B (12:01)

These are the cybersecurity headlines for Monday, March 9, 2026. I'm Steve Prentice. FBI investigates suspicious activities on agency network. This investigation focuses on a cybersecurity breach suffered by the digital collection system network, which is connected to the agency's wiretaps, pen register surveillance tools, and other intelligence collection systems used in criminal and national security investigations. The incident occurred on February 17th and was discovered after irregular network behavior was witnessed. A letter to Congress from the FBI allegedly claimed that the threat actors gained entry through an Internet service provider that served as a vendor to the agency. End quote. Over 100 GitHub repositories. This.

A (12:52)

All right, so this is not bad. First of all, I do want to point out that this is considered an unclassified system, which makes sense. I mean, if this was a classified system, and there was. Here's my opinion, okay, if this was a classified system, this wouldn't be in the news, okay? Like, they wouldn't announce that there was tampering or a threat actor inside of a classified system because that's a. That's a concern of national security. Right? So by default, it's kind of obvious it's an unclass system. All right, so the FBI has a system. I've never heard of pen surveillance, Right. But I certainly have heard of wiretaps and intelligence collection systems. There isn't much information here. They do talk about DHS and NSA being involved in the incident. Effectively, what this sounds like is the FBI has a real problem and they're calling in friends and family who have the skills to help, you know, basically investigate this situation. It's no different than, like, you know, your. Your printer breaks or whatever, and you call your. Your cousin to come over and help you fix it because they're really good with it or they do computers, obviously. I wouldn't think that. I'm sure you saw the news this weekend that DHS has a Leadership change. So to me this is much more the rank and file getting called in to help with this stuff, not so much leadership. So we'll see. Let's see what else is in here. Of course it does hold sensitive information, surveillance information, etc. Okay, another interesting thing, they don't say it's China, but they do say it came through a third party ISP in 2024. China. I don't even think it's allegedly. I think it's been confirmed. China attacked US based telecommunication providers like the top nine, you know, your Verizon, AT&T T Mobile, Sprint and a couple others I never heard of. But anyways, it is possible that this was the vector that they went through, but it's unknown. Right. And again like when, when China gets into your ISPs, short of removing or replacing the hardware, you're not going to be entirely sure you got them out. This has got a lot of concern to me about, you know, like this is concerning but there's not much information on the story other than it's all hands on deck and people are getting after it. Suspicious activities is a very nebulous statement. Like seeing brute force login attempts that don't succeed is suspicious. Seeing someone create a new domain admin account on a domain controller is also suspicious. And those are two wildly different, you know, vectors of concern. So like for, for me and you, there's no like real, I don't want to say no real information but like there's nothing for us to do here. The only thing I. Oh my God bro. Trying to get my discord sorted out. The only thing I can think of really for you guys again I like to. Angie, I like to provide additional value and insight that goes beyond. The only thing I can really give you is this is a third party risk issue. They came in through the isp. Even if that ISP is absolutely, you know, appropriate access and they're supposed to be get there, you know, it's. It's a tough risk to manage basically. So that's it. Quick note. Justin Gold jumping in Mod Chat says a pen register is a surveillance tool used to record real time non content metadata like a phone number dialed or an IP address or routing information. Okay, so it's metadata. All right, thanks

B (17:01)

bidding Borrupt Grab stealer this malware spelled B O R Y P T G R A B can quote harvest browser and cryptocurrency wallet data along with system information and user files and can assist in command and control communication. Researchers at Trend Micro have Now revealed the existence of multiple zip archives masquerading as free software tools that have been distributed since late 2025 through the GitHub repositories. The researchers stated that the Borit Grab campaign illustrates an evolving threat ecosystem targeting users through deceptive software downloads and fake GitHub repositories, showing an increasing level of engineering sophistication. End quote.

A (17:49)

All right, so you know, when I hear Borat Grab Steeler, it makes me think of Borat. Huh? My crypto great success. Yes. All right. It has nothing to do with Borat, but I wanted to share that with you because that's what it made me think of. All right, so, okay, GitHub repos are distributing the stealer. Guys, this has become again a third party risk, a third party challenge in the, in this modern age right now. Like think about it for a second because you, you might be like, why would I ever download malware? Guys, software developers, especially right now with vibe coding, you don't know like the AI, like gosh, it's, it's really bad. It's getting like it's getting worse, not better. Okay, so like let's just put that out there. With AI and Open Claw and MCP servers and all these other things, they're pulling down code so you can Vibe code something. And threat actors are well aware of this. So they are adding malicious, you know, functionality, malicious capabilities into GitHub repos, hopefully targeting more popular GitHub repos or ones that are popular but have been abandoned in some capacity. And they're sticking crypto stealers and other kind of info stealers in there and they're getting baked into software. Now of course, the browser is now how many many end users like normal people because we're abnormal. How many normal people will interface with systems? Right, so sassy apps. Oh, you sassy like SaaS apps are mostly we browser based, of course. And you can see this Boric Grab Harvest browser and crypto wallet data. The stealer can drop a back door dubbed ton tunish client. So T n n n E SSH and uses SSH for C2. Let's see. All right, the binaries have Russian language comments. So if you see that in your source code and you're not Russian or you read Cyrillic, you may want to check that out. All right, let's see what else we got. DLL side loading. All right, how's this thing get infect you? By the way, just because a GitHub repo has malware functionality doesn't mean like if you go to GitHub and look at the page, you get infected. Like, you have to incorporate the malicious code into your system or into your application or something, or run it locally. So just, Just so everybody's on the same page here. It collects data from desktop crypto wallet apps and browser extensions. Take screenshots, collect files. Yeah, this is like a. A full featured, gonna own you kind of, kind of thing. All right? Can even take discord tokens. That's not good. All right, so the deal here is, what are the IOCs besides. Well, they don't have IOCs. Oh, dude, this isn't even real GitHub repos. These are fake GitHub repos that are being. How do you fall for a fake GitHub repo, bruh? Dude, this is so new. You can't even. I typed in Boric Grab campaign and Google. Thought I was saying crypto. All right? Attackers use SEO to place malicious GitHub repos high in search results for popular software as Valorant, FPS, Booster, Voice Mod Pro, Call of Duty, Black Ops 6, Aimbot. I see you, you cheaters. All right, now that I have the. Now that I have the deets on this one, here's the reality, guys, okay? This malicious campaign, once it runs on your computer, you're kind of owned, right? Your crypto stuff, your credentials, system information, telegram, discord tokens, all that stuff, right? So here's the deal. Their initial infection again, I'm big, big on initial infection. Because if you can stop that, the whole thing is stopped, right? Is search engine optimization. So if you're looking for a program or code or some capability, they will show up higher in the search results and in some instances, AI will even recommend it. All right? So when you click on it, you go to what looks like a GitHub repo, even though it's not. You should be able to tell by the domain name. And then you pull down code that is malicious that says it's a Aimbot or it's a way to cheat Roblox, and then you, you, you basically infect yourself. All right, so that's the deal. You infect yourself. Now they're attacking crypto wallets too, which means I'm going to go ahead and say, like, I don't want to say more advanced users, but like, my Aunt Dorothy is not using crypto wallets and stuff like that. So people who are a little bit more savvy and probably able to run Python code on their own machine or run some type of, you know, application to do Something be on the lookout, I will say educate your end users, including like you might even want to make it more about, hey, you know, like if you're searching for pirated software or software that hacks other software, just be aware that this is an attack vector because hopefully you can educate your workforce so they're not doing it themselves or they're aware that like maybe their kids are doing it. It's it that's a huge demographic like the 10 to 15 year old, no money, plays video games a lot and wants things and that'll infect you. And just, just as a personal note, just so Everybody knows, my 10 year old is really big into Roblox right now and, and, and on the VR he's on into like oh my God, Gorilla Tag and a game called animal company. And he will regularly watch YouTube videos of other people playing the game. And then they have like hacks and mods that allow them to do things like Infinite Money Glitch and go through walls clipping and stuff like that. And he is begging me, begging me to go on Discord, to download files to then map onto his VR headset so he can like hack games. And I'm like, absolutely not, dude. He's like, the YouTube video did it. I'm like, bro, you are absolutely going to get pwned. And there's no way I'm having a device on my network owned by somebody other than someone in this family. So anyways, TLDR education is paramount. But you know, obviously if you have EDR solutions, look for weird outbound SSH tunnels because that would be C2 for this particular threat actor.

B (24:54)

Hackers abuse ARPA, DNS and IPv6 to evade phishing defenses. The ARPA domain is a special top level domain reserved for Internet infrastructure rather than normal websites. It is used for reverse DNS lookups which allow systems to map an IP address back to a host name. Researchers at Infoblox described a campaign that uses the IP6 ARPA reverse DNS TLD to essentially point 2 faked IPv6 addresses owned by the threat actors who can then quote, abuse the reverse DNS zone for the IP range by configuring additional DNS records for phishing sites, end quote. A link to a more detailed description of this technique is available in the show notes to this episode.

A (25:41)

All right, so I don't know who had IPv6 on their bingo card this morning, but welcome to the party, pal. Welcome to the party, pal. All right, so first I'm gonna. You're gonna get so much value from this story that you might want to go get another T because we're gonna fill up. I, I go, I go grocery shopping like every single day. So like, I, I always carry like a tote with me. That's my move. But we're filling the tote up and you're gonna need a backup tote for this story and the value I'm giving you. All right. Threat actors are abusing the DOT ARPA domain. Remember if. Well, don't remember if you didn't know. ARPA is like the research arm of like the US Government, kind of. DARPA was the defense research arm, the ones who invented the Internet. Thank you very much. That seemed to work out really well. Thank you for the Internet. But I didn't know that there's a special TLD for Dart arpa, and it's reserved for Internet infrastructure, not normal websites. And it's used for reverse DNS looks UPS lookups, which allows you to map an IP address back to a host name. Now, many of us think of DNS as, you know, google.com and then it translates into some IPv4 address. But apparently.arpa is used to go from an IP address up to a domain name, which, which allows for abuse, right? Obviously, They, they show here www.google.com has the IP address 1-921785036 and then this long ass, or excuse me, long a IPv6 address. So if you do a reverse lookup and they show Digg, which is a, you know, popular command line tool, you could show the, the resolution of that query. Now how are they abusing it? See, attackers found that if they reserve their own IPv6 address space, they can abuse the reverse DNS zone for the IP range by configuring additional DNS records for phishing sites. So once they gain control of the DNS zone for that IPv6 range, some DNS management platforms allowed them to configure. See, let's see here. Oh, oh, hello. This is pretty complicated. So here's the deal. They basically get a. They, they get ownership of an a public IPv6 range, right? And once they have that, they register reverse DNS as a domain using that IPv6.arpa don't TLD, right? Once they get that, they're. They leverage the integrity of Cloud Flare and a per, apparently Hurricane Electric Services I've never heard of to own it. Then they create an SSL cert which allows them to have, you know, a secure website connection, and then they build A phishing website that has, as far as I can tell, they can control the domain name, right? So they make it look legit. Here's the phishing emails that come out. Exclusive Christmas gift Norton Antivirus where they. Your, you've been hacked. Gordon Ramsay giving out some free pots and pans at Macy's. All of it to get you to click on something. Now you can see here in the, in the. If you're watching on stream, the body of the email has the link for the Image from a.ipv, iP6ARPA URL. And this is basically here's the deal. The threat actor can create a phishing landing page that doesn't get flagged by DNS like resolvers for integrity as considered malicious because it's going to be coming through cloud flare in this hurricane electric, right? So it's going to have oh, this is legit. This is higher integrity essentially. This makes, I guess, here's what I would say. This doesn't make any difference to your victims or to us when we get the phishing email, still a phishing email, it still goes to a phishing landing page, etc. What this threat actor is doing is the, the likelihood of that phish showing up in your inbox and is greater because the tools that we have to qualify whether or not domains and emails are coming from trashy, you know, malicious infrastructure don't apply here because they are getting essentially pre approved by coming through Cloudflare and etc. Now this is wild, this is a, this is a problem. Okay. And I don't even know, I mean I guess, honestly, I guess you could block. This seems a little crude but what I would say is like block any type of traffic going to a.arpa TLD because honestly it's not designed for websites, right? You're not supposed to be going to ARPA tlds. It's for the, you know, the. Under the hood of the Internet. I want to point out really quickly. So today I learned about the ARPA TLD but also IPv6. I was having, I was having a conversation with Adrian. Hold on. He's gonna come on to simply cyber firesides, by the way. Let's see Adrian Santa Bria. Let's see if I can find a picture of him. He's got great hair. There he is. I don't know if you guys know this guy right here, Adrian Santa Bria. He's been around for a long time, this guy. He's coming on simply cyber firesides. I talked to him at Zero Trust World for like an hour. And we talked about IPv6 and how it's just IPv6 was supposed to solve the exhaustion of IPv4 address range. Okay, really quick. IB IPv4, there's 4 octets, 0 to 255 if you do the math, there's like 4 billion combinations, right? There's more assets on the Internet than that. So there's a problem, right? They came out with RFC 1918 which allowed non public routable IP address ranges, but that still didn't solve all the problems. So the Internet came out with IPv6. Well, the Internet came out with IPv6 and then they solved it with RFC 1918. Excuse me, I misspoke. So IPv6 is still out there, but a lot of people don't use it and it's quite complicated and it's a pain in the A. And you will see large organizations like Meta use it and stuff like that. But it introduces a whole host of new problems and, and one just to share with you for fun is if you've done ARP poisoning. I didn't know this. Adrian told me. If you've done ARP poisoning, you can only do it on a land like, you know, a Vlan network segment. But with IPv6 you can poison the entire network. So crazy risk being introduced to that. All right, so let's go. Lets go.

B (33:10)

European Union Court Advisor suggests Banks compensate phishing victims the Advocate General of the Court of Justice of the eu, Athanasios Rantos, has made a formal suggestion that banks immediately refund account holders affected by unauthorized transactions, even when the customer has fallen for a phishing scam. This dialogue is based on a specific lawsuit that was issued in Poland against the bank in which a customer had been led to a spoofed auction site and had had stolen. The bank had initially refused, but Rantos stated that under European Union directives, Bank can only do this if they, quote, have reasonable grounds to suspect customer fraud, end quote. This can be reversed, however, if the bank can prove negligence on the part of the customer. To be clear, this is not a European Union Court of Justice ruling, but rather an indication of the direction that the court may take when the matter reaches that stage.

A (34:09)

All right, you know what? Good. I'm surprised this wasn't already the case in Europe. I feel like Europe's like much more. I feel like Europe or the European Union is further ahead than the United States when it comes to individual civil rights and privacy. So I'm surprised about this case. You know, when you get fished and you, you send money out, you can't get that money back typically, especially if it's like crypto or wire transfer or something like that. But when there's fraudulent credit card transactions, the bank as far like in my experience, the bank will always refund you your fraudulent credit card transactions. And honestly I think the, I think the merchant gets screwed in the end. But this is, this is kind of sketchy now that I think about it for a second. So I don't know if this will. Is this already in place or is this like being talked about? Formal opinion suggesting that banks must immediately refund account holders affected by unauthorized transactions even when it's their fault. Now here's a problem with that one. If this is the case, number one, banks aren't going to be a big fan of this obviously, right? Number two guys, if I come up with the idea, you know, a threat actor's got the idea because I'm the most non threat actor thinking conformist type person out there. Like why would I just not fish myself, you know what I mean? Like okay, like hey, oh, I fell for a $50,000 fish. Oh, refund me. So now I got 50 GS over here and then the bank gives me my 50,000 back, right? I just made 100 grand easy. So and then, and then like again I don't want to victim shame but like if I'm going to get my money back regard regardless if I fall for fish then like what's my motivation to like be vigilant. I'll just be like ah, whatever. I mean, oh my God, I spent a couple days live with people and I just started swearing all over the place. I'm wicked. Sorry guys, can't take the, you can take the kid out of Boston. Huh? All right, so anyways, this is a pretty dodgy. At first I thought this was just refunding for fraudulent transactions. This is much more intense. So we'll see where this goes. I think this is rife for abuse though.

B (36:51)

Huge thanks to our sponsor DropZone AI. Here is a number worth knowing. Before RSAC, the average enterprise SOC sees tens of thousands of alerts a day. Most get triaged, a fraction get thoroughly investigated. The rest sit in the queue or get auto closed. DropZone AI puts AI SOC agents on every one of those alerts. Every alert investigated end to end across your full tool stack around the clock. Over 300 deployments in production today. DropZone AI is at RSAC this year at booth 455. And you can get more information at DropZone AI RSA2026AI Diner D I N E R Jesus.

A (37:41)

That was a.

B (37:41)

You are also available.

A (37:42)

Wow. All right. Hey, check it out. Check it out. Let's do this on. I'm just gonna pick a different song today. I'm feeling this one. Oh, my God, bro. This just feels right. Guys. Hey, I want to say thank you all so very much. Thank you all so very much for being here. I genuinely appreciate you guys. Great to be back in the Buffer Ozer Flow studio live with you on this beautiful Monday morning. Guys, every single day we have a special segment. And at the mid roll, I want to thank the stream sponsors for enabling me to bring this show to you. Threat Locker Anti Siphon flare. And I want to give a shout out. Every single day of the week has a special segment. And Simply Cyber Mondays has a community member of the week. Now this is a sponsored segment from Threat Locker, who does a deny by default approach, which means I get to give this person a hundred bucks because they're awesome and I love recognizing y'. All. All right, guys, so your Simply Cyber Community Member of the week had a chance to hang out with him at Zero Trust World. Love his story. Appreciate him sharing it. Ladies and gentlemen, may I introduce you to your Simply Cyber Community Member of the Week, the real Kyle. Kyle. Let's give him a swing. Swing, swing. All right, so the real Kyle. Kyle. This is guy, three kids, Coast Guard, bringing the heat and inspiring others. A lot of distractions. His story is inspiring and I hope you found it interesting as well. Kyle, thank you so very much for all that you do. All right, let's do this really quickly. It felt good, but. Hold on one second. It felt good, but I do want to do this really quick. All right, here we go. All right. All right, so I saw a couple things in here. Devin Grady, past Cyber Defender Level 2 exam over the weekend. Nice job, Devin. Love it, love it, love it. All right, let's get our La La on. And I saw Wrecking Ball, so I don't know if someone got a job, Justin, but anyways, Kyle, Kyle, thank you so very much. This La la la la is for you, dude. There we go. Here we go. La. All right. Hey, Kyle, get with me on Discord, please. Just ping me in general and after the show, I'll get you your Amazon gift card. All right, let's crush the back half of the show.

B (41:11)

New Jersey county suffers a malware attack. Passaic county, one of the largest counties in New Jersey, suffered a cyber attack that disrupted phone lines and IT systems used across government offices. Officials in Passaic recognize that this is just one of several attacks on local governments in New Jersey, noting recent ones in Somerset County, Camden County, Bergen county, the township of Montclair, and the city of Hoboken, North Korea. Scaling up fake workers.

A (41:39)

That was a pretty short story. Like just, dude, dirty Jersey. Jersey just getting served there. They're like malware attacking Jersey. Everyone's down. Next story, bruh. All right, so dirty jurors is dealing with. By the way, I have a lot of friends from New Jersey, so just to be clear, I know there's a difference between North Jersey and South Jersey. Spent a lot of time in New Brunswick. Grease trucks at Princeton before they went away. Or Rutgers. Excuse me. So, all right, so what are we doing here? Phone lines were down. Okay, 20, 23, 22, 5. I mean, what's the problem here? All right, so the story doesn't have anything. So Jersey's down. I repeat, Jersey's down. Okay. It is interesting that the IT systems are down. That's normal phone lines though. That's kind of unusual unless it's all, you know, VOIP or whatever. But 600000 people in northern Jersey impacted. There's not much to this story. Listen, if you work in state or local municipality, which I know several of you do, you're constantly dealing with making a dollar out of 15 cents. I get it. But by default, public sector is non profit, right? Like it's not like, it's not like New Jersey County, Camden county can raise. I mean, they'd have to raise taxes and that pisses off citizens, right? So they're constantly trying to make it work and they got taken advantage of. Okay, Phone lines are down. Honestly, as a risk professional, when I think what is the consequences of this? Most people have cell phones, right? So you know, like businesses could be down, but if you're running on voip, as long as you have Internet service, you're good. So government offices, obviously you can't call the DMV or whatever that could be. Geez, man. Could be problematic, but for the most part we're good here. Justin Gold is suggesting that it was a third party telecommunications company that got hit, not the actual government itself. I mean, there isn't much to this really. All I'll say is, you know, Jersey, you know, it is what it is. Okay? Mike Andrewsi is reporting that Camden county is still active and still up. So I will say what's his face? Yeah, anyways, whatever, Jersey. I always, whenever I think of Jersey, my My first thought is, I can't. Do you remember this? Do you remember when Covet hit and like the beaches were closed in Jersey? I don't know if you remember this. This isn't even political. This is just ridiculous. And Chris Christie, like basically rented, like rented a beach house and just had like a beach party. Like so bad for optics. Like beaches are closed kind of. I always remember that one. Like when I think of Jersey, like that's what I think of.

B (45:20)

Schemes with generative AI A warning from Microsoft Threat Intelligence states that North Korean threat groups are using AI tools to, quote, accelerate and expand the country's long running scheme to get remote technical workers hired at global companies for longer durations, end quote. A report released Friday calls AI a force multiplier in this pursuit by shortening the time it takes to create digital Personas for specific job markets and roles, including impersonations and real time voice modulation. Claude finds yep.

A (45:55)

All right, so from a hiring manager HR perspective, North Korea has been, you know, getting all sorts of IT jobs the last couple years and now they're using AI to be more effective on getting the jobs. Right? So they're using Gen AI to change their voice and now they can sound like they're from Texas instead of, you know, North Korea. They can create a perfect candidate Persona very quickly. Like basically take the, take the job posting and then use AI to create a perfect candidate. Right? So these are all the things I, I even heard Adrian from Enterprise Security Weekly during that conversation I had with him at Zero Trust World actually told me that the, the AI auto audio and voice changing is so effective now that like you like business, like legit businesses are having like say Indian based call centers. So you know how like you call help desk or whatever or you call a 1, 800 number for help and sometimes you get an international person, like maybe an Indian person with an Indian accent or whatever and whatever. I mean it is what it is. Those call centers are actually now using this software where you can make it sound like the person is from Texas or from Boston or, you know, whatever. So this is all capabilities now. What does this mean? This means that you have to, you have to be more vigilant on how you are interviewing and validating identities of potential hires and candidates. Right? It's no longer effective to say, I mean, send me a picture of your driver's license. It can be faked. Get on a call with me. Can be faked. Do a, you know, FaceTime deep fake. Could be faked. Right? So it's, it's it's really rough right now. Again, hey, this is a. I. I'm never going back to the office, okay? I am a work remote guy forever. But this is an argument for return to office, or at least return to office for the job interview, which is still not 100%, because some instances, the North Koreans are hiring people to be the hu. Like the. The human or the. The. You know, the. The US Citizen in the loop, if you will. It is what it is. All right? I will tell you that this is a very, like, juicy story. Like, when I think of educating end users. Okay. Or educating executives. This one's probably more for the executives in the HR department. You know, if I'm like, beep boop beep, 0101 next level hack sort, right? Like that is that even though we think it's cool, right? Oh, that's so hot, right? Oh, my gosh, that Hansel's so hot right now. It's so good having the soundboard back, by the way. Listen, HR CFO executives, they don't care about stuff like that. They are not nerds. We are nerds, okay? So when there is a story that is dripping with accessibility to general audiences, I am all over it like a fly on a dung pile. All right? This one's perfect. Guy like, AI to change your voice, AI to change your face. It looks like a magic trick, okay? So it's very interesting to normal people. Like, oh, look at this. I can be Taylor Swift. Oh, look at this. I can sound like DJ Ba Wicka Wicka.

B (49:46)

That's.

A (49:46)

That's me DJing, by the way. So if I can make myself look like the CEO or make myself sound like the head of hr, right? Like. Like even, you know, of a different gender, right? Like, so I get on the phone and my voice is a woman's voice, for example. That is a very cool magic trick. And then when you say, wasn't that cool? And they're like, yes, that was the coolest, then you can say, threat actors like North Korea are using this exact trick to get hired into businesses. Now you have my attention. Okay? So don't. Don't sleep on a job like this. I mean, on a story like this. Okay, by the way, I will say it because I know everyone's thinking about it. I. I can. I can feel your frustration. It would piss me off, too. And I'm sorry that I'm swearing, but it warrants it at this time. If you are looking for a job right now, if you're unemployed and you're or you're in between opportunities or whatever, and you're getting interviews and not getting the job, or you're not getting callbacks when you submit resumes. And then you look at this story and you're like, north Korea's got more I T. Jobs coming out of the woodwork than anyone. It is incredibly infuriating. I like. It's like, ah, all right, all right, let's keep cooking.

B (51:09)

22 Firefox vulnerabilities as part of its security partnership with Mozilla, Anthropic said on Friday that it discovered these new security vulnerabilities in the Firefox Web browser with 14 classified as high. The vulnerabilities were discovered using the Claude Opus 4.6 large language model and have been addressed in Firefox 148. Released late last month, Anthropic said, quote, the LLM detected a use after free bug in the browser's JavaScript after just 20 minutes of exploration, which was then validated by a human researcher in a virtualized environment to rule out the possibility of a false positive. End quote.

A (51:50)

All right, so a win for us, by the way. So Anthropic, which is the mother company of Claude Claude Opus 46, is the newest so hot right now model that Hansel's so hot right now. Shall we? Right. Found 22 volumes, including a couple. I mean, they're all zero days, I suppose, but like a couple, like serious ones in Mozilla Firefox. Right? So this is a browser tons of people use. This is cool. Now this use case is phenomenal. A human researcher may or may not have found these. How long did it say it took them? The word hour is in there. 20 minutes. So quad was finding. This is sick, dude. Quad was finding more than one vulnerability. More than one zero day. Effectively a minute. 22 volumes in 20 minutes. Okay. I mean, it says just 20 minutes, so I don't know if they timed it or not, but basically a volume a minute is insane. I don't know about you guys, I have no CVEs to my name. If you gave me the Mozilla source code, I'm not sure I could find one or certainly not find one quickly. So this is super awesome, right? If you're a security researcher, this could be a good way to like level up. If you're trying to get a CVE to your name, this could be a cool way to do it. If you're a software engineer, you make code, you write software, you know, adding AI as part of the Unit testing phase is very cool right now. I do want to point out. I don't know why my voice is so messed up. I do want to point out the. It did cost $4,000 in API credits. So don't, don't think that this is trivial. All right? Now, of the 22 that were found, Claude was only able to exploit like only two of the vulnerabilities could have been weaponized to be exploitable. Okay, so not all Vs can be exploited. $4000 is a lot to me. But if you're a nation state threat actor or you're a cyber criminal enterprise where you know, you're. You're selling exploits, right? Go read this book. I'm going to simply Cyber IO Books, which is my library maintained by Christina Paulika, AKA the Librarian, who. I haven't seen Christina in the community in a while, so I hope everything's good there. But check this out. How they tell me the world ends. I'm almost positive this is the book. This book by Nicole Pelroth is phenomenal. And it goes into a little. See how it says the cyber weapons arm race. Cyber weapons arm race. Cyber weapons are tools that can exploit vulnerabilities. Okay? Nation states are willing to pay big money for highly effective, very reliable cyber weapons or code that can run exploits, right? So going back to the story, if it caught, if it cost you $4,000 to write two exploits and you are, you know, basically you have a fence, like you have someone that will. You can sell exploits through because you're former NSA or something, you're gonna make way more than four grand. Okay, if you're spending four grand so you can get a CVE to your name, well, that's a little different. Plus, I don't even know how genuine that would be because then it's not really your cp, it's Claude's CPE or. But that I digress. Anyways, as much as this is a cool thing for you to do in house and protect your own code, I'm thinking, honestly, this is like a. I could see nation states using this approach to quickly write cyber weapons faster than a human could. Right. An operator in the space. So very cool. Think Eternal Blue. Except written by Claude Eternal AI Transport

B (56:30)

for London slightly increases their account of the number of people affected by the 2024 breach. Following up on a story we covered in September 2024. Transport for London, the local government body responsible for managing much of London's transport system, now says that the September 2024 data breach exposed the data of more than 7 million people, somewhat more than the 5,000 initially suggested. Two teens affiliated with the Scattered Spider group were charged with committing this crime. The discrepancy in these numbers was not an error, but reflected Transport for London placing priority on 5,000 customers whose digital pass cards, known as the Oyster card, may have been breached, potentially leading to banking information. Do you want to know?

A (57:18)

All right, so the old Jerry would dunk on this company here, but I'm a much more refined. I'm the, I'm the gentleman hacker now, right? If you've seen my, the commercial I made with my kids a couple years ago here, I'll just. I'm the distinguished hacker. So this is, this is me in modern times where I'm less judgy about companies. Okay? So anyways, Transport of London not initially said 5,000 people impacted. After review, it's 7 million. Obviously this is ridiculously initially under valuing what it was. Now their argument was that 5000 people were compromised, had their, like, financials compromised. So that's why they did this. I'm going to call shenanigans on this one because if you knew 5,000 people had their data compromised out of 7 million, so you were prioritizing them, you could still say 7 million, brah, and then, you know, highlight that of the 7 million, only 5,000 were impacted. So I'm not going to let them off the hook right away. I will say, in the world of ir, it is really, really hard. Think about this for a second. You are at work and you're dealing with an active incident every. You've got a threat actor in the environment, data is being exiled every 15 minutes. You've got some suit stepping in asking you for an update. You know how many people are compromised, you got lawyers on the phone, how, how many records, what are we doing? And you take a, an initial swag, right? You, you hit control a. And then you know, you, you, how many files or whatever, right? So sometimes your initial number of compromised accounts is inaccurate. But they want a number. They want a number. They want a number. So you give it to them. And then after you have time to go through these things, then you find out. I also want to point out a real use case because you might be like, bro, how hard is it to do select star from database table and then, you know, count how many records there are, right? It's simple. Just run the, run the query. It is not simple. Let me explain. I have a friend who has gone, who is at the time, this is last year, but they were going through a massive data breach, okay? Like I felt bad for the guy, okay? And like he wasn't, he was walking funny because he had several executives all the way up his butt, okay? And I was like, you know, how bad is it? And he's like, I don't even know. He's like, I don't know. Because the threat actor stole a bunch of PDFs and in the PDFs was individual information. I don't want to give the type of information because I don't want to further help figure out who this person was. But anyways, he's like, dude, like a PDF could have several people. Some people, it could be a document with like a thousand pages and you can't just hit control, you can't select star from PDF, right? So he's like, we have to go through and literally count the records on the PDFs. He's like, it's brutal. Like we, we've hired like temp workers to come in and just literally count so they get the number, right? So sometimes it's brutal, sometimes it's not as simple. So I just want you to, you know, pour a little bit out for the people going through the breaches trying to figure out these numbers. Now I will say also that sometimes it's a business like I don't know, Oracle who gets breached and like absolutely says they're not breached. And then the threat actor releases the data and says they're breached and Oracle still says they're not breached. And then Microsoft comes out and says Oracle was breached and Oracle comes out and says we're not breached. And then like quietly, a month later Oracle's like, we were breached. You know what I mean? Like crap like that happens. But anyways, if you were compromised in this London based attack or whatever, it sucks. And you're going to get your identity theft protection and move on. Okay. All right, let's do this. All right. All right. All right. This. Oh my God, I hate when that happens. Sometimes I click on the tab and then Google Chrome is like, you know what, you probably wanted to close this tab since you clicked on it. Also side note, I have so many tabs open that only the, the only thing that shows up is the X. So I think by clicking the tab, I'm automatically clicking the X. All right, guys, this was simply Cyber's daily cyber threat brief. You were here at Angie. Rosie was our first timer and she's not showing up on the like when I'm trying to do her at name. So I guess she Left. Can't win them all, squad. I'm Jerry from Simply Cyber. Don't go anywhere because we're about to level up and do some jawjacking. Helping people by mentoring at scale. I'm Jerry from Simply Cyber. Shout out to Kyle, our Simply Cyber community member of the week. Don't go anywhere. I'm gonna go find Jerry Guy and get this jawjacking party started. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning, burning questions about the cyber security field. Live, unfiltered, and totally free. Let's level up together. It's time for some jawjacking. All right, what's up, everybody? Welcome to the party. This is Jerry Guy coming at you live from the Buffer Osier Flow Studio. Hot off the trail of the Simply Cyber daily cyber threat brief, hosted by that nerd, Dr. Gerald Ozier. Oh, my God, bro. But for real, my name's Jerry. I've got 20 plus years of experience, and I would love to help you. If you have a question, put it in chat with a Q. Chances are other people have the same question also. I'm here to help. I'm here to answer questions. I'm here to cut through the crap and give you value and. And give you what you need. So put a Q in the front. We'll answer them. Yeah, Daylight savings time. My kid loves it because now he can ride his bike until like, 8:30 at night. My kid also hates it because he went to school in the dark today. Ah, thank you. Space tacos. Space tacos. Always the voice of positivity and optimism. All right, guys, what's cracking?

B (64:05)

Foreign?

A (64:06)

I'm super pumped. Going to RSA in a few weeks. I. I do want to say, like, in classic nerd fashion. Oh, straw hat sex says she is here. Well. Oh, hi, Angie. Angie, I hope you enjoyed the show. This is another show that we do. Double shot. Hey. So in classic fashion, whenever I come back from a show like Zero Trust World, I do a debrief. This is so nerdy, but whatever. I do a debrief on what went well and what didn't go well. As far as, like, production goes. Okay? And based on all that, I went on Amazon and I bought a bunch of CR stuff. It's not crap. I bought a bunch of stuff that will help me be better, have a better show set up faster, break down quicker. And I want to shout out to James McQuiggin at 35, 000ft. James, like when. When we're setting up the studio and plugging all the things in my computer. My, my, my laptop is just like ground zero for all. Bunch of crap. He said, why don't you get a, a hub and do something with it? So I did a bunch of research online, but now I've got this really cool. I hope it works out. There's a bunch of USB Cs and then three high speed data transfer USB as I've got the SD card, double hdmi. Anyways, my plan is when I go on travel, everything can plug into this. And then I just have like, you know, one plug for my laptop so it's easier to set up and break down. I'm super pumped about that. And I know it's obvious. Oh, laptop hub, obviously, but yeah, like, you know, it wasn't broke before, so I wasn't trying to fix it. All right, let me. I'm hoping that some questions have queued up at this point. So let me go ahead and, and find the questions here. All right, I'm scrolling through chat right now. Bear with me. All right, all right, all right. A lot of good chat in here. People talking about the book. This is how they tell me the world ends. Phenomenal book. Go check it out for real. Good morning, Dream Logic. Good to see you. Tech Ricky. Good to see you. I was talking about Tech Ricky at Zero Trust World. In a good way. Tech Ricky, hope everything's well with you. All right, I'm almost caught up here on chat. All right.

B (66:40)

And

A (66:44)

all right, Rob Cooper's in chat. Good to see you, Rob. TJ's in chat. Deb and Grady's got to drop for work. Good morning. Kimberly can fix it. Shout out to Kimberly can fix it. Working the turn. Working the mixing board last week. Killing it. All right, Nico's first question. What brand hub is that? This is the box. It's not necessarily a good brand or a bad brand. I haven't heard of it. Here's my thing. I had very specific needs. Okay. I, for some reason they don't make a lot of hubs with USBC out. So I needed USBC out and I only got two here. And then, you know, I do use a bunch of USBAs. It's got HDMI out. I don't really need that. And the bonus was the SD card. I'm gonna be going to RSA instead of using my phone for camera. I was inspired by Kathy Chambers using her DSLR for video capture at Zero Trust World. And it was just, it really came out nice. So I'm gonna do that, too. Thank you for the question, Nikos. All right. In fact, you know what, guys? Hold on. I'll just do the Amazon. I'll just. Hold on. I'll just drop a link to the actual thing I bought. I bought probably, like, 20. Well, no, I brought. I bought probably like 14 different things. So if you guys want, I'll. I'll share. I'll tell you all about them if you want. I, like, legit spent like a thousand dollars, but it's all. It's all to, like, level up and invest right in back. I always invest in the channel. How do I. I'm trying to get the link here. All right, here we go. This is a Amazon link. So if you click on it, I might get a fee or something. I don't know. I. I'll tell you what. My Amazon affiliate account, I get an email from Amazon every month, and every month that says, you. You didn't make any money. So of course, I don't even care. I'm not like, I just set it up to set it up, but I don't. I don't pump it. I'm not like, oh, let's do affiliate marketing. All right, where did James McQuiggin get the Mini hub? Looks useful. I don't know what hub James McQuiggin uses. Who wants to give me some cyber tips about my protect on Discord? When you all got some time on my project on Discord. I'm sorry, Richard Duff, who is a Western Australia guy at Richard Duff at Richard Duff. Hey, if anyone wants to collaborate Richard Duff, can you share and chat a little bit more, like, about what your project is? That way people like, is it about AI? Is it about software? Is it about MFA bypass? Like, what's it about? Someone needs to know so they can determine if they want to play. All right, I'm graduating next week with my associates in Cyber Mad Max, and he's wondering how much weight degrees actually carry from associate to masters in time in terms of career advancement, higher ability, etc. All right, great question. So this is my own. My own opinion and people in chat. People in chat. If you have hired or, you know, if you've seen this, please share your experience so Mad Max can get a consensus and not just my opinion. So for me, an associates is good. A bachelor's is good. A master's. To me, a master's means, like, you're more likely to get a management job, right? A lot of businesses will gate, like, you know, manager, director type roles to people with master's degrees. So that's not a, an always thing. But in larger companies it is. If you work in a small business, like it's just like to get the work done, they don't care. I will say that I. You don't need degrees to work in cyber, but they certainly don't hurt. When you're going through a degree program, you should absolutely take advantage of the relationship building. Get to know your faculty, get to know your peers in your course. You don't know where those relationships could go, but you've got an obvious icebreaker. They are working with you. Plus, like here's the thing. I, I teach at the Citadel Military College. It doesn't happen all the time. But if I have a student of mine that is just hyper engaged, putting the work in, learning, learning, learning, asking the right questions, I will refer that student to people that I know who are looking for interns. I don't, I don't tell my students, hey, you better bust your hump and you'll get an internship. But it's just obvious. So make sure that you're, if you really want to make sure that you're applying yourself because you never know who, who's watching. Finally, as far as career advancement goes, I also like to point out, in my opinion, when you get a degree, like a bachelor's degree or master's degree in cyber or computer science, you are naturally getting a wider exposure to industry and disciplines, which is huge for me. So like, for example, as a, like let's say, let's just say for example, Mad Max, you get a job as a GRC person, okay? You're doing audits, everything's cool. Your whole world looks like grc. Well, if you haven't put, like, if you haven't taken a class on networking or threat intelligence or you know, Windows environments, right? Not that there's a class on that, but my thing is like your, your, your, your experience and your perspective is very narrow and everything is kind of within the lens of that. When you get a degree, you get exposed to other topics, which makes you better professional in general. I will say finally that if someone has five years of experience in a CISSP and someone just has a bachelor's degree, like the bachelor's degree does not trump the five years of experience in cissp. In fact, the five years of experience in CISSP is probably going to get weighted heavier than the degree. Just to be real. Good question. Space tacos. What's your most favorite part of the con? Last week? Then what was something new that you learned. Okay, well, something new I learned was about that IPv6 ARP poisoning situation that Adrian talked to me about. My favorite part last week was without question, without question, the network like, to me, like, you know, I. I work in my studio. I work from home. I don't get to engage a lot with community members except at these conferences. And there was a lot Simply Cyber Community members. In fact, let me. Let me share a story that just made my day. And if he is in chat right now, holler at me. I think his name was Taylor or Connor. And I'm sorry. I'm really sorry if I'm getting the name incorrect, but I was just, like, walking and someone was like, hey, like, Jerry. And I'm like, hey, what's up? And he's like, hey. Simply Cyber Community member. Love the show. I'm always there. I'm. I don't. I don't engage in the chat, but thank you. I'm an offensive security professional, and the way you talk about the stories gives me perspective on how, you know, someone on the GRC side sees things, and it gives me. It gives me insights. I love it. Thank you for all you do. And I'm like, thank you. You're no problem. Okay. Later on that same day, Kathy and I are walking around catching B roll or film of, like, just things going on at the conference. And we walked into a training room that had like a. Probably a thousand students, like, legit a thousand students all working on a class. And the guy teaching the class was. The guy. He's. I was like, oh, my God, that's so cool. Very, very cool. Also, shout out to Gino, another community member who I got to interview as part of our interviews. And after the interview was over, he's like, I'm a big fan of Simply Cyber. I'm like, dude, awesome. Should have led with that. So thanks. Space Tacos. Ad tech is popping my bubble by telling me USBC hubs suck. Oh, all right. 917 recently tried to start posting videos only to YouTube, but getting to no traction. Any recommendation? Would your personal branding course help with us? Yes, the personal branding course would help. Secondly, it takes time. It takes time. I mean, look at this. Really quickly. Give me a second standby. I mean, I launched a new YouTube channel in January for Cairo Sec. Right. It's me. This is me and Tyler Ramsby, okay? And look at. We've released 1, 2, 3, 4, 5 videos. We only have 47 subscribers. Our videos are getting 18 views. 47 views. Etc, so it's not easy but you know, it's, it's, it's about putting in the work, consistency. Don't overthink it. You know what I mean? But use LinkedIn to point back to your YouTube videos. Use your YouTube videos to engage community, ask questions, engage in the comments. That's a huge thing. Engaging in the comments, etc. Definitely. And congratulations on launching a YouTube channel. It is, it does take work though. That's the thing. Like, you know, some of these gurus will like, oh, do these three things and have go viral on YouTube. It's like, no, it's a lot of work. I've been doing it for six years. Okay. It's a lot of work. FedEx learned, yes, FedEx did learn about cable management. Wait until you see next time. FedEx. I, I bought some stuff that's gonna level up my cable management game. Oh, no. Oh no. Rob Cooper, stones fan. The 2016 Honda Santa Fe with half a million miles on it. Officially doa. Sorry, bruh. That's a good one though. All right, continuing to look at Chad. I'm going to start speed running the questions. Marcus Kyler says, what if you have a master's and doctorate in an In. In I guess unrelated field? I mean, to me the doctorate is very impressive because it shows, shows that, you know, you can, I mean, doctorates are hard, right? So that tells me that you're able to basically execute on, On a long term project. I think the masters in a different field is also valuable. Just get into management and stuff like that. Berlinda says GRC focus. Should I drop a boring Network plus class? No, no, no, no, no. You definitely should understand how to do networking. Ne. Understanding networking is vitally important to be effective at cyber security. Believe me. Now, you don't have to get the Network plus certificate, Berlinda, but you should understand like literally you should understand like what an IP address is. You should understand how two computers talk to each other. You should understand the OSI stack. You should understand what Mac addresses are, what DNS is, what listening ports are. What's the difference between TCP and udp? What is a ping packet look like? Like all these things? Definitely, definitely. You want to know those for grc? All right, Michael Fink, any tips on getting a clearance as a civilian in the DMV area? Since most jobs require that. No, I'm. Well, I mean, not tips. I mean, you can't get one. You have to be sponsored by an employer. You can't, you can't just go get one as far as I know, unless they change the Rules on that one. Simply Cybercon. Yeah, so Justin Gold is working on that right now. I'm gonna schedule time with Justin. He's finding this out right now. Also I'm gonna schedule time with Justin and we can do a share screen. I want to get the CFP open and I want to get the registration open and I want to get the website open, updated. That's a goal for this week. What is. What's. Where's the CFP? It. It will be open. Jrog404 My man Jonathan, Kentucky. Listen, it is coming. We're going to have it up by the end of the week. Okay? Jerry, would you like to explore cyber defense works with Grandpa DT Dream Logic? I don't know what that means. I'm sorry. Can you qualify this? Looking here, Roswell, uk It is daylight savings time in the United States, so yeah, I think we started an hour late. All right, looking at chats with the queue here, I. Hey listen, I. I would love to get rid of daylight savings time. I am not a fan. Okay, let's keep going here. All right, here we go. Stone sand with the gifted subs. Oh, hey, you know what it is March. We still got how many people in chat? 296. Allow me. Let's give out some membership gifts. Paula. There we go. There's five folks joining the squad. Sling slinging fixer Shinidam, my man Stone Sand. Oh, oh, he didn't get one. He was just commenting. Psycho Sin, a jackass and a dragon and Bry free. Welcome to the squad, guys. All right, let's keep cooking here. All right, continuing to look through chat. If you have a question, put a Q in front of out. All right. Okay, looking at chat here, people just talking about daylight savings time and about the Santa Fe. All right, So Stream logic says so cheesy your NSO genius. Thank you. Thank you very much. All right, look at all these gifted subs coming in. I love it. You guys are the best. Oh my gosh. Got a bunch of meetings today, guys. I got to tell you. Thank you very much.

B (82:50)

There's.

A (82:51)

I'm caught up on questions. So if you have a question that for some reason I missed, ask it again. Oh, severed thumb update. Yeah, I think. I think we're 100%. I think we're 100% space tacos become best friends.

B (83:05)

Yep.

A (83:05)

Thank you Dream logic with a super chat. Thank you Dream Logic. Miss ya. You're gonna do a part two or follow up to the Claude. Follow up maybe. I will tell you, I've actually So I'm very fortunate. I. I'll be speaking at Deadwood. Okay. Like, they emailed me on last week and asked and invited me. I think it's because. Either because I've keynoted or because I. I won the RITA Award a couple years ago. I don't know. But, like, I'm very fortunate that I don't have to submit to Wild West Hack Infest cfp. I just get to go talk. And I was talking to, I think, James McQuiggin and Kathy Chambers over dinner one night, and I got inspired. So I'm going to give a talk at Wild West Hack Infest this year. And it's going to be like using AI to get a job. And that Claude code trick I made a video for will be part of it. And I'm going to do four different things, like, in progressively more complicated.

B (84:17)

Cool.

A (84:18)

And the thing I did with AI in that produced video will be number two. So there's going to be two more things that are even cooler. And if you're wondering what is this guy talking about? Let me show you. Because this, this kind of like went viral. I released a video last week. This one right here, LinkedIn can't stop this. Okay. And it like legit, like, blew up. Look at this. I've got 695 likes, which is a lot. 34,000 views. So let me share this with you. People really got value from this. It's basically using Claude code to not just find a job, but like, figure out who in your professional network can give you the most, the greatest chance of getting that job. So LinkedIn can't stop this. I'm a big fan of that. All right. All right. Continue to look at chat, y'. All. Kathy Chambers. Yep. You speak to Kathy, you get inspired. Period. End of story. All right. A Claude workshop. Oh, yeah. Oh, hey, speaking of workshops, I got two updates for everybody. Number one, tomorrow we have a special event. So once a month we are doing these workshops, these skill streams. They're one hour live skill streams. So this is tomorrow at 1:00pm Eastern Time. Christoph Limpolaire from Cyber is going to be teaching you in one hour how to do privilege escalation in aws. So he's going to show you how to do it and then he's going to show you how to defend from it. And this is tomorrow On Simply Cyber's YouTube channel. Okay, so let me back up here. I'm going to drop a link to it. Watch this bruh right here. Kristoff. This guy is awesome at AWS hacking. If you want to learn how to do privilege escalation, attack and then defense, come on by tomorrow at 1pm so this is the update. That's the update. So we're doing the workshop for one hour tomorrow. Now the other big update, if you guys were paying attention or whatever, I was doing a long two to four hour workshop over Zoom as part of, you know, service offerings for Simply Cyber. And we did. In January, I did the personal branding one with Mike Miller. In February, we were going to do the, the ransomware negotiation training with Tim Papas, and I had, we had to cancel it. So I have made the decision to just end. I'm gonna. I'm. I'm terminating the workshop series. There's obviously no interest in it. So we'll still do. We'll still do the Skill Stream, which is the one hour live stream, but the, the workshops, the Zoom workshops, we had, we had workshops planned up through June or July, and I'm canceling all of them because nobody's interested in them. All right, so that's a, that's an update for y'. All. We are at 9:30. If there's any more questions, holler and chat. Otherwise, I'm gonna go get to work because I have so many meetings today, it's ridonkulous. Yeah, I got meeting, meeting, meeting, and all I've had to eat is break is coffee. All right, guys, I want to say thank you also very much. Fastest 30 minutes in cyber security is jawjacking. Yeah, exactly, Justin. We were doing workshops and now, now we're not. We're canceling them. So. All right, guys, I want to say thank you, everybody. Have a wonderful day and I will see you tomorrow at 8am Eastern Time for the daily cyber threat brief. I'm Jerry. You're awesome. Until next time, stay secure.