A

All right. Good morning everybody. Welcome to the party. Today is Monday, May 11, 2026, the day after Mother's Day. I hope everyone had a nice weekend. I'm your host, Dr. Gerald Ozier for the Simply Cyber Daily Cyber Threat Brief podcast coming to you live from the Buffer Osier Flow Studio. If you're looking to stay current on the top cyber security news stories of the day while being entertained, educated and surrounded by like minded, amazing cyber security students and professionals, well then you're in the right place because that's what we're doing every single day at 8am Eastern time. Get comfortable, get your coffee and let's get cooking. Yes, yes. Good morning everybody. Thank you. And I appreciate all of you all understanding the couple minutes late. I don't know why, but the, the, you know, this platform I use to stream to you is browser based and like literally the go live button, probably one of the more important buttons on my panel, was not working. So not quite sure what the hell is going on with that. Restream, it's like a, you know what restream is like? Restream is like playing Minesweeper. Get your Kool Aid man emotes in chat. If you're a squad member, Restreams like Minesweeper, like a lot of the times you're on like an easy level, you're just like clicking around and everything's fine. Then all of a sudden, boom. You get a, a, a grenade or a bomb or whatever it was in Minesweeper. Guys, listen, we got eight stories top cyber news. We're going to be going through it, breaking it down. I'll be doing all of my best abilities to go beyond the headline, right? So you know, obviously you can watch, you can read an RSS feed, you could listen to a shorter podcast on the news, right? Cpanel, WHM releases fixes for three new volumes. Patch now. All right, so you got the idea. Oh, I gotta patch it, right? Well, you know what we're gonna do? I'm gonna take my, you know, whatever, 20 plus years of cyber security knowledge experience alongside the thousands of years of experience of the squad in chat here, and we're going to go beyond that headline because the idea here is that not only are you going to get up to date on what you need to do today, but we are all going to level each other up as cybersecurity professionals and just basically give ourselves an unbelievably unfair advantage of crushing it in this market. So if that's what you want, giddy up now. I want to say what's up to Will Chen, who just dropped some cpe. Love guys, if you didn't know, every episode is worth half a CPE in the Simply Cyber. Every. Well, every episode's half a CPE because it's a one hour show. Half the time we spend goofing around and playing and the other half we are doing real instructor led webinar. So say what's up in chat, grab a screenshot and once, once a year, count up the number of screenshots and divide by two. That's how many cps. Now I, I, as just a, if you're a regular of the community, which many of you are, you know that we're actually implementing a better CPE workflow. I promised it this week. Actually, I promised it by the end of last week. However, for those who are Simply Cyber Academy students, you are aware that I did a maintenance window from 1 to 3pm on Friday, which by the way, I have no idea why I did a Friday afternoon maintenance window. Thank God no issues happened and I didn't have to work over the weekend. But I migrated the entire infrastructure over to Cloudflare. You could see the new Simply Cyber website is looking fleek. That's right. I'm bringing fleek back. And so check out the new website. But now that I've got the new website, and I don't know if you guys saw this, I posted this on online too. This daily cyber threat brief has its own home on the interwebs too now. So check this out. For, for reals. But now that I've gotten this sorted out, I can, I'm gonna, I can put the CPE infrastructure on this now. So I basically needed to do steps one, two and three before I could do step four, which is the CPE stuff. So I'm not lying to you, I'm not wasting time. I'm not, you know, basically selling you a bill of goods that doesn't exist. I just had to do a bunch of work first before I could freaking get to the part that we all want. So stay tuned for that. That'll be happening this week, I promise you. Now, if you're here for the first time, you might be like, whoa, whoa, bro, bro. Sif, what are we doing? What's going on here? Well, if you're here for the first time, do me a favor, let us know. In chat with a hashtag first timer. Hashtag first timer in the chat. James McQuiggin doing some feedback on the website. Apparently I say two corny dad jokes, but James provides three. We will update that James today. If you're here for the first time, drop a hashtag first timer in chat. Hashtag first timer in chat. We definitely appreciate it. And we have a special sound effect and a special way to welcome you to the, to this community. I'll give you a hint. Welcome to the party, pal. Oh yeah. Welcome to the party, pal. Every single day of the week has a special segment. And Mondays is simply Cyber Community Member of the Week presented by Threat Locker. We gotta update this graphic for the new logos and new fonts and all that, but Threat Locker basically gives me money for this segment and then I take her, I turn around and I give the money to the member of the week in the form of a hundred dollar Amazon gift card. So it's all about good times up in here. So stay tuned for that. All right, guys. Oh, every single episode of the Daily Cyber Threat Brief is sponsored. Did you know? That's right, Every episode is sponsored. Basically. I know your people are like, oh my God, guy, get to the news. Yeah, guess what? Like, please understand that these kind of programs, this kind of setup does require funding. And instead of asking you to do a Patreon or you know, send money, buy me coffee or whatever, I, I have found sponsors that love what we're doing, love our community and are willing to support the channel. And in turn, I ask that you check out the links in the description below, starting with Flare. Simply Cyber IO Flare. Flare's cyber threat intelligence platform is hot. Hot hot, hot, borderline spicy, spicy. Flare goes into the dark web, criminal underground forums, telegram channels, etc. They get info stealer logs, they get chatter, they get vibes, and then they bring it all back and put it into one very easy to access database using their front end. And dude, I'm telling you, I've used this threat intelligence platform. Any organization, big or small, can get immediate value. I don't know what else to tell you. Like, the ROI on this thing is insane. Return on investment. It pays for itself almost instantly. If you want to know if your environment's about to get popped, if you want to know if somebody in your organization, VIPs creds have been compromised. If you want to know if threat actors are talking about your business, Flare threat intelligence platform is hot. If you go to simply Cyber IO Flare, you'll be presented with this page that I'm showing on stream right now. If you're listening on Spotify or Apple podcast on the audio only version. Because you're on the elliptical or you're, you know, power walking around a track at the high school nearby. Well, what we're looking at is a little form field where you sign up and basically give them your information. Flare does have to do a verification phase before they give you access to this platform because it's that powerful. I want to say shout out to anti siphon training. Also, anti siphon training is disrupting the traditional cybersecurity training industry by offering high quality, cutting edge education to everyone, regardless of financial position. Now, if you want to learn some offensive security skills, either one to be a better practitioner and to blow people's minds in job interviews, or you want to understand from a GRC perspective how to educate your end users to see through pretexts of physical security or social engineering, well, come learn from one of the absolute best on the planet, Elite Dennis this Wednesday for free by the way and is offering a one hour session on how you can build your bulletproof pretext. This is insane. Again, you can learn how to build one for yourself, but more importantly, you can learn how to identify when it is being used against you. This isn't a joke. She's one of the best in the business. Literally. You know the Leonardo DiCaprio catch me if you can guy that guy. She's basically like the 2026 version. Not that she's committing crimes and doing fraudulent checks, she's just very good at her job. Social engineering. Come on out on Wednesday, sign up, check it out. Cost nothing to sign up. Cost nothing. If you miss it, register, get the calendar, invite, come on down, it'll be a good time. Plus, she's a friend of the Simply Cyber community, so I want to definitely support her. She's super, super cool. Finally, let's hear from Threat Locker. Guys, Threat Locker is absolutely a rock solid, steadfast member of the cyber security community. Their solution provides a deny by default application security which means anything that you try to run on any computer in your business environment that is not approved, absolutely denied. Which means custom malware, Polymorphic malware droppers, second stage payloads, C2 frameworks not on my network, says Threat Locker. Easy dude. Endpoint security and now in the cloud. Let's hear from Threat Locker and then we're going to get cooking in the news. I I didn't see any first timers. Let me know. Chat. I want to give some love to the daily cyber threat brief sponsor, Threat Locker. Do zero day exploits and supply chain attacks, keep you up at night. Worry no more. You can harden your security with Threat Locker worldwide companies like JetBlue, trust threat locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action along allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com dailycyber. I want to give just a little quick shout out. I I don't say it all the time, but it's worth noting. Listen, if you are a solo operator, you're a one person shop your IT and cyber. All the roads connect to you and you are the central linchpin for your business. Everybody depends on you. You were there at the beginning, it's grown and they didn't really level up. If you're a solo operator, it can be lonely and it can be difficult to bounce ideas off other people because other people your business just don't understand it. I want to say drop a hashtag Team Solo in chat I know ad tech and I have had this conversation. Just know don't ever disclose anything sensitive, but don't be alone. Don't do it alone. Don't do it alone. The Simply Cyber community is here for you. So solo operators unite. Know that you are not alone. All right, let's get to the news, shall we? Do me a favor everyone. Sam Crow 7 Do me a favor DJ B. You got to sit back and relax. Elliot Mati Just let those cool sounds of the hot news wash over you in an awesome wave. Let's go team. From the CISO series, it's Cyber Security Tony's Team Solo. Hot plates Team Solo these are Team

B

Solo Security head a lot of team solo Monday, May 11, 2026 Hot hello, I'm Steve Prentiss. CPANEL and WHM release fixes for three new vulnerabilities. This is not a follow up from last week's report of a CPANEL and WHM flaw, but is in fact a story of three new ones that also could be exploited to achieve privilege escalation, code execution and denial of service. These CVE numbered vulnerabilities, two of which have CVSS scores of 8.8 have been patched and users are of course advised to update to the latest versions for optimum protection. There is no evidence that these three vulnerabilities have been exploited in the wild. The CVE numbers and details on the vulnerabilities are available in the show notes to this episode.

A

All right, super straightforward here. Ah, you gotta patch it. If you've got cPanel, which a lot of, you know, businesses would run. Honestly, I've been using Cloud Flare from and with a GitHub backend for my Sass Sassy apps and stuff, and it's working quite well. So. But cPanel has long been the essentially administrative interface to websites and web applications. So it is a very popular tool. It is widespread. You may be running it at your organization. So you got to patch it. Ah, you gotta patch it. Okay? Simple, straightforward. Now let me, let me give you again, like the. Let me deliver on the show. Okay? Two things. Number one, this is new C panel vulnerabilities, not the ones that we covered last week, which means two things. Okay? First of all, as a practitioner, if you're new to the industry, okay, or you haven't had anyone kind of show you, be mindful of this, it would have been very easy to see this headline and been like, oh, yeah, we covered this last week. As soon as I saw this, I actually thought this was about last week's vulnerabilities. And I was going to get all grouchy and be like, come on, why are we covering. Covering old news? But it's not. These are three new vulnerabilities. So just be aware, okay? Don't, don't make the mistake. Don't make assumptions that when you see something, you already know what it is. It's something that you had already talked about or covered or, or patched the week before. Okay? Number two, and this one's even more valuable because of those C panel issues. Last week you should have engaged your, you know, web app team or your IT team, your engineering team. Like, different organizations will have different kind of roles handling Web Administration or SaaS, App Administration, different people who own the cPanel. Effectively, you should have already had those conversations with them. So guess what the best news is. You've already bought the dozen Krispy Kremes. You've already got the Cinnabuns brought to their desk. You have open lines of communication, which means when this happens right here, you should already have, first of all, open lines of communication. Second of all, the team should already know where the C panel instances are and what the patch management process is. Who, un. Who knows where things are, when to do it, etc. And if you don't, you know, this is the second time around, you should start identifying gaps in procedure. Like, oh, like, for example, oh, yeah, hey guys. Like last week, hey, guys, we Got this C panel issue. CE is saying it's being exploited right now. We need to get this patched immediately. And they're like, oh yeah, no problem. But Adrien is the only one who has permissions to administer that. And he's out today because he's taken a personal day. So we could do it tomorrow or we could call Adrian to do it now and then. So then. Okay, so like, let's. Let's. How important is this? Do we call Adrian in or do we do it tomorrow? We end up doing it tomorrow. But what you should be doing as a GRC person or as an infosec person immediately is. That is a problem. That is a single point of failure in process that only one person has the permissions. It should be documented. And like, listen, you can. You can have emergency permissions or something like that, but the workflow should be documented. What if Adrian wins the lottery, never comes back? Right. What are you going to do then? Figure it out? No. So be mindful of workflows, obstacles, anything that. Basically anything that causes a. A bump or delay in execution is a problem. All right. That's what you should be taking away from this. Yes, you should patch this now, of course, but identify opportunities for workflow improvement.

B

Official J Downloader site serves malware to Windows and Linux users the website belonging to J Downloader, the free open source download management application used by millions, was hacked and forced to distribute malicious Windows and Linux installers carrying a Python Rat. This occurred on May 6th and 7th of this year and the attack targeted users downloading the Windows alternative installer and the Linux shell installer. J Downloader developers confirmed the breach and temporarily shut down the website to investigate.

A

All right guys, we are. Do you guys remember? This is like such an obscure reference, but do you remember like RC Pro Am F0. So RC Pro Am was on Nintendo F0, was on Super Nintendo, Excite Bike, any of these racing games where they have like a turbo patch on the track and when you hit it, you get a burst of speed. I think Mario Kart might have it. I don't know you youngs with your Mario Kart. Anyways, using AI to rapidly develop and part a malware, partnered with supply chain and just the sheer volume of vibe coding going on is this. We've. We've officially hit the speed burst of issues. For us as cyber security professionals, there's a story like this every single day. At this point this is almost like freaking ransomware stories in 2022 know one so website was hacked and like basically is Getting people to pull down malicious payloads, including a Python remote access tool. Ryan. So if you downloaded this in the last week or so, they fixed it. But you, you, you've got to sort it out yourself. The nice thing is what we're looking at is like two day window of exposure. We should see zero day exposure, right? Not zero day like no patch, but like no days of exposure. But at least they're identifying the problems quickly. So hopefully I'll give you two things. Number one, if you did download this, you need, you need to figure out if you were compromised and then how to take care of it again. Most of us are working in organizations where anyone can download this and people are vibe coding all over the place. So you may not even know. It's not like you can connect with your you know it team and, and have full visibility. They do have indicators of compromise, which is what you want to go threat hunting for. Put these in your sim, see if they're identified or discovered. Unfortunately, what we have are hashes. We do have two URLs, parkspringhotel.com which is delivering a PHP file, and another Whatever. So not a lot of, I mean, I guess IOCs are better than no IOCs, but these are kind of thin IOCs. Hopefully you don't get compromised. Any run has a malware analysis execution that shows the whole payload. Interesting. The threat actors have actually baked in an eight minute delay between infection and execution of the payload. Meaning. Okay, so really quickly, the, the story here is this jloader open source thing got compromised. It's pulling down a RAT and you should not have it in your environment. Now let me go beyond the headlines for you guys. You might be like, wait a minute, why would they do an eight minute delay? Like move, like move at the speed of compute, right? Why not like double click and then you're infected. Well, let me tell you something that you may not know. Hey, Tasha, Miles. Something you may not know. Okay. A lot of time computer, can we get some. Something you may not know when. When you are doing malware analysis. Okay. And you use a dynamic sandbox, whether it's any dot run, which I love, I love any dot. I wish any dot run would become a sponsor because I love any dot run and I would love to talk about them. Triage is another popular one people like. And you could do Joe Sandbox. You could do a VM locally if you're feeling froggy and you want to like run risks at your own organization. But anyways, a lot of times when you're doing dynamic analysis of malware to see what it does. You'll run it and then you'll see what happens. Right. Waiting eight minutes is long enough that a lot of analysts will be like, it doesn't really do anything or it must be a busted piece of malware. The any dot run free instance will run for 60 seconds and then terminate the session. So the whole thing, this is an anti analysis technique baked in by the threat actor. There's. There's tons of different. There are tons of different. Jeez, Bruce. There are tons of different ways for malware authors to introduce anti analysis techniques into malware. It's an indicator of sophistication. A delay in. In detonation is one of those things. Another one, just to give you a couple examples, is to look at what running processes there are in memory to see if there's some common malware analysis processes running. Like hexedit, Ida, Gidra, a like. Like all, you know, Process Explorer. If it sees any of those, it'll. It'll kill itself off, for example. All right, okay. And DJ B SEC is saying on a public session, on any dot run, he thinks the max is five minutes. So again, like, you won't even see it. It's a technique. It's a bit of sophistication. And if you didn't know, now you know. Thank you.

B

Senator Schumer seeks DHS plan on AI cyber coordination. The Senate's top Democrat called on the Department of Homeland Security on Friday to work closely with state and local governments to defend against artificial intelligence strengthened hacks. The Senate minority leader wrote to DHS Secretary Mark Wayne Mullen to make sure state, local, tribal and territorial governments aren't left behind as AI models advance posing new hacking threats. In his letter, he stated that it was, quote, glaringly obvious that the Department of Homeland Security needs an updated plan for coordinating these efforts with the respective governments. Schumer wants a plan from the DHS by July 1st.

A

All right. Okay. We got a first timer in chat. Okay, so first of all, Tony at Tony and chat past his pen test plus Friday. Way to go, Tony. And then I think we had a first timer in here. Robert Seaman Jr. What's up, dude? Welcome to the party. Welcome to the party, pal. All right, so you know, I know you have to do this, and it. It might be because it is Chuck Schumer. I'm feeling this way. But like, okay, a plan a. A demand, a request or whatever you want to call it is being put forth to DHS to explain how they're going to provide access and utility of AI to small and local territorial governments. So, like, Native American governments, municipalities, Right, whatever. You know, Calhoun county, like wherever, you know, middle of Oklahoma, you know, nowhere, Sandbowl or Dust bowl or whatever it's called. Okay? And while this is important, I'm not going to say this isn't important. I mean, we just. We, like. There's like. I don't know, man, there's like so much going on that this doesn't seem to need to be a priority. Again, I'm not, I'm not discouraging or downplaying state, local, tribal and territorial governments. It's just, what are we doing? So listen, here's the deal. Like, this isn't a cyber story. So this isn't a cyber story. All right? Shall we play a game? I don't have anything cyber related to give you on this one because it's not a cyber story, which frustrates me. What I do want to tell you is the following. While this is important, and I do think being left behind will be an issue, this is no different than the great digital divide, right? There's state, local, territorial, tribal entities that have limited access to Internet right now. There's groups that have limited access to health care. There's. There's ones that have limited access to just basic, like, critical infrastructure. You know what I'm saying? So, like, I know AI is so hot right now, that Hansel's so hot right now, but like, come on, my guy. Unfortunately, Unfortunately, I don't know. We keep it, hey, like first timers here, we keep it apolitical. We do it on the Discord server as well. Sometimes I just think that this, like, I. I just hate the fact that there's this, like, divisive, you know, pissing match going on between the parties at the highest level of government. Demanding something from DHS seems more like a thinly veiled than like, whatever. So this isn't a cyber story. So nothing to see here.

B

The European Union considers restricting the use of US Cloud platforms for sensitive government data. The EU is considering imposing rules to restrict its member government's use of US Cloud providers to handle sensitive data as part of its Tech sovereignty package, due to be released on May 27. The package is intended to bolster the bloc's strategic autonomy in key digital areas. The new rules come at a time of increased tensions between EU members and the current US Administration. The discussions, however, do not relate to private sector companies.

A

All right, hey, real quick, if you're watching over on LinkedIn you can, you definitely can watch on LinkedIn and you can watch over on YouTube. The chat above my head right here is live on the YouTube channel. So if you Google Simply Cyber, you go to YouTube.com/cyber, you can drop in and be active with the YouTube chat. You can do it on LinkedIn and the audio gets pulled from this show and reposted on Spotify and Apple Podcast within the next, you know, four hours or so. So you can catch it there. But this website Cyber Threat Brief Simply Cyber Cyber Threat Brief. Simply Cyber IO is ground zero for the new daily Cyber Threat Brief. So if you're watching on LinkedIn or you're listening on audio, go to Cyberthreat Brief. Simply Cyber IO you can do all, you see all the things I, I, I just want to pull everyone's attention to this and I'm only doing this because someone asked in Ch. Every single episode is captured here, including today's episode. But one of the really, really cool things is I used AI to basically go through the transcript of what I'm saying and then it goes in and for every story it covers the story, what happened, why it matters based on what I'm saying and what you need to do about it. This is for every story. So like the level of insight and value for you to take action after the show is over is all captured here for every single episode you could see. May 11th is already prepped and ready to go. So like this isn't just a landing page for this show. This is friggin wicked, wicked deep value for you guys. It's all about delivering value. Okay, now let's talk about the European Union, what they're up to. They're restricting use of US cloud platforms to process sensitive government data. Not good. I have to think the EU is looking at what's going on in the United States and thinking they don't take privacy as seriously as we do. And that's a problem. That's if I had to guess, that's what's happening. There is an absolute contraction going on across first world powers. Unfortunately, the United States is, is making some decisions at the federal level that are causing European Union people's butts to pucker. And if I have to imagine they're saying if it's critical workload, we don't want it working in US cloud providers, probably because of privacy. But you could also suggest because of availability. Right? The United States is technically involved in a global conflict right now. So if your data is in there, it could be a problem. So there's not much to do here. All I would say is, number one, if you work in the EU or you have business in the eu, this could have a downstream impact. Again, sadly, this is not a cyber security story at all. Like this is frustrating for me as the host of a cyber news show to have to report to you that this is also not really a cyber story. But what would you do with this as a, as a ciso? I look at this. Here's, here's the problem from an IT perspective. If you are running work in the eu, but your entire infrastructure is hosted in aws, you may run into a situation where you have to segment off your EU's client workloads into EU instanced cloud infrastructure. This could cause a massive underpinning architecture impact and be a really big problem for you long term, very expensive. Okay, so just keep your eyes on this one. Of course they have to. It's May 27th is when this is going to be presented. So it could be a problem downstream. Certainly a lot of, certainly a lot of work in the consulting space if this does come to bear. Again, if I had to guess, the European Union is looking at Donald Trump's decisions and all the actions that the US federal government has been making and making a risk based decision that it might be time to compartmentalize their critical workloads.

B

Huge thanks to our sponsor, Doppel. Social engineering attacks look trustworthy. A routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Their AI native platform detects and disrupts attacks across every channel while training employees to recognize deepfakes and deception. Doppel fights relentlessly to protect your business, your brand and your people. Doppel outpacing what's next in social engineering? You can learn more@dole.com that is D O P E L dot com.

A

All right.

B

Multiple universities reschedule final exams.

A

All right, we're gonna slowly migrate away from. Don't you forget about me really quickly. Hey guys. All right, we're at the mid roll. Thank you all so very much for being here. First timers, I hope you're enjoying the show. Welcome to the party. Long timers, thanks for being here. Definitely appreciate you. And yeah, it's just a nice rolling into the Mondays. The spring weather is beautiful. We got a bird. I've officially entered the I'm into birds phase of my life. So you youngs who probably think that's stupid, you just wait. You just wait. We got a bird feeder. We got a bird fountain. We picked up Some binoculars. It is wild kingdom over here in the low country. Beautiful day here in the low country, guys. Thank you to the stream sponsors for enabling me to bring this show to you. Thank you to the stream sponsors for enabling me to bring this website to you. Threat Locker anti siphon and flare links in the description below. Hey, every single day of the week has a special segment and Mondays is simply cyber Community member of the week. Listen, I love the community Member of the week. Threat Locker loves community. Threat Locker, if you guys don't know, they've been quite active with Simply Cyber over the last three years. They are great. It's great people at the organization but their product is like wicked solid. The CEO Danny Jenkins knows what he's doing. He's like committed to it. They give me money every Monday to sponsor the community Member of the week. Hey listen, Threat Locker takes a deny by default approach. We take a community, it takes a village approach. This week I'm going to give a hundred dollar Amazon gift card to Ad Tech. Now listen, I don't have Joey's LinkedIn profile, but as I said on the intro, guys, the team Solo people, right? It's tough. It's tough. It's tough being solo and to have found community, it's so, so valuable. So I want to say Ad tech shout out to you for bringing my, you know, I was saying team Solo before but he pulled me aside at simply Cybercon and pointed out how valuable it was. So I want to give him a shout out for bringing the light to all the Team Solo people. Guys, we do more here than just cover the news, okay? It, it, it's, it's, it's a lot. Working in cyber security is a lot. And having people to kind of lean on, having people to share ideas with, having people to make sure that you're not eating crazy pills. It's vital both for your mental health as well as your professional development. So I just want to say shout out and thank you AdTech. Connect with me on Discord man, so I can get you this Amazon gift card. But, but yeah, just hey, and if you are a team solo ping Ad tech and you know, maybe you guys can get like a team solo club going, you know what I mean? All right guys, let's keep cooking, shall we?

B

The final exams following Canvas Cyber Incident following up on a story we covered on Tuesday, many universities across the US have been forced to delay final exams this week following a cyber attack on the popular education software provider Canvas, students encountered an online message from the Shiny Hunters criminal gang that stated that they breached the Canvas creator in structure again due to a lack of ransom negotiations. Some of the universities affected include Baylor, the Universities of Texas, Pennsylvania, Oklahoma and Florida, as well as Iowa State, Duke, Northwestern, Princeton and Ohio State, as well as many K12 school districts. Fake OpenAI repository on hugging face pushes infostealer malware Bro,

A

listen, Canvas is. Canvas is a very, very popular widespread learning management system, oftentimes referred to as lms used in the United States. They said multiple colleges as well as some K through 12. Now I do want to point out earlier on in the show when I talked about C panel and make sure that you don't make any assumptions. I got to tell you, I fell victim to this. So last week Canvas had an incident and you know, I was like, oh, you know, it didn't affect me. Like, so if you didn't know, I'm faculty at the Citadel Military College and we use canvas and we just finished the semester and we had finals the weekend before last May 3rd weekend. And I was like, oh yeah, we weren't impacted. And then I saw all this news last week about Canvas getting hacked and I was like, oh yeah, yeah, old news. I saw that. Well, apparently the joke is on me or I'm an idiot because it got hacked again. Now, Shiny Hunters is the, is the younger aggressive ransomware threat actor group that uses a lot of vishing. They don't hack in. They log in and they go for big dude. They'll go for anyone. It doesn't, they don't care. They are, they are big game hunting, medium game hunting. They will shoot a rhinoceros as well as like a house cat. Like they literally don't care what kind of game they're taking on. They just want to make straight cash, homie. Straight cash, homie. Okay, so apparently they hacked Canvas and Canvas gave him a, a double finger, you know, two handed double finger salute and told him you could take, you could take that on down the road. And Shiny Hunters was like, oh, hold my beer. And then absolutely went ham on them and breached all the things. So I don't know, I would assume now that Canvas is going to negotiate a ransom with them potentially. I will tell you that I logged into my canvas infrastructure last week and I was immediately presented with configuring multi factor authentication. So Canvas didn't have that before, at least for the, for the Citadel Military college. Which by the way, I realized I'm like, oh my God, I didn't have MFA on this. Of course my password is like 300 characters long, but that. But I digress. So I don't know if there was was an MFA like a lack of MFA issue that someone at Canvas fell for. But again, they logged in as a Canvas IT person I would assume, or developer. It's not like they logged into a, you know, faculty or a student account and was able to take down all this information. Yeah, whatever. I mean Finals got pushed. It probably disrupted a lot of people's, a lot of students travel plans, etc. A lot of students want to take the exam early so they can leave campus early or et cetera. Some of them may have had to stay late. What I do want to point out really quickly is this is likely cleaned up at this point. Make sure you have business. I mean the thing is for something like this, if your final exam is hosted on Canvas, there is no doctor plan. You can't like deliver the final a different way with any level of ease. But the the thing that I would take away from this story because this is kind of like a post mortem, the thing I would take away from this story is in my opinion 2026 is the year that Shiny Hunters gets taken down. Like Shiny Hunters is so high profile right now and they are going like breakneck speed around all the places and attacking all the people that I just have to imagine that they are like Robert De Niro's crew in Heat and Al Pacino somewhere. The Al Pacino somewhere in the world is like made it a point to get Shiny Hunters. So you know, until their reign of terror is is brought down, it expect the beatings to continue until morale improves essentially. So.

B

Yep, a malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's privacy filter project to deliver information stealing malware to Windows users. It accumulated 244,000 downloads before the platform responded to reports and removed it. Hugging Face is a platform that, quote, lets developers and researchers share AI models, data sets, and machine learning tools. End quote. Researchers at Hidden Layer, a company focused on safeguarding AI and ML models against attacks, discovered the campaign on May 7 after noticing a malicious repository named Open OSS Privacy Filter, which had typo squatted OpenAI's legitimate privacy filter release.

A

All right. Social engineering for the win. Yes. By the way, Space Taco SAMCRO 7 Tech Grunt mentioning the movie I was referencing is the movie Heat. I think it's 1995. It is 1995. Yeah. I love it when I get like a random piece of knowledge correct, including a NIST Control family or you know, control within a control family. This, this heat movie right here. If you like action movies, bro, my guy, the opening sequence of the armed truck and then the end sequence is. It's like Michael Bay level action before Michael Bay. Okay? All right, so hey, listen. Very clever threat actors using typo squatting. Now here's the deal, number one. I feel like this has become the, the, the, the standard practice here, number one is if you downloaded this AI model or not. It's not an AI model, this repository, you know, you, you downloaded malware, okay? You downloaded an info stealer malware, which means your API keys could be compromised, your credentials could be compromised, your secrets could be compromised, okay? So you have to get that sorted out. First and foremost you should listen, you should be able to see, you should be able to see in your SIM logs or your firewall logs, your network logs, they should all be pumping into your sim. But you should be able to see hugging face co, that's the URL for hugging face, which is where all these things are located. Hugging faces like NPM or PI, PI. It's just, it's holding all of these AI model and repositories and stuff. Okay, so, but why would you look for huggingface co in your environment? Well, it'll tell you which endpoints are pulling data down from hugging face, which should have a human connected to the endpoint, which means you can identify who in your environment is trying to use this technology. Now, if you are particularly savvy in capturing enough data and logs, you can actually look for open D OSS slash privacy filter like this URL right here in your logs to find out if this particular. Repository was pulled down. Okay? And the chances can be high because, because of a technique that threat actors used. Okay, Threat actors use typo squatting, which means they made their repository look similar in name to a popular one, open AI, which caused people to mistakenly associate it with open AI and download the crap out of it. Now, because of this surge of downloading, it pushed this repository to the top of the trending list, which gave it further legitimacy, which fueled the fire. This was like a, like a self feeding loop that just drove the flywheel, pushing it up, right? So unfortunately the threat actors won the day because lots and lots of people,244,000 people downloaded this info stealer onto their system. So what, what does that mean? Number one, you got to figure out if you infected yourself with this or somewhere at your organization got infected. Number two, if yes, then you need to rotate API keys asap and that's going to suck. But hopefully at this point, you've got your, your crap together as far as, Like, working through API key rotation and credential swapping, because you've done it already. If not, that's a process improvement that you should look into, you know, right away and make sure that you got it. Because, dude, the second your API keys are compromised, threat actors can pipe those into their own workflows and either start exporting your. Your sensitive information or just burning through your tokens. Hold on one second. All right, not good. I will tell you just a little fun fact just to share a little dope, because, guys, I want everyone to know, like, you know. Oh, like, look at you, Jerry. No, like, I make mistakes all the time. This weekend I was, I was coding in the. The new Daily Cyber Threat Brief website and I, I was using Claude to help me and I needed to store a secret key in my GitHub repository. My. The API key from. From Claude. And I needed to, like. I was supposed to define the variable as API token, but I took it as a placeholder. So I stored my API key as the variable name. So when you look in my repository, the, the, the key name was the API key, which, if that doesn't make any sense to you, like, I'm sorry, but basically I had my API key completely exposed because it was my variable name for my API key, so I had to rotate credentials immediately, which was annoying. But just. Just to let you know, crap happens to people. All right? So tldr, if you find this hugging face in your firewall logs, go talk to the person who downloaded it and make sure that they are not like, whatever they had access to is fine.

B

Police shut down rebooted Crime Network Marketplace German authorities have shut down a relaunched version of the Criminal Marketplace Crime Network, which had been the largest online cybercrime marketplace in Germany, operating since 2012, with 100,000 registered users. A 35 year old German citizen suspected of administering the new Crime Network was arrested at his residence in Mallorca, Spain, by a special unit of the Spanish National Police under a European arrest arrest warrant. The suspect is accused of having built and administered a completely new technical infrastructure only a few days after the shutdown of the previous version of Crime Network and following the arrest of its former administrator in December 2024.

A

All right, law enforcement coming in. I love it. I love it. Okay, so two things cooking here. Number one, your dark Web Marketplace does not pass, shall not pass. And they took the head of the snake out, right? You always Got to arrest the admin. This dude's going to have a bad day. Okay, now two things. One, there's going to be big money in this. So unfortunately, all of the, all of the shoppers, if you will, all of the shoppers are going to go somewhere else. So another threat actor threat marketplace is going to pop up here. So that's a problem. But let's see what they did. German authorities. Let's see, Let's see. Hold on one second. Yeah, I mean, look at like this is what I'm talking about. Okay, so check this out. In late 2024, they took like German authorities in like a big law enforcement takedown. Took down and arrested an administrator of this criminal marketplace. Just a few days later, a new version emerged with a new admin and a new operator. Okay, so like, this is what I'm talking about. Unfortunately, these things are like weeds. Like, you do have to get the admin, you do have to pull down the infrastructure, but there's so much money to be made in it. It's like next man up. I mean, it's basically like the, the 2000s run of the New England Patriots. And I know that's gonna leave a salty taste in a lot of people's mouth, but it's next man up. Unfortunately for criminals, I mean, law enforcement and us, right? This guy's a 35 year old German. He's going to be going to jail. Let's see. So this criminal network, this is why, and this is why people are going to continue to stand it up. And in two years, the guy made $4.2 million. Like, that's. Guys, I've been, I've been hustling and busting my hump with Simply Cyber for years. Not even close to sniffing $4.2 million. I can't even see for like, if I get the, my bird binoculars and look through them and really strain, I don't see $4.2 million. Okay, so like the money is real. And then, you know, it's like a risk based analysis. Do you make, do you take the chance? You know? All right, All right, I love this right here. Here's the classic. Your site's been seized. This means that every single person, every single person that shops there when they go in to buy something is getting this. Which, by the way, if you've been like shopping on this criminal underground, it's definitely going to make your butt pucker because you are like in their logs. As far as your IP address right now, I don't. It's very in my opinion, that's not often that I'm aware of where they go after the customers of these things. Unless, you know, there's, like, other crime involved, like murder for hire or something like that. But. Yeah. So anyways, criminal underground taken, I would expect another one to come up. Germany's not. Not taking this, though. So this is a win for us. Okay. At the end of the day, this is a win for us. Way to go, law enforcement. There's nothing for you to do here to protect. In fact, there was really nothing for you to do to protect your organization anyways. A lot of these criminal undergrounds are selling fake documents, passports, drugs, weapons. Like, it's not. They're not selling, like, malware for hire.

B

Virginia man convicted of deleting 96 government databases. So Haib Akhtar faces up to 21 years in federal prison for his role in deleting these 96 government databases and stealing an individual's password, leading to that person's email account being accessed without permission. Akhter had provided his twin brother Munim, who also worked at the same unnamed company hosting a government agency's data, with the password of this individual who had filed a discrimination complaint with the Equal Employment Opportunity Commission. The complainant's email account was then accessed without their consent. According to a Department of justice press release. After the incident, Acter's employer learned that he had previously been convicted of felonies and fired both him and his. His twin brother. Government prosecutors stated that it was after this that the brothers, quote, sought to harm their employer and its US Government customers by accessing computers without authorization. Right. Protecting databases, deleting databases, and destroying evidence of their unlawful activities. End quote.

A

Yeah, this story is. This is an older story. Like, we covered this story on Daily Cyber Threat Brief when these two brothers got arrested. And what made it particularly disgusting is that they had committed a similar crime before and been, like, let off. This guy's getting up to 21 years in prison. Let's see how long he gets. I hope he gets some time. Let's see. You can see here. Yeah. In 2015, he pled guilty on federal charges, conspiracy to commit wire fraud, access protected computers, et cetera. He spent two years in prison. Like, dude, this is a repeat offender. Like, let's not let this. Let. Let's not let this go without any type of freaking. Like, yeah, like, this is the COVID Look at these two guys, okay? These two guys. Criminal. All right? The fact that he got hired immediately and then had a secure. The thing that bothered me with this was that he got hired back into gov. Federal consulting and got a clearance and then basically deleted a bunch of data. Which, by the way, is like. So, like, what was your. What was your big plan here, my guy? Like, you're just like throwing a temper tantrum deleting a bunch of databases now. Like, remember, guys, if you're doing your job well, you have backups. So this is more of a mild annoyance and an inconvenience and a little disruption. You know what I mean? Like, I don't know if going to jail for 21 years is worth, you know, flipping out. Like, basically crashing out at work and deleting some databases. Some people are saying, well, it says in here that perhaps they were using it to destroy evidence of their unlawful activities. Maybe they did some stuff in those databases and then deleting it was not the goal. It was just to cover up and hide the. The attack. All right, here's the lesson learned for everybody. Number one, make sure you have backups. Make sure they're immutable. So not only can ransomware not encrypt it, but so donkeys like this can't delete it, make sure that you have privileged access management, I. E. This dude stole someone's password. So privileged access management actually wouldn't have fixed anything because he stole the password. But I don't know. Let's try to use something with, I don't know, MFA multifactor authentication. Make it difficult for any threat actor, whether internal, threat, or external, to get into email and files that are not theirs to avoid this. But, hey, I hope this guy goes to jail for a long time. He's clearly maliciously intent. I don't. It didn't mention his brother yet, but his brother should be coming around for similar dis adjudication here in the near future. All right, Look at us. Right on time. Not bad, Jerry guy. Guys, thank you. This has been the Simply Cyber Daily Cyber Threat Brief podcast. I was your host, Dr. Gerald Ozier. I hope you got value from the show. Hit the like button on your way out. Again, if you did not know, Daily Cyber Threat Brief, the show you're on right now has a new home. Go to Cyber threat brief. SimplyCyber IO I'm dropping a link in chat. Why would you want to go here when you're already at the show? This show. I mean, this website is ground zero for all of this content that we're developing. And the best part is every episode. So if you. If you. If you want to go back or you want you don't have time to watch the whole show. Everything that I say is captured in here. So you can digest this and giddy up on it. All right, Key takeaways, topics covered, all the goods. I'm Jerry from Simply Cyber. Thank you so very much. Now, if you got to get out of here because you got a meeting, I got you. I hear you. But if you want to hang out for a few minutes, we're going to do another part, another show called Cyber Career Hotline. That's right. This is a ask me anything type show. Cyber Career Hotline. Phone lines are open. I want to help you be the people, best cyber security professional you can be and level up your career like an absolute boss. Be the CEO of you. Come join us. But if you got to get out of here, peace out. I'll see you tomorrow at 8am Eastern. Until next time, stay secure. Let's go. Hotline. I'm Dr. Gerald Oer. This is the Cyber Career Hotline. If you're building a career in cyber security, this show is for you. Let's get into it. All right. Hey, what's up, everybody? Welcome to Cyber Career Hotline. I'm your host, Jerry Guy. Coming hot off the heels from the Daily Cyber Threat Brief Hosted by I've @Nerd. Oh, my God. Nerd. What are we doing? Hey, quick shout out to Red Siege, Red Siege Offensive security. Mike Saunders, JCon, Molly Murdoch, Tim Medine, for sure. Love those guys over at Red Siege. Huge fan of them. Not a sponsor, just I'm a huge fan and love, love, I love those guys. Dude. Cyber security is a small industry and you get to know the people, right? And certain businesses suck. Certain businesses are awesome. Not just their products, but like the people. And Red Siege is another one that I really, really like. So what do we do here at Simply Cyber's Cyber Career Hotline? You drop questions in chat with a queue. I bring them on stage and answer them. My goal is to answer as many questions as I possibly can in the shortest amount of time. 30 minutes. I'm going to try to speed run it. People love the new website. Pocket Pixel said my use of GitHub secrets is wrong. I'll have to look into that. Thank you for sharing. I mean, I assumed it was okay because I was. I'm using the literal secrets section that you're supposed to use, but we will look into that. So what questions you got? Hey, happy Mother's Day. I'm very, very pleased to say that Mrs. Ozier, the mother of my children, had a Nice. I believe. A nice Mother's Day, I'd like to think James McQuiggin says. Here we go. First question in chat. Thank you, James. Hold on one second. I'll get to your question in a second. Where is James's question? What the hell? All right. Oh, James says, what's the next conference that you're attending? And how is Mrs. Oer's Mother's Day? Mrs. Oer's Mother's day was good. I'm very happy. Love my wife. She is a phenomenal mother. I know that sounds biased, but, like, literally, if it was just me raising the kids by myself, they'd be hellions. My wife locks it down. The reason the kids are awesome is because of my wife. The next conference I'm attending, I will be at Cisco Live. May 31st through June 3rd, I will be at Cisco Live. Next. Good question. Thank you. James Young says I'm looking to become a cloud security engineer, and I've been building tools in Claude for my current job. Will this help me find a role? So the answer is yes, but not the way you think. Young, building tools in Claude is really cool. For your current job, what I would recommend two things. Number one, you need a. Like a personal website or some personal portfolio so you can showcase all these tools. Okay? So I would recommend that you first update your LinkedIn page to work like a landing page. That's a marketing thing. Work like a landing page for people to understand that you're a cloud security engineer and you can deliver value. Kind of your target market you're trying to target with the landing page of your LinkedIn profile is Businesses that want cloud security engineers. Right. Number two, and you really want to be careful about this. Okay? Be careful. You are building tools at your current job. Your current employer may believe that they own those tools, and frankly, they might be right. So the tools that you're developing, you may not be able to take with you. You may not own the rights, those tools because they're paying you to build them. So you might want to look into intellectual property and ownership of those tools. It's not. It's not uncommon. It's not ridiculous for you to develop tools under the banner of an employer and then take those tools with you. However, if you don't set that up in front, they own those tools. And if you're posting about it online or giving source code, you might actually get fired for disclosing company secrets. So just be careful about all that. But if you get it all straightened out, you can definitely leverage Those tools and the value that you like. Basically you want to highlight the value you're bringing to your current employer as value that you could bring to any employer. And that's how you could help find a role with that one. All right, continuing to look through chat, chat, chat, chat. Spandex Thunderstorm. When did you realize that GRC was your thing and purpose? Considering you transitioned from software engineering, what other roles did you do before grc? Okay, so check it out. And Robert Bowtie, security guy, if he's here, can you drop a link? Hold on one second. I, I don't even need a link because I can just go get it myself. Look at this really quickly. I'm giving you again, I love to over deliver Spandex Thunderstorm. This is a conversation from last week that I had with bow tie security guy After Dark. This is a deep, long interview with me and I actually go into great detail about the question you just asked me. So I'm going to answer the question. I'm going to answer the question. But essentially I have a video for that. Okay? But it's, it's on Bowtie security guys channel. So for those who don't know, I was a. Hold on. Do we have a first timer? Malcolm Davis. Welcome to the party, pal. Welcome to the party. Okay, so listen. I was a software engineer. I went to university for computer science. I got a, A de. A degree, degree in computer science. And then I thought the only job I could get was software engineering, so I became a software engineer. I was working at the United States Marine Corps at the Pentagon there in. Or Pentagon annex or Navy Annex at Pentagon as a software engineer. And I got my code audited for FISMA compliance, which basically means they went through NIST853 and audited my code and my code failed quite a bit. And so I still had never heard of, I, I hadn't even heard of cyber security at this point. Okay? I didn't even know about cyber security. I was so angry at the auditors for telling me that my code sucked. That out of sheer spite, sheer spite, I will fully admit this. I asked them to provide me with, with the Framework and whatever they audited me against and what regulations required those controls to be in place, which was fisma. They gave it all to me. I consumed all of it. I immediately fell in love. I'm like, oh my God. I love, I love all of this. So structured, so comprehensive, so holistic. Oh, pants off. Okay. So then I was like, all right, I, I like all, I like all this so GRC kind of picked me because I, I discovered it through being audited. And then the thing is, I could have. I've done blue team stuff and I've worked like, you know, kind of like Sock in a small business. But the reality is, for me personally, and if. If you've. If you have worked with me professionally, I'm like a little. Little type A, like a little. And a little structured and a little organized. And I love, I love order and structure and comprehensive understanding and all. I love how the pieces all work together. I love planning, I love execution. And like, GRC is all of that okay? Like, if you want to be a ciso, which was ultimately my career aspirations once I got into cyber ciso is grc okay? So that's why I, I, like, I fell into GRC and I, I just kept doing it and I loved it. Okay. And I've done other roles. I've done sock. But at the end of the day, like working sock, it's like your head's down, doing your thing, and grc, it's like heads up and you're doing kind of all wide things. Hopefully that answers your question. And for those in chat who are poking at me because they know me quite well, they've worked with me. All right. Do you use LinkedIn Premium? No, I do not. Soul Shine? I do not. Although LinkedIn wants me to. They tell me, like, at least once a day they'd love for me to sign up, have a friend who wants to start Magic Gathering. Where would you send them? Good question, Jesse. I've. I've been thinking about this. There's two, Two answers to this question. Number one, I would send them to Magic the Gathering arena because, number one, Magic the Gathering arena will walk them through a tutorial and kind of introduce them to mechanics and stuff. But secondly, with Magic the Gathering arena, it handles all of the, like, interactions. So someone who's new to it, they don't have the dependency to have to read the card, understand how it interacts with other things, add, you know, counters and stuff to things. Arena just does it all. If you want to do it on paper, I haven't done this yet, but I'm going to do this. I'm actually going to purchase maybe 2 to 460 card standard basic decks. They actually have some that are coming out, I think, in the fall. Like, you know, it's like a mono white, a mono black, a mono green. I think they have five, one for each color, and they're basically super basic decks. I would get two of those and then play a few games against the person with those decks just to minimalize complexity. And then show them, like, show them like, I don't know, Atraxa or, you know, freaking Nicolas. Like show them some OP card and then be like, it can get into this level. Happy Mother's Day. Malcolm Davis, first timer with a question, no doubt. He says, could you share your most effective study habits and prep strats that balance technical depth and managerial mindset for success on the cisp? Yep. So Malcolm, I'll share my CSP study strategy. This is my study strategy for any certification exam. So just know it'll be for the next one. The CSP is broken up into several domains. It was eight domains when I took it. I don't know if it's still that. I got my CISP in 2009. I take a practice exam without any preparation. I take a practice exam and I see how I scored. You get your overall score? Let's say I got a 50 on the practice exam. I think you need a 70 to pass the CSP or an 80, it doesn't matter. So I get a 50. Okay. So then I study. I go through and study using like Mike Myers passport or you know, like one of these like kind of approved study guides that's made for normal people. I read through all of that and then I take another practice exam and then I see how I performed. If I get an 80 or higher on any of the domains, I stop looking at those domains and I focus on the domains that I'm struggling with. Only this is a time saver. I then do that and then I'll take a practice exam, but just on that domain. Or I'll, I'll do the questions at the back of a book or whatever just for that domain to reinforce that learning. I might use flashcards for keywords, key terminology. I haven't done that in a while because I basically know all the words now. But like, that's another technique that I like are flashcards. Finally, I take another practice exam and I will continue to take practice exams until I score over a 90 on the practice exam. Any area that I'm not scoring a 90 or higher, I go back and reinforce that. And then once I get the 90, I schedule the exam and take it. That's my technique. He wants how much emphasis was on the managerial perspective? Yeah, I mean it's a, it's a, it's a multiple choice exam. Like, you know, CIS P is more of a practitioner. The managerial is a bit there, but for the most part, it's about being a cisp. In my opinion is being a well rounded, middle of your career cyber security professional. That's what CIS P is. Ray is going to be at Black Hat. I will also be at Black Hat if you're here right now. Still reminder, if you go to Black Hat defcon, I host a party. We did it last year with Tyler Ramsby and Hack Smarter. I think we're going to be doing it again together this year. So Simply Cyber and Simply Cyber and Hack Smarter host a, a, a meetup. Okay. Like come on down, open, you know, open bar, open food or whatever. We have a party. All we want you to do is show up. So that's on the Friday of defcon always. So you're invited. What's the best methodology to become a threat hunter? Good question. If anybody's in chat has an answer to this, let me know. If it was me. Taekwond Gong, my methodology would be the following. Set up security onion on your home network and then use Atomic Red team to do some controlled attacks in your environment without any defenses. No edr, none of that crap. Okay. Like you want the attacks to be successful, then go into your logs and hunt those threat like hunt to see that you can find those threats, right? And then rinse and repeat, rinse and repeat. And then if you want to get particularly squirrely, you could try to like if you work in a business, right? If you have access to an enterprise grade SIM, pull down IOCs from anything we talked about a couple in today's show and go looking in your SIM for it. It's as simple as that. Ryan says, would you recommend taking the Google Cyber cert on Corsair to prep for SEC plus? My school sponsors it, so it's free to take. First of all, Ryan, if it's free, yes. Second of all, I actually have a video on the channel around. My thoughts on the Google Cyber Cert. I will tell you, I think it is, I think it's a good primer. It doesn't prepare you to be a practitioner. No. Does it prep you to take SEC plus? Kind of. SEC plus. You'll want to study for SEC plus to pass SEC plus, right? The, the, the things that they're going to be asking you on SEC plus is, is the Google Cyber cert is going to cover a lot of things. Think of a Venn diagram, right? Google Cyber cert will cover things that will be asked about on SEC plus, but it's not a replacement study guide for SEC plus. If you took. If you had no prior knowledge and all you took was Google Cyber Cert and then sat for SEC plus, you may have a tough time passing it. If you do Google Cyber Cert, then you study SEC plus. The Google Cyber Cert is going to give you a ton of foundational knowledge to be able to understand and absorb, assimilate the Security plus content that you will need to know in order to pass sec. Okay. Also want to shout out Professor Messer for his Security plus training. I know that that's a popular one that a lot of people have gotten value from. All right, continuing to look through chat here. Any tips for taking Pen Test plus? Same that I said a moment ago. Striving to learn about cisp. You know, take the practice exam raw, see how you score, focus on the areas you're struggling and then when you get a high enough grade, you're ready to go. What cyber specializations do you think are underappreciated right now? Roswell UK asks. That's a good one. What cyber specializations do you think are underappreciated right now? I mean, I think GRC is underappreciated. It depends on who you like. Who are we talking about underappreciates it right now? I do think internal to our, to our industry. I think other cyber security professionals underappreciate GRC externally facing, I think like business and organizations, corporate America underappreciate pen testers. People treat pen testing like it's a luxury item and I'm telling you it's not. It's very good. Juan Flyberg where to submit questions? Spoiler alert. You just did. You just did. That's a question you submitted and it's been answered. You put it in chat just like you did Jesse Johnson. Jesse, you're so kind. Jesse Glazing me. I think the kids say, say it. I'm the most efficient person he's ever worked with. I do work hard. What would you say is the biggest risk to small and medium sized organizations today? Ooh. J.T. gorman Good question. Man. This. So here I'm going to tell you a question. A quick tip here by the way, when you ask some if you're interviewing someone, if you're doing a podcast, when you're interviewing someone or whatever, when you ask the extreme question like what's the, what's the worst day of your life? What's the biggest cyber risk? What's the funniest story? What's the biggest mistake you made? Right when you ask that question. And again this is just like a pro tip. I'm gonna answer your question, J.T. gorman, and I'm not dunking on you. This is just an opportunity to give a little quick tip to everybody that is doing podcast or wants to do podcasts and do interviews. Do not ask the question this way. Okay. And the way you should ask it is what's a, what's a big cyber risk to small and medium sized organizations or what? What's up? What's a major cyber risk to small? The reason is when you ask someone for the most, a human will immediately stop and think through all the different things that they have and then start ranking them. Because you asked me for the number one. I have to come up with a list and then come up with some rubric in real time and start prioritizing and it'll break the flow of an interview. Okay. Just FYI. And again, I'm not trying to dunk on you. I'm trying to help everybody. That's a tip from Stop Asking Questions by Richard, I think Richard Warner, the great book I read years ago. All right, so a huge risk to small and medium sized organizations today. There, there's a bunch. Okay, so number one, a lot of small organizations, they, they like. Basically everyone has access to everything. There isn't great control over secrets. I have gone, I've, you know, I do consulting for businesses. I have seen many businesses that have like file shares that just have password files. That way everyone can get into whatever they need to anytime. That's a huge mistake. A lot of businesses are not doing backups if they have sensitive data that matters. I will tell you, I've seen a lot of businesses that are doing like cloud infrastructure only. So they've kind of off sourced all their things to like basically I have one client, it's a financial management company that they don't have anything local. So like if they, if they get, you know, if there's a problem with their computer, they just go buy another computer and they're back up and running because everything's there. But you have to have MFA and all the things. Basically the biggest risk I see is that since they don't have centralized management of cyber security and they're not going to, a small business won't if something gets compromised or an account gets taken or whatever, they're not going to have visibility into it for a while for a medium sized business. O. So a medium sized business probably will have sec ops and mdr. Trying to think here. It kind of depends on the industry as well. I mean, I think another huge problem is like the AI sprawl. You got so many people doing so many things, open claw all over the place. That's a big issue too. So AI governance is another big issue. Thanks for the question. J.T. gorman, Artemis Hex says someone with 15 years of UX experience, UX product and app design going into cyber built the portfolio planning certs like plus, what are the chances of finding a job before having a cert? Artemis Hex, two things. One, you can get a job without the cert. Okay. The chances of finding one are, are not great. Okay. And chances of getting one after the cert is not great. Now, before you get discouraged, what I gotta tell you is, okay, it is. Keep, keep doing what you're doing, right? Strong portfolio is awesome. Sec plus is awesome. What you need to do, like you've already got. You're already on the way. You've already done some of the hard things. What I would recommend you do. I'm gonna. Let me share this video. Artemis Hex. By the way, I love your name, Artemis Hex. It's a cool name. Hold on one second, I'm pulling up a video for you because I got a video for that. Where is it? Where is it, where is it, where is it? Where is. Where's my Mike Miller interview? Hold on one second. Let me search on screen. Hold on. Here it is. All right, so, Artemis Hex. This is a one hour video. I promise you this will be worth your time. Watch this. This is a one hour. This is a one hour answer to your question. Artemis Hex. Okay. Did she leave the chat? Artemis Hex, are you still here? I can't, I can't at your name, which makes me think you left the chat, which totally sucks because I'm trying to answer your question here. The tldr everybody is. You've got to. You gotta network like you're you. Build a strong portfolio. Go on LinkedIn and share that. Tell people what you're working on. Work like build. Build a network. Build like speak at conferences. B Sides is a great one. Start you, you basically need to let people know about you, right? And then you'll find out about opportunities. A lot of jobs are not posted, okay? So you'll have to find these jobs through side channels. And the way that you do it is covered extensively in the video I just sent you. Okay? Personal brand, share your things. You're. You're here right now with Simply Cyber. You're doing the community thing. That's perfect. Keep doing it. That the Easiest analogy I give people all the time is like, you, okay, so you want to get a job in cyber, okay, so think of a, like an employer, someone who's going to hire someone in cyber is driving down the street and they drive by a car dealership, right? And the car dealership, instead of having cars on the lot, has cyber security professionals. They're gonna look you. You do this when you drive. You look at the front of the parking lot, right? The cars that are right up on the street line. That's where you're looking. And if you see one, you're like, oh, that's perfect. I'll take one. If you aren't doing networking, building a brand, building relationships, you are the car parked all the way back by the tree line that no one sees. You are awesome. No one knows it, right? So doing the things I'm talking about is getting your car or you up to the front, front of the lot and then your resume and your portfolio and all that stuff's the sticker on the window. You can do it, though. What areas of cyber do you think are overhyped? Oh, wow. I mean, AI. AI is like super hyped. Okay? I saw a Wicked Good LinkedIn meme earlier today. People who aren't using people who are using AI but don't understand AI are like laying off staff and just using, like, just. Oh. AI solves all the problems. People who are really using AI realize it still hallucinates a little bit. It doesn't get things right all the time. It makes. It makes mistakes. It's good to help get you, like, drafted, but you need to be able to finish it, right? So I think, I think a lot of businesses that are AI products are going to go out of business. I think, I think that there will be an AI bubble. Phil Stafford's in chat. He can speak to this, too. Another thing to keep in mind, everybody, like, right now, I pay 100 bucks a month for max plan on anthropic, right? I believe a lot on open AI and Anthropic. There's a lot of investors, VC people, venture capitalists who are supplementing the expense of running those queries. This is why everybody wants to build big data centers and, and large power plants, because running this code takes an amazing amount of energy. Someone's paying for it, right? So when, when the VCS want their money out and they're not going to supplement, the price of running all these queries is going to be massive, high. I. I really think that there's going to be A, a bubble burst on all of, all of that. How we doing on time? It's 9:29. Got a couple more minutes here. I'm at, I'm at 9:16 in chat. You have to get your questions in early, everybody. How much does it cost to be an IR person? That's difficult to answer. There's way too many variables. But you know, training, I mean you could go do sans training in IR like $10,000. You could get a job and, and get paid to learn to be an IR person. So it kind of depends. Any IR people in chat have a thought. Additional insights please at PocketPixels can answer that. My muna over on LinkedIn. So the daily cyber threat brief. CPES. You get a half cyber career hotline. I would, I wouldn't say you get CPS for cyber career hotline. Oh that's right. Cyber Shin and gummy. That is 100 true. I can't believe I forgot about that. That's like totally awful of me. If you are studying, if you want to study Pen Test plus, this is like definitely a legit. Where is it? Yeah, here we go. Look it. Daniel Lowry made literally the pen test plus complete course. Now it's 150 bucks. So like you have to pay, you know, like. But this is one comprehensive 84 lessons that goes entirely through the entire pen test plus with follow alongs, you know, videos. Daniel's teaching style is amazing. So if you are wanting Pen Test plus like this, this is a very affordable comprehensive study approach. If you're interested. Thank you. Cyber Shinigami. All right guys, it is 9:30. I'm gonna speed run now because I always feel, listen, I feel terrible if I don't get your questions answered, okay? It makes me feel like I'm doing, I'm, I'm like doing you dirty and I don't, I don't want to do you dirty. Dario says if you had to pick one blue team specialization to work for the rest of your care, what would you pick? I would pick detection engineering. I think detection engineering is the real deal because a detection engineer basically is looking at new attacks and developing detections that anyone can use in order to see those attacks going forward. So like you're always on the bleeding edge of attacking, which is super useful, super helpful and super interesting. Kyle, what are three quickies? Hi Kyle. Kyle, by the way, it's good to see you. What are three quick easy wins for orgs just starting their cyber maturity journey? Get a framework. If you're just starting, I'd say cis 18. And then, you know, I would just put MFA in place on all the things, if you can, and start engaging in your workforce, getting educated in best practices. That's what I would do. That way you start getting a face for infosec in front of your workforce. You break down barriers of them falling victim to crimes and not telling you. And then MFA just. The value on MFA is just so, so valuable. All right, let's see. Remember when quantum computing was supposed to be the next big thing? Dude, don't even get me started on that. Adrian, I think quantum computing is also ultra hyped. All right, Continuing to look through chat. When's the next sex? When's the next sock analyst interview question set to release? They will release next Sunday. So May 17th. If you guys didn't know, we did release a sock analyst interview video. We've got two or three more coming out in the next couple weeks. Let me see if you're interested. This is the first one right here. I'll drop a link. Eric Capuano, longtime senior, senior security operations center professional, as well as sans instructor sock analyst interview. There you go. We had to take a week off. I had a contractual obligation to do this video right here with material security. So if you would like. I actually deployed this material security in my own Simply Cyber Google workspace environment. Check this out. If you want, go check that video out. It's professionally, you know, produced and developed. So it's, it's pretty. I think it's pretty cool. Pretty well done. All right. Plus, it helps me. Helps the channel. All right. Berlin is planning to attend BSIDE 312. Any tips? Yeah, there's actually a video on Simply. If you Google Simply Cyber, how to get the most out of a cyber conference, it'll come up tldr Berlinda, connect with people on the Simply Cyber Discord server. See if anyone else is going. You. You basically would like to know a couple people that are going before you get there. That way you have a little, you know, a little group that you can chill with and, you know, say hi to random people, go to vendor booths, talk to them. Right. B sides typically don't have a lot of vendor booths, so. And then, hey, if you can volunteer, maybe not on this one, but volunteer, that's a great way to begin networking. What are your thoughts on the AI front? How you'd stay ahead, get your hands dirty. Michael Ray Guitar I I vibe, you know, like I did the website, Simply Cyber's website this weekend. Daily Cyber threat brief this weekend. Got a lot of value from that. All right, come on. Looking through chat. All right, I'm caught up. All right, guys, I gotta get out of here. Got a bunch of work to do today. I'm Jerry from Simply Cyber. Thank you all so very much. Guys, go to cyber threatbrief. Simply cyberIO check out the new daily cyber threat brief website Simply Cyber IO for the new Simply Cyber website. We're making big moves over here. Like a snake in the grass. Roundabout. Be pushed over. Be little gang star for you guys. Take care. Thank you. Until next time, stay secure.