 24th. So tomorrow, 50 Shades of Bulletproof hosting. Understanding a core enabler of cybercrime. Listen, if you are wondering why criminals are able to host leak sites in admin panels and you know, like Genesis Marketplace, Dark web marketplaces and stuff, like you're like, how the hell are. Are they able to run these criminal businesses online? Like just go take the website down. Well, there's a thing called bulletproof hosting. It's usually in eastern Europe where ISPs will look the other way. But how does that really work? Why does the ISP not get arrested? This training right here will answer all of that and more in two hours. Give you the full insight on what Flair has found. So I'm going to drop a link Simply cyber/IO flare will get you there and you can register again. This is free and you know and you'll get two CPEs if that's something you're into. All right. That looks like it was on brand. Did you see that page wasn't loaded? Thank you very much. Mobile studio. Oh my God. Ah, chill, chill, chill. All right guys. Hey, really quick. Also want to tell you about Threat Locker. Threat Locker, zero trust platform now including the cloud, not just your fat apps on your endpoints. Absolutely crushing it. Let's hear from Threat Locker and then we're going to get into the news. I want to give some love to the daily cyber threat brief sponsor Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCyber. All right, Yes, I said fat apps. Listen. Is. Is listen really quickly, and we're going to get into it really quickly. I use the term gold loads, okay. When I talk about gold loads. Gold loads are like the approved image that's been tuned from a vanilla based image to be like a company's image. That's a gold load. Most people don't call it gold load. And then I used fat app just a minute ago, and I used fat app in a conversation last week, and someone was like, what's a fat app? And I'm like, come on, it's a desktop install application. It's not like a browser app. It's a fat app. It's fat. It's got girth. So let me know, is fat app a term? Am I old? Did I invent a term and then not run it by anybody and just continued using it for years? Like, I'm gonna add a poll here. Do you use fat app as a term? Okay, yeah. Gold image. Gold image. That's fine. Maybe that's what they do in Canada, Steve. But here in the. Here in America, we talk about gold loads. I'm joking. It definitely is a gold image, man. All right, cool. All right. Hey, guys, let's get to the news. All right, you guys got to get your CPS again. This. This is probably going to be the most janky element of the entire episode. So grant me grace. Let's go. Oh, do me a favor. Sit back, relax. Sit back, sit back and really relax, okay? Like, I'm telling myself to really relax. And let's let the cool sounds of the hot news wash over us.
[12:28]
B
Awesome wave from the CISO series.
[12:30]
A
It's cybersecurity headlines. I can turn the music up if you want to.
[12:35]
B
These are the cybersecurity headlines for Monday, March 23, 2026. I'm Steve Prentice. Law enforcement seizes botnet infrastructure. Agencies and tech Companies from the U.S. germany and Canada collaborated on an operation designed to seize infrastructure used by the Isuru. Kim Wolf, Jack Skid, and Mossad botnets. All of these were used to deliver DDoS attacks. The four botnets were built out of about 3 million compromised devices around the world, many of which are Internet of things devices like cameras, routers, and video recorders. Hundreds of thousands of these are located in the US and some were behind firewalls. The botnet operators monetized these by selling access to other criminal organizations, and the Justice Department did not say if any arrests were made in conjunction with the infrastructure takedown, California.
[13:34]
A
All right, so, okay, so these botnet environments, again, like talking about that flare academy story or training about 50 shades of bulletproof hosting. This is like a perfect example. So these four botnet, you know, essentially. Let me, let me back this up here. So botnets are a collection of compromised devices. It could be like a nest thermostat, it could be a laptop. It doesn't matter. It's. It's. It's compromised and it's just reporting into some central managed service which is hosted. Right. C2, we call it command and control. And whenever the threat actor who controls that wants to do a denial of service attack, they send a command to all the infected agents to say, go attack this IP address or this domain or whatever. It's usually ip. So that is a blight, right? Obviously. And for years, this Isuru, Kimwolf and Jack Skid and Mossad botnets have existed to the tune of like 2 million and 2 to 3 million endpoints. Which is, which is wild, dude. Like back in the day when Mirai botnet got up to like 600,000 endpoints, the FBI got involved. Now we're talking 3 million. That's crazy. Let's see. I wonder. They don't go into any detail about how law enforcement agencies did disrupt this, by the way. It does say that multiple U.S. registered domain servers and infrastructure were seized through warrants executed by the Department of oig. I have no idea why these endpoints. This infrastructure is being hosted in the United States. You typically don't see bullet. At least I don't see bulletproof hosting in the United States. It's usually an Eastern Europe thing. Okay, hey, really quick. Hundred people voted, 78 of people. Don't say fat app. I don't know if that's like a, a generational thing or something, but. Brian Krebs said they'd identified at least one person. They don't know if any arrests have been made. Here's the thing with something like this, they're not going to tell publicly who got arrested because what they're trying to do now is squeeze that guy or lady for information to turn other people over and, and possibly, I don't know, possibly, you know, get that person's family safe or whatever. So they have. So law enforcement has more leverage to get that person to turn into an informant. It's good. Remember guys, if you have a 4 million device botnet, you could knock out a lot of things. You could knock out, you know, power. You could like, you know, target an Energy sector, you could target at isp, you could target it at like anything. So definitely nasty business. If I had my soundboard, I would play my bad boys. Bad boys, what you gonna do? Or I would play my regulators moun up. Anyways, the TLDR here is a lot of these botnets or bots in the botnet are compromised because of default creds. So if you can educate your end users to change their default creds on their IoT devices, and I'll tell you, it's kind of an uphill battle because think about this for one minute. If I compromise your nest thermostat or your ring doorbell, okay? Like, let's say your ring doorbell right now is in my botnet, okay? I'm the captain now. Your ring doorbell still works. Amazon driver can come and ring your doorbell and it'll turn on, your phone will buzz, and you can talk to the Amazon driver through the ring app. Your, your, your device's capability does not diminish. Only when the threat actor weaponizes your endpoint to send data would you notice a performance hit. But the threat actor isn't doing it all the time. It's like, it's, it's for hire, essentially. So a lot of people, like, let's say, like my aunt Dorothea's ring doorbell is compromised. She's not going to even know. Secondly, why would she be incentivized or motivated to log in and change the password, right? She's not. Because the thing still works. And that, that's a bit of a rub. And honestly, you want to talk about shift left and secure by design. Like, I hate that noise. Like it's a great idea, but like, in practice, it's hard or unrealistic. Here's my thing. I think it's on the vendors, not the end users, not the consumers. I think it's on the vendors to require the default credential on a device to be set or configured before the device works. 1 or set random unique passwords for each device and just have a sticker on the side of it with the password, right? Because if a threat actor sends you a phishing email or whatever, or just scans the Internet and finds your device, they're not going to know the password if it's unique. And they're not going to physically come to your house and read the password off the ring doorbell camera. Right? Okay, let's keep cooking. Oh, my God. Multiple clicks. What are we doing here, buddy? Can I. Yeah, here we go.
[18:56]
B
The city and LA transit agency report cyber security issues Foster City, a Silicon Valley area town, had to pause all public services outside of emergency responses on Thursday following a ransomware attack. City Manager Stefan Chatwin declared a state of emergency and the city warned that theft of public information was possible and that people should change personal passwords that related to city activities and to take measures to protect personal data. This attack was followed by a potential attack attempt on the Los Angeles Metro service. A ransomware gang has claimed that it attacked this service. And although city officials have not responded to media requests for clarification, technical issues with its internal administrative computer systems were reported by the transit service on Friday morning.
[19:47]
A
Okay, all right, so a couple things here. Number one, shout out to the B, the Bay Area hammer and hammer and RSA in the house. Okay, so this. Okay, so here's the deal. Number one, ransomware attack is a ransomware attack. Number two, state and local municipalities are regularly targeted. I've said this before. Hold on. What do we got here? First timer in over 12 months. K E S Alex Ander Cade Alexander Kade. K E S Alexander Cade. Welcome back to the party, pal. I'm going to get some, get some use out of this tab today. Welcome back to the party, pal. And Cass Alexander Cade. Just so you know, I'm traveling right now. I'm in San Francisco. So this is, it's not like we've devolved since you last were here. Okay? State and local municipalities are underfunded. There's typically like one IT person doing like five different jobs. This is no surprise that they got unfortunately hit. The other thing I'll point out is that they said 9 11. 9 11. They said 911 is unaffected. Typically, in my experience too, typically emergency services are on a separate system, literally for emergency reasons, business continuity, being able to provide those services in the event of a disaster. So, you know, so usually the 911 services are not affected. They did say that there's going to be a city council meeting on Zoom because that's the only thing that'll work. Oh, hold on. It says this makes no sense. City council meeting will be held in person and will not be available on Zoom due to the attack. Okay, guys, I gotta tell you, that is dumb. 100% dumb. Zoom is a cloud based app. Like you can access Zoom. Like I don't care if your entire infrastructure gets ransomware. You can get on Zoom using that. This is probably the problem. Like you can't use personal devices I guess here. But like, and, and they can't assume, I guess, that like my Aunt Dorothea who only Has a company issued laptop, won't be able to get on the meeting. But to say that it's zoom is, I don't know, to me, like, whatever. This feels like a very Boomer thing to say. Zoom's not available. Oh, oh, the zennial. Just dunking on boomers. You know what, it flows uphill, guys. Okay. And then finally, yeah, like ransomware has hit California cities a ton. C. Like the LA county school district got hit. Like multiple, multiple, multiple municipalities in the state of California have been hit. Chances are. I don't know. I don't know if they're paying. Probably not. But I thought there was a. There's a law that I think says like federal agencies can't pay ransoms, but I don't know about states. My thing is if states aren't paying. Hold on, I'm going to Google this really quickly. Or can. Can a state agency in California pay a ransom? Pay a ransomware ransom? By the way, ever since autocorrect, my typing has gone to absolute crap. I just type whatever I want and like I just know that the computer is going to be able to sort out what I'm trying to ask. While not explicitly banned by statewide California law, paid a ransom in the state agency is strongly discouraged by federal authorities. Okay, you know what? Federal, you know what strongly discouraged means? Go ahead. So here's the deal again. As long as people are paying the ransom, threat actors have incentive to hit these ransomwares. Right? So let's keep going, Bruh.
[23:59]
B
Azure Monitor alerts used for callback phishing attacks Azure Monitor is Microsoft's cloud based monitoring service that collects and analyzes data from Azure resources, applications and infrastructure, allowing users to track performance, billing changes, detect issues and trigger alerts based on various conditions. Numerous customers of the service have recently reported receiving Azure Monitor alerts that include warnings of suspicious charges or invoice activity on their accounts and which request the customers to call and enclose the phone number. The verbiage of the warning is in line with that released by legitimate software services, right down to an apology for the inconvenience. But unlike other phishing campaigns, these messages are not spoofed, but are sent directly by the Microsoft Azure Monitor platform using the legitimate Azure hyphen. No reply@Microsoft.com email address.
[24:57]
A
All right, all right, really quickly I see. WOWY. 1267 screaming, screaming in the chat. Hello YouTube. Welcome to the party, pal. Yeah, Colonial Pipeline paid for sure. Dj, B sec, but I mean that was like a private sector business that was managing critical infrastructure and that was. That was years ago. I don't know. I feel like things have evolved on that way. Okay, so check this out really quick. This is actually pretty clever. We see. We have seen threat actors do this in the past, but it's been a minute since I've seen a threat actor do this. Let's see really quickly. This is so good. Like, again, I don't promote or encourage any type of cyber criminal activity. I'm not a fan of these things. Although I do have like a clop ransomware hockey jersey, virtual version, compliments of Bruise and Hacks. I mean, compliments of Dan Reardon. But Bruise and Hacks was involved on it. All right, here's the thing. And DJ B Sec, maybe you can help me on this one. This is pretty clever. So listen, there is a thing called Microsoft Azure Monitor, and it's baked into your Azure instance, your tenant, if you will, and it can send notification emails automatically when weird conditions are met. Well, you're getting an email from Microsoft that says they showed it in here. Well, this is the resolution email, but you're getting an email that says there's been a transaction, has been placed on hold by the fraud detection team, and to prevent possible account suspension, verify the transaction. And it looks real, it comes from Microsoft Azure. And it fires off. Now, here's my thing. What I don't understand is how are they getting this to fire in Azure? I feel like you'd have to have access to Azure to be able to get this to fire. It's the Microsoft Azure monitor. Like, this story is missing the important part of how it's happening. Because when you see how it happens, you can then go in and either detect when it happens or tune for it not to happen. Yeah, but at the end of the day, this is a phishing email. And what they're trying to do is get you to call a phone number to get on the phone with a criminal who's then going to basically rob you in some capacity. Bleeping computer shows more information. Do I got to scroll down? Okay, all right. $389 windows defender charge. Oh, thank you very much. Who said that? Sean Sailors. Thanks, Sean. All emails use the enterprise or corporate theme. They may be intended to go, okay, I don't get it. How do you. How do. How does the threat actor send them? How do they get like, here's my thing. Like, yes, this will work. It's a legit email coming from Azure. They've modified it to include their own phone number. You're going to trust it because it's coming from Microsoft. You're going to trust it because it looks real. And you're going to be concerned because it says you're going to get a $389 charge. What I don't get is unless. Unless they're. Unless the threat actors are standing up their own environment and then just messaging people from it. Okay? Oh, yeah. So DJ B says, I think they're using their own instance and firing off the alert. Okay. So I feel good about myself that I came up with that before reading your message. But, like, I'm glad that we agree on it. So it sounds like that's it. All right. Now that we understand what the hell is happening here. Oh, yeah, that's a good point, too. Dmarc, dkim, spf. Those are all gonna look correct. So email security protocols isn't going to stop this because essentially it is coming from Microsoft. Here's what you got to do. Okay? Here's what you got to. You got to educate your end users to tell them about this specific attack. Now, there's two things here for you. Okay, guys, two things. Number one, let me change my screen. Since my stream deck doesn't work, there's two things you got to do. One, I would. I would send out a note today to your workforce and just say, hey, if you get an email from Microsoft, like from legit Microsoft that says this, forward it to us as a phishing email. Right? Or if you get a call from Microsoft about this, don't call the phone number. Log in and check to see if there is a charge on your account or, you know, whatever. So I would say educate them on that. Now, number two, this attack type is. It can be modified, right? So if you just say, oh, hey, watch out for this specific email, the threat actors can pivot. They could say that there's like an attempt to register a second form factor on your account, or they could say that your password is expired. Like, they can change what the email says. Right. They're still able to send it. The real crux of this attack is that it's coming from Microsoft itself. Now, I do want to point out Microsoft might be able to put in a little bit of security around these accounts and threat intelligence to be able to, like, detective, these kind of emails are going out, but it will be quite difficult. Like, anyone can spin up an instance, right? And then do this. So. Roswell UK is talking about vishing. Yeah. I mean, typically vishing is like an inbound call to a victim, but this would Be, I guess vishing because you're getting, you're getting them on the phone and then at that point you're going to try to like get credentials or get them to install something or get them to give you money. So nasty business. If it were me, I would educate the end users on the attack itself and then, and then maybe in a week remind them about like the, the thing is, it's like it's coming from Microsoft. Ah, threat actors. You're too good. So anyways, fancy bit of business.
[32:00]
B
Huge thanks to our sponsor, Threat Locker. Most breaches don't start with a zero day. They start because something unexpected was allowed to run. One way organizations reduce risk is by shrinking the attack surface, deciding should be allowed to execute and blocking everything else. Fewer unknowns means fewer opportunities for attackers. You can learn more@threatlocker.com all right, I
[32:31]
A
can't even play the me. Oh my God, bro. You know what? We're getting this today. We're getting this. All right, guys, I want to say thank you so very much for being here. I appreciate all of you. You know, this is 1094. Some episodes are bangers. Some of them we limp across the finish line and I feel like today's might be a little bit of a limp across the fish finish line, but I appreciate, I appreciate it. Guys. The coffee is running low. I did drink three cups before I got on air. Ad tech. All right, guys. Hey, I want to say shout out to the stream sponsors Threat Locker anti siphon and Flare for making it so I can bring this show to you. Got a lot of fun work today. I'll be working with Real Bill Bill, the Real Bilbo today and tomorrow. Hopefully seeing Phil Stafford, Elliot Mati and others in the Bay area later today potentially if you guys want, trying to get over to Irish bank for some beers tonight if anyone's into that. Stay tuned. All right, guys. Every single day of the week has a special segment. And Mondays is simply Cybers community member of the week where I get to recognize one member of the community and it is a sponsored event sponsored by Threat Locker. Threat Locker, the. The company that does a deny by default approach to applications and cloud. But the reason it's sponsored is because Threat Locker gives me money and then I turn around and give the community member money, right? So like I, it's like a, it's like a, you know, a reward or whatever, an award. I give you a hundred dollar Amazon gift card. Okay? So shout out to Bowtie security who, who was last week's featured Community member upgrading his studio setup with that gear, that Amazon gift card. Today I want to. Here's the thing, I don't have this person's graphic because I don't know her name. But let me tell you really quickly, the community member of the week this week is Sunshine. Okay? Now Sunshine is in San Francisco, which is very relevant because here I am in San Francisco and I hope to see her later today. I met her in person at the Marriott Marquis last year. She's absolutely delightful. And the reason I wanted to feature his the Simply Cyber Community member of the day today is because in the last like three weeks I've had multiple people, they're like, oh, you're going to San Francisco. Like, you should connect with Sunshine or like you should get on with Sunshine or. And then Elliot was like, oh, Jerry, can. Can you bring a Simply Cyber flag? Like we're starting to like do meetups. Me, Phil and Sunshine. So like, Sunshine is very cool. Again, I apologize, Sunshine, I don't know your real name so I can't bring up your LinkedIn profile. And if your real name is Sunshine, you know, I apologize. But anyways, you can see Phil Stafford giving the love. So if you can, Phil, let her know and can you help connect me with her, please, Phil? All right. Hey, Alpha Sierra's here. Hey, Alpha Sierra. All right, guys, so yeah, that's our Simply Cyber community member of the week. All about good times. I'm gonna go ahead and do the la la la la. Here we go. Alpha Sierra, lead us off. It's been a minute for my janky lapel mic here. Oh, guys, what a day. Thank you so very. All right, All right, all right, all right. So guys, I know we're having a rough episode, but that was a fun mid roll. Let's get back into the news.
[37:00]
B
Feds issue PSA regarding Russian signal phishing campaign following up on a story we covered this past month, the FBI and CISA issued a joint public service announcement on Friday warning that Russian intelligence affiliated hackers have quote, gained access to thousands of users messaging apps with a global phishing end quote. The campaign chiefly seeks high value targets including current and former US government officials, political figures, military personnel and journalists. The US agencies reiterated that hackers had not been able to bypass end to end encryption, instead manipulating users into giving up access by posing as signal help personnel. A link to the PSA posted on ic3.gov is available in the show notes to this episode.
[37:53]
A
Okay, so this is not a new attack. Like this has been going on for a hot Minute and I, I just want to call your attention to this really quickly. When the technology. Let me, let me back up. I'm going to, this is the easiest thing for everyone to remember, okay? If you're going to attack something, right, If a hacker is going to hack you, if a threat actor is going to target you, if you're going to get got, there's only three things that they can attack, okay? Very simple and don't come at me with the CIA triad. That's day one, this is day four stuff I'm talking about, okay? Number one, they can attack people, right? I can socially engineer you, give me your credentials. Number two, you can attack technology, right? I can zero day hack all the things, log in with your default password and make a multi million account botnet. Or number three, I can attack process, right? What is the process and where are the gaps? Like you know, I'm able to register myself as a mortician and then legally declare you dead. Right? Like, like that's, these are the three things you can attack. That's it. Well, Signal as a messaging app is amazing at security and it's very private and you can't get in or anything like that. Well, because there's a lot of information being used in Signal and some high ranking federal officials like to use it for official classified correspondence apparently, or you know, sensitive correspondence. Adversaries are now trying to get into Signal, but because the technology is so good, you've got to hack something else. And what they're trying to do here is they're trying to attack the humans by tricking the people into thinking that their Signal help or signal service support people and then registering their phone into the signal. So like if you use Signal, which I strongly recommend, you can have signal on your phone, on your laptop, on your tablet, on other things, right? You can have signal on all the things. So, and you want like one, you know, it's like one communication path across all your devices. So for a threat actor to add one more device to your feed, that's fine, you're still going to be able to use Signal. There's no compromise of your availability of Signal. It's just the confidentiality is compromised because now the threat actor can see all the things that you can see on your device and oh by the way, it would tip their hand. But they could compromise the integrity of it too, right? They could take that opportunity to send a message and say like, like, let's say that like, you know, two high ranking people are talking about a military attack, like Attack this target at this time. Well, if you're in there, you could say, oh, actually I changed the target target this at the same time. And it's going to look like it's you saying it because they are in your device. That is what's going on. Now obviously I'm a huge fan of stopping the kill chain as far up the chain as possible in this one. This is why they're doing a public service announcement. Don't like Signal doesn't have a help desk that's going to proactively call you and tell you there's a problem. Like this is all day, every day, step one. So here's what I'll say if you are. Well, first of all, if your organization is using Signal, actually let me take a step back. Signal would be the obvious target. But let me, let me help everybody in chat whatever messaging app your company is using, right? Whether it's Microsoft Teams or it's Slack or it is Discord or it is Signal, right? Or Telegram or whatever. Tell your workforce that like a support employee from the app, from the company, from Microsoft, from Signal, from Telegram is not going to contact you about a problem. They're not going to contact you. Tell them. Furthermore, hey, if you do have a problem, if you do get contacted by them and you do think it's legit, hang up and call me, right? Or call help desk or call support. Like, don't, don't like it's, it. There's like I, there's 100 chance you're being targeted by a criminal. So stop, stop, stop, stop, stop, stop. That's what the PSA is for. But the, the thing is you really have to hammer it home to the end user that this isn't going to happen because it seems very convenient to just like be like essentially like Jesus, take the wheel. Like, oh hey, help desk, you take the wheel. And then threat actors just going to add themselves. Okay? That's for any company. Now when you get into high ranking people like Department of Defense secretaries using Signal for group chats and stuff, or you know, insert, say you're running an election campaign like you're a, you're a rival candidate trying to like you know, unseat the incumbent congressman or senator, right? You're also now considered a target even though you're not in office yet. Like if you, if you're one of these people who's got some, some traction, you could be a target. So for people like that, be mindful of that. Like, okay, like it's just no one no, no one from help desk is going to call you and try to help you out. They're going to tell you that your machine's screwed or compromised or something, but for real it's not. And if it is, you're going to have problems anyways. So just like, you know, sit back and let your own help desk people resolve the issue. Especially Signal Man. Good grief.
[43:49]
B
Critical Quest Case Vulnerability Potentially exploited. Researchers from Arctic Wolf are warning of suspicious activity affecting unpatched Quest Case systems management appliance instances exposed to the Internet. Case spelled K A C E is an on premises tool used for centralizing endpoint management, including asset inventory, software distribution, patching and monitoring. The vulnerability being exploited has a CVE number and is identified as a critical authentication bypass flaw. Quest patched the flaw in May of last year. But according to Arctic Wolf, there has been one instance of attackers appearing to have exploited it to gain initial access to a system and achieve administrative control. Oracle Patches critical.
[44:37]
A
Okay, we'll talk about this for a minute but like, Okay, so a couple things here. Number one, this story, look at the title. Critical Quest Case Vulnerability Potentially exploited in Attacks. And I guess that they're covering their butt by saying potentially the, the last part of the story they said Arctic Wolf has observed one instance of this being exploited. Like I, I don't know if this is like bold font, all caps, top news of the day, like get it that one organization, I feel for you, it sucks that you got popped. But like this isn't like eternal blue washing over the world in a, in one crashing wave or like move it software getting popped by like everybody, right? You know what I'm saying? Like, I don't know it just to me it's like, what are we doing here? Like why are you, why are you sensationalizing this when there's one victim? Number two, Quest case. If you're running Quest case, you should patch it. Ah, you gotta patch it. Like, you gotta patch it like this. This is like one of those kind of enterprise endpoint management solutions. Whatever it is, any solution you have that's an enterprise grade solution, you should be managing it. And if you get any pushback from it or the business saying like, oh it's too critical, we can't patch it. Oh it's too critical, we can't bring it down. If anything try to use that against them and be like, my, my guy, my guy. If it's that important, we have to patch it. Because if it's that important, if it gets exploited, we're gonna have to Bring it down for days. Is that something you like, Kevin? Like, you like being down for days, huh? Yeah, yeah, I know there's a little bit of like, bark, a little bit of snip to my, to my tone of voice because I'm sick of you pushing back on all these things. You gotta patch it all right now. Also really quick for those who want to use their Kool Aid man. Anybody wants to use their Kool Aid man. Emote. When I heard Critical Quest, my immediate thought was Questlove, who's the drummer for the Roots. So just shout out to Questlove. Love myself some Questlove. Yeah, go Patches. By the way, this has been patched since May of 2025, so 10 months ago. Again, if you're running an environment that this hasn't been patched yet, you've got much more foundational problems at your business than this. Also, shout out to Arctic Wolf. I almost wonder if Arctic Wolf like again, I like Arctic Wolf. We've paid. I like. I've been at businesses that like deployed Arctic Wolf, but when I see something like this, it makes me wonder if like Arctic Wolf paid to be this in the story or not or it's just like coincidental. I don't know. Let's go. Oh wait, I forgot I'm using my
[47:44]
B
phone vulnerability in Identity Manager. This vulnerability, which has a CVE number, also carries a CVSS score of 9.8. It is remotely exploitable without authentication, said
[47:58]
A
Oracle in an advice really quick. It looks like Roswell UK provided IOCs. If the machine running the case quest runs who am I? Or System info commands, it could be compromised. That's like foundational, like you should absolutely be. That's the easiest detection advisory and could
[48:16]
B
result in remote code execution. NIST calls the flaw easily exploitable by an unauthenticated attacker with network access via HTTP. Oracle has made no mention of this vulnerability currently being exploited in the wild.
[48:33]
A
All right, Microsoft. Well, if this Oracle vulnerability hasn't been exploited in the wild yet, it's incredibly easy in its remote code execution and it's unauthenticated either. A it doesn't give you very, very good like results. Meaning like you exploit it and then you can't do anything. Or they just don't know about the exploitation yet. Let me see, what is this? So it attacks Identity Manager and Web Services Manager. Again, if you know me for a minute, you know that whenever a security technology or security adjacent technology has a serious vulnerability, remote code execution unauthenticated, it's an absolute top priority in my opinion. So VPNs, firewalls, networking equipment, identity solutions, centralized management controls, anything that touches money, those are priorities. Like, that's a, like we're not effing around here. And, and by the way, let me just give everybody a quick tip here. Like there's a thing, and if you're older, you know this, okay, it took me a while to learn this. There's a thing called political capital, all right? And you can earn political capital by. It's not like a tangible thing. It's, it's a, it's a, it's a concept, right? You can earn political capital by doing service or hooking up. You know, like say the cto, like for whatever reason is like got budget shortcomings or whatever, and you've got extra budget as the cso and you like allocate some budget for them, like you're doing them a solid, right? So you get some political capital from that. You're not saying, I'm going to do this and you're going to hook me up later, but inevitably that's what will happen. Sometimes you do a great work at your job and then occasionally you go to die on that hill. Okay? This is like spending political capital. So if there's like a Microsoft Teams vulnerability and you're like banging on the desk that we've got to patch teams or whatever, and it's not a big, like, it's just not a big deal of a vulnerability or something, you're spending political capital. Is that really where you want to spend it for something like this? This is where I spend political capital, right? I go and say, listen, we've got to patch this. This is serious. It's like Chicken Little saying that the sky is falling or the little boy who cried wolf. Like, you don't want to go often because you, you dilute the impact of when you do go. But if you only go when it's really important, then it'll have gravity and then you can spend some of that political capital and get your agenda moved forward. So that's just like that. This starts getting into like more advanced Game of Thrones office politics crap. But it, unfortunately, it is a reality that we have to deal with. I'm continuing to look again. It's Oracle identity manager, see? Okay, so it can result in takeover of the instance, which to me means root level permissions. It doesn't really go into any detail here on what it is. I'm going to go ahead and look at the CVSS score or the CVE under EPSS lookup, right? This one has a three hundredths of a chance of being exploited in your environment in the next 30 days. 7 percentile of how bad is it? It's pretty bad. They said they haven't seen any exploitation yet. I wouldn't screw around with it, dude. It's your identity services engine. Like the only, the only way I could see it not being like a big priority is if like for some reason you're using it to like access like an unimportant part of your network. And it's not like the Oracle Identity is not like a core identity services engine for like your entire enterprise. I don't know why you would deploy something like Oracle and have it used in like a demo environment or something silly. But anyways, it doesn't look like according to epss, it's that important. But I, I wouldn't screw around with it personally.
[52:56]
B
Rolls back some of its co pilot AI bloats on Windows oh good. The company announced on Friday changes focused on improving the quality of its Windows 11 operating system, which notably includes dialing back the number of entry points to its AI assistant Copilot. The reductions will apply to apps such as Photos, Widgets, Notepad and its snipping tool. As reported in TechCrunch, this less is more approach to integrating AI into its existing platforms and may reflect the growing consumer pushback against AI bloat. A Pew Research study published this month noted that, quote, half of US adults are now more concerned than excited about AI as of June 2025, up from 37% in 2021. End quote.
[53:47]
A
Okay, good. You know, it's funny because I feel like Microsoft's the only one who's like taking it on the chin, in my opinion. I don't know about you guys, but like, when I think of like AI and kind of the big tech oligarchs, it's like Microsoft Copilot, Google Gemini, and then of course like Claude and OpenAI. Now Claude and OpenAI are less invasive because like Microsoft has Microsoft 365 and Microsoft Windows. Google has the Chrome, which is like a very, you know, one of the most popular browsers out there. So like it's much more easy to see. But like, I don't know about you guys but like when I see Google Gemini, it's very like it's less in my face, right? I feel like Copilot, like Copilot is like an AI version of Clippy, okay? And if you're old enough to know Clippy, you know how annoying Clippy was. And if you're not, I guess you're young and like, you probably. I like ironically use clippy. But like clippy was annoying. It would show up like when you didn't need it. It wouldn't be very helpful. I feel the same way with Copilot. I don't know if it's like a marketing thing or a deployment thing, but like, I like I have a copilot button on my laptop and like just a minute ago I wanted to hit control and I'm holding my phone when I left and I still haven't reconfigured that copilot button. But I don't want a copilot button on my phone. I mean on my laptop. I don't want it on my phone either. So there is a massive distaste for Microsoft Copilot for whatever reason. The second thing I want to talk about really quickly. Here is a bigger macro picture. And catch me at Irish bank tonight and I will tell you in exceeding detail about my thoughts on AI and where we're going as a society. It's not something I want to bring out on stream because I don't want, I don't want to put that on anyone. But I like, I don't like. I find it interesting that there is a sentiment, societally speaking of push back on AI, that it's too much. Dude, I'm in RSA this week. Okay. I. I suspect it's going to be AI all over the place and AI, all the things. People are beginning to realize the existential threat that is being posed here. Like, oh, it's cool because it can write my emails. Yeah. And you know what? Like, your services are no longer needed. Thank you. You know, these people are like, oh, like this thing can do my job. That's cool. I'll let it do my job while I hang out. It's like, I don't think you understand how capitalism works because there's things called expenses and then there's things called assets. And if you can lower expenses, that's good for the business and your labor is the number one expense on any balance sheet. Spoiler alert. Okay, so anyways, people are pushing back. It might be because of how they feel about AI and like the path of it. My suspicion is that a lot of people are. It's moving so quickly and starting. People are starting to talk about it all the time. And honestly, I think it's fear. I think it's fear and I don't think it's fear from an existential Threat of Skynet. I don't think Skynet's ever like in the cards, but I think people are realizing that they're not moving as quick as AI is. They're not learning as fast. And it's human nature to want to push back on new change. That doesn't make sense to them. And I think that's what would happen. So, yeah, AI bloat. Honestly, guys, the final thing I'll say, like, there are so many parallels and we could talk about this at Jawjacking if you want anyone in chat. I haven't been looking at chat for a minute, but let me tell you, there are unbelievable parallels. This is a hot take of mine. Like I, I just came up, I've been thinking about this, but now I'm going to share it with you guys. In the year 2001, 2002, during the dot com boom, right? Tech was getting massive, okay? And all of the endpoints you could go to like Best Buy or whatever, you could go online, qvc, you could buy a Hewlett Packard, you could buy a Gateway PC, you could buy an E machine and it would come with so much friggin bloat software already installed on it that by the time you get your brand new computer, take it out of the box, set it up and turn it on, you were like almost out of hard drive. Your. Your machine ran slow because you got all these frigging apps, fat apps that you didn't want running on your machine. And people got ultra pissed and it became a massive problem where they started getting rid of it. Like, I mean, they were like full on apps that would just like remove bloatware. Like that was the app's entire function. I feel like it's the same thing with AI. People are jamming AI into everything now. Like the advent of the Internet, mainstream Internet is like the advent of mainstream AI. So those parallels I'm seeing and then pushing it all the way to the right with all that bloatware in 2000 and people pushing back, I feel like it's the same thing with AI. People are shoving AI into everything. Like things you don't even want with AI, it's there. So I think that that's why the pushback is coming. Linda Smith. Have a great day. I appreciate it. All right, let's jump to Jawjacking. I'm just going to play the sounder. I'm Jerry, your chat, we're live at rsa. Thank you so much. We'll be back, but I'm coming back in 30 seconds. Okay. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking. All right, what's up, everybody? How do I. Gosh, I'm Jerry. Is there a Jawjacking one? Is this. Hold on one second. That's not Jawjacking. Is this Jawjacking? Oh, my God. My guy. Okay, hold on one second. I gotta get bigger. Which camera is this? I don't even know what camera this. I mean, I see the camera, obviously. Okay, hold on one second. I'm just. Because I want to do this. Welcome to Jawjacking, Everybody. It's a 30 minute AMA. Here we go. Yeah, it's a 30 minute AMA where I'm going to do everything I can to answer as many questions as I possibly can in that 30 minute window. And hopefully you get some value from it, get some questions answered and we have a good time. Any question you want, just put it in chat with a queue and I will answer it. I've played some background music here, so let me know if it's too loud or if it's annoying or it's stupid. I'm just trying to. Trying to give you guys a little bit more love on the stream. I am live at RSA in San Francisco. Let's get the questions going. Jay Gold's in the chat. Thanks, Jay Gold. Casually. Joseph's in here. Let's see. Welcome to My guy spring. We need a my guy emoji. All right, legrat. We can look into that. Andre's Molina wants my take on Tyler Ramsby's video. Okay. Yeah. So let's do this really quickly. Tyler Ramsby, Try hack. What was a try hack me is dead or killed or dead. All right, let's see. One second. Stop using try hack me. Okay? So check this out really quickly because I want. I will give you my thoughts on this. I just want a level set so everybody knows what we're talking about. This is Tyler Ramsey right here, okay? He released this video. He released this video the other day. Stop using try hack me. I'm gonna link to it in chat. Okay? Tyler Ramsby is a professional pen tester. Tyler Ramsby and I both have financial interests in a pen testing company called Kyro Sec. We're the two that run CairoSec. And let me drop this link in chat here, okay? And Tyler makes this video saying that Try Hack Me, who has launched a new company called no Scope. No Scope Pen testing. Okay, here it is. AI Pen testing. And I don't know if Tyler asserts or claims or, you know, what evidence there is. Whatever, I'm not, I'm not trying to make any claims, but essentially the gist of it is, is that trihack Me has trained a bunch of pen testers over the last couple years and now they've opened a company that does AI pen testing. And effectively, you don't need to hire a human pen tester anymore. You can hire AI pen testers. So, you know, and, and Tyler does a good job of like kind of following the evidence and keeping it objective. I, I agree with Tyler in, in this case, I do not think that. Well, two things. Tyler has a point. Number one, he, he calls to action people to delete their Try Hack Me account. Number two, he posits that I will not replace human pen testers. Okay. In fact, he has a really great point where he says like, vulnerability scanners were supposed to replace pen testers, but, and there are pen testing companies that suck that will just run a vulnerability scanner and then sell it to the client. But that's not really good pen testing. So I, I, I support Tyler's video. I like Tyler's video. I agree with his points. I actually thought about uninstalling my Try Hack Me account, but I, I don't want to do that because I have a course on simply cyber called Cyber Academy called Cybersecurity 101. And it basically is like a 14 week learn everything course. And I, I built my labs in Try Hack Me so students can use a free account to do it. So like, I feel like it would be disingenuous for me to be like, oh, I'm going to uninstall it, but then like leverage the platform for the cyber one on one. So I'm just kind of like sitting on the fence basically. My other point is I do not think that AI will replace pen testing. I've seen what Tyler can do because, you know, we own this company. Like, yeah, you can use AI to kind of like hit some low hanging fruit and stuff, but like, there are really creative, clever, innovative, novel attack techniques that I just, unless you like give AI full, full control and then like hope that it doesn't break or brick something, I just don't think you're gonna want AI to go full ham in an environment. You'll always need a human in the loop, I guess is what I'm saying. And you'll probably need an advanced pen tester to go and do, like, some, like, really interesting attack techniques. My final thought on this, and I was talking to real Bilbo yesterday, is that, like, listen, if I'm a company, like, I guess we are a company, right? Pen testing company. Say you're a pen testing company or. Or you're a sock analyst, right? Well, we'll stick with pen testing because try hack me. If I have five pen testers, okay, and I fire four of them and replace them with AI and the fifth one watches the AI, okay? All you've done is replace overhead labor with AI. So, like, let's say that everybody gets paid $100,000. So I've saved $400,000. And let's say the AI costs 100,000. Like, that's stupid, but let's just say it, okay? So now you've saved 300 grand, okay? You've got one human and four. A $200,000 overhead cost. Here's my thing as a business owner. Why don't I give this guy five a ise. This guy five eyes. This guy five eyes. This lady five eyes and dial on five eyes. And now instead of making the same or a little bit more revenue without human overhead, why don't I just 5x my business? Like, stop thinking so, like, small. Like, just give everybody AI. What? Like, why fire humans, Replace them with AI. Just give everybody AI. So that's what I think on that. Good question. Thanks for asking. How do you handle an organization that prefers to throw money at the problem by purchasing new shiny tools rather than the developer develop or train their people? Yeah. Call sign moody. This is a real problem. This is a real problem. Let me tell you guys all something really quickly. First of all, it's very easy to stroke a check to solve a problem, right? Because a product vendor is going to come in and say, oh, I see all these problems you got, bro. We've got a solution. Sign here. And this is when you end up having, like, three different firewalls in your environment. Or like, you're running two different MDM solutions or something like that. Like, you. It happens a lot because executives, it's easy to write a check, okay? It's hard to do what you're saying. Develop and train people. Number two, a ciso. Okay? And I'm going to. I'm going to wear this one, okay? If. If it. If a CISO doesn't know what they're doing, okay? So I'm throwing shade at CISOs. But if a CISO doesn't know what they're doing or they're in over their head or they're concerned about their job. If they buy a new tool, they can sell that to the board. They can say, hey, listen, we've got problems, but I just bought Microsoft Intune MDM solution, for example, and here's the plan. We're going to roll it out over the next three months and then we're going to figure out what's going on. And in six months time, we're going to have a better security posture. So basically they've just bought themselves six months of Runway because if the board asks them, hey, what the hell are you doing? It's like, oh, I'm executing that plan. I told you back in January, we're still doing it. It's March. Give me a break, bro. Right. So like it buys time. If you develop or train people, that's much more difficult to quantify the impact to the organization. Now how do you fix that? Call sign moody? One thing that I always like to do, again, this took me years into my career to figure it out is like, when you're talking about purchasing a product, one of the questions I always ask the vendor is how much? Like how much? Like manpower. And with all due respect, I'm not trying to be misogynist, but like how, how much human does it require to maintain this thing? A week? Right? Because a lot of people sell you a solution and then they don't tell you that like you also need to hire a full time person to run and manage the frigging thing, which, which means you end up getting like tech that just gets abandoned. How many people in chat have a security onion instance that's not doing anything because you never had extra cycles or a person to put on it. Right? Michael Fink says he doesn't have enough clients to support 5x his business. Yeah, but I mean, okay, I guess my thing is like you can like hire, ask the pen testers to start doing sales. Then, I mean, you've got the operational capacity to execute. You just got to get sales. So anyways, what I would say, Call sign Mooney final thing is like, hey, listen, we've got this great tech. You have to make this in terms of money. Call sign Moody, you say, hey, listen Boss, we spend $250,000 a year on crowdstrike, right? You're talking about potentially buying a new EDR. Like for 30 grand, we can train our workforce on CrowdStrike and save $200,000. Like, like you have to. Unfortunately, you have to make it in signs of dollars and cents. Finances. Right. So instead of throwing money at the problem, you could throw a smaller amount of money towards training, and then you've got extra capital to have budget. Right. All right, next question. Do you still play the game haiku? If not, is it still a good place to practice skill set, or do you need to have knowledge first? Jazzy Jazz. I haven't touched haiku since 2021. I. I don't know the current state of it, honestly. And I can't say whether it's a good place to start anymore because I don't know. I would say that there are a lot of great options out there to get started. Okay, so I'm looking for questions in chat mods. Can you. If. Yeah, the. The original. It was originally. All right, put questions in chat. Like, I'm dealing with kind of a deficient studio right now because I'm traveling and other challenges. So if I. I'm not. I'm not flagging these questions. So if I. If I'm not answering your question, ask it again in chat, please, to help me out. Yep. DJ B Quit using it to solve management problems. 100% there, buddy. Should AI weapons develop. Hold on one second. Getting text. One second. Sorry, guys. I. I'm coordinating with Bill Boston, too. Okay, hold on. I think Bill's in chat. Let's see. Should AI weapons development capacity be subject to the same arms control frameworks as nuclear chemical weapons? And if so, who enforces it? It's a tough one, dude. The thing is, with nuclear and chemical, you need raw ingredients to get it. So it's like, easy to kind of control and police AI weapons development. I mean, you can do it in your. In your kitchen. You know what I mean? So I don't. I don't think I. I don't think so. I mean, I think it's going to be bad, but I don't think. I don't think it's possible to police it, frankly. Let's see. Roswell says go to. While traveling. Taco bell, Burger King, McDonald's or something else. I'll tell you. Roswell, UK. You know, when we're traveling in the car, if there's a Wendy's, I like a Wendy's, but like, McDonald's seems to get a lot of action in the car. When I'm traveling, like around here, I always. I always like to try, like, a local place. I'd. I'd much rather try a local place than a chain restaurant. When I'm somewhere, someone just Did a super chat. Let me go ahead. Adorner. Thanks for the super chat, dude. For a noob in cyber security studying SEC plus any set of resources or road maps to build all the skills or GRC like hack the boxes for pen testers and SOC analyst. Well so okay, so a donor. Number one, I have a vested interest in this but my GRC analyst masterclass at Simply Cyber Academy has hands on practical labs that are quite good. That's. That is a good example, a good place to go. Number two, there is a big transition going on in the world of grc. Like it's like a cruise ship turning around. So it's taken a little bit but we're getting much more into GRC engineering and using technology to be able to do point in time policy assessment and you know, real time asset inventory which has always been the dream. So like getting those type of skills are certainly going to be valuable. I do not know of any platform like my GRC masterclass won't teach you those type of things. I don't know off the top of my head, any kind of labs outside the one I have. I do think UNIX guy has a GRC mastery course. That one's like 500 bucks. So it's pretty expensive and I haven't taken it myself so I can't speak to it. So adorner, the answer your question is there isn't like a great platform that does this yet. But the, the resources I did provide you are ones that you could use for sure. Thanks for the super chat. By the way. Nick Dixon. Nick Dixon. Isn't Nick Dixon a first timer? Feeling Nick Dixon was a first timer last week. Nick Dixon, thanks for coming back. Speaking. Money is the best way to communicate to leaders, but where exactly would a new GRC analyst get these numbers from? Yeah, well, I mean if you're a brand new GRC analyst, are you really trying to speak to the CISO to influence purchasing decisions? I, I don't know if that's necessarily the right place for a new analyst to do. And I'm not about like paying your dues and your gates and stuff like that. But like I do feel like you have to get a little bit of like dirt under your fingernails before you're coming in. Talking about this isn't a good idea. This is a good idea. If you do want to get those numbers, I mean you can certainly there should be. No, you should be able to ask to see the contract. Right? Like the, the, the CISO definitely executed a contract or the CFO executed a contract with CrowdStrike or with Sentinel One or with Arctic Wolf or with Whomever. Right. And if you want to be kind of like subtle about it, you can be like, hey, I wanted to put together some data around like what our current contracts are when they expire, how much we're paying for them and everything. Just as a quick resource for you to be able to see what our current, you know, commit is in technology and spend. Right. So you could spin it that way and tell the CISO like, oh, budget time, time, I'm going to help you out, buddy. But those contracts shouldn't, those contracts aren't sensitive. They're not like classified information. So you should be able to ask for those things, you know, and then I guess you can easily, like any business will give you a quote. Like, like, so say you're trying to get training for CrowdStrike or training for Tripwire or training for what, you know, service now, like insert whatever now. I mean you could just ask for a quote. Right. A sales guy will be more than happy to give you a quote. So hopefully that works for you. Let me know. Jerry. Chevy or Ford? I'm a Chevy guy. Thank you. Wow. Space talk. Space Talk has always says the nicest things about my, my on my academy course. She's definitely a product of that course. And, and I, I, I definitely would call out that Space tacos. Definitely had a lot going for her already. So it wasn't like my course was singularly a thing but, but definitely, definitely did help. Hey Stone. Hey man. Did you get a new Santa Fe? Like what, what's the car situation? Oh wait, hold on. I should read this. What are you driving these days? I just picked up a 2022 Kia EV6 and I'm loving going full electric. Okay, I should have read the friggin thing. I drive a Chevy Colorado. I owned a Chevy Colorado, the first one that ever came out. 2003 I think. And I drove that until the wheels fell off and then I bought another Chevy Colorado. I like having a pickup truck. Truck, honestly. So Mrs. Ozier has an SUV. She could have a sedan, SUV, whatever. I always like having a pickup truck or at least have the family have one pickup truck because go to the dump, moving something, going to Home Depot or Lowe's and buying lumber. Like to me having a pickup truck is like non negotiable. It's like, it is a critical piece of like utility for me. So I'll always own a pickup truck. Hey Ron, I gotta tell you, having a, having a electric Right now. I mean, gas is, like, skyrocketing. Although, you know what I did see? I don't know if you guys saw this. Gas is almost at $4 in many places. Coming down. I got off the flight here in San Francisco and driving down to the hotel, I saw gas for A$49. I don't know if you guys saw this. It was crazy. It was A$49 for gas. It was a Taco Bell. That was a joke from last week, but it felt like a good time to reuse it. Okay. Oh, a lot of people have pickup trucks in chat. All right, it's 9. 21. You're watching simply Cybers Jawjacking. If you have any questions, please drop them in chat. I'm here to answer them to the best of my ability. Hold on one second. Who's this? I'm getting text messages. What is this? I'm getting. Oh, I'm getting, like, what looks like a random phishing email about medical insurance. Hard pass. Thank you. Let's see. I'm. I'm scrolling back through chat code brew. Hey, really quick, just so everybody remember, Simply Cybercon is up and running. Simply Cybercon, if you didn't know, now you know. There you go. You go to simply cybercon.org if you want. Simply cybercon.org CFP opens in May. We're only gonna have, I think, 11 speaking slots this year, some workshop slots, panel slots, and then tons of activity slots. So check that out. All right, what else we got here? Oh, hey, I, I, My tidbits. Tuesday last week was my tidbits. Tuesday last week was travel tips. Do you have any travel tips for traveling? I actually forgot one. I have an amazing travel tip. Okay, if you. If I don't care if you travel once a year or you are a road warrior, I have an amazing travel tip. I forgot about this one. And then as soon as I did it yesterday, I was like, holy crap, I gotta tell the chat about this. Look at this. Okay, hold on one second. You can text yourself, okay? And you'll have to. This, like, TikTok made me cry. Okay? But, like, look at this. This is my own phone number. And I texted myself. Come on, come on. Can you focus, bro? Son, hold on one second. Can you focus on this or what? Damn it. All right, listen, here's the deal. On your cell phone right now, text yourself. So text your own phone number, like your flight. So, like, if you're on Delta Flight 2179 and you text DL2179, right? It'll show up as a text message. Okay, big deal. Now what if you. If you long touch it, it'll give you this and it shows you your flight. But then you can hit preview flight and it shows you this. This amazing amount of information where you are, what gate you're coming to, what carousel baggage claim is if there's any issues. It's amazing. It is straight up better than any. Like the Delta app, the American app, the United app. Like, dude, as soon as I land, this is what I do. And it's like, oh, perfect. Here we are. So, pro tip, text yourself. Space tacos coming in the chat. Let me find. Hold on one second. Space Tacos with a super chat. Thank you, Space Tacos, as always. Thanks. But your GRC Master class literally was the singular reason why I got my auditing job three years ago. Okay, well, thank you, Space Tacos. I. I'm always very cautious about over selling my stuff or myself. So. Hey, I'm happy. I'm super happy. It's literally the reason I made the course. Like, thank you, Space Tacos. Michael says about simply Cybercon. Is there a lot to do in the area? Thinking about bringing the missus. Yeah, yeah, yeah, yeah. So we're actually going to have it at Folly beach this year, and we're doing a whole bunch of activities. Michael, it's going to be on a Sunday and Monday, so, like, Charleston's 15 minutes away. Right. We're going to be at the beach, but, like, if you want to go downtown on Saturday. Besides, Charleston is Saturday. Also, Charleston, South Carolina, has amazing restaurants, lots of history. There's. You can do the history tour in like one day. The beach is gorgeous. Like, yes, bring the misses. In fact, like, I set the conference up to be more of like, bring your family kind of thing. Again, I can't promise babysitting or anything like that. I'm still trying to figure out the, the. The. The kids situation, but there's gonna be a lot of activities. All right. Yep. Christopher Lycia throws his pickup in the bike in the back. I do the same thing, man. I do the same exact thing. B B Dubba. As a noob tier one sock analyst, I like the defensive side so far. What other jobs did I strive for more than more action in the sealed. Oh, hey. So really quick. B Dubba or B Dubs, what I would recommend is look into. You don't have to become a pen tester, but learn pen testing skills. Because if you learn pen testing, you'll actually be a better soc analyst because you'll understand what it looks like from the other side and you'll be able to, you know, write better detections, go threat hunting. You'll, you'll scale up much faster. We also need a here's the deal emoji. Oh my God, have I been saying here's the deal? Too much asking for career advice. I have a job in cyber working as a network engineer. Firewalls mostly. I love what I'm doing, but still want to continue growing. What would you recommend? Well, I mean, it depends where you want to go with it, right? But where would you go? I mean so you're managing security technology. So I mean technically you could continue to expand your security technology footprint. So you could be like, hey, let me start managing MDM or, or hey, let me manage the email security gateway, right? Like, you know, kind of like move wide across security technologies. That's one you could, you could also start moving kind of into GRC where like you like as a network engineer, you could sit with the networking team, you could sit with the IT team, you could start sitting on change control boards representing it since they're probably going to need firewall rules. You could start doing. How would you start doing audits? I guess you could start making sure that like, you know, people who ask for like exception firewall exceptions, there should be some type of termination date to the firewall exception beginning to follow up on those termination dates and stuff like that. Those are all good options. Do you think this is coming from AB Derzak over on LinkedIn? Do you think AI security is just IT security or is there something more to it? I think there's something more to it. I mean it is definitely a piece of it, but there's a lot of identity and access management involved with AI non human identities, actions being taken, the context of those actions. Abder Right, so like a chatbot can say like here's your answer, right? And that's allowed. But like here's sensitive information that is not allowed, right? So there's, there's definitely nuances to it. I do think AI is just another piece of technology. So I guess it is really like IT security. I just think like if you put it in that lens, you're going to be missing a lot of other parts of AI. We've got a first timer here. Lupus climbing granny. Lupus, granny, welcome to the party. Let's get you your welcome to the party, pal. Grab bag here. Lupus Granny, welcome to the party. Good to have you here live. Coming to you live from San Francisco. All right guys, it's 9:30. I gotta get out of here. Well, I. I don't got to get out of here, Kyle. Yeah, kids would need con tickets because we're gonna feed them, right? And I know that they're not going to eat as much, but yeah, kids would need con tickets as well. I'm going to try to speed run questions really quickly. Copy technician ccna, sisa. Full time employee, full time computer science student. Right now. Really want to get out of copiers. Okay. I don't know what the question is, so keep doing what you're doing. Make sure you're networking with people. Lupus, granting we got the first timer. Oh, best course of action. Yeah, just keep doing what you're doing. Get the certs, get SEC plus even though it's, you know, but like HR uses it a gateway network. If you're a student, network with your faculty. If you're working full time, network with your peers. Right? Go to conf, get your business to send you to conferences and then network with people there. Okay, cool. I gotta go guys. Let me just tell you really quickly, this has been jawjacking. Coming hot on the heels of daily cyber threat brief. Guys, I'm well aware that today's episode wasn't as produced high quality as my other episodes. I did the best I could with what I could get working, hopefully. Please be honest and don't glaze me or anything. Let me know in chat. You know, if today was like I stuck around because I like you Jerry, but like that was brutal. Be real, be honest. I'm gonna try to get it up and running better for tomorrow morning, but I do what I can. Okay, Guys, I'm Jerry from Simply Cyber. Be well. Thank you. And if you're at rsa, come find me. I'll give you a high five. No RSA today because they don't open until tomorrow. But I'll be at Marriott Marquis for a while and then trying to do Irish bank meet up later tonight. Hit me in the Discord Con chat channel on the Discord server. We can get it sorted out. I'm Jerry, your chat next time.

🔴 Mar 23’s Top Cyber News NOW! - Ep 1094

Daily Cyber Threat Brief - Ep 1094

Mar 23’s Top Cyber News NOW!
Host: Dr. Gerald “Jerry” Auger, Simply Cyber Media Group
Date: March 23, 2026

Episode Overview

Key Discussion Points

Janky Broadcast: Setting the Stage (00:01–12:27)

Top Cybersecurity News Stories & Expert Analysis

1. Law Enforcement Seizes Multi-Million Device Botnets (12:27–18:56)

2. Ransomware Cripples Foster City, CA & Hits LA Metro (18:56–23:59)

3. Azure Monitor Abused in Legitimate-Looking Callback Phishing Attacks (23:59–31:59)

4. Federal PSA: Russian-Linked Phishing Campaign Targets Signal Users (37:00–43:48)

5. Critical Vulnerabilities in Quest KACE & Oracle Identity Manager (43:48–52:55)

6. Microsoft Scales Back AI Copilot Bloat in Windows 11 (52:55–End of News)

Community Engagement: Jawjacking AMA (60:30–End)

Key Topics & Notable Insights

Memorable Quotes & Moments

Timestamps for Important Segments

Takeaways for Cybersecurity Practitioners

Daily Cyber Threat Brief - Ep 1094

Mar 23’s Top Cyber News NOW!
Host: Dr. Gerald “Jerry” Auger, Simply Cyber Media Group
Date: March 23, 2026

Episode Overview

Key Discussion Points

Janky Broadcast: Setting the Stage (00:01–12:27)

Top Cybersecurity News Stories & Expert Analysis

1. Law Enforcement Seizes Multi-Million Device Botnets (12:27–18:56)

2. Ransomware Cripples Foster City, CA & Hits LA Metro (18:56–23:59)

3. Azure Monitor Abused in Legitimate-Looking Callback Phishing Attacks (23:59–31:59)

4. Federal PSA: Russian-Linked Phishing Campaign Targets Signal Users (37:00–43:48)

5. Critical Vulnerabilities in Quest KACE & Oracle Identity Manager (43:48–52:55)

6. Microsoft Scales Back AI Copilot Bloat in Windows 11 (52:55–End of News)

Community Engagement: Jawjacking AMA (60:30–End)

Key Topics & Notable Insights

Memorable Quotes & Moments

Timestamps for Important Segments

Takeaways for Cybersecurity Practitioners

Daily Cyber Threat Brief - Ep 1094

Mar 23’s Top Cyber News NOW! Host: Dr. Gerald “Jerry” Auger, Simply Cyber Media Group Date: March 23, 2026

Episode Overview

Key Discussion Points

Janky Broadcast: Setting the Stage (00:01–12:27)

Top Cybersecurity News Stories & Expert Analysis

1. Law Enforcement Seizes Multi-Million Device Botnets (12:27–18:56)

2. Ransomware Cripples Foster City, CA & Hits LA Metro (18:56–23:59)

3. Azure Monitor Abused in Legitimate-Looking Callback Phishing Attacks (23:59–31:59)

4. Federal PSA: Russian-Linked Phishing Campaign Targets Signal Users (37:00–43:48)

5. Critical Vulnerabilities in Quest KACE & Oracle Identity Manager (43:48–52:55)

6. Microsoft Scales Back AI Copilot Bloat in Windows 11 (52:55–End of News)

Community Engagement: Jawjacking AMA (60:30–End)

Key Topics & Notable Insights

Memorable Quotes & Moments

Timestamps for Important Segments

Takeaways for Cybersecurity Practitioners

Daily Cyber Threat Brief - Ep 1094

Mar 23’s Top Cyber News NOW! Host: Dr. Gerald “Jerry” Auger, Simply Cyber Media Group Date: March 23, 2026

Episode Overview

Key Discussion Points

Janky Broadcast: Setting the Stage (00:01–12:27)

Top Cybersecurity News Stories & Expert Analysis

1. Law Enforcement Seizes Multi-Million Device Botnets (12:27–18:56)

2. Ransomware Cripples Foster City, CA & Hits LA Metro (18:56–23:59)

3. Azure Monitor Abused in Legitimate-Looking Callback Phishing Attacks (23:59–31:59)

4. Federal PSA: Russian-Linked Phishing Campaign Targets Signal Users (37:00–43:48)

5. Critical Vulnerabilities in Quest KACE & Oracle Identity Manager (43:48–52:55)

6. Microsoft Scales Back AI Copilot Bloat in Windows 11 (52:55–End of News)

Community Engagement: Jawjacking AMA (60:30–End)

Key Topics & Notable Insights

Memorable Quotes & Moments

Timestamps for Important Segments

Takeaways for Cybersecurity Practitioners

Mar 23’s Top Cyber News NOW!
Host: Dr. Gerald “Jerry” Auger, Simply Cyber Media Group
Date: March 23, 2026

Mar 23’s Top Cyber News NOW!
Host: Dr. Gerald “Jerry” Auger, Simply Cyber Media Group
Date: March 23, 2026