Eric Taylor (11:41)

From the CISO series, it's Cybersecurity headlines.

Sarah Lane (11:48)

These are the cybersecurity headlines for Tuesday, March 3, 2026. I'm Sarah Lane. Chrome unveils Quantum Safe certificates Google's Chrome team is testing quantum resistant HTTPs certificates to protect against future attacks by quantum computers. The initiative uses Merkle Tree certificates which replace traditional certificate chains with compact proofs, reducing TLS handshake data and integrating transparency into issuance. Chrome's three phase rollout began with feasibility testing alongside Cloudflare, which with public deployment and a dedicated quantum resistant root store planned for 2027 vulnerability.

Dr. Gerald Ozer (12:31)

Okay, hold on. What Coming from the office If I didn't know I needed this but thank you, I'll take two comes quantum resistant. Oh, not quantum resistance, quantum quantum safe HTTPs certs. So if you were if you were worried about nation state threat actors with quantum computers coming after your Web traffic, you know, Chrome's got you covered now, again, like I. Okay, so this is cool, all right. And to me, the devil's always in the details of this stuff. HTTPs is secure web traffic, right? Like websites and stuff like that, using PKI certificates. Now, this has been fine forever. This is asymmetric encryption. But with quantum computers coming on the scene, they're going to be able to shred traditional cryptography, which means your web traffic can be broke. Chrome unveils this quantum safe one, and basically they've re engineered the. The structure of how HTTPs is going to be encrypted so it's not like it's a stronger certificate. They're using something called Merkel Trees. Not to be confused with what was. What's the woman's name in Germany, isn't it? Andrea Merkel? Hold on. Yeah, I think the German Chancellor. What's her name? Damn it. What's her name? Sorry guys, a little tangent for me here. Angela. Angela Merkel. All right, yeah, there she is. All right. So not to be confused with Angela Merkel. Merkel. Although when she retires, if she gets into gardening, there's a perfect opportunity for her to be representing Angela Merkel Trees. So here's my thing really quickly, guys, if you didn't know, here's a little tidbits Tuesday on the first story in this in the scope in the world of cyber security. I love almost every single part of it. Okay, I love cyber security, I will tell you. And I had to do this for cisp a thousand years ago, but cryptography is one dimension of cyber security and it's one that I don't like. I had to take like multivariable calculus, calc 1, 2 and 3, and all this other crap in undergrad and I didn't like it. I don't like advanced math where I can calculate area under curves. Like, no, I'm not. I'm good. And this right here, all this quantum cryptography, quantum resistance, it's all math. It's math for days and it gives me a popsicle headache. So all you need to know is, for me, as a cyber professional, all I need to know is what is, you know, the current unbreakable encryption and is my application is my implementations using that AES256 has been good for good years. I'll keep doing it. This one post, quantum x509 certs. Sure, sign me up. I'll update my Chrome and I'll start using it. What I won't do is, is worry about like how Is it working underneath? Because it's just going to give me a headache. If you are a big polymath crypto nerd and you like that stuff, explaining a Merkle Tree could be, you know, advantageous as a dimension for you to start personal branding as the cryptography person. All I know is, you know, again, if they make this as trivial as just updating, then you're good to go. The. The other thing that you should be mindful of is Chrome browsers is a browser that end users use or we use to access the web. The certificate, the quantum say cert, the Merkle Tree cert is on the server, okay? So if you have a web application, if you have infrastructure that needs to be secured and protected from crypto, I mean, a quantum attacks, you have to make sure that your server infrastructure can support this Merkle Tree implementation. It's just that Google Chrome will be able to accept connections. Okay, So I just want to make it clear. Updating your Chrome to accept quantum Merkle Tree certificates doesn't mean that all of a sudden all your connections to the Internet are now quantum safe. The other end of the relationship needs to be configured to handle that. So just, just be mindful of that. I don't know what the cost is. It could be. It could be expensive in compute power to generate these Merkle Tree certs, you know what I mean? So definitely an area of interest and one to be mindful of. But I don't know, man, in the world of like, what we're dealing with right now, Quantum. Quantum showed up at the wrong party at the wrong time because AI showed up at the same time. And AI is like, definitely the bigger, much bigger story, right? It's like, I feel like, I'm sorry, really quick to go on this tangent, but I feel like Quantum computing is like a movie that launched or, you know, a movie that released the same week as like Titanic or Star Wars. It's like, oh my God, like no one will ever really be thinking about it because it just got outshined and overshadowed by something else that happened at the same time. Quantum was hot for a minute, but

Sarah Lane (17:55)

AI is like incendiary allowed hijacking Gemini Live. In other Chrome news, a vulnerability allowed malicious extensions to hijack the browser's Gemini Live AI assistant, giving attackers access to local files, camera, microphone and other system resources. Exploitation required the Declarative. Net requests API letting injected JavaScript manipulate the AI panel. The flaw was reported to Google back in October and patched in Chrome 143. Palo Alto Networks warns that hijacking such AI assistance can allow complex spying, phishing, or data exfiltration without user consent.

Dr. Gerald Ozer (18:39)

Yeah, uk, I mean, this is. Hold on. Yeah. Shall we play a game? Thank you, Sierra Montgomery. So, oh my God. Like the, the on by default of all these AI tools, co pilot, you open office.com and co pilot's like, let me talk to you for a second. You, you, you go somewhere on Chrome and it's like, like, Gemini would love to talk to you. So, you know, threat actors are aware of this and weaponizing those tools in order to get the AI to leak data. Again, with all of these AI tools, they have incredible access. And the problem is, it's not, it's not a human. Like, this is like the foundational problem with AI as an assistant. Okay? If you have a human assistant, right, and you're like going to a website, the human assistant can be like, hey Jerry, did you see, like, you know, there's like, I don't know, like, say I Google like a band I like. And then my assistant's like, jerry, did you know they have a concert coming up within 30 miles of you? Would you like me to book tickets? And I'm like, thank you, assistant. Well, the assistant knows that they're talking to me. With these AI assistants, they're just executing commands based on what the context is of what they know. So when a threat actor weaponizes it, the AI is more than willing to help tell them whatever they want because the AI isn't having that human check to be like, wait a minute, like you're not Jerry. So that's kind of the big issue with that is, is permissions again, which is why identity is so valuable right now and so important to protect. Again, here by grant. Again, I don't research or prep these shows, so I don't know what the news article says, but a lot of times I'm proud to say they echo what I'm flipping out about. By granting the AI direct privileged access to the browsing environment, AI browsers are capable of performing complex multi step operations. The function is designed for good. But you know what? Threat actors are well aware how to manipulate this. Palo Alto Networks. Nice job. Palo Alto unit 42, assemble. Right. We got a CVE2026 0628 patched in. Chrome 143 has allowed malicious browser extensions to inject JavaScript into the Gemini Live. Okay, so the way to prevent this is not installing ridiculous extensions. Educate your end users. If you can harden the environment to ensure that those extensions aren't the end users can implement them. I don't know off the top of my head, if Chrome extensions require privileged access, like installing software. I don't think so. So it's kind of difficult to lock down a Chrome browser as far as I know and do posture checking on it to keep someone from installing extensions. Now I do want to point out really quickly, you might be like, oh, I will educate my end users not to install extensions. There is attacks where you go to a website, say like, oh hey, read this PDF okay, like super important PDF. It's, it's about your promotion, it's about your pay raise, it's about you winning the lottery, whatever. And you click on it and then you get a pop up that says hey, you can't read this PT PDF unless you install this Chrome extension. And that, that's the attack, right? So social engineering that it's a PDF extension, the person clicks on it, installs the malicious extension into Chrome and then the person's trying to figure it out. Also I've seen it with install this extension so you can hear the audio of this clip or whatever. So there are social engineering attacks to get those Chrome extensions installed. It's not just always some Carl. It's not Carl. Like, like I'm just going to go into the web store and download the shadiest like most sus looking extensions I can. All right, now as always, make sure you're patched on the most current version. Help Google Chrome. I'm on Chrome 145. All right, so I guess that audio is not going to play today. Ah, you gotta patch it. All right, there you go, you gotta patch it. So it's super easy to do. You are straight up protected from this if you patch it. Secondly. All right, so FedEx has no admin rights needed. Threat locker can block it. Thank you. The one thing I want to point out, this is super important just and this is more for the younger or the more junior people in who are in industry or looking to get in industry. Just because you patch the Chrome to the newest version doesn't mean that you should ignore this story. What you should take away from this story is this is a type of attack vector that I should be mindful of. Just because the threat actor can't take over Gemini today with the malicious extension because they patched that thing, threat actors are going to continue to try to find ways to get past Chrome security in order to take over that AI and inject JavaScript. So it's like now an attack vector. You have to be mindful of.

Sarah Lane (23:43)

Warns of Iranian cyber attack risks. The UK's National Cybersecurity center, or NCSC, warned British organizations of potential Iranian cyber attacks amid Middle east tensions. State sponsored and Iran linked hackers are believed to retain some operational capability despite Iran's ongoing Internet blackout. The NCSC advised organizations with Middle east supply chains or assets to review their attack surface, increase monitoring and follow guidance on DDoS, phishing and ICS targeting threats.

Dr. Gerald Ozer (24:20)

All right, so I mean, as. As the world woke up on Sunday and realized the United States has just started a conflict in Iran. If you want my honest thoughts on this, find me at Zero Trust World. I'm happy to tell you what I think. Okay. UK warns of Iranian cyber attack amid Middle east conflict. Yeah, dude, Iran. Okay, I guess let me just put it this way. Again, we try not to get political on the show. Was it Saturday? I feel like Saturday night is when they did it. Was it Saturday morning when it came out? So whatever, Saturday, Sunday, here is the deal. Just again, not getting political, just being, you know, kind of real for a second. Iran. Iran's like first, second and third leaders have been unalived. Okay? So there's like, there's a lot of like, vi. Existential threat vibes going on in Iran right now. So if just to put yourself in that position, right, you would imagine that, or I suspect that Iran is going to be using all of their capabilities to do all of the things. Because why would you leave anything on the bench? Why would you leave anything in the pantry? This is like existential. So they're gonna do all the things. I mean, look at what happened in Dubai already. Like that was supposed to be safe. No, look at all these things. So kinetic weapons for sure. Drones for sure. And cyber attacks. Iran has a cyber capability and cyber can allow you to reach out and touch someone. So, you know, again, just, you got to be mindful of it. I don't think that, you know, a publishing company in Spartanburg, South Carolina needs to worry about this. Okay. This is much more geopolitical nation state. So like I would see like Iran trying to hit like government targets, critical infrastructure targets, things like that. I would say there is a lot of potential for collateral damage and blowback, frankly. Sadly. I mean, I just saw a story about, I mean, I'll let you Google it for your own, but go look at Austin, Texas. You know, there was a bar in Austin, Texas that had some, some issues with a Senegale man who was, you know, went in with a weapon and did some bad stuff in in response to this. So there's blowback, but from a cyber capability, Iran is quite capable. I think it's going to be kind of shields up. I do believe that we are not going to hear about most of these things. I also want to point out, just to make everybody crystal clear, you know, in America is a superpower, so let's not be stupid about it, but Iran Internet down with. When the attack happened, Iran's almost entire Internet went out. So my understanding was only 4% of Iran was still online. So here we are. This is a story from March 2nd. Iran's Internet blackout enters fourth day. Okay, so as much as UK wants to warn of Iranian cyber attacks, I always talk about the cyber kill chain. If, if you, if you can basically take a country off the Internet, you reduce a lot of potential threats, right? Because they literally can't get to you because the attack vector is closed. Like normally we close, we close off choke points inside our network to get to our crown jewels. This is one of the rare examples where the choke points are, are like the Internet. So, you know, UK can warn, but like, I, I, I don't know. I, I don't, I think this is less of a concern just because of the sheer volume of, of Iran's critical Internet service not being available. All right? I mean, I don't know, man. I take, I take Internet access as like a ubiquitous service that I'm going to Orlando today. I expect Internet service there, right? Like it's, it's like I go to an airport, I fly anywhere, I expect Internet. I went to Antarctica several times. I expected Internet and I had it. You know what I mean? Like, it's like a ubiquitous service. So no one ever thinks about it not having Internet as a potential threat model. I mean, obviously denial of service attacks, but that's not what I'm talking about. This is not a denial of service attack. What's going on here? This is like straight up destroying infrastructure.

Sarah Lane (29:33)

Alleged scam mastermind convicted. A German court sentenced Mikhail Biniash Billy to 7.5 years.

Dr. Gerald Ozer (29:41)

Oh my gosh. Okay, so hey, really quickly this is coming across. DJ B Sec is telling me this right now, which is a, which is different than what I said, okay? Oh my God, dude. I click on a tab because of my tabs are so small. I click the X. DJ B sex. Reporting live from Mod Chat. Right now that the IRGC actually turned off the Internet internally because of the revolution and Elon is turning on Starlink for free. So my understanding of cutting off the Internet is Like the. The. The reason behind it is not what I suspected. If DJ B sex reports are true. So very interesting. If they do turn it on, then cyber attacks could be there. But again, this is nation state geopolitical stuff. Okay.

Sarah Lane (30:29)

In prison for leading a branch of the Milton Group investment scam network which defrauded victims of about 8 million euros between 2017 and 2019 through fraudulent online trading platforms. Prosecutors say he also developed and sold proprietary scam software Puma TS, enabling copycat operations that caused an additional 42 million euros in losses worldwide. The court ordered 2.4 million euros confiscated, but the verdict can still be appealed.

Dr. Gerald Ozer (31:02)

All right, so this guy, call center operation in Albania to get people to invest in fraudulent trading. Okay, bro, 600 people on the desk. I can't believe this works, dude. It's insane to me that people can run this scam in 2026 and it be so successful. Like, I mean, get your drink, I guess. Okay, the year is 2000. The movie is Boiler Room. Young Ben Affleck. Young whoever the guy was in friggin Fast and Furious. Vin Diesel, Giovanni Ribisi. There is Ben Affleck. This is a movie from 2000 talking about this exact scam. This thing's been around since like the stock market. People were running these scams in 2000. I mean in 1930. And apparently it still works today. So it is not. It's not legal to call and lie to people and have them give you money. B bdubs660 got a job. All right. Way to go. Nice. All right, so f around and find out. This is it, right? Not much here. I mean, I don't even think this is necessarily a cyber story. The guy left day to day ops in 2019, made 42 million a year just like kind of as a side hustle. This isn't even a cyber story. So it's just a scumbag story. So nice job.

Sarah Lane (32:57)

Huge thanks to our sponsor, Adaptive Security. This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI powered social engineering. Today's phishing doesn't just hit inboxes. It can sound like your CFO or look like your CEO on Zoom. AI voices video and deepfakes are turning trust into the attack surface. Adaptive fights back with AI driven risk scoring. Deepfake simulations featuring your own executives and interactive training. Your team will actually Remember. Take a three minute tour or request a CEO deepfake demo@adaptivesecurity.com.

Dr. Gerald Ozer (33:39)

all right, do we do it? We do. Someone call Alpha Sierra. I Feel like she like left because we weren't doing the music anymore. All right, hey, holla, holla, holla, everybody. Thanks so much for being here. Definitely appreciate y'. All. Shout out to the stream sponsors Threat Locker, Anti siphon and Flare, allowing me to bring this show to you every day. Hope you guys are having a great experience. It's 8:34am Eastern time right now and we are here for the mid roll. Every day of the week has a special segment and Tuesdays is Tidbits Tuesday where I share a little bit about me. Kind of see if we vibe on something. Let me think here. I don't know. So I'm traveling today to Orlando for a conference. I. I don't know, guys. I don't even know if this is something worth talking about. But like, as far as like packing for travel, I used to pack like way in advance and everything. Now it's like maybe yesterday I got my gear ready today, threw all the stuff in the. The bag. You know what? Actually a Tidbits Tuesday. I don't know if this is like a privileged thing or whatever, but like, I will say one of the best things I've ever done is have like, you know, back in the day I would like take my deodorant, take my toothbrush, take the things that I use and then pack them and go. And now I have like, I know it's simple, but like I have like a travel toothbrush, a travel deodorant, a travel phone charger. So like, I have compartmentalized these things and it makes traveling so much easier because I don't have to think like, did I grab that? Oh my God. It's just like it's separated. It's one of the best things I ever did. Again, it's. It's silly, it's simple, but like, having that is dynamite. Also, I just remembered talking that I need to pack the sippy cup. Also. Also one other thing that I think is super valuable. I only like in the last maybe year started doing this. I travel with like an empty. It's like, it's like a. It's like a b. It's a bag, I guess. But as I take dirty clothes off, like, oh, like my shorts or my shirt or whatever, I pack them in there. So then only clean clothes remain that are accessible and then all the dirty clothes are where they are. So it. I don't know, it makes it to me, it's quality of life. So anyways, that's it. We're talking about traveling and what your Best practices are if you've got a best practice for traveling, just like one little best practice that's not obvious, right? Like, oh, I fly first class. Like, yeah, okay. Like, like, thanks. Like you got. If you got a, a secret travel hack, holler at me in chat. For everybody else, let's get our la la la's on, shall we? Let it wash over you. Here we go. You

Eric Taylor (37:00)

will you come.

Sarah Lane (37:23)

La.

Dr. Gerald Ozer (37:35)

All right. Awesome. All right, let's finish strong, everybody. Thanks for the travel hacks.

Sarah Lane (37:44)

OPEN CLAW vulnerability hijacks AI agents A vulnerability in the openclaw AI assistant let malicious websites hijack self hosted agents without user interaction. Attackers could connect via local host brute force passwords and gain administrator privileges, enabling access to files, logs, slack messages and execution of commands across connected devices. The flaw relied on trusted local host access and unthrottled password attempts. OpenClaw patched the issue within 24 hours, advising users to update to version February 2, 20, 26, 25 or later memory.

Dr. Gerald Ozer (38:27)

All right, so yeah, definitely interesting. Remember openclaw, even if you have a local instance of openclaw, it can be compromised because openclaw, if you, if you configure it, it will reach out to the Internet and access things on your behalf. Again, if a threat actor puts malicious code, JavaScript, etc out there, when AI runs it, it's happy to just execute it and pull it back to your local instance. Which is why you should have defense in depth on your Open Claw instances. I. E. Like mine back here, completely isolated from my home network, can only, it can only touch itself and touch out to the Internet and even then could be compromised. You know, brute force passwords, etc, basically you got to patch it. Ah, you gotta patch it. And in reality you should set up a cron job to just have the thing patch itself every day, right? Even if there's not a patch, but the patches come out pretty, pretty quickly. I don't know, as I told you guys before, the value of Open Claw to me has been like meh, like maybe I'm not using it right? Maybe I'm not a power user, maybe I'm not, you know, one of these like bros who are like you know, six figure, seven figure on a weekend side hustle. I don't know, I, I find Claude code to be more valuable frankly than Open Claw. But let's see. All right, so I mean, it's basically localhost protected by passwords. So listen, in, in any instance, if you're putting passwords on anything, use strong passwords. In fact, dare I say use passphrases. Can we make, can we make passphrases normal? Can we normalize passphrases in 2026, please? Josiah Culling can it be isolated on a VLAN or does it require separate hardware? I mean you could separate it on a VLAN for sure and then just put ACLs around it to make sure it can't move. I mean I have it on its own hardware also though, because I don't want to like, I mean if it was on. Well, we're not going to get into all that but like if you had it on like your laptop or something, you can't really. I mean if you'd have to have a separate NIC to VLAN even then it's on the same hardware at that point. So I would recommend having it on separate hardware. Yeah, but anyways. Open claw vulnerability. You got to patch it.

Sarah Lane (41:02)

Scalpers hunt scarce dram florida woman a bot campaign sending over 10 million scraping requests to e commerce sites to track scarce DDR 5 dram inventory. Hitting product pages nearly 6 times more often than legitimate users and using cash busting and AI tools to evade anti bot defenses. The goal is to identify and quickly buy limited memory stock for profitable resale, worsening an existing shortage driven by AI and hyperscaler demand. Analysts expect DRAM prices to potentially double in Q1 of 2026, with supply constraints also impacting smaller cloud providers and entry level device shipments.

Dr. Gerald Ozer (41:48)

Yeah dude. So RAM dram, it's crazy what's going on and I mean this is not a cyber security story, this is a more of an IT tech story. But essentially the cost of RAM is like out of control and you know it any do you remember? I mean Jesus, like just think about it for a second. Do you remember early Covid when toilet paper was like a currency somehow people were freaking out and then you'd buy a bunch and then you know, I bought black market toilet paper at a markup, right? Anytime there's a resource that's in high demand. This is Basic Economics 101, Supply and Demand, right? So it's obvious that these prices are going to double or not obvious, but they're reporting that it's likely to double. It becomes a scarce resource. And when you know you can buy it at X and sell it at X plus why it becomes a resource. That's a great investment. Look at. Dude, dare I go into Final Fantasy magic? The gathering cards like scalpers exist. Look at Taylor Swift concerts, right? The eras tour drops and Ticketmaster gets bam. Bombarded by These threat actors, it's anything. It's anything. These people don't care about ram. It is a commodity thing that they can buy cheap and sell high. Right? That's it. But unfortunately, when this crap happens, it drives. I mean, for the scalpers, it's beneficial, but like, it drives even more FOMO and market demand and scarcity. Right. I guess it is a little bit of a cyber story because they're writing like sniper tools that query every six seconds. So if you're thinking that you're gonna hop on bestbuy.com and see if they've got any RAM in stock, you're not going to, because these jerks are. They're checking every second or every six seconds. And obviously with AI, you can have it, buy that ram, and then you stockpile it and then you're off and running. Right? Yep. DJ B SEC points out I, I mentioned toilet paper as the comp, but to make it more aligned as an IT person. Thank you, DJ B Sec. The same thing happened with GPUs and video cards. Do you remember during COVID like, you couldn't get an Nvidia card because everybody was like mining and grinding on crypto. NFTs were so hot. Right. So hot right now that Hansel. So hot right now. So anyways, unfortunately, this is the reality. I don't know how you fix this. I mean, here's the, here's the thing. Okay, Final thing I'll say about this, this isn't going to get fixed. This is a reality. And why wouldn't it get fixed? Because, listen, we live in a capitalist society. The people who are selling the DRAM are selling it to make money. They bought it for some amount and they're selling it for a higher amount. They don't care who buys it. They don't have an obligation to make sure everybody gets 32 gigs of RAM. They have an obligation to sell all of their product. So if a scalper is going to come in and buy their entire inventory, that is 100% in their best interest. They are entirely incentivized to sell it to the scalper. So why would they, why would they do IP listing and look for automated purchases? If anything, they're on board for that. Like, it's like they give them like a fast pass and let them get in there. So this is going to be a problem if you're concerned. I just bought a new laptop. It wasn't priced ridiculously, so I'm not really dealing with this issue. But it's gross. And by the way if you have, if you have like a business with like lots and lots of endpoints, I don't know man. It might be in your best interest to do. If you've been wait, if you've been delaying on inventory refresh, might be a good time to get in on that. I remember in 2021, dude, like we, I was at a manufacturing company running cyber over there and we had to send field engineers to Best Buy to purchase endpoints because we couldn't order them through. I think CDW is who we were using. We couldn't order them through our actual distributor because there was like a six month wait list on these things.

Sarah Lane (46:26)

Microsoft License Fraudster IMPRISONS A Florida woman was sentenced to 22 months in prison and fined $50,000 for running a years long scheme selling stolen Microsoft certificate of authenticity labels and extracted product keys. Prosecutors say she bought tens of thousands of genuine Windows and Office COA labels at discounted prices, then had employees manually extract and sell the license code separately, wiring more than $5.1 million to a supplier between 2018 and 2023. Standalone sales of COA labels violates federal law because they have to be distributed with licensed software or hardware. Msg.

Dr. Gerald Ozer (47:13)

This woman's awfully clever. Now the fact that this woman has three names. Heidi Richards, AKA Heidi Hastings, AKA He Schaefer, AKA Heidi Williams. I mean maybe she was married four times, but to me this just is like a red flag indicator of like sus. Sussy sus. So this woman built an empire of using stolen Microsoft certificate authenticity labels to sell pirated software, essentially. So I don't understand exactly how she got this to work. I don't know if they, like she was selling legit licenses, but the labels cannot be sold as standalone. Okay, so she had employees extract the product key codes by hand and transcribe them into Excel spreadsheets. So there was a little bit of like manual operation on this. But then yeah, she sold Microsoft license keys in bulk. Dude, there is a market. People are like, you know, you could sell Microsoft server licenses on ebay. Like hold on Ebay? Microsoft server license. Like there's a whole market for this. Like look at, you know what I mean? Microsoft 2019 standard sealed DVD box $45. All right, 50. This one has 50 cals on it, right? Like 50 licenses, $58. Okay? So I don't know how, like, I don't know what the going rate is a Microsoft server, but my point is I feel like it's less than $58. Okay? I mean I'm sorry, I, I, I suspect it's like way more than that. So there is this like CD underbelly ecosystem for it. And you might be like, why would you buy like, you know, secondhand dodgy licenses? Well, because they're far cheaper and if you're a small business trying to make a dollar out of 15 cents and you're presented with $2,000 for a license or $58 for a license, again, follow the money guys. People are going to do that. So this woman, she, I mean I, I shouldn't say she only got 22 months, but like less than two years and she made $5 million. Right. So the question becomes and, and pay a $50,000 fine. I mean would you, would you go to jail for 22 months for $4,950,000 right after she pays her fine? I don't know.

Sarah Lane (49:55)

Anyways, Data breach confirmed. Madison Square Garden confirmed a data breach tied to the 2025 Oracle E business suite hack which the Clop Gang exploited zero day flaws to steal data from more than 100 organizations. Hackers allegedly took over 210 gigabytes of archive files from MSG's third party hosted EBS instance in August of 2025, then leaked the data after a ransom was not paid. The company is notifying affected individuals saying that stolen information includes names and Social Security numbers, but the total number impacted is unclear. It is easy to.

Dr. Gerald Ozer (50:38)

All right, so really quick Clop ransomware which if you're a long time of the show, you know, even though I don't condone or promote cybercrime, if I, if I had to like, if I had to pick one ransomware threat act group, of course Flaming Donkey has a special place in our heart Team SC but if I had to pick one real threat actor who's whose game I respect. It's co op ransomware, I think I'm pretty sure Dan Reardon made a hockey jersey for me with KLOPP ransomware. These guys, they, they, they don't, they don't swing a, a, a pillowcase full of pool balls and figure out who they hit. They, they're very selective when they do their attacks and then they go, they go deep. They are famously known for the progress Move it software Data breach the Clio ransomware or Data Excel data breach the Clio file mover software. Not, not to be confused with Madame Cleo of course. And then Oracle ebs which hit several Ivy League schools including like Dartmouth and Brown I believe, got hit Harvard. So Madison Square Garden was also one of Those Madison Square Garden told Clop Ransomware to pound sand. They aren't going to pay their ransom. Clop Ransomware did their part and released the data. Now it's, it says it's not confirmed how many people were impacted. I mean, it's just trivia. Go down. I mean, I'm not going to do this, but like, you can go download the data on the leak site and just count the number of people in it, and that's the answer. I don't know if there's going to be a class action lawsuit against Madison Square Garden by the victims of this, but, you know, as, as always, the people impacted are you and me, like, because we went to see a Rockettes concert in December 2021, you know, our data was there and now it's, you know, compromising on the dark web. Shout out to the main attorney general's office for always reporting on these privacy violations. The information included was your name and Social Security number. Okay, I wonder why they had Social Security number. It makes me think it was employees. Then it doesn't get into whose data it was. This story is. Don't look at this story sideways because it'll disappear. It's so thin. All right. I will say that it appears to be a recurring theme that victims of ransomware attacks are paying less often. I think I saw Apollo Alto report or I saw some report the Chainalysis one. Hold on one second. Chain, Alice, 2026 rate of payment. I think ransomware threat actors are being paid 28% of the time. Now here I'm looking at a chain analysis. 2026 crypto crime report. Yeah, this just gets into the amount. $820 million in 2025. I'm almost positive it was 20 of the victims that pay. It's down to 28%. So less people are paying. I mean, they're still making $820 million. So like, let's not, let's not, you know, start up a GoFundMe for Clop ransomware or for ransomware threat actors. But, you know, people are getting better backups. People are, you know, just accepting the fact that data is going to be breached. But if you are in this Madison Square Garden breach, you know, look forward to your. Your identity theft protection. All right, guys, that is gonna do it for today's show. But don't go anywhere because we've got more content coming your way in a segment called Jawjacking. So if you have questions about career, industry, certification, schooling, training, anything cyber security related, chances are someone else got the same question. So what we do for 30 minutes every day from 9am to 9:30am Eastern Time, Monday through Friday, is we do a show called Jawjacking. And your host today is Eric Taylor. He will be answering all your cyber security questions, helping you level up and absolutely be a boss. I've got to go teach the students at the Citadel Military College, but I do want to say thank you to all of you. Quick reminder, quick reminder. This. This LinkedIn video I did or this AI video I did on quad code crushing your LinkedIn? This thing is for. Simply cyber is going bananas. 7, 000 views in one day, which is pretty dope. This. I'm. I'm telling you, this is an incredibly valuable video. Normally, I wouldn't. I wouldn't pump my own crap like this, but like, this can literally help you find a job, right? Like this can. This can be, like life altering. So please give it a shot. Okay? It's like. This is like the core of why I do Simply Cyber. All right, now for the rest of you, I hope to see you in Orlando. James McQuiggin. I'll have dinner with you tonight, which I'm super pumped about. For all you who aren't at Zero Trust World, I hope you enjoy the experience tomorrow, Thursday, and Friday as we do the show live from the conference floor at Zero Trust World, I'm Jerry from Simply Cyber. Don't go anywhere. Got the next show lined up for you. Until next time, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking.

Eric Taylor (56:51)

Good afternoon, good morning, good evening. How's everybody doing? Let's see. Just doing quick audio checks here. That sounds a little low. All right, let me know. Can you hear me? Can you hear the music? Does everything sound good? Real quick, if Jerry, if you're still in the green room, give me a thumbs up or something. That'd be awesome. He may have already left out. All right, y' all start yelling at me if it's working. All right, let's see if you're new here. Thank you so much for tuning in. I greatly appreciate it. If you have questions, as Jerry said, put a Q colon mark in in the chat so that way I can find your question pretty easily and be able to answer that for you. While we're waiting on stuff, let's talk about something. Something you can hear me, but not the music. No music. No music, no music. Okay. Am I. Come on, chat, open up. I see the questions coming in. Come. Come on, Restream. Why is Restream not showing me the question? What in the world?

Dr. Gerald Ozer (58:49)

What the hell? All right. Hey. I'm not sure what's going on here. What's the matter? I. I don't know. What do you mean you don't know?

Eric Taylor (58:58)

I tried to love it. I was trying to load up the chat and it just kicked me out and said reloading page. I'm like, oh, okay.

Dr. Gerald Ozer (59:06)

Well, you're live, so enjoy.

Eric Taylor (59:09)

Thanks. Sorry, my fault. All right, there we go. For some reason, I was literally clicking on chat to bring up chat so I can answer your questions and it just said reloading page.

Dr. Gerald Ozer (59:21)

So.

Eric Taylor (59:22)

So sorry about that. I'm not sure what. No one happened. All right, so let me find those questions real quick. All right. If management gives you your team goals for the mid year yearly review that don't align with what you and your team do at all, what can you do for those reviews? Example, I rated myself 1A1 for the goals. I would just. If you got goals that your, your organization is trying to get accomplished, then you should have those ahead of time. And I would say having proactive conversations with the management team about the goals before it becomes time to do for the goals, you should be having those type of conversations. You know, the. I know a lot of people struggle with confrontation and being able to voice your opinion, but you got to, right? So you know, being able to have check ins and seeing how you're doing on your goals, things that nature, I mean, if you don't think that that aligns, it could be an error on management side. Right? Like, oh, I meant to put that goal with this department over here, not with yours. My sincerest apologies. Let me fix that goal for you. Could have been a clerical error. It might be something. So, you know, one thing, you know, you may need to get explanation or insight on is like, I personally think business development is everybody's goal inside of our organization. Not sales, but business development. We're enriching and trying to make clients more secure, more understanding. We're developing our business standing with our clients. So we're not, I'm not asking you to sell anything. You know, that is potentially for a salesperson's role and it's definitely my role to potentially do the, the sales aspect thing. But developing business relationships is literally everybody's job. So you know, it could be something like that. And you just need a little bit of clarity. So hopefully that helps. James McQuiggin, how goes your lighting? Can you see me now? I. I can't. I can only see your text James McQuiggin, and he's going to keep beating me up until I schedule that call with him. Fortunately, today's lighting is decent, but my camera likes to go goofy. All right, what other questions we got? If we don't have any questions, I do have something I want to bring up because we do have a threat actor inside of a. We do have more. Let's see, from Joshua Culling. I understand assume Josiah Cooling. Sorry if I butchering your name. Do you think comp Tia Comptia cert is. What do you think your comptia assert is worth? We'll refresh my other comptia asserts company will pay for it. Actually learn something about AI dude, if you're learning, it's worth everything, right? And being able to, you know, continue learning, you know, I. Depending on the role, you know, I think coptea is a great starting point for anybody. You know, it gets. They've been around a very, very long time. They've. They've got years of accreditations behind them, you know, and, you know, again, even though, yeah, I'm a big sans component, I've talked about it before and I'm not promoting Sands by any means on here. I'm just stating that even with sans courses, every year I go back through my recordings and you know, for the classes I've done and sometimes I'm still picking up stuff like, oh, I forgot about it in that aspect. Or I, you know, sometimes do 13 cube trainings and stuff like that and getting some of their information, you know, it. It's always good to keep learning and keep educating yourself. Even though you feel like, man, I already know Windows event logs. I already know this inside and out. But sometimes you pick up little nuggets, sometimes you pick up event ID numbers that you're like, man, I did know that, but I haven't looked at that in a while. It's good refresher, right? So, you know, all training again, as long as you are getting value out of it, is good training. In my humble opinion, it doesn't matter what anybody else thinks and the kicker, your company's paying for it. So get it, get it, get it, get it. All right, from D Bros 4. Sorry. What advice do you have for a career switching? Since it's more aligned with my personal goals and career growth.

Dr. Gerald Ozer (64:58)

So.

Eric Taylor (65:05)

What advice do you have for career Switching it sounds like you already know what you want to do and where you want to go. Right? So I don't know if really anything I can be able to propose to you that's going to be different than what you're already doing. I would just say take it slow. If there is a way to do your career that you want to go into say part time for a couple months and it's not just

Dr. Gerald Ozer (65:40)

a.

Eric Taylor (65:41)

Make sure it's not just a fantasy pipe dream. Really get, be able to get your hands in there, get your hands dirty and really dig into that, that new career path. If there is a way, you know, really kick the tires on that and see, you know, if it's something you two do truly enjoy. The one thing I'd hate for it to be, and it doesn't sound like it by the way you're answering your question, that you make a career change and you get on the other side of it and find out the grass is not always greener. The way you phrase it, it seems like you've, you've been thinking about this for a long time. You've got some experience again, it's your personal goals and career growth. So this sounds like you're already doing it. So if that's the case, I would say just do it. You know, try to see if you can do it part time just to make sure it's kind of like management a little bit, you know, where you know you're thinking about doing management and kind of go from there and you kind of get on the other side of it and you really don't enjoy it at all and you just want to go back to doing the hands on. Can you check out? Would really appreciate it should be huge in the industry. Christopher Hyatt I will pencil that. I'm not going to bring that one up just because I don't know that particular website and I just don't want to open up random websites on stream. I will Pinsler though. All right. I have SEC plus and UW cyber certificate 10 month program. Okay now thinking BS master's program. Is that what it it takes to break in? It's more money. I have market, marketing, sales background. J.

Dr. Gerald Ozer (67:47)

Gold

Eric Taylor (67:52)

Jay Ghoul. Sorry. The I honestly, I honestly don't know as much as I hate to say it and I'm in the industry and I really don't know. I think it really and I've said it before, it really goes business by business. If you were to take, you know, whatever cyber you want to do is it digital forensics? Is it pen testing? Is it threat hunting? Is it sock analysts? You know, sock analysis, you know, whatever that looks like for you. You know, I would go find 5 to 10 companies on LinkedIn, look at the job postings they've been putting out and see what has their requirements been. I will say, however, with that, yes, certifications and degrees are going to help and as someone that's trying to potentially are trying to find a placement for a position that we're doing. Passion, like when you're coming to that interview, you're bringing the heavy heat you bring in the, the passion you're bringing, you're demonstrating your ability to be able to know what you're talking about stands out so much more because I've had 60 interviews and if you're just going to sit there like, yeah, I know the, I'm just like whatever because you're going to potentially be in front of clients. So, you know, make it, you got to be able to sound like you know what you're talking about at least, right to get a shot. Now granted, you know, digging deeper into things in an interview does happen,

Sarah Lane (69:48)

but

Eric Taylor (69:48)

yeah, I would honestly look at, you know, like I said, five to 10 companies that are doing the industry or the vertical in cyber that you're doing, find out what their requirements have been and if you can on LinkedIn. I know it used to be a thing, I haven't checked it recently,

Dr. Gerald Ozer (70:08)

but

Eric Taylor (70:09)

you used to be able to go to the company thing and then look at job postings as a historic thing. Maybe it was indeed there was one of the platforms and you can be able to look at previous job postings by that organization. So it wasn't just the active jobs. Maybe that was an indie thing anyway, I forget. But definitely do some due diligence like I said. See what that ended that particular subset industry is looking for to get get you in place. Hopefully that helps you. Taiwan Gong how do you get over being fired from a major institution? Not internalizing it, just doubting oneself without knowing the particulars. Tong 1 gong I, I would say if you have some severance and you have some time, I would just say take some time off, right? Let's just say hypothetically you got one month severance. I mean, I'm not sure where you are in the world, you know, what the job market looks like for you. You may not have that ability just to disconnect, but at the end of the day, this is no bs. It really isn't. It's you are an employee of One, you are Taiwan Gong llc. You are for hire. And you, you gotta get it right. We all lose clients, AKA employers, we lose relationships with vendors. We do all this. But when you start treating yourself as the mindset you're an llc, not saying that you are, you know, big and bad or anything like that, but you, you know, you got to take care of yourself. Nobody is going to take care of you and your family like you and your family. And you got to treat it like that. You know the, you know the days of old when you would fill out an application and then, you know, pursue that job offer, you know those things are coming back around. Appears like so. I mean it sucks that you, you're going through that Taiwan Gong, you know, the, the industry is brutal. Like I just seen. Let's see if I can pull it up again here real quick. Where did I see that? Bear with me one second. I just got to find the right. The job market is definitely getting a lot more interesting. I know I just posted this thing in one of our. Maybe it was one of the news. I'm sorry folks, just one second.

Sarah Lane (73:28)

Okay.

Eric Taylor (73:29)

Yeah, here we go. Let me bring over, let me make sure.

Sarah Lane (73:34)

Okay.

Dr. Gerald Ozer (73:38)

All right.

Eric Taylor (73:38)

We'll talk about this in a moment if we have time. There's a copy link and I'll post the links here in the chat. But Jack Dorsey just halved the size of Block employees base and says your company is next. So Jack Dorsey announced that Block, which is a company that operates, you know, square cash app title things of that nature, is cutting more than 4,000 employees and nearly half of this global workforce. Taking it from over 10,000 workers down to just 6,000. You know, granted investors respond enthusiastically, sending the products up, blah blah, blah. So yeah, there's definitely an investment aspect of things of that nature. But they claimed that they are doing this some for AI. I don't know how, how much that really works. The ebay folks, you know, ebay lay off 800 staff. Ebay is cutting 8, 800 jobs or 6% of his full time employees. We're taking steps to reinvest across our business and align our structure. Yada, yada yada. Right. Again, I'll post this in chat. Again this will come over as Dr. Joe Dozier because I am in as him. But the job just to say that the job market, it's funky right now. I don't know where it's going to be and where things are going to pan out. Unfortunately, you know, it's a very, very interesting time for all of this stuff. Let's see. Refresh alert. Sierra Montgomery. What were you going to share about the current threat? My curiosity is attempting to bump this up. All right, so yeah, we'll go over to it. Let me just make sure it looks like I have one other question. Oh yeah, so Shane's asking the same thing.

Dr. Gerald Ozer (75:55)

Okay.

Eric Taylor (75:56)

I just want to make sure before I go on a different rant I wasn't and not answering a different or something that may have been a little bit more important. So I'm not going to post a link to this because this is a breach site. So to protect people because this is, you know, no man's land out there, I don't want to post the direct link to it. But it is a breach for forum site. But last month towards last week, this threat actor named Fluffy Duck is now selling root show access to a CEO's computer. The computer had Claudebot AI assistant installed on it and doing tasks for him. So I don't know if claudebot chat was that particular vulnerability going into it, but the threat actor definitely makes claim of of it and being able to, you know, fully dump the entire database of everything we got customers, we got shift patterns, you know, pure finances and loans. We got telemetrics from vehicles as expense fuel. Like there is so much data that apparently this Claude bot has access to had had access to rents and loans, business rates, miscellaneous expenses, insurance, you know, loans, just all sorts of stuff. Right. So. The they hold 800k in assets. Scrolling down to it, you know, they were asking 25k in crypto only but they were open to offers. And then a little while ago they just posted, you know, CEO remove the AI bot because it wasn't behaving. They lowered the price to 15k. So aka you know, they went down 10k in the sale because they weren't getting updated information from the Claude bot. So I don't know how this really pans out. Right. Pure speculation on my side is, you know, if it was a threat actor inside of the environment, they would still have access to the data. Whether claudebot is, you know, using it or not, they would still have potential access to that data. So I am pure speculation here going out on this limb, you know, just saying I maybe there was a browser extension or something that was leaking the data. I don't know. Right. Unfortunately, this person doesn't make the claim how they obtain this information, but it does appear to be strictly around quadbot and the chat platform for that. So, you know, we've been having some conversations with even Our clients like this seems toxic. Right. The and I'm all for AI, I'm all for it. I'm the one of the biggest components and advocates for AI. I think it's going to be an awesome thing to do in time. You know, we need to trust but verify these things. We need to take our time. We can't go into things thinking half cock that everything is just a. Okay. And being able to just do whatever we want to do and AI is just going to make things so much better. We got to walk or crawl, walk and run when it comes to these AIs. Go out there, test it. I think I heard Dr. Gerald even saying earlier that, you know, he's testing out Claude Bot or Claude Code or something for. Forgive me, I forget exactly what he's doing, but he's, he's doing it on the same thing. I, I, if I could pick it up like literally right down here under that monitor, I've got an overpowered MacBook Studio like freaking. I maxed it out and I'm messing with Olama, I'm messing with quadcode both in Anthropic and on the Ollama platform. You know, I'm messing with these things, I'm trying to figure out things, how does things go. But it's, it's its own Vlan. It's only got data that I, I put on that hard drive. So I know it's not accidentally getting access to any of my client data. It's not getting access to my financial datas, it's not getting access to, you know, my family pictures, all that stuff. Right. So it's in a very controlled environment

Dr. Gerald Ozer (81:00)

there.

Eric Taylor (81:02)

The models are always advancing. Right, right. So I think it, I think it will get there, but it's not there yet. It's not like you can just turn it loose, you know, and there's a lot of things on the other side of it. You know, I think I talked about this last week where it was, you know, the, the pen testing AI bots are, you know, they're coming out, they're, I think they're going to create a whole lot of noise and not really be much of a benefit. So again, do, do yourself education again. Look into it. I'm not saying run away and put your hand head in the sand. Don't ostracize yourself by any means when it comes to these AI platforms. You know, we need to know as a industry, industry and especially cyber and if you're even I t. We didn't know from an industry what do these things look like, what can they do? What are their limitations? When do they hallucinate? You know, how can you prevent hallucinations? We need to understand these things. You know, crawl, walk, run. We need to understand this stuff. So. All right, so I do have a hard stuff stop coming up. So I. We will bow out just a few minutes early. I don't see any more questions coming in and I do need to prep for my call right after this. But I do greatly appreciate everybody for tuning in and hanging out with me and asking questions. And I do believe there is another gentleman. I forget if it was James McQuiggin or somebody else that's going to be on for Thursday. So tune in for him as well. And please look, seriously, if you found value in any part of today's episode or this week, last week's episode, I encourage you, please go down, smack that thumbs up. Consider subscribing to the channel. Dr. Joe Osher is bringing this thing five days a week. He's bringing other content. He's allowing us, you know, from the team and things like that, you know, and bringing out outside people to help bring different perspectives. So we're delivering, we're helping him and his mission to deliver this content to you. So show some love, share this content out with somebody that you believe will get benefit from hearing from some of our ramblings. And until then, y' all take care of yourselves. I'll do quick dolphin sound and we'll do the close up video. All right, y', all, ladies and gentlemen, y' all take care of yourselves and we'll see y' all next week. Until then, stay, stay curious. I almost said cherry. Stay curious, my friends.

Dr. Gerald Ozer (83:54)

Hey everybody. I hope you enjoyed that content. Keep the cyber security train going by connecting with the other Simply Cyber community resources. We have the Discord server that's lively and always keeps the conversation going. You can connect with me directly on LinkedIn. And also every single weekday morning on the Simply Cyber channel, we're doing live daily cyber threat briefings, 8:00am Eastern time as well as Thursday at 4:30pm we're doing live stream interviews with industry experts and we produce videos that we push out every Wednesday morning. I'm Jerry from Simply Cyber. I hope you enjoyed the content and we'll see you in the next one.