Daily Cyber Threat Brief – Ep 1098 Summary

Podcast: Daily Cyber Threat Brief
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Date: March 27, 2026
Episode Theme:
A high-energy, community-driven review of the day’s eight top cybersecurity news stories, with expert insights, practical takeaways, and audience Q&A. Dr. Auger, supported by guest panelists, moves beyond headlines to connect technical details to the real-world risks, featuring light banter, career tips, and a focus on helping security professionals stay current.

1. Episode Kick-off & Community Intro

00:01 – 05:00

• Dr. Auger welcomes live and replay listeners—shoutouts to new community members and special acknowledgment for podcast listeners on the move (e.g., Kim in Virginia).
• Explains the show’s purpose: reviewing and analyzing daily cyber news for both technical and nontechnical practitioners.
• Emphasis on supportive, inclusive community: “You’ll never hear anyone say, ‘that’s a stupid question.’”
• CPE credits available for listeners engaging with the show.
• Describes the “double click down” value: not just headlines, but actionable, experience-driven context for real-world security.

2. Community Announcements, Sponsors & Segments

05:05 – 12:00

• Friday is “Dad Joke Friday” featuring James McQuiggan at 35,000ft.
• Sponsor highlights:
  • AntiSiphon Training – affordable, quality education; upcoming webcast on writing effective SOC tickets.
  • Flare – threat intelligence platform offering dark web, criminal forum monitoring; two-week free trial available.
  • ThreatLocker – deny-by-default endpoint/cloud security; praised for transparent sponsor relationship and direct value to audience.
• Encourages podcast listeners to join the community channels, share their experience, and connect via socials.

3. Top Cybersecurity News Stories

Each story summarized with insights, practical implications, and panel discussion.

1. RedLine Infostealer Developer Extradited

12:01 – 14:10

• Hambardsum Manassian, alleged developer, extradited from Armenia to the US for supporting RedLine malware (fraud, hacking, money laundering; faces 30 years).
• RedLine was “an absolute blight on our industry”—widely used for credential theft and resale.
• Dr. Auger:
  • “Play stupid games, win stupid prizes.” (12:50)
  • Notes high-value of initial access in the cybercrime ecosystem.
  • “The only way to curb cyber criminal activity is going to be…a multifaceted approach. Law enforcement takedowns …higher education… and harsh penalties.” (16:50)

2. RedMention Espionage in Telecoms (BPFdoor, China Link)

17:24 – 26:39

• Chinese-linked group infiltrates telecom infrastructure (e.g., Cisco, Fortinet), using BPFdoor (kernel-level, passive backdoor—hard to detect).
• Exploits Berkeley Packet Filter for deep, persistent network surveillance.
• Auger:
  • Explains userland vs. kernel (19:33).
  • Questions true utility for encrypted traffic; “If the network traffic is encrypted, you can inspect it all day, but…it’s still encrypted.” (23:34)
  • Useful analogy: “Hidden in the noise” like a thief dressed as a firefighter in chaos (25:40).
  • Importance for telecom defenders: actively hunt for these persistent implants.

3. NSA Chiefs Warn US Cybersecurity “Slipping”

26:39 – 34:07

• At RSA Conference, four former NSA leaders (incl. Gen. Paul Nakasone) warn that repeated attacks, political gridlock, and weak legislation are eroding US cyber defense.
• China strongly suspected of “pre-positioning” in US critical infrastructure.
• Discussion:
  • “Not numb, just beaten down by the volume.” (27:47)
  • Emphasizes importance of ‘tone at the top’; systemic attitude in government and business shaping resilience.
  • Bipartisan executive orders have tried to address this, but institutional flippancy is a risk.

4. Automotive Cybersecurity Rising

34:07 – 40:25

• RSA Conference features Car Hacking Village, Volkswagen/Audi CISOs: new threats as vehicles become autonomous and connected (reference to 2015 Jeep Cherokee hack).
• “Millions of lines of code, extensive wireless connectivity—modern cars are rolling computers.”
• Dr. Auger:
  • “Tesla doesn’t even identify as a car company. They’re a tech company that happens to have wheels.” (35:44)
  • Post-quantum encryption cited as a buzzword; more urgent are CAN Bus/remote access vulnerabilities.
  • Ongoing research in automotive security needed as vehicles become critical infrastructure.

5. Ajax Amsterdam Football Club API Breach

45:38 – 51:04

• Attackers exploited API flaws, accessed emails and some personal data (esp. for banned fans). Flaws allowed ticket manipulation and stadium bans.
• Hack discovered by journalists after hackers publicized it.
• Dr. Auger suspects youthful attention-seeking (“that just oozes arrogance…” 48:41).
• Practical: Impact assessed as “moderate”—standard advice applies (ID monitoring, phishing awareness, etc.).

6. LangFlow AI Framework Exploited (API RCE)

51:04 – 57:38

• Critical unauthenticated code injection in LangFlow (open-source AI agent framework) exploited within hours.
• CISA/docs contain enough info for rapid exploit dev; patch to v1.9.0 urged (pip install --upgrade).
• Dr. Auger:
  • “Get ready—AI-related hacks are becoming the new normal.” (51:42)
  • Walks through EPSS score usage; high percentile risk means patch immediately.

7. FCC Robocall Crackdown

57:38 – 59:20

• New rules to restrict robocall number abuse, increase transparency, and target foreign call centers.
• “It is a blight. Thank you FCC—I hope the new rules take effect and we never notice (because) our phone just doesn’t ring as much.” (59:09)
• Real-world fraud risks for seniors; robocalls exacerbate victimization.

8. China’s Tacit Support of South East Asian Scam Syndicates

59:20 – 62:00

• US official (Reva Price) links China’s selective enforcement/tolerance to the scale of scam factories targeting Americans.
• Southeast Asian scam “slave camp” call centers are a humanitarian and economic issue.
• Auger:
  • Skeptical US diplomatic appeals will have effect; “Why would China help us? …It’s actually in their interest not to.” (60:09)
  • Sees it as part of wider geopolitical strategy and technology contest.

4. Jawjacking: Open Q&A and Practitioner Insights

62:00 – End (~120:00)
Panelists:

• Dr. Gerald Auger (host)
• Bowtie Security (Robert) – hardware tinkerer, mentor
• James McQuiggan (@ 35,000 ft; dad joke master, speaker/educator)
• DJ B Sec (Ben; executive, network engineer background)

Technical Deep Dive: BPFdoor/Kernal Traffic Monitoring

65:04 – 67:50

• Explains SSL/TLS decryption at firewalls: needs proper certificate/private key; can’t be done on the fly without interception.
• “The whole point of PKI…is you can’t decrypt without the (private) key.” (67:50)

Security Careers & Job Search

• GitHub Projects vs. LinkedIn for GRC/Breaking In:

  • “There’s no either/or—do both. Make the project, share on LinkedIn, send people to it.” (68:30)
  • Posting daily and networking critical for visibility.

• AI/Vibe Coding Security:

  • Vibe coding increases volume, not code quality—need static analysis, security review.
  • “You can build security into the pipeline—use tools like Defense Claw or have AI scan your own AI code.” (74:09)

• Interview Prep:

  • “How you answer a question you don’t know is more important than a question you do know.”
  • Avoid using ChatGPT in interviews—easy to spot and may get you blacklisted (77:16).

USB, Hardware Hacking, Home Router Security

• OpenWRT/Tomato firmware transforms home routers, increases flexibility/security (88:37).
• Avoid used (potentially compromised) hardware; some providers mandate proprietary routers.

AI/ML Security & Rapid Industry Change

• AI-generated zero days will only accelerate—constant learning/monitoring is the job now.
• “If you don’t like constantly being challenged and learning, you’ll be trucked by the momentum—it’s a lifestyle.” (99:36)

Starting a Business in Cyber

• “Don’t start unless you’re into it. It’s a marathon, not a sprint. Most fail from lack of stamina and momentum in first year.” (92:59)
• Find first clients, build from there; article recommended by Kathy Chambers.

GRC Leadership Advice

• Use what the org has (NIST CSF, CIS18, etc.)
• “Start leading by doing—take initiative, become the go-to person, then obtain title/pay once you’re recognized.” (106:41)

Miscellaneous:

• Clearances:
  • “They’ll find everything, call your neighbors, people you haven’t talked to in 10 years…Be honest.”
• Supply Chain Attacks:
  • Emphasize SBOM (Software Bill of Materials) awareness; know what components are running in your environment; monitor for zero days.
• SCADA/ICS Devices on Internet:
  • “Segmentation, not budget, is the minimum; incompetence and unawareness are usually the problem.” (112:43)

5. Notable Quotes & Moments

• “You’ll never hear anyone say, ‘that’s a stupid question.’ This community is supportive, inclusive, and we try to empower you to take action for yourself.” – Dr. Auger (04:00)
• “Play stupid games, win stupid prizes. RedLine Infostealer was an absolute blight on our industry.” (12:50)
• “If the network traffic is encrypted, you can inspect it all day long…but you don’t know if it’s a six piece tender or two wings and a thigh!” (23:34)
• “We are doing all the things. We’re just getting beaten down by the sheer volume of it.” (33:55)
• “Tesla doesn’t even identify as a car company. They’re a tech company with wheels.” (35:44)
• “Get ready—AI hacks are the new normal.” (51:42)
• “If you don’t like constantly being challenged, it’s not a good job for you…You will absolutely get trucked by the momentum of this.” (99:36)
• “If you want to get into cyber, you need to break out of your comfort zone and talk to people. Engage.” – Bowtie Security (110:00)
• “It’s a marathon, not a sprint…You need to have a little bit of crazy to be in this career.” (119:03)

6. Tone & Community

• Fast-paced, humorous, energetic delivery; heavy use of analogies and pop culture references (e.g., “hidden in the noise like a firefighter in a heist movie”).
• Inclusive/advice-laden: focus on mentorship, tough realities of the field, and practical preparation.
• Crowd engagement (polls—RSA vs. RSAC, first-timers, direct chat Q&A).

[Dad Joke Friday Segment]

44:20 – 45:37
Baseball-themed dad jokes (groaners), delivered by James McQuiggan, with audience ribbing and banter.

7. Jawjacking: Q&A Panel Highlights

• How to Crack Encrypted Network Traffic? – Only possible at proper interception point with appropriate certificate/private key.
• Job Interview Advice: – “Do both” (projects & social sharing); demonstrate leadership organically before asking for title.
• Supply Chain Attacks/Emergent Risk: – SBOMs and awareness of open-source dependencies are critical.
• Career Durability: – “Cyber is a lifestyle”—constant upskilling and situational awareness required.

8. Closing

• Encourage engagement, mentorship, and connection.
• Reminders to check Simply Cyber website for resources; panelists plug their socials, conference schedules, and community events.
• Catchphrase signoff: “Till next time, stay secure.”

Time-Stamped Highlights Table

| Time | Segment | Key Point/Quote | |----------|-------------|-------------------------| | 12:50 | RedLine extradition | “Play stupid games, win stupid prizes.” | | 23:34 | BPFdoor deep dive | “If the network traffic is encrypted, you can inspect it all day, but…” | | 27:47 | NSA Chiefs’ alarm | “Not numb, just beaten down by the volume.” | | 35:44 | Automotive cyber | “Tesla…is a tech company with wheels.” | | 51:42 | LangFlow exploit | “AI hacks are the new normal.” | | 99:36 | Career endurance | “You will get trucked by the momentum…it’s a lifestyle.” | | 106:41 | GRC leadership | “Be the lead before you’re recognized as the lead.” |

For full details, career guidance, and lively Q&A, listen to the episode or connect with the contributors (Dr. Auger, Bowtie Security, James McQuiggan, DJ B Sec) via the Simply Cyber community.