Loading summary
A
All right. Good morning, everybody. Sorry I'm a few minutes late. Hopefully you got started without me. If you're looking to stay current on the top cyber security news stories of the day while being educated and entertained and going way beyond the headlines, well, then, welcome to Simply Cybers daily Cyber Threat brief podcast. I'm your host, Dr. Gerald Ozier, coming to you live from the Buffer Ozer Flow Studio. It's March 30th and this is episode 1099. We're off and running. Grab a coffee, let's get comfortable and let's cook. All right. Good morning, everybody. Hope you had a lovely weekend and are ready to tackle this week. Hopefully your bracket is doing well. If you're playing the NCAA March Madness tournament, I'm happy to report I am going to win my friends pool or friends bracket challenge first time ever. Not saying I used AI to help me pick my bracket, but I'm also not saying I didn't not use AI to not not filled the bracket. Hey, I want to say what's up to everybody in the chat. Hey, like I said, we're going to go through eight stories of the day. I'm going to be breaking them down, going beyond the headlines. By the end of this show, you'll be up to date on what's current in the news. But also, if you're studying, if you're learner, if you're trying to level up, it's very valuable to understand a lot of these terminal terminologies as well as acronyms, as well as how they all interrelate with each other. There's a lot of concepts in cyber security and it can get easy to get lost in the noise. So what we do is we shine a light on it and we show you the path and walk alongside with you. It's all about good times for all the long timers who have been here. The Devin Grady, the Marcus Kylers, the Ms. Julian, ZMIFs, Chuggies, Ad Techs, code bruised tech, Ricky, if he's in the chat, you know, obviously the mod team, so many other space tacos, tj, just guys, thanks so much for being here. As always, it's nice to see all the regs and the simply cyber community members. If your name is colored like green or you got some badges next to you. Squad members, thanks for the support to help the show carry on 1099 episodes. But for those who are here for the first time, oh my. Welcome to the party, pal. If you're here for the first time, listening, whether you're live with us or you're on the replay. Drop a hashtag first timer in chat. Hashtag first timer in chat. Welcome back, Keith Sloan. Drop a hashtag first timer in chat if it's your first time. Because we've got some, we've got some sound effects and some emotes. We love welcoming our first timers into the podcast. Let you know that we are here. Hey, space tacos. 34 months, blue badge, locking it in for lurker mode. I love it. All right, drop a hashtag first timer and we will welcome you. Also want to say each episode of the Daily Cyber Threat Brief is worth half a cp. Very simple. If you've got a cyber security certification, you need to maintain it. Drop a hashtag or don't drop a hashtag, just say hello with today's date, episode number, whatever, grab a screenshot. The title of the episode always has the index number in the episode date on it, right? So Ryu Sex Long timer, legrat's Old Timer. Yeah, just grab a, grab a screenshot, show you're here. It's like basically your certificate of attendance. Once a year, count up those screenshots, divide by two and you will get how many CPS you have. That's right. Welcome to the party, pal. Every day of the week has a special segment. Mondays is the Simply Cyber Community Member of the Week. We recognize one member of the community, let them know what's up. And I'm very happy because it is a sponsored segment by Threat Locker that I get to give a hundred dollar Amazon gift card to the Simply Cyber Community Member of the Week. Which is always nice. It's great to share the love as opposed to. I don't, I don't get a lot of trolley hate comments on YouTube, but I got a nice one over the weekend talking about how I'm a mouthpiece market puppet for Cisco. Thank you for taking the time to comment, viewer. And I, I did respond back with a comment qualifying my position and how I make my content. So as I apply chapstick, let me say what's up? And say holla. As if this isn't a perfect segue to the stream sponsors. Yes, running a show actually costs money. Surprise, surprise. So I'm wicked grateful and happy that the stream sponsors enable me to bring this show to you and give prizes out to you, which is always dope, starting with flair. Now flare is disrupting the way that cyber threat intelligence is going and how you access it. This is dope. Here's real time live feed. Look ins at full flare here's the deal. You can sign up for Flare right now for two weeks free trial, no questions asked and you will get access to years of cyber threat, dark web and you know, cyber criminal, telegram channels and such. Well, what's the value of this? Here's the deal. Imagine if you will that an endpoint in your environment gets compromised. Imagine if you will, someone has fallen for a Fish or, or they've installed second stage payloads, redline, info stealer. They fell for click fix, whatever. We are way beyond the days of like single threat actor doing the whole kill chain. It's much more of a coordinated ecosystem, C2 traffic and such. So what ends up happening is on the dark web there's all sorts of information regarding, you know, this endpoint and creds and tokens and initial access brokers and such. So by using Flare's platform, you're actually able to query it. That's the power, right? So half of it's them grabbing all this data, the second half is them making it an interface like you can see here to easily search that data and see if anything from your domain, your organization's in there. I love it. Go to simply Cyber IO Flare. Simply Cyber IO Flare. Now you can check it out for two week free trial. They do have to verify your identity to make sure you're not a cybercriminal because it would be too powerful for a cyber criminal. Also want to say holla to anti siphon training. Many of you did the SOC training last week, two weeks ago or last week and then rsa. John was at rsa. Man, they are busy people but they are disrupting the traditional cyber security training industry offering high quality, cutting edge education to everyone. And they've got a special one coming up here. Let me see the calendar. I want to see the calendar. Ah yes, here we are. Look at this. I think Dan Reardon, AKA the haircut Fish is going to be. Yes, dude. This Wednesday, two days from now, noon Eastern time. You want to learn how to write sock tickets that build trust and drive action. You applying for a sock analyst job and want to get some insights on, you know, how to answer an interview question around sock tickets. If you don't understand the value in utility of sock tickets, then this is absolutely a free one hour webinar. You should attend. What do you write in the sock ticket? How do you like, how do you make it useful as a handoff? How do you ingest a sock ticket? Right. You need to be able to communicate well across teams. Not teams but like, you know, Basically around the clock. So write better sock tickets and it will help you be a better SoC analyst and it'll help you crush job interviews. That's a fact. I'll drop a link to Dan's talk in chat. Love it. All right. Also for sure, Threat Locker want to say thank you to Threat Locker. Big fan of them. They're going places. I don't know where they are with their ipo, but like, there's no question in my mind that they are skyrocketing towards that. Dude, they do endpoint protection. Great. They've moved to the cloud. Continuing to level up. Let's hear from Threat Locker and then I will melt your face. Promise. I want to give some love to the daily cyber Threat brief sponsor, Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night. Don't worry. No more. You can harden your security with Threat Locker worldwide. Companies like JetBlue Trust threat locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCyber. All right, thank you very much, guys. Let's do it. Let's sit back, let's relax. Do we have a show on Friday? Why is Friday a holiday? Hold on one second. I. I just live like in the moment now. What's Friday? Why wouldn't we have a job on. I mean a. All right, as far as I know, we have a show on Friday. Do me a favor, everybody. Zmif, sit back. Ad tech, relax. And Haircut fish, put down your slide deck and let the cool sounds of the hot news wash over us all in an awesome wave. I'll see you guys at the mid roll. Oh, this is such a good one. All right, hold on. We have no. Hold on. We have no audio. We have no audio. Hold on one second. All right, all right, all right. That mean you guys didn't hear any of the music, any of the sound effects? Broseph, if you're here for the first time, welcome to the party. Welcome to the party. Okay, we got you. We got you. See the thing. You know what? I gotta tell you this really quickly. I gotta tell you this. This is the most. It's hilarious to me because we're on a 20 second delay. So when I make a mistake, even after I've corrected it, I get 20 seconds of feedback about how I'm made. I'm making mistakes. It's. It's very correct. You know, it's like. What is it called when you like. Oh my God. It's like asserting learning. Okay, all right, let's go. From the CISO series, it's cyber security headlines. Oh, by the way, cool. Sounds hot news. Let's go.
B
These are the cyber.
A
Oh, also for the long timers here,
B
that would be me headlines for Monday, March 30th.
A
Thanks. Lucky 2026.
B
I'm Steve Prentice. FBI confirms theft of directors personal emails. The announcement is in regard primarily to photographs of FBI Director Cash Patel which were allegedly stolen from his personal email account. On Friday morning, the hacking group Handalla, which has ties to Iran's Ministry of Intelligence and Security, is said to have leaked them. An FBI spokesperson stated that the information is historical in nature and involves no government information. The leak also includes emails allegedly sent by and to Patel from between 2010 and 2019. The group Handalla claimed the leak was in response to the FBI's takedown last week of several Handala websites, as well as the imposition of a $10 million boun bounty on the members of the group. Lloyd.
A
All right, so this is, you know, this is laughable, right? Okay, but first of all, you know, f around and find out. We are in a. So we're in a global conflict right now. I don't care what some leaders call it or define it as. We're, we're. We are fully embroiled in a escalating global conflict. And there are going to be ideologically motivated cyber security capable threat actors that are going to take action in this Hala group. This, this Hondala group basically is, is an example. So Cash Patel, many of you know who Cash Patel is. He's very public figure, has done some wild things. He's even gone international, right, because he was in Milan a few weeks ago, super pumped to have partially funded that trip. And the Hondala group got their infrastructure taken down. So in direct response to that, they attacked him. Now they said it's also directly related to the sinking of an Iranian frigate. But, but I mean, that just kind of seems convenient. All right, this is coming through right now that the equivalent of this is like the CIA of Iran. So I actually. My bad. I thought Handala was like a threat actor hacktivist group. This is actually state sponsored, linked to the Iranian Ministry of Intelligence and Security. Okay, dude, for anyone who thought for a minute or was like living in this like, you know, alternate universe where Iran is like a bunch of uncivilized, unsophisticated, non technically advanced third world country, you are horribly mistaken. There are, I mean, what the, what is the, is it 90 million people Iran population? I think it's 90 million. 92 million people in Iran. First world cyber, cyber capability. Okay. First world power cyber capability. As you know, you've seen organized or around how they're handling this current situation. So Cash Patel gets his email compromised. All right, here's the deal. Couple things. Number one, this is his personal email. I was very happy to see that no government or sensitive information was included in this. So first of all, from a policy perspective, nice job. At least it wasn't leaked that any of this was. And there's no reason to think that Hondala wouldn't have leaked something if it was in there. So the separation of work and personal, well done. Cash Patel, big fan of that. Number two, it did not give any details into how he was compromised. So he could have been fished and his creds went out. He could have had reused his password and had that compromised. He could have fallen for a click fix and run second stage payloads and then they got onto the machine and then just, you know, stole a session token or something. Many, many different ways that this could have happened. Okay, okay, so I don't know. Z says they guessed his password. Is this true? Or you're, you're suggesting that zf. Okay, I also want to point out something else really quickly that threat actors will do. All right, so this is the story. It's, it's kind of funny. I mean it's quote unquote, funny story. They could have hit him with Pegasus. Sure. I feel like if they hit him with Pegasus or any like next level spyware, they wouldn't have gone after his personal email. They would have, they would have scorched earth, all of his things. I'm sure he's got some photos on his phone or his video videos on his phone that are interesting. Here's what I would say about this. Number one, this is a, this is an interesting story. It's top news. Fine. Etc. Like this happened last week and I feel like, I feel like the, the impact of this has already kind of washed away and we're on to the next thing. Right. So there wasn't some bombshell photo of him and like, you know, of him doing something weird or he's like in a, you know, a picture with Putin in like a Turkish bath house or something. Nothing weird like that. Okay, number two, and this is probably the most important like extra lesson here. Like I, I definitely love to give you guys additional insights, extra value, etc. Okay, let me, let me tell you something. They immediately go for the photos, right? They can comb through all his email and stuff, but it's very easy to sort by photos and then from a human. Scan the photos. Now why am I telling you that? Okay, listen really quickly and this is a tough one to educate end users on and I would strongly encourage you yourself as a cyber professional, protect yourself from this capacity when a threat actor gets into your email or gets into your icloud, okay? One of the easiest things to do is, you know, sort by or filter on pictures and then scan the pictures quickly. Now you might think I'm talking about pictures of you in compromising ways or you're doing some naughty stuff with a your significant other. Nope, nope, nope, nope, nope. A lot of people will take pictures of their one time password break glass of in case of emergency backdoor passwords, right? You register your 1Password, your last pass your by your bank account, your financial management portal or whatever and you sign up for multi factor authentication. Well, a lot of times they will give you like nine weird, you know, words and they'll say, hey, this will only be shown once, you know, record it. And then if you ever get lose your phone, lose your hardware token, your email gets compromised, whatever, these nine words will unlock your password bar none. Okay? And a lot of people, for better or worse, take out their phone and they snap a picture of it. Well, if you have icloud or you're using an iPhone and you haven't filled up your five gigs, it will automatically back it up to the cloud. If you're using Google Photos and you have it set to automatic, it will back it up to Google Photos. So you know, the, the problem is when I'm scanning photos, I can tell photos of humans and then photos of documents. In fact, the search engines are pretty solid now where you can just say password or document and it'll auto filter all that crap. So for this one, you know, if I was Hondala, yeah, it's cute to find Cash Patel dancing around like a silly person, but it's much more valuable and interesting to find his recovery passwords. So for you yourself, be mindful, if you are taking pictures of that stuff, be careful because it will back it up. And a threat actor also is well aware of that.
B
It's bank customer data exposed In IT glitch, this is an error that exposed personal Data of nearly 500,000 customers of Lloyd's Banking Group. Data that included payment details, account details, and national insurance numbers that could have been visible to other users. Officials from Lloyds bank, which is One of the UK's big four banking houses, blamed the glitch on a software defect introduced during an IT update to its Lloyds Halifax and Bank of Scotland mobile banking apps in the early hours of March 12. Although the window of exposure of the customer's data was very small, at least for human observers, the customers and even people who, who were not Lloyd's Banking Group customers may have had their transaction details exposed. Hundreds of.
A
All right, okay. I mean, I. You don't see this very often, okay? And I'm not talking about the. The software bug. Okay, so software bug got introduced to a mobile app and it, unfortunately, it allow. It allowed the exposure of transaction detail of not. Of. Of people who are not you. So imagine if you will, you open your banking app, you look at transactions, and all of a sudden everybody's transactions are there. Here's my thing. They definitely updated this. You know, usually you do updates overnight, okay, so you can see here overnight into March 12th, so the evening of March 11th to 12th. And the idea behind that. Oh yeah, that's a really good point. If they do that, I'm sorry, overnight upgrades happen because it's less disruptive to operations, right? There's fewer people using the platform. Doesn't mean nobody's using the platform, but it's fewer people. Less. Less impact. Now here's the thing. They said that this glitch would, would only have caused a problem if somebody pulled up the app and looked at transactions within small fractions of a second. Now here's what I like. I'm stunned that they are reporting this. Okay? Small fractions of a second. Less than one second. A blip. A blip. I mean, if anything I would do, I would have done incident response or, you know, I would have gone back and looked to see if anyone had actually done this. Dude, small fractions of a second. I get that there's hundreds of thousands of users of this app, but dude, middle of the night and like you had to have hit it right on the head in order to do this. So they are being thorough. Either that or they're not being 100 accurate. Also, like, how did they detect this? Dude, like when you push. If I push a update to production, right, and there's a problem, you're not going to find it. Within a split second. That, that like would take at least one second. And I'm being incredibly conservative so I don't know what the hell's up with that. I will say TLDR, this is why change management's a thing. That's why CM is an entire control family in NIST 853. You will get a lot of groans and pushback from IT and applications and data and, and help desk and everyone else about change control boards. But guess what? You know, this is why you do it. So everybody's on the same page. Okay? So whatever. Be prepared during maintenance for crap to happen and always have a rollback, always have a rollback strategy if things go backwards. Definitely don't ever, don't ever do an update to production and not have a rollback plan. Okay? Also really quickly on this Cash Patel story, all we did was talk about data compromise. I mean if they're in the email, they could also have sent emails as Cash Patel, which is a non repudiation issue. DJ BAC mentioned that they could have run an AI agent across this or even deeper insights quicker. You know, they could have set up a forward email address on this thing in order to compromised, you know, confidentiality. There's a whole bunch that could have gone on here.
B
Valid API keys discovered on the web. Researchers from Stanford say that after analyzing 10 million websites, they found almost 2,000 API credentials strewn across 10,000 web pages. They performed this research, they said, because, quote, much of the attention on exposed credentials has focused on scouring code repositories and source code. They put forth that analysis of production websites is essential to understand the scope of the problem. The researchers found highly sensitive API credentials left publicly exposed on web pages, which act as access tokens that authorize applications to interact with third party services, granting direct access to critical infrastructure like cloud platforms and payment providers. These, the researchers say, are even more dangerous than exposed login details because they provide programmatic access to resources. The valid credentials belong to multinational corporations, critical infrastructure entities and government agencies and provide access to services like AWS, GitHub, Stripe and OpenAI.
A
All right, I'm glad other people don't know what boffins are. Let's what is a boffin? Sounds like it's a security researcher, a British informal term for a scientist or technical expert engaged in research. All right, Roswell uk. We got boffins for days. All right, so check it out. Really quick shout out to the Magic the Gathering community. The lead researcher was named Demir. Yes sir. I mean clearly this guy knows what's going on? All right, so check it out. Surprise, surprise. Somebody scanned a bunch of websites and found valid API keys. API keys are essentially credentials, except instead of a human logging in, it is software or scripts or programs logging in. If you have used an AI tool and not natively interfaced directly with the AI platform, but had some other tool, use it, like Open Claw, for example, or Claude code, for example, you're using API. You. You know what an API key is? Listen, you always have to generate an API key in order to be able to access a backend platform with, with your software, with your tooling, right? So if you don't know what an API key is, welcome to the party, pal. Okay? Welcome to the party. It stands for Application Programming interface, and it's basically exposed functionality of an application or server, like SaaS server or something like that. This is why you can write your own crypto wallets to interface with like, you know, Coinbase, or you can write your own email clients to interface with Google's backend or something like that. It's all API keys. All right, tldr, we website developers are doing a crap job. And API keys are exposed to the Internet. Someone get your API key. It's like getting your username and password. They can just use your resources. They can log in and burn your tokens, they can log in and query your data set and pull data from it. It's just a bad opportunity. They did use a very good analogy. Keys on doormats, right? So sometimes you got a, a house key under a doormat. This one, it's like the key is on top of the doormat. All you got to do is look down, which is trivial because honestly, websites are being scanned every day. Open a, open a. Not open, but stand up a honey pot and look at it. Within five minutes you're gonna get bamboozled. Okay, of course. I mean, this is so stupid, but some eye candy for everybody. Somebody get the executive team on the table. Oh, look, they're rerouting through Friendster. Oh my God, look. Europe is hot right now. It's so hot. Oh, that Hansel. So hot right now. Okay, like, this is basically like honey pots, except completely unusable. Put this in the knock on like the 80 inch screen that's hanging up on top. This is eye candy. Not practical. No one, no one is. No sock analyst, no CISOs. Like, oh my God. Hey, give me the cyber threat live, Matt, stat. I need, I need to know what's going on in Abu Dhabi right now. Holy crap. Astria's ASTRIA Austria's going global. All right.
B
Sisa adds F5 big IP APM exploit to its kev, citing evidence of active exploitation. The agency added the vulnerability, which has a CVSS v4 score of 9.3, to its catalog because it could allow a threat actor to achieve remote code execution and because, quote, it has been exploited in the vulnerable big IP versions, end quote. Watchtower CEO and founder Benjamin Harris said in a statement that this vulnerability, quote, initially appeared last year as a denial of service issue, which did not immediate signal urgency, and many system administrators likely prioritized it accordingly, end quote. Which is why it is more urgent now.
A
All right, let's look. SISA doing cesa's job, by the way, like, if you haven't been following dhs, hasn't been funded. TSA workers going to work for free. CESA falls under that. So I don't know what CESA's been doing. Nobody, nobody's been talking about CESA being not funded. There was some, like, emergency money that takes us through, I think, May 22nd or April 22nd. Anyways, F5, the company, not to be confused with the function key on your computer, talking about APM exploitation. I don't even know what APM is. Oh, it's their access Policy Manager. Okay. All right. So if you're running it on a virtual server and the threat actor can send malicious traffic, they will get remote code execution. Now, the fact that it's on the kev, the known exploited vulnerability catalog the kev, the fact that it's there shows that, you know, threat actors are, in fact exploiting it. Right. It's not like a theory. And remember, always, guys that, like, just because there's a vulnerability doesn't mean it's actively being exploited. Just because you left your front door of your house unlocked doesn't mean you got robbed. Just because you left your car unlocked at the. Or you left your keys just because you left your car running unlocked in front of the grocery store. Which, by the way, annoys the crap out of me. I don't know why people park in South Carolina. People love parking in the fire lane at grocery stores and they just go shopping. Like, how don't we all have a social contract to use the parking lot? I digress. But if just because you leave your car running in the fire lane doesn't mean that's a vulnerability, doesn't mean that someone's going to commit Grand Theft Auto and steal your car. This instance is showing that people are, in fact exploiting it there is a string of people running around stealing cars that are left unlocked and running. Okay? So be aware of that. If you're running F5, big IP application policy manager, you've got to patch it. Do I not get a sound effect, my guy? Ah, you got a patchet. Thank you. Yeah, so it looks like there's a lot of different versions you can run. Looks like there F5 has got concurrent branches running, so you don't have to upgrade to the newest 17513. It looks like you can run like 15, version 15, version 16, version 17. So if you're not ready to make the commitment, you know, if you're still being casual with the relationship with F5 and you're not ready to take it to the next level and put a ring on it and get up to their most current version, you're just kind of playing the field in version 15. You can go ahead and patch it and clear this. As always, I do want to look at the. My guy. Come on. Where's the CVE number? I do want to look at the CVE number really quickly and give you guys some dj b sec love. There it is. CVE2025. So it's over a year old. So if you haven't patched it yet. Ah, you gotta patch it. You better have patched it. I mean, it's not a year old, but it's at least three months old. Four months old. This is DJ B Sex CVE Tool. Ooh, not good. Not good. You got about a 19 chance of getting exploited in the next 30 days. It's in the 95th percentile of bad. Okay, so this is re. It says nodding Kevlis. DJ B sex tool is not either. Not update. It's. It's definitely not updated. I don't know if he doesn't check for updates once this thing enters his tool, but whatever it is, DJ B Sec. Here's a bug report. This is even more reason to get this patch. I would make this a priority today. Like, honestly, this. This vulnerability is three months old. You should have known about this already. With all due respect. Okay,
B
huge thanks to our sponsor, Threat Locker. Most breaches don't start with a zero day. They start because something unexpected was allowed to run. One way organizations reduce risk is by shrinking the attack surface, deciding what software should be allowed to execute, and blocking everything else by default. Fewer unknowns means fewer opportunities for attackers. You can learn more@threatlocker.com.
A
FOREIGN what's up, everybody? Welcome to the party. Hope you're having a good show. I know we kind of like the, the starter bell went off and I tripped over my feet. The good news is you guys are so gracious that you just said oh my God. Like I feel like the start of the show like a starter pistol went off and everybody started sprinting and I just fell down and you guys were like, we're just gonna look this way for like 10 seconds. Why don't you reset? Okay, go. And then we're off and running on a great show. I again want to say thank you to the stream sponsors. I stopped the music so the copyright. Thank you to the stream sponsors, Threat Locker, Anti Siphon and Flare. Definitely proud to be a partner with them and really enjoy their, their, their products and the people behind him. I, I definitely know the many of you know the people behind Black Hills and like them. Many of you don't know the Flare people but I'm telling you, trust me, you'll dig them. And then the Threat Locker people, some of you went to Zero Trust World. I dig them. All right, so good guys. I appreciate it. I gotta tell you, showing up here every morning, it's a, it's a great part of my day being here and doing the show with you every morning. Every day of the week has a special segment and Thursday Mondays is Simply Cybers Community member of the week. Yes. When I, when people ask me what do I do, it's very. I don't have a great like elevator pitch on what it is. Yes, it's a YouTube channel, but that doesn't really capture what we're doing here. We are a community. We are supportive, we are inclusive, we are like minded. We celebrate wins and we level up and set set tones and set. I don't want to say expectations, but we inspire each other. I'm super pumped that Threat Locker recognizes this and has sponsored this segment. Meaning I'm gonna give the Simply Cyber community member of the week a hundred dollar gift card. I used to give merch. I could still do merch, but it's just there's extra steps to it and I honestly, it's difficult with my time. Ain't nobody got time for that. Everybody. Hey, you know what? 100Amazon gift card fits pretty much everybody's waist size. Today's community member of the Week. Many of you know him, he's been around a long time and I, I don't want to lose sight of the fact that just because someone's very active in the community doesn't mean that I don't recognize it. And that I take. I don't take it for granted at all. Many of you know this guy. I want to welcome the Simply Cyber Community Member of the Week, who also, by the way, keeps track of who the Simply Cyber Community Member of the Week is. Ladies and gentlemen, your Simply Cyber Community Member of the Week is Dan Reardon, the Haircut Fish. This guy. What are we doing? Get. Come on. This guy right here, Dan Reardon, the Haircut Fish. He is phenomenal. Okay? Not only is he an active mod in the community, not only does he do the meme of the week, not only is he just a good person, he's also leveling up, okay? He gave a talk at Sock Summit the other day. He's doing this anti siphon webcast this week. He. He like broke in as a sock analyst. We've been following him for years. He social. He networked at Wild West Hack infest with his employer, Pro Circular. Right. Like, Dan is a living embodiment of Simply Cyber's core values and how if you just follow the program, you will achieve great results, success, personal satisfaction. Like, I love, love, love Dan and Dan, I definitely appreciate all you do for the Simply Cyber community. It goes beyond your own story of success. You are a champion of the people. Ladies and gentlemen, your community Member of the Week. All right, now let's get our la la la la's on. We'll do this really quickly. All right, you guys all know the words Alpha Sierra. If you're around Marcus Kyler, help us do it, everybody. La la. La. All right, let's finish strong, everybody. If you're a first timer here, there's a lot, a lot to catch up on, but we will make you inclusive.
B
Infinity stealer malware grabs macOS data through ClickFix lures this new info stealing malware uses a Python payload packaged as an executable and is used to target macOS programs. It employs a click fix technique in the form of a fake cloudflare Captcha. Researchers at malwarebytes say this is the first documented Mac OS campaign combining click fix delivery with a Python based info stealer. Compiled using newitka. That's N U I T K A which creates an executable that is more resistant to static analysis.
A
All right. I mean there's a lot of buzzwords here for everybody to get. So the T like I'm going to do. Excuse me, let me go put on my corduroy jacket with my leather elbow patches and get full nerd professor on this one. Hold on. I love educating. I Love talking about cyber. This one is full of information so a a nor hack. Hey guys, can we welcome at a n o r hack to the party at. Welcome to the party. Thank you anor hack and really quickly anor like we have a community, you know, thousands of people. I recognize one a week on Mondays and give them a hundred dollar Amazon gift card. And this guy right here, Dan has been around for a long time and very awesome simply cyber community member. So let's go through the. Yeah, you know what? Because anor hack said he's the first time here. I'm gonna do some John McClane love too on this one. Okay? So don't worry about infinity stealer. Just know that there's malware. Did we just become best friends? Yep. Oh, Super Chat from Space Tacos. Space Tacos. Thanks for the super chat and congratulations to Trikin for passing that sec plus Heck yeah. Heck yeah. Try can keep grinding, dude. Nice. Nice accomplishment. So a piece of malware is being written for Mac os. It's python loaded, and they use Click Fix to do it. All right? To infect the person. So let me. Let me break all this down and you definitely want to. Hey, thanks, Mr. Bootlecious, who who was a first timer recently, so. So Click Fix is a attack technique, social engineering that you should be mindful of. It's basically a captcha that shows up and instead of clicking on crosswalks or bicycles, they tell you to hit Start, Run, and then control V to paste the powershell command into the Run dialog box and hit Enter. It's very effective. There's a bunch of variations of it, but for the most part, educate your end users not to hit Windows key R ever and you'll be fine. Or just take away the permission for them to run it. Number two. Excuse me, Number two. Hold on one second. Trying to get caught up on all this cyber Shin and Gummy. 10 Gifted Subs Heck yeah, buddy. If you're one of the 10 recipients of those gifted subs, welcome to the party, pal. There is a emo tray that's been expanded for you to Enjoy. Oh, thanks, Mr. Bootlecious. I'm glad you love what you do. What we're doing here, you're part of it. All right? So once they run Click Fix, you're owned and. Oh my God. Cheddar Bob with the five gifted subs. Thank you, Cheddar Bob. Did we just become best friends? Five more squad members coming into the party. Welcome, welcome, welcome. All right, it says this code is resistant to static analysis. All Right, so check it out. Here we go. Let me break this down for you and then I'm gonna, I'm gonna keep going because the story is basically click fix. If you can prevent that, you're good to go. All right, so what is static analysis and why can it happen? There's, there's basically three ways to analyze malware and, and like, two of them are kind of similar, but like essentially static and dynamic analysis. The third one I always get confused about, but like it's static, is looking at the source code. Now with Python, Python is an interpreted program, which means you don't compile it, which means you can see the original source code. All right, by compiling the Python into a C code, you do compile it and you lose the original source code. This is why disassemblers like IDA and Ghidra will reverse the code. But what you get in a reversed, you know, disassembled program, like what IDA Outlook outputs, is not what the original source code looked like. It's a close approximation, but the whole thing with compilers is compilers will see optimization techniques and ways to like, improve performance. So they, you know, you, the program will still run the way it was programmed, but a compiler will compile it and, and kind of change the source code so you can't really go backwards to original source code, which means it's harder to analyze. And obviously if you read interpreted Python code, you can kind of see where functions are and figure it out. With static analysis now you've got to understand how to use a disassembler, how to read that, understand how memory allocation works, understand how the, the registries work on a, on a computer architecture, etc. And then the fact that this runs on Mac OS. I gotta tell you guys, I've been working in the industry a long time. I have never, ever disassembled or viewed the, a decompiled version of a Mac binary. I've only ever looked at portable executables and I guess ELF files, like Linux files, which I know Mac OS is Linux based, so maybe it is the same, but I've never, I've never done a, a Mac OS binary. So if you are interested in a cyber security career around malware research, this is definitely interesting for you to take a look at. This is an example right here of the click fix. You can see how you're proving that you are in fact a human is by running this bash command which has an obfuscated base 64 payload. This is so obvious to anybody who has Any IT experience that this is bad. But for my aunt Dorothea's of the world, for the Carl's of the world, they will fall for it every time. So be on the lookout of that file read.
B
Flaw in Smart Slider plugin affects half a million WordPress sites. The Smart Slider 3 WordPress plugin is actually active on more than 800,000 websites. The flaw can be exploited to allow subscriber level users access to arbitrary files on the server. An authenticated attacker could access sensitive files such as WP config, php, which includes database credentials, keys and SALT data, thus creating the risk for user data theft and complete website takeover. Smart slider 3 is used to create and manage image sliders and content carousels. And this issue, of course, does have a CVE number.
A
All right, it's been a minute, it's been a minute. But you know, WordPress is out there putting in the, putting in the work, guys. WordPress is notorious for having the plugins introduce vulnerabilities. If you are running WordPress, it's not a bad platform. Okay, I'm not, I'm not dogging on WordPress. WordPress is a great platform for managing a website. You do have to manage the plugins. The plugins allow you to extend functionality kind of like Chrome browser extensions. Okay, but it, it, you know, without managing those plugins or maintaining them or disabling them when you're not using them, you do introduce Attack Surface. And in this instance, this Smart Slider 3 WordPress plugin introduces attack Surface. Now I do want to say you have to be an authenticated user on the platform. So that does elevate the, the difficulty of compromise on this one. But for the most part, my, my friends, there's 800000 websites currently out there that have this vulnerability. If you're running WordPress, maybe just go check to see if you have this plugin and you're not using it. Disable it if you are using it. Let's see, there's got to be a, There's got to be a patch for it, right? Let me see, let me see, bro. Oh, okay, the report on March 2 and then three weeks later a parch was released. Okay. Ah, you got a Patchett. Here's the deal. There's hundreds of thousands of websites still running this. So either they're abandoned websites or they're just got, you know, they don't have administrators paying attention. Don't be that guy, don't be that lady. Okay? Go look in your environment, see if you're running WordPress WordPress is easy to find. If you got a vulnerability scanner, you should know that you have a WordPress instance. If you stood up a WordPress instance, you know you have a WordPress instance. If you have a WordPress you forgot about, maybe shut it down, okay? It's called software. Excuse me? It's called system life cycle. You can sunset things, you don't just have to abandon them, okay? Like an umbrella that you can't close as you're entering an airplane. You don't just abandon it, okay? You try to figure it out, shut it down if you are going to use it, patch it if you don't need it, but you still need the WordPress site, disable the plugin, and if you don't need the WordPress light, shut it down. Like, basically it's choose your own adventure book. But there's only three options. Pick what works for you and move forward.
B
Shiny Hunters claims hack of European Commission the breach allegedly includes data dumps, including content from mail servers and internal communications Systems, amounting to 350 gigabytes of data. This may include confidential documents, contracts and other sensitive material. Bleeping Computer first reported the incident, suggesting that the threat actors breached the European Commission's AWS account. But AWS says it did not suffer a security incident and that its services functioned as expected. The attack vector is still unknown. Based in Brussels, the European Commission is the politically independent executive arm of the European Union, responsible for proposing new laws, managing EU policies and enforcing EU law.
A
Okay, so Bleeping Computer at this news outlet was actually contacted by the threat actors with proof that they were in possession of this European Union Commission data set. AWS quick to point out that they weren't breached. So obvious. Not obviously, but highly likely that it was an endpoint in the environment or credentials in the environment that allowed a threat actor, in this case Shiny Hunters, to log into that AWS instance. Okay, so it wasn't compromised of aws. It was like they logged in. And by the way, this is like definitely the MO of Shiny Hunters. Lapsis Scattered spider. It's kind of played out. I've been saying it, but like, I'll say it again, threat actors aren't hacking in in 2026. They're logging in. Okay, Let that sink in for a minute. They're not hacking in with technical zero days and, you know, freaking formulas flying past their head and all that. They're just getting your credentials and logging in. All right? Now, that doesn't mean technical exploitation isn't happening. It is but for the most part, it's easy to get creds. The cash Patel thing was probably creds. And by the way, can I just remind everybody really quickly that like, just take a minute because I feel like we get wrapped around the axle on how cool, you know, zero day hacks are. And Hollywood sensationalizes the hacker guy as part of the, you know, attack team, right? There's like the brain, there's the muscle, there's the wild card and then there's the, the hacker guy, the guy in the chair. Okay? That's not how it. You got to think about the, the motivation and the mission, right? Whether you're nation state threat actors or your cyber criminal threat actors, the goal is the action on the objective, the goal is the mission. Get the creds, get in, get money, disrupt energy, disrupt communications, whatever it is. They don't get like a 3% pay raise. They don't get, you know, a pizza party if they do it in a cool way. Most people don't give a damn how cool it was how you did the hack other than us, right? So if your boss is like get into the year. Well, not the, they wouldn't be like this but like if the boss was like, hey, we want to take over, you know, federal level executives of this country's email infrastructure or we want to disrupt energy for this country at this time to coordinate with some type of boots on the ground attack. They don't care if you did it in the most elite level neck hacks or next hackser way. So if you get an email or you log in with a default credential, or you custom write a shell, you know, like a, a cradle with shell code and they don't care. No one cares. Okay, so threat criminals are logging in because it's easier. Last time I checked, I'm, I'm, I'm all about easier.
B
Apple sends lock screen alerts to outdated devices. These lock screen notifications are being sent to iPhones and iPads running older versions of iOS and iPadOS to protect users from web based attacks and urge them to update their devices. This is currently being prioritized due to the appearance of iOS exploit kits like Karuna and Dark Sword, which we have been reporting on these past weeks and which have raised concerns that they could democratize access to exploits that were previously reserved for nation states, potentially turning them into mass exploitation tools. End quote. Do you want to know more about the most?
A
All right, for the sake of time, we'll be quick on this one. Okay, shout out to Apple, thank you for, you know, doing more than you had to. Thanks for being champions. If you're running a legacy system, I. E. An outdated iPhone, right. Apple is letting you know that you're like, you're at risk. Now, again, really quickly, this definitely benefits Apple because how do you fix an outdated iPhone? You buy a new one. Straight cash, homie. Straight cash, homie. Right, so Apple, I mean, I feel like they're doing it for the right reasons, but they're certainly going to financially benefit from this. Right? So shout out to them and. And for the bigger macro level picture. Hold on, I guess. Excuse me. For the bigger macro level picture, you should always be mindful of running legacy technology in your environment. Okay? When? Whenever, some, like, again, no one likes this guy. Okay, like this. This gets me uninvited from the corporate picnic every year. But listen, whenever someone's like, oh, we should totally do this, whatever this is, we should roll out this new solution. We should buy this new thing. It's going to replace this old thing. Okay, two things. One, like, who's gonna maintain it? Right. Obviously. Right? Like, everybody gets all geeked up around the new shiny tool and you got an entire project kickoff team, and then once it gets deployed, like, everybody abandons it to go to the next shiny thing. So that's one, who owns this thing and who's going to maintain it? And then two, what is the plan for decommission? And nobody wants to talk about decommission when you haven't even bought the thing yet. But guess what, it's a thing. Also, like, if it's replacing, you know, like, oh, we're going to buy a gigamon firewall to replace this TP link, Sonic wall fortinet hot trash thing that we've been using for a minute. Okay, awesome. Who's gonna, like, what's the plan for getting rid of the old one? No, no, no. We're just gonna stand it up it, you know, next to it and let the traffic flow in parallel just to be sure there's no production issues. Yeah, that's fine. How long are we gonna do that? A week? Two weeks? Ten weeks? Forever? I'm telling you, legacy tech lives on because everybody gets super geeked up for the new things. And nobody gets super geeked up for spending time getting rid of old things. Especially because the old things don't introduce any new features, functionality, utility to the organization. Right? Like, if you have an application that has a ton of data on it and you replace it with a new application that has A ton of like, you know, you start using it because it's cool and that old one just sits there. It's, it's, it's attack surface, it's risk just sitting there, but nobody is using it. And everybody forgets about it. And then you're like, hey, what are we doing with that application? They're like, bro, like, don't even worry about it. It's like, no, I do worry about, that's like why I get paid to be here. What are we doing? And the problem is you're going to tell someone, hey, I want you to stop working on this thing and go work on this thing. And the, the sun setting doesn't help you towards your project goals, your promotion, your things you're going to accomplish. So it really does become hard. And then of course it gets breached and then everybody's like, oh, why is it there? Why was it there?
B
Pressing stories of the last few days in time for your weekly stand up.
A
All right guys, that was a great show. That went very quickly for the first timers who were here. I'm sorry, I forgot, I forgot the first timer's name who jumped in right after the mid roll. But thank you for being here. If you guys were a first timer, listening on Spotify or Apple podcasts, maybe watching on replay, maybe you're engaged at the gym or getting, getting your breakfast situation set up there in the kitchen. Thank you for spending an hour with us on the Daily Cyber Threat Brief. We'll be back tomorrow at 8am Eastern Time. As always, invite a friend next time. This is a family friendly and friend friendly show. Don't go anywhere because I'm going to spend the next 30 minutes trying to answer all your questions to the best of my ability. It's a show called Jawjacking and it's designed to help people get, you know, get clarity, move their career forward. I'm Jerry from Simply Cyber. Till next time, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some Jawjacking. What's up everybody? Welcome to Jawjacking. I'm your host, Jerry Guy. We have some fun here. I put the glasses on, I say my identity is Jerry Guy, which is basically like the back of the mullet, right? So party in the front. Excuse me. Business up front, party in the rear. Daily Cyber Threat Brief. It is a one hour Instructor led webinar. This is just free freestyle and trying to help people. So if you have a question, put it in chat with a queue at the front. So I know it's a question for me, and I will do everything in my power to answer it. Working towards kind of renovating the Jawjacking show, Talking about getting, you know, other hosts, different perspectives of hosts, I reached out to the all female channel on Simply Cyber's Discord server. I don't go in there often because I'm not female. You know, news flash. But I did query them. Shamira Gonzalez is. Is. Is taking a bit of a lead role in there. Trying maybe not necessarily being on stage here, but coordinating with people. So looking forward to that. Oh, my God. All right, so here we go. Questions coming in, and thank you very much for asking. All right, all right, here we go. Scrolling scroll. Let's go. Let's. Scrolling, Come on. I think that was a Limp Bizkit song. Hey, someone said, I miss Cribs and chat. Shimira Gonzalez. I used to like MTV Cribs, but, like, didn't it come out that they were just, like, renting mansions or renting houses, like the. The talent, like, you know, maybe it's like Soulja Boy or something. It's like they didn't even live there. It was like the first time them seeing it too. All right, continuing to look through chat here. Oh, we got a first timer here. Noldster 21, I think. Bruising hack says welcome to the party. Welcome to the party. Thank you for saying what's up? Again, this is Jawjacking. If you have questions, put them in chat with a Q and we will get to them as soon as possible. I'm trying to scroll, looking for the cues in chat really quickly. Oh, my gosh. Where are the cues? There we go. Any major takeaways from rsa? Yeah, you know, honestly, zmf. One kind of like, meta takeaway that I had, which I thought, you know, I think is interesting, is I'm pleasantly surprised and cautiously optimistic that it. The vibe I was getting in RSA is that people and businesses are looking towards visibility of AI and management of AI. Right? So last year was like, all AI, all the time. Like, everybody's slapping AI on everything. And it was like, how fast can we move? How fast can we innovate all these things? And I think people have begun to realize that there's, like, massive risk. Massive risk with that. And also, by the way, shout out to the GRC people in the world who screamed loud Enough. There's no governance around AI right now. Carl, Carl can freaking install open shell or open claw on his work laptop. Running one command, that's a problem. People can copy and paste anything they want into claw, Gemini, etc, that's a problem. So I actually got the vibe that there's like more of a deliberate focus and tooling around AI visibility and AI governance which lo and behold last time I checked doing the abacus really quickly that is a core critical security control, CIS 18 control 1 and 2 all or and 3 with data also NIST cyber security framework. The first one identify and second one protect. Protect isn't just technical controls, it's also governance and approach to managing risk. So that was a major takeaway. I also. Oh, also like kind of a meta thing again, I don't personally like I, I go to a bunch of different conferences. Okay. I will say that San Francisco as a city felt very much alive this year. Like last year when I went, it still kind of had like, it still kind of felt dead. Right? I mean there was people and everything but like for those who don't know, Covid absolutely destroyed San Francisco. Destroyed it. And I will say that this year it felt very alive, it felt very cool. San Francisco is a cool city. It's just expensive as all get out but it's back. And if you have thoughts on that. Phil Stafford, Ellie and Matice I know are San Francisco local Sunshine. How do you respond to your non technical family members when they ask what do you do for a living? I never know how to answer without being technical, at least a little. Oh, so s Cole07 it's easy, I just say, you know, say you work at, I don't know, like what's a corporate. Say you work at IBM or whatever. I don't know, you know, you, you say oh yeah, no, I'm paid to prevent bad, bad guys from attacking IBM. You know what I mean? Make it simple, right? A lot of non technical people will associate with movies and stuff like that. So you just say hey listen, I, I protect bad from happening at IBM. What? Hey, really quickly. This has happened one time before. One of my displays, my larger display has like a yellow line outlining this that just happened. I don't know what this means. Like actively doing a screen share with a threat actor right now. Maybe, I don't know, can someone, maybe mods. I'm sure that this is an obvious thing. It's happened before. I can't remember though. I definitely have a yellow outline on my computer right now. All right. A hookah. All right. I will. Every once in a while, like, maybe once or twice a year, I'll smoke a cigar with, like, a dark beer and, like, pontificate Roswell. What's an occasional explainer to open up Jawjacking as Sig edited by the community. So it might be, let's cover the basics on D or something that is totally bite size and can be covered in five minutes. Yeah, we can do that as part of the new format for Jawjacking. Because, like, for example, sometimes Eric comes on and no one asks any questions, and then. And then Eric will just kind of start talking about whatever. Like, I want to pre stage several questions that are common. What certification should I got? I got a sec. Plus, what do I do next? What's the difference between soc analyst and pen testing? Why is. You know, what's going on with industry, Right? Like, or what's threat intelligence? Like, a lot of very, very common questions. So, like, I'm gonna pre stage those. Okay, now, as far as, like, I don't want to pre stage, like, what is dkim and stuff like that, because it really depends on kind of the vibe. And I. I want to focus more on what people I. I want to focus more on what people want to hear, not, like, what I think they want to hear. I learned that very early on in my YouTube career. What I think people want to know and what people actually want to know are two different things. So I stopped trying to, like, hand jam what I think people want in there. Oh, hey, Bruising hacks caught up with ab. AB is another community member who's awesome. You want to let you know, everyone, he misses being here live, but he needs to catch replay. Nowadays. He's unavailable at 8:00am well, hey, for AB, who's on replay right now, good to see you reap a B. And guess what? If he's not here, he's got a great reason why. So congrats to a B for continuing to crush it. Love that guy. That guy's got, like, such the. Such a great attitude, such a positive vibe. All right, here we go. Let's see. Risky 1955. Talk to FedEx and James McQuigan at 35,000ft over the weekend. There you go. Nice. Definitely networking like a boss. Lazaro. One of my favorites here at my ORC promotions are based off titles and specialization. I wrote my first differ report that was well received. How can I show my org that I'm ready for that next title? I mean, honestly, manifest it, Lazaro. Right? Start doing More differ things, right? Find opportunities. Don't. I mean, don't, like, overstep boundaries and don't take. Don't access things you shouldn't be. But, you know, maybe do some. Like, you could do a couple things, right? Start doing some different labs or, you know, Jessica Hyde has a million of those things. And then do one over the weekend. And then when you go to work the next day, like, casually mention something cool you learned about mobile forensics or whatever, like, start planting the idea that when people look at you, they think, oh, yeah, Lazaro, Digital Forensics, he's doing that stuff all the time. I'll give you an example, Lazar, you probably noticed this. Dennis Keefe. Dennis Keefe has been doing OSINT and talking about OSINT for a minute. Like, when I think osint, I think Michelle Khan and Dennis Keefe. For that reason, Dennis Keefe has essentially, like, branded himself as osint. You can do that with differ. Also, good luck on the promotion. I watched a video this morning, and we don't talk about money very often here, but I. I watched a video this morning about pay raises and the reality of them and everything. And, you know, you could bust your hump. I bust my hump when I work. And I did it, you know, my whole career. It never really got huge pay raises. Usually you get the biggest pay raise when you leave and go somewhere else. Also, when some. If you've been somewhere six years, wherever you started your salary six years ago, and you've been getting these incremental bumps, the market grows quicker than your incremental bumps yearly. So someone coming in and getting the same job as you or a job a. A level below you might actually be making more money than you. Which is why employers do not want employees to talk about salary, because it leads to awkward conversations where you're like, dude, this guy just started and he reports to me and he makes more than me. How is that? Okay, all right. Again, what. This is beyond that. But anyways, Lazaro, just start doing more differ stuff. Also. Also, you may want to overtly just tell your boss that you're targeting promotion and you're leaning in to differ and tell the things. Do not do this at your. Your performance review. Do this well before your performance review. Okay? Also, Lazaro, you may have to switch companies. I'm not saying you should. I'm not saying you should. But if you start to brand yourself as the differ person, and then your current employer is like, no, you know, be mindful of that. Okay, what mess did I miss the beginning. My audio I didn't have. I had my microphone hot. Only Roswell uk, not the mixing board. So the sound effects and podcast didn't come in. Did you hug the demigorgon at rsa? No, I didn't. I did take a picture with the crowdstrike model thing though. I do take allergy meds. I take like Teemu, Zyrtec. I don't really take Temu. I buy the allergy pills from Costco. Hey, have you seen the new GRC framework for automated risk assessment called Jamara? No, but you have my attention. Z, you minx. Let's take a look. So Jamar is a central foundational text in Judaism. So let me do Jamara Cyber grc. Okay, let's take a look here. Does it have a cool graphic? Ooh, GRC engineering model. This is very cool. I will tell you I haven't seen this but it's definitely. I'm going to share it in chat because if Zima said it, then we're on, we're on board. Listen, I'm gonna do two things in April. I'm gonna, I'm gonna like, I'm not taking vacation but like I'm, I'm reducing my client deliverable work so I can focus for two weeks on training. I'm, I'm like, I'm assigning myself training. I'm going to be focusing on AI and GRC engineering. So stay tuned for that and thank you for sharing that zmf. We did have good vibes this year. Did I show the photo? I don't know if I showed the photo. If you guys didn't see it really quickly and let me, let me start answering a question. Currently studying for ISE2 cyber security cert. Is it worthwhile as a first step or someone from a non technical background? Yes, I absolutely think it's a great first step. Okay. The Cyber Security certificate will give you exposure to Python, web apps, networking, operating systems. I know a lot of people dunk on cyber Google Cyber Security certificate and, and the reason they dunk on it is because it will not get you a job by itself. But as a non technical person it is a great foundation. Also in my GRC master class, the first six or the first section is a IT primer. Right. So I think those will both go really well for you creativity. So yes, continue on. Quick shout out to the San Francisco crew. This is us at Simply Cyber. I, I did really kind of a. A tough job of marketing it because I wasn't sure what I could commit to. So Quan Sunshine, Phil Elliott and Nick Nick listening on Apple podcast the rest here live. Little meetup. Loved it. It was so fun. All right, keep asking your questions in chat. I'm here for you. This is jawjacking. You ask questions, I give answers. Do you think Iran gets more connected? We'll start seeing far state, big state back detect? Yeah, sure. For sure, dude. Here's what I think. Roswell uk I think that, I guess this is what I think it the more I don't think it's more about Iran being connected. I think yes, it's going to increase as Iran gets more connected, but I think we just saw Yemen get involved. Okay. You know there's a lot of requests coming from the United States to European countries to help us out. Although we've, we somehow kind of pissed in the. In all over the place and then asked for help afterwards. So you can't, you can't. I'm not surprised the United States isn't getting help. But my point is as more, as more as this conflict continues to escalate, more countries are going to get involved which unlocks state back cyber, you know, capability of more countries. So yes, I think we're going to see more state backed attacks, just not necessarily Iranian based. Sure there'll be a more Iranian base, but I think there's going to be more everyone based. Especially since other countries are, you know, supporting Iran that have very, very calm, comprehensive and effective cyber capabilities. Right. Like a little bit of a proxy war. Let's keep going. Hey Harish, first time trying my chance at CFPs, which is a call for paper, which is how you speak at a cyber security conference. He says I got two B sides reaching out to me for the same talk. Any advice? I take it it's not good idea to give some content. Or am I wrong? Oh dude, listen, number one, great job submitting for CFPs. That's a great idea. B Sides is a great conference for your first speaking engagement. By the way, BSides are usually smaller conferences, typically community run and they typically complement a larger conference. Although that is kind of like gone by the wayside. Shout out to simply Cybercon, which is happening the same weekend as B Sides Charleston deliberately so we can get that complimentary, complimentary feature. I would say unless the B Sides conferences are the same day, which they likely are not, give the same talk at both. Like one of the best things you can do is get a talk and then use it multiple times because you get economies of scale, you also get exposure. Plus by doing the talk multiple times. You'll actually refine the talk. Get the talk better dialed in shorter, hit the points quickly. So it is a good idea to give the same content. Yes. Do it now. Don't always do it right. If you're like, just, I think you should do it. I gave my Game of Thrones talk like four times. People really enjoyed it. Yeah. So do it. Get that economy of scale. How would you suggest a noob go about helping with the AI governance problem or would you focus elsewhere? Easy does. Depends if you're talking about like self development or you're talking about at work. I mean, you could start anywhere you want. There's no reason that as a noob you can't start with AI governance. I mean, what I would say is, number one, start getting familiar with frameworks. Right. MIT has an AI framework. There's a couple AI frameworks. I can't remember any of the others off the top of my head. I do want to update my resources page on my website as well to have more AI resources, but go look at the AI MIT framework. I'll drop a link in chat. Actually, MIT framework, the MIT AI Risk repository. Get familiar with this honestly. Also get familiar. Easy does it with just basic NIST CyberSecurity framework or CIS18 start. And entering those conversations, when it comes to AI and a governance, like I said at RSA, it felt very much like AI governance was front of mind for a lot of businesses. So it's definitely going to be coming down the pike real hard. So I think, I think you should do it honestly. All right. A lot of people sharing their. How do you answer the question of what do you do? I swear to God, I stopped trying with my one aunt. She just tells people I do computers, I do computers. She's, she said that for 20 years. Oh, you should meet my nephew Jerry. He does computers. I, I love my aunt, of course. So, all right, he says potentially stupid question, guy named 303. Let's get that sorted out. There are no stupid questions. Okay? No stupid questions. He says he's terrible at allocating and organizing his time. How do you go about balancing all you do? Well, thanks for the question a couple different ways. Number one, I, I, I schedule everything. Okay. And I know that sounds ridiculous, but here's the reality. And I feel like a lot of people are going to either say preach or nod their head. If it's on my calendar, it gets done. How many times have you said to someone, we should get together and like every time you see them, you're like, oh, yeah, we, we should totally get together. We never get together. We should get together, put it on the calendar. Hey, guess what? April 5th, we're having lunch. You can always move it, you can always counsel, but it's gonna happen. So for me, I could tell you right now, as an example, what is today? Today's Monday. Okay, so today I'm having a meeting from 9:30 to 10:30. Then I have a meeting from 11 to 12, then I'm going to Costco. Then I'm going to. I have to review a contract at 1pm and provide red lines at 2. I'm actually finishing a LinkedIn post that I'm sending out tomorrow. At 3 o' clock I have a doctor's appointment I have to scoot to. And then at 4, James McQuigan and I are talking about a piece of work that we're collaborating on. I, I know exactly what I'm doing today. I've allocated the time. I will make it a priority to get that thing done. If you're just like, oh, I'm going to just kind of vibe and flow and see what happens today, you're gonna get distracted. You're gonna watch YouTube. Justin Gold's gonna send you some type of conspiracy theory thing that you're gonna go down a rabbit hole on. You will lose time and it'll be the end of the day. And you're like, why didn't I get anything done today? I'll do it tomorrow. No. Also, another like, pro tip I have is I use Google Tasks and not so much to keep myself on track. I'm just seeing if anything in here I don't want you to see. No. So anytime, like, say you're just sitting there, say you're in a meeting. Right? Say, say you're in a meeting. Just as a quick example, say you're in a meeting or you're at a conference and you talk to someone and they're like, oh, like Phil Stafford's a perfect example. Phil Stafford. I said, dude, you should come on to simply Cyber Firesides and talk about AI. Here's a, here's a link. Go use it and sign up. Now, I'm not gonna harangue Phil Stafford to do this, but a good idea would be for Phil Stafford to open Google Tasks right now or whatever, note taker and say, register for firesides Dink. Right? So then say it's the start of the morning, guy named 303 and you have nothing on your calendar today. Well, here's an opportunity. Look at your task list and start assigning things. Don't just go down the list and say oh like I, I'll register like maybe for that one because that's like a two minute thing. But like say it's like work on my. Find a conference to submit a CFP to then develop a slide or an abstract or whatever. Say that takes one hour. Well guess what? Block an hour on your calendar today and then commit to it. That's what's up. All right, we are at 9:26. I got four more minutes. Continuing to look at questions. What's up Kathy? Anor hack who I think was the first timer today. Is job market really where most jobs are way more about people networking rather than certs. Yes, it is about networking. The certs sometimes are required as minimum to get past HR or viable. Also I mean they do kind of indicate to the interviewer kind of what base understandings you have. But yeah, I honestly a Norhack I strongly believe and it's a, it's a, it's an opinion that personal branding and, and basically your professional network is incredibly valuable. I, I'm not going to name names but like I know several people who I've been directly involved with or I was aware of that, you know, basically got a job because as soon as they announced that they were on the market, people in their network reached out to them because they know who they are and what they do. Again, I don't want to name any names but like I'm. I, I know, I know four right off the top of my head. All right. Taekwond I've been slowing down in my study because of not seeing roi. How can I kick it back again? Taekwondong what I would suggest is lean into something that gets you excited, right? If you're excited about something, you'll find the time because you're excited about it. If you're just grinding, that can exhaust you and I get you. Hey, we got a first timer in the chat. Skate Aussie. What's up? Welcome to the party pal. Skate Aussie. All right. I am speaking at Wild West Hack Infest again this year. That's confirmed. FYI. When is the best time to inform your current orga team that you're exploring other opportunities, if at all, when you're giving them your two week notice. Don't S coal 07 do not listen. This is a, this is, this is my, my take on this one. People want to chime in on it, go for it. Do not ever tell your employer or anyone you work with that, you are exploring other opportunities. Don't do it. I have seen people who have said it, and you know it. You know, first time there's a need for a layoff, boom, you're out. You know, you basically put a target on your head. Oh, you know, this guy's not part of the team anymore. This guy's looking elsewhere. Seems like a threat, right? Not to say that they're going to do it, but I. I wouldn't. I wouldn't. I wouldn't even do it until I had an offer letter in hand. And even then, be careful, because sometimes offer letters get rescinded. The thing that I always do, as Cole07, is whenever I meet with my manager or whatever, kind of like the. The question earlier about Lazaro, who wants to get into differ? I'm very open and communicative about, hey, like, you know, like, I know, like, whatever. Just a weekly manager meeting. Like, hey, what's up? I'm working on these things. I'm crushing it. Hey, I just want you to know that, like, I'm. I'm really excited about digital forensics and instant respond. I've started doing some training and learning just to make you aware. Like, if there's ever opportunities, let me know, because I would love to get more into that. Okay, Mentioned it. Maybe a month later. Hey, I. I kept doing that differ stuff. It's still really interesting. Mean, do you have any insights or whatever? No. All right. Hey, it comes time for performance review, you know, you crushed it. Great work. Yeah, I. I do appreciate that. Listen, is there. Is there. How do I go from where I am to digital forensics? Well, we don't really have that opportunity here, Jerry. Like, just keep doing grc. Perfect. So then when I come with a differ offer letter or whatever. S. Cool. 07, I'm like, dude, I've been telling you. I've been telling you. Also, another one. If you're asking for more money, right, that's another one that you shouldn't just kind of drop the bomb at your performance review, because guess what? The budget's already set. You could say, hey, listen, really quick. I just want you to know, like, you know, my salary is 40 grand, and I've been looking. My buddy just got high. Even this is a little fib. You could say, oh, my buddy just got hired a very similar role, and he's getting 80 grand. You know, I'm not saying I need more money right now, but can we. How can I. Like, what is it that I need to do in order to get a pay bump or get promoted into a higher class to be able to get more money and then, oh, I can't do anything for you or they give you some information, you do it. If you. If they give you a plan and you do it and then you don't get more money or they don't give you the promotion, or they tell you that there's no way it's going to happen, well, then they're signaling to you that, you know, you're gonna have to move. Okay, but s cool, 07, I do not want you to get laid off unnecessarily. All right, all right. I'm gonna speed run because we're over time. I've got a meeting in three minutes. I'm gonna speed run the last rest of the questions here. AMK Cyber first timer. Welcome to the party, pal. All right. Okay. Roswell, UK I'm just skipping your questions now because they're not. I mean, they're funny, but they're not really aligned with what we're trying to accomplish here. All right, everybody, I'm caught up on chat. Thank you so very much. Thank you everybody who joined the Daily Cyber Threat Brief as well as the jawjacking. We'll be back tomorrow at 8:00am Eastern Time. I'm Jerry, your chat. Until next time, stay secure and don't forget to check out the Discord server. All you first timers. We got a whole thriving community over on the Simply Cyber Discord server. All about good times. You can go to Simply Cyber IO Discord to go on to that. And then of course, if you're interested in our conference, this Conference is coming November 8th and 9th, 2026. Registration is open. CFP opens May 4th. I'm Jerry, your chat, stay secure.
Host: Dr. Gerald Auger, Ph.D. (Simply Cyber Media Group)
Purpose: Deliver top cybersecurity news of the day with expert analysis, career insight, and a strong sense of community.
Dr. Gerald Auger (“Jerry Ozier”) hosts the 1099th episode of the Daily Cyber Threat Brief, breaking down eight key cybersecurity news stories for insiders, analysts, and business leaders. He aims to both educate and entertain while offering deeper industry insights, best practices, and actionable recommendations. The show is famously community-driven, giving a shout-out to newcomers and long-time listeners, and actively supporting cybersecurity career growth.
[12:20]
"For anyone who thought Iran is some unsophisticated, non-technically advanced third world country, you are horribly mistaken. First world cyber capability." [14:34]
[20:47]
“This is why change management's a thing... don’t ever do an update to production and not have a rollback plan.” [23:21]
[25:21]
“We website developers are doing a crap job... API keys are exposed to the Internet.” [27:29]
[29:54]
“You got about a 19% chance of getting exploited in the next 30 days… make this a priority today.” [33:10]
[40:16]
“For my Aunt Dorothea’s of the world, they will fall for it every time... be on the lookout.” [44:52]
[46:54]
[50:24]
[54:29]
[35:17]
“Dan is a living embodiment of Simply Cyber's core values and how if you just follow the program, you will achieve great results, success, personal satisfaction... you are a champion of the people.” [36:35]
[58:55+]
Rapid-fire, candid responses to community questions, including:
“AI governance was front of mind for a lot of businesses [at RSA 2026]. It felt very much like there’s more deliberate focus and tooling around AI visibility and management.” [1:02:44]
“I just say… ‘I protect bad from happening at [my company].’ Make it simple.” [1:06:45]
“It's about networking… I strongly believe personal branding and your professional network is incredibly valuable… I know several people who basically got a job because as soon as they announced they were on the market, people in their network reached out.”
“Do not ever tell your employer or anyone you work with that you are exploring other opportunities… don't do it until you have an offer letter in hand.”
Dr. Auger’s 1099th daily cyber brief covers high-profile breaches, vulnerability management priorities, the risks of credential exposure, and the criticality of sunsetting legacy technology. With a unique blend of sharp analysis, practical tips, and supportive community ethos, the episode is packed with both actionable intelligence and career guidance for cybersecurity professionals at all levels.
For full episodes & community discussions:
Visit simplycyber.io/streams
Discord: simplycyber.io/discord
Stay secure, stay current, and empower your cybersecurity journey with Simply Cyber!