Summary8 min read

Daily Cyber Threat Brief (Ep 1132) — May 14, 2026: Podcast Summary

Podcast: Daily Cyber Threat Brief
Host: Dr. Gerald Auger, Ph.D. (Simply Cyber Media Group)
Date: May 15, 2026
Episode: 🔴 May 14’s Top Cyber News NOW! - Ep 1132

Episode Overview

Dr. Gerald Auger delivers another high-energy, insightful episode of Daily Cyber Threat Brief, focusing on the most important cybersecurity news stories affecting analysts, business leaders, and the broader #TeamSC community. In this episode, Dr. Auger analyzes a set of major stories with his signature blend of deep expertise, mentorship-oriented commentary, and community engagement. The episode includes big-name breaches, emerging AI in cybersecurity, supply chain threats, insider takes on threat actors, and practical GRC wisdom. Longtime community member James McQuiggin takes the wheel for the Cyber Career Hotline segment, answering questions live with actionable advice for breaking into and thriving in cyber careers.

Key Discussion Points & Insights

1. Foxconn Ransomware Attack by Nitrogen Group

[13:01–18:16]

What Happened?
Foxconn, the major Taiwanese electronics manufacturer, was hit by the Nitrogen ransomware group, impacting North American factories and allegedly leaking 8TB of sensitive customer data (Apple, Intel, Google, Dell, Nvidia).
Nitrogen Group Analysis:
Dr. Auger walks through live threat intel gathering, noting Nitrogen is fairly new (~1 year old), emerging from the ashes of prolific groups like BlackCat/ALPHV and BlackMatter (the group behind the Colonial Pipeline attack). The pattern is one of criminal groups regrouping after major heists, with previous notoriety, returning under new “brands.”

“Dude, ransomware threat actor groups pop up, crop up, rebrand, you know, faction split, and then start their own thing. … if you just pay attention and you stop looking so transactionally … you will begin to see these larger trends.” — Gerald Auger (16:00)
Business Impact:
Manufacturing is now a major cyber adversary target, “hotter than a three dollar pistol.” Foxconn’s geopolitical exposure (Taiwan vs. China interests) and assumption of strong cyber resilience due to threats are debated.

2. Windows BitLocker Zero Days ("Yellow Key" & "Green Plasma")

[22:41–28:50]

Story:
Researcher “Chaotic Eclipse” dropped proof-of-concepts for two unpatched Windows zero-days. “Yellow Key” can bypass BitLocker in the Windows Recovery Environment on TPM-only systems.
Big Picture:
Dr. Auger notes proof-of-concept status, mitigations coming, and the importance of “defense in depth” rather than relying solely on encryption. Full disk encryption is essential, but end-user behavior and cloud file storage reduce risk.

“There are no silver bullets. … Full disk encryption on your endpoints is a great control. But as demonstrated here, there are situations that can result in compromise.” — Gerald Auger (27:30)

3. Microsoft’s M-Dash AI Vulnerability Hunter

[28:50–34:48]

What is M-Dash?
A Microsoft AI that uses 100+ agents to autonomously mine their codebase for vulnerabilities, discovering 16 flaws fixed in this Patch Tuesday, including two critical RCEs.
Meta Insight:
The industry faces a coming wave of software flaws from AI-driven discovery—“a tornado on the horizon.” While Microsoft gets more secure, the rest of the industry faces a remediation bottleneck, not a visibility one.

“We don't have a visibility problem, we have a remediation problem. NIST is getting overwhelmed and cannot enrich these vulnerabilities.” — Gerald Auger (31:05)
“All I need to hear and see is that the Microsoft operating system and Microsoft technologies are going to be a bit more secure.” — Gerald Auger (33:30)

4. Mistral AI Building a Security LLM for European Banks

[34:48–38:29]

Context:
Mistral AI, a European LLM provider, is developing models specifically for banks, offering an alternative to U.S.-centric solutions (Anthropic, OpenAI). European banks want AI models they can trust—and that aren’t subject to U.S. policy or export controls.
Community Commentary:
Dr. Auger sees this as healthy market competition and geopolitics in play, noting how Europe wants to reduce dependency on U.S. big tech for critical infrastructure AI.

“This is what free market capitalism looks like. … This is great because this will be another LLM option on the market for us to use to help protect our organizations.” — Gerald Auger (37:55)

5. Exim Mailer RCE: Unauthenticated Remote Code Execution

[43:10–49:13]

Critical Flaw:
Exim mail server flaw: unauthenticated RCE for servers built with certain SMTP features and GNU TLS. Proof-of-concept exploits demonstrated; bug credited to AI-assisted tools, but human ingenuity sealed the deal.
Real-World Impact:
Dr. Auger underscores the severity: "If you see unauthenticated remote code execution or arbitrary code execution, this should be what's in your mind,” referencing iconic film moments—that’s how rare and dangerous these bugs are.

“Unauthenticated remote code execution is the worst possible situation … anyone in the world with any IP address can do whatever they want on your machine.” — Gerald Auger (44:25)

6. Model Context Protocol (MCP) Vulnerabilities in AI-Linked DBs

[49:13–55:01]

Story:
Akamai finds three major vulnerabilities in MCP servers (Apache Doris, Pinot, Alibaba RDS) that allow SQL injection/data theft in systems using AI/LLMs for automation. Alibaba declined to patch one flaw, adding supply chain risk.
Key Point:
The AI supply chain is “the wild west”—vendors race for market, security lags, user organizations shoulder unexpected risk.

“MCP servers are going to be like playing craps in Vegas, like you're rolling the dice and hoping for the best.” — Gerald Auger (53:47)

7. Ruby Gems "Gem Stuffer" Campaign - Data Exfiltration Abuse

[55:01–60:36]

Campaign Details:
Malicious Ruby gems used to scrape UK public web data, exfiltrating via the package registry rather than direct C2. More than 100 gems involved; highlights new attack vectors from abused package platforms.
Supply Chain Angle:
The risk isn’t about Ruby per se, but how software package managers (npm, PyPI, RubyGems) are becoming covert data transport mechanisms in the supply chain—a future trend to watch.

“The bigger concern is how do you protect from [the] Shai Hulud [worm], that's what I would want to know.” — Gerald Auger (58:55)

8. Ransomware Gang "The Gentleman" Gets Breached—RaaS Structure Exposed

[60:36–61:17]

What Happened?
Another ransomware group (The Gentleman) had their backend systems hacked, leaking 16GB of sensitive internal comms (recon, malware dev, how they pay affiliates—a 90/10 split, etc.).
Why it Matters:
The leak offers huge insight into how professionalized ransomware-as-a-service groups actually operate—mirroring legitimate businesses with HR, QA, recruiting.

“They have HR departments, they have QA testers, they have marketing people to recruit affiliates. Like, it is a full-blown business.” — Gerald Auger (62:00)

Notable Quotes & Memorable Moments

On macro vs. micro threat trends:

“As you get further up the career path and get more senior, you start dealing with more strategy and macro level things … There’s a lot of experience and perspective you just have to learn.” — Gerald Auger (17:40)
On conference networking:

“Go to the sessions, chat with people. Connect with people here on the Discord. … Make sure you read ahead, see which one's going to be of interest. Think about what you want to learn.” — James McQuiggin [1:20:00]
On AI identity management:

“At what point in cybersecurity are we going to need to start resetting passwords for AI coworkers … and how are identity teams supposed to handle proving what's human versus AI?” — Listener Question, answered by James McQuiggin [1:27:00]

Timestamps for Key Segments

| Timestamp | Segment / Story | |-------------|---------------------------------------------| | 13:01 | Foxconn ransomware (Nitrogen group) | | 22:41 | Windows BitLocker Zero Days | | 28:50 | Microsoft M-Dash AI Findings | | 34:48 | Mistral AI for European Banks | | 43:10 | Exim Mailer Unauthenticated RCE | | 49:13 | Model Context Protocol (MCP) Vulnerabilities| | 55:01 | RubyGems "Gem Stuffer" Campaign | | 60:36 | Gentleman Ransomware Gang Internal Leak | | 65:00~ | Cyber Career Hotline with James McQuiggin |

Cyber Career Hotline (James McQuiggin)

[65:00–end]

Format: Rapid Q&A on cyber careers, breaking in, taking offers, negotiating, volunteering, specializing in awareness, and more.
Select Questions & Advice:
- Job offer negotiation: “Negotiate, see if you can get this. Come back with reasons why and see if they'll offer it. If not … take it for now and keep looking.” [1:10:00]
- Security awareness specialization: "Lead with the carrot, not the stick. Reward people for spotting phishing. Volunteer at events. Connect with the community.” [1:22:00]
- AI and identity risk: "Resetting passwords is probably more about resetting API keys … we need a way to identify those [non-human] in AD … naming conventions, account type." [1:27:00]
- General readiness for AI: "Are we ready for any type of shift? No… Security is always kind of a last spot … it's not showing up there until it's too late or it gets released and then it's like, 'Oh, now we need security.'” [1:35:00]

Community & Tone

Dr. Auger keeps a hype, supportive, and highly engaging environment, interweaving practical mentorship (“if you’re new, welcome to the party!”), educative asides, and energetic calls for audience wins and first-timers. Memes, pop culture references, and shoutouts ground the tone in everyday cyber life.

Takeaways & Action Items

Ransomware threats are cyclical but evolving—track the “lineage” of major threat groups.
AI will continue driving both discovery of vulnerabilities and new attack surfaces. Organizations need to prepare for a tsunami of unpatched flaws and supply chain issues.
Zero trust in software supply chains: Package managers and widely used protocols are under attack.
Adapt GRC and security awareness for an AI-driven world: Start experimenting with how to treat non-human identities (agentic AIs) as first-class citizens in your security models.
Community and ongoing learning (at conferences, via mentorship) are keys to success in this fast-moving space.

Links/Resources Mentioned

MITRE ATT&CK Framework — Threat actor research
Simply Cyber CPE Program — Free certificates for daily news brief participation
Simply CyberCon 2026 — Conference registration, Nov 8–9, Folly Beach, SC

For more nuanced discussions, actionable tips, and to join the live community, tune in to Simply Cyber’s Daily Cyber Threat Brief and follow along on YouTube or Discord.

Loading summary

Transcript30 lines

[00:02]
A
All right, good morning, everybody. Welcome to the party. Today is Thursday, May 14, 2026. Dealing with a little bit of production issue, but we are getting it done. 80 is the new hundred percent. Am I right? All right, what's up, everybody? Listen, if you're looking to stay current on the top cyber security news stories of the day while being entertained, entertained, educated and hanging out with the coolest of the cool kids in cyber security, well, then you're in the right place because this is simply Cyber's daily cyber threat brief. I'm your host, Dr. Gerald Oer, coming to you live from the Buffer Oer Flow studio. Good morning. Get comfortable because we got a great show for you. Let's get cooking. All right, everybody, welcome. So, so great to have you here. It is Thursday already. This week has been cooking. It's been moving so quickly that I had to call in from the, from the bullpen. My big huge cup of coffee. Love this cup of coffee. It holds so much coffee. Honestly, it's a good one, guys. Every single day of the week has a special segment. Today's Thursday, so you can expect to be tantalized and entertained at the mid roll by Dan Reardon, AKA the Haircut Fish, longtime Simply Cyber community member, friend of mine, and potentially friend of yours, with a custom piping hot meme made every week for us. Usually I am the focus of the meme. Dan has stepped out and expanded the circle today, so look forward to that and surprise guest meme. No one is safe when it comes to Dan Reardon. Everyone is potentially in scope. Guys, I hope you got some great news. If you got good news, whether you're passing Certs, getting jobs, crushing it, getting promoted, graduating, we are right around graduation time of the year. Share it in chat. All the wins are inspiring for everybody. Plus it feels good. We love celebrating each other and each other's wins. Now we are going to go through eight stories. I literally, literally. I mean, I have zero idea what they are. Okay. Ain't nobody got time for that. I don't research or prep for the show and every once in a while I'm running a little behind, so I don't even have time to get the tabs open. CSO series, Spotify podcast is not available, so we might be running ultra dirty. It's been a minute since we ran ultra dirty here on the show. I'm getting the tabs open now, so we'll see what happens. But the good news is, no matter what stories come up, it doesn't matter. I've been doing this show for over 1100 episodes in a row. And I can tell you without question, I will find value for you in each of these stories. Of course, you can do the main headline, but you could do that on your own time, so what's the point? Why come here? Why spend an hour? I. I see people comment in the comments sometimes, like, bro, why you spend an hour to do the news? Just give me the news. It's called brief. You're not brief at all. Yeah, well, that's because I have 20 plus years of experience and I want to give you insights and value that you will not get by reading the news story, that you will not get from a classroom or a textbook. You'll only get it from mentorship and having someone who's been there and gone through it telling you, trying to level you up. Oh, we got some gifted subs coming in. My man Robert dropping gifted subs. Heck yeah. Robert, thank you so much. Guys, we're off early with the gifted subs this morning, so if you're a squad. Excuse me. If you're a newly minted squad member, check out that emo tray on YouTube. Giddy up on that. Thank you, Robert. Very kind of you guys. I want you to know every single episode of the Daily Cyber Threat Brief is worth half a cpe. So what. What does that mean? It means that if you have a cyber security certification that requires continuing education requirements, CPEs, CEU, CTEs, it depends on which you know where you live in the world, honestly. But check it out. If you go to Cyberthreat Brief, simply Cyber IO. Someone put exclamation point CPE in chat, please. Nightbot will give you the link. Right on the top is the CPE function right here. You simply put in your name and email address. Click these two check boxes after you read them, and at the. On June 1st, I will send you an email with all of your CPEs and a nice tidy certificate that you can file off. No more screenshots, no more counting, no more arguing. It's much cleaner now and I want to let everybody know that yesterday I went into the back end. Oh. Oh. What are you doing back there, Jerry? You know, like, I went in the back end of the system and confirmed everything is working as designed. So you guys are all beta testers, essentially, the. The May, you know, until June 1st. It's beta testing period piloting. But it looks really good. Really. The final thing is to send the email and see how people like the Certs. Obviously, if you have feedback, let me know. You have to write the same name. You can't be, you know, Gerald Ozier today and then Gerald M. Ozier tomorrow and Jerry Ozer the next day. Because it's not, it's not going to work. You have to have the same. The name is what appears on the certificate. Right? So, and then the email is how I send it to you. So anyways, the CPEs are fleshed out and looking good, so we're all off and running on that. Now if you're here for the first time, you might be like, holy crap, dude, this guy's energy levels at an 11. And he built a CPE application to make it easy for me to take advantage of this free program every single day. Yes, yes, that's what we've done here at Simply Cyber. It's all about support, inclusion, empowerment and making it happen. Captain. So if you're here for the first time, drop a hashtag first timer, hashtag first timer in chat. So we can welcome you, we can welcome you to the show. We have spoiler alert. We have special sound effects, special emotes. We love welcoming our first timers. If you're coming in on LinkedIn, welcome to the party, pal. Of course LinkedIn is welcome here as we live stream in parallel. But the, the action, the hot action is over on YouTube live. So go to simply cyber IO stream. You'll come right in here. So anyways, first timers now you know this platform, the cloudflare back end emailing you all these things. It's free to you, but the show does need to, the show does have expenses. So I want to give a shout out and you know, appreciation and gratitude to the show sponsors, those who enable me to bring the show. Not, not to mention guys, not only do I really like these companies and the people behind them, but, but these three companies agreed to sponsor the entire year of Simply Cyber daily cyber threat brief. That's the level of commitment that they have and the understanding of how important it is to provide a community like this. Go to Simply Cyber IO Flare and you can check out Flare. You, you know, basically you can sign up for Flare's threat intelligence platform, a two week free trial. See your organization's real exposure right now, not theoretical. Flare goes into dark web, you know, cyber criminal undergrounds, information stealer log files, all the places they go, aggregate it, bring it back and make it a very searchable platform. So what is this? This is basically like a search engine except for all the real criminal stuff going on in cyber and you can find out if your company's involved. If your VIPs, your if end points in your environment have been compromised. Dude, security is not a perfect science. EDRs fail. But threat actors have to coordinate. Threat actors have to organize. And that's where all this threat intelligence come from. Go to Simply Cyber IO Flare. Now sign up for the two week free trial links in the description below. And believe me when I tell you, you will not be disappointed. It is a banger of a platform. I love it. You know what else I love? I've made no qualms about this. Anti siphon training, the training arm of Black Hills Information Security are bringing value to everyone, regardless of financial position. Now, I want you to know I, I, I've, I've keynoted Wild West Hack Infest, the conference arm of Black Hills. I've spoke, I think I've spoke three or four times at Wild West Hack Invest. I'll be speaking this year at Wild West Hack Infest on an AI cyber career mashup. But tomorrow, Friday, Wade Wells, the stash, San Diego zone detection engineer extraordinaire, friend of the program and friend of the community member Wade Wells is going to be doing a workshop, Threat actor profiling. Know your enemy. Four hours for 25 bucks. Six bucks an hour less than it is for, you know, basically at this point, a cup of coffee. Jesus, inflation's killing me, dude. For 25 bucks, you can learn from one of the most talented detection engineers in the industry for four hours. Come check it out. You're going to learn how to identify, profile and prioritize threat actors most likely to come after your organization. Guys, you can't block all the doors, so why not prioritize the ones that are most likely to get kicked in? FBI. Open up. That's like a meme I hear my kids do all the time. Or they used to. All right, so here's a link to Wade's training. If you do take it, tell him I said hi. I actually got interviewed for his podcast yesterday, so it's kind of fun. Reciprocal. All right. You know what else is fun? Threat Lockers application deny by default allow only listing of applications is a hella good way to have cyber security in this industry. You know what? Brand new malware written yesterday just for your organization will not run because Threat Locker doesn't know about it. Let's hear from Threat Locker and then we'll get the show cooking. I want to give some love to the daily Cyber Threat Brief sponsor, Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night. Worry no More, you can harden your security with Threat Locker. Worldwide, companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com Daily Cyber. All right, everybody, I do want to say really quickly, it's been. It's been a busy morning. Like, things were kind of chaotic here, so I haven't even really had a chance to look at chat. Let me say what's up. Hey, Priceless pancake. Hey, James McQuiggin. What's up, TJ? Chris Sabata, Sierra Montgomery bringing the heat. She's got a strong emote game. Mara Levy and the Weezer factions are in the house. I don't know if Toasty pops in Kansas City. Connection is here, obviously. We got Phil Stafford, Elliot Matice, and the, you know, the San Francisco dark crowd. We got so many people. It is all about good times here at Simply Cyber. Let me go ahead and see if cyber security headlines are actually updated. My guy. Come on. Yay. There it is. All right, let me go ahead and lock and load this thing. All right, I. I've noticed lock in is like a thing. I said it to my kid the other day. I'm like, lock in. That's like a trend, right? He's like, dad, it's been a trend for like three years. Like, it's almost done. What are you talking about? I'm like, I saw it on the people's shirt during March Madness. He's like, eye roll. All right, everybody, holla. Hala. Get your coffee, get comfortable, sit back, relax. Cool. Sounds hot. News. Let's go.
[12:55]
B
From the CISO series, it's cyber security headlines.
[13:02]
C
These are the cyber security headlines for Thursday, May 14, 2026. I'm Sarah Lane. Foxconn confirms North American factory attack. Foxconn said that several North American factories were hit by a cyber attack claimed by the Nitrogen ransomware group, which says it stole eight terabytes of data, including confidential files tied to customers like Apple, Intel, Google, Dell, and Nvidia. Foxconn said it activated incident response measures and and is restoring affected operations. The ransomware group continues to pressure some victims through data theft and file encryption.
[13:42]
A
Bit luck. All right, two things really quickly. Zev Shadow Wolf, 87 at Z Chat. So at Zev, if you'd like to get in on this, announcing that they just passed their SSCP or they just earned their sscp. This is the Software Security practitioner cert from I. Actually, no, it's not. SSCP is the system security one. So Zev Shadow got their software Security practitioner cert from ISC2. Winning. Congratulations, Zev Shadow. Super pumped for you. All right, so check it out. Foxconn gets hit with ransomware. I haven't heard of the NIT nitrogen ransomware group. I don't know if anyone else has. It doesn't mean anything. Like, dude, ransomware threat actor groups pop up, crop up, rebrand, you know, faction split, and then start their own thing. It's fine. This is a Taiwanese chip manufacturer. So, you know, before this, you know, I don't research or prep for the show. So as this thing started, my immediate thought was this was a Chinese based apt. Now, China is really good at espionage, so typically they wouldn't leave such a massive smoking crater at a, at a company that they hack. Like that's literally the opposite of espionage. But it is a Taiwanese company. And if you've been paying attention, if you took Elliot Mat's lecture at simply CyberCon 2025, you would be in the know to know that, that, you know, geopolitically speaking, that would benefit China since it'd be softening a major, you know, player in the Taiwanese business ecosystem. So there is some in, you know, I guess motivation or, you know, apparent game theory, incentive for China to do that in this way. Again, as I've never heard of nitrogen, I do want to quickly. Nitrogen Threat Actor group. Here's what I would do or here's what I am doing. I never heard of nitrogen before. So the first thing I'm going to do is look up nitrogen threat actor group at Miter Attack. So going to Miter attack, if you go to the ct, if you go to hello, I'm drop this link in chat. I'm drunk, I'm dropping links chat. All right, there's Miter Attack Framework. If you guys don't know Miter Attack Framework, this is basically a gift from Miter to the entire cyber security industry. It's phenomenal. Across the top they have cti, which is the acronym for Cyber Threat Intelligence. Underneath it there's group softwares and campaigns. Go ahead and click on groups. This is what I would do again, this is what I am doing. And then I hit control F and then type in nitrogen. Nitrogen does not show up. So it's not even listed in MITRE tax framework. So we don't know what the background is on if this group's been operating, if they have ttps similar to other known threat actors. There's a little bit of information here. Thank you. AI Nitrogen's a relatively new cyber operation. Of course. That makes sense. Active since late 2024, so they're a year in. I mean, my guy, when does new not become new? I mean, they're over a year old, so they're big on BYO vd. Bring your own vulnerable driver. This can allow, like, side loading and attacks like that. Okay, so here we go. First observed. Listen to me. First observed in 2023 is a loader for Black Cat Alfie ransomware. So, you know, like, dude, there's only so many, like, ransomware criminal operators, and they kind of, like, carouse with each other, so no surprise that one, that's a easy one. Ransomware that's effective enough to take down a major player like Foxconn happens to be one that's been running around with Black Cat Alfie, which was one of the most prolific ransomware threat actors in history, you know, and it's. It's only been, like, less than 10 years. But black Key, if you don't remember, Black Cat Alfie, just to kind of give you guys the genesis of this. Not the Sega Genesis drink, but the genesis of this Dark side was the ransomware threat actor group that hit Colonial Pipeline, that caused all the kerfuffle. Dark side immediately imploded and rebranded as Black Cat.
[18:16]
B
Or.
[18:17]
A
Or, excuse me, Black Matter. And then they rebranded immediately to Alfie Black Cat. And then they. After Change Healthcare, which was another massive healthcare cyber attack last year, I think it was January 25th, they shut down. And then, like, Ransom Hub stood up. And now. Now we're seeing nitrogen stand up. And it makes a lot of sense, right? This was first spotted in late 2024. Hello. That's right around the time that the Change Health. Like what? Hold on, let me confirm this before I start talking out my butt. Change healthcare attack. 2024. When was this? February 2024 is when it happened. Okay, so I was. I was wrong. It was two years ago. Wow, that's. That's unbelievably how long it goes. So if. If you just kind of play it out, right? Change healthcare, they got $22 million, massive payday. The threat actor group had so much heat on them, it's like Reservoir Dogs, right? Or, you know, or heat. They do the job and. And then they break up because it's too hot, the heat is too on. And then they, they go spend their money, drive around on jet skis, and about a year later they form up as, you know, different factions, right? It's like Ocean's Eleven or Reservoir. Like this is what I'm saying. Like they have the skills, they have the tools, they have the connections. And once they kind of been chilled out in a year of the heat being off, they start spinning up as different threat actors. So to me, dude, if you, if you pay attention, here's my thing. I hate to sound like such an old man. Clouds. Listen, if you just pay attention and you stop looking so transactionally and so microscopically at what is going on today. And of course you, you do have to pay attention day to day. But my point is keep perspective on the macro and you will begin to see these larger trends and you can even predict these things, right? Like, so it. Which is vital, right, as, because as a cso, listen, if you're a cyber security professional and you're like entry level analyst or something, first of all, awesome. Congratulations. Welcome to the party, pal. All right. Welcome to the party, pal. But my point, what I'm getting with is you're dealing with day to day transactional stuff. Break fix. Here's a, here's an alert. Look at alert. Here's the thing, look at thing. As you get further up the career path and get more senior, you start dealing with more strategy and macro level things. Ultimately, until you're like the ciso, right? So, or you know, you can be senior technical person or manager or whatever, director, but as a ciso, like you're dealing with like three year license engagements, budget cycles, right? Like you're dealing with these longer stream things. So you need to have longer vision, perspective and macro understanding. This is why, you know, people are like, oh, I just want to be a seat, like, just move me to the top of the list. It's like, I'm not gating you that you can't be on the top of the mountain, but you, like, you're gonna not be as effective because there's a lot of experience and perspective that you just have to learn, which is why I do the show and try to give you all these extra insights to help you shortcut and fast track to whatever your career aspirations are. So anyways, the TLDR here, right, for the daily transaction, nitrogen ransomware is around. They attacked Foxconn. Foxconn man is a manufacturing company at the end of the day, right, they make semiconductor chips and Technology and stuff like that but at the end of the day they manufacture things. Manufacturing is hotter than a three dollar pistol as far as threat actor targets, healthcare and manufacturing. Go get some. So yeah, I'm not surprised that they got hit. It sucks and I hope the fact that they are a multi billion dollar revenue generating business who is in a sector that is targeted in a country that has a huge looming red shadow over it probably has been doing tabletop exercises and bolstering their cyber security program to ensure that if something crappy like this happens they are able to be resilient. Thank you Cyber Resiliency W and also continue operations. So let's, let's go. Thank you for coming to my ted talk.
[22:41]
C
Your 0 day accesses protected drives. A researcher known as Chaotic Eclipse or Nightmare Eclipse released proof of concept exploits for two unpatched Windows Zero days dubbed Yellow Key and Green Plasma, including a BitLocker bypass that can expose encrypted drives through the Windows recovery environment. Security researchers confirmed parts of the Yellow key exploit which abuses NTFS transaction logs to launch a command shell with access to unlocked BitLocker volumes on TPM only systems. The disclosure follows earlier leaked Windows exploits from the same researcher. All right, M Dash.
[23:23]
A
Okay, so this is interesting. I'm not going to get too in the weeds on this one because it sounds like it's, you know, you gotta be standing on one leg. This, the moon has to be like, you know, three quarters full. It has to be a Tuesday. You know, like you have to be able to smell a waft of Cinnabon right in the air. Like there's a lot of things that have to happen for this to be a problem. But, but let's go ahead and not completely throw shade on it. So Windows BitLocker, if you didn't know, is wind, Microsoft operating systems, full disk encryption solution. Right? So if you leave your laptop in an Uber, you can say to, you know, basically Department of Health and Human Services or to insurance company insurance companies or to your employer, it doesn't matter what is on the, on the computer because full disk encryption protects it. Okay? Now somebody has discovered a zero day that allows access to some of the data that is protected by BitLocker. Okay? Now this is not a full skeleton key to unlock all the bitlocker. And it sounds like it is segments of the data. Like it says some in the, in the, the news title doesn't say it but like in the story the guy said some protected drives. All right. And it has to be on certain kind of computer Hardware, right? I mean TPM chips are pretty common, but they did mention some kind of special, You know, kind of situation. Now this researcher specifically has been going hard in the paint on Windows operating system with. Seems like low level kernel Windows operating systems. They are recognized for the Blue Hammer vulnerability and the Red sun vulnerability. Now real quick, I love these names. Blue Hammer, Red Sun. Let's go. I do miss the days you youngs, I mean it depends on how young you are. But you like casually Joseph Swat, 25. It's been like maybe seven years, so he would be 18. I don't know if casually Joseph was. He's like our resident young. I don't know if he was around when this has happened but dude, back in the day vulnerabilities used to get logos. It was awesome. Like you could slap a logo everywhere. You'd see it on social media, you'd see it in the news. Logos were one of the best things to happen to cybersecurity because it allowed, you know, basically mainstream media to cover it in a way that it was visually engaging. As someone who is proudly and unabashed into infographics vulnerability logos were a wonderful on ramp for normal people to get a little taste of what the hell's going on with like whatever this vulnerability is. And we got away from it, man, we have all this AI that can generate graphics, yet we got away from it. What a bummer. Okay, so tldr, what I would say is there is a proof of concept exploit out for two unpatched Windows vulnerabilities named Yellow key and green plasma. Looks like we've got the entire set of Crayola crayons. The basic pack, the eight pack, the green, the yellow, the red, the blue, right? Maybe we're gonna get orange, orange, orange knock knocker or whatever next. And what other color am I missing in there? I guess black. Black's a red, red lane. You know what, or no Red sun was in there anyways. Tldr, Microsoft's gonna repair this and patch it. You gotta patch it. Ah, you gotta patch it. The final thing I'll say about this kind of big picture stuff here, no, nothing in cyber security is a hundred percent. There are no silver bullets. There are no 100 controls. There's no 0% risk. Right? It's all about managing risk. So full disk encryption on your end points is a great control. But as demonstrated here, there are situations that can result in compromise of those controls. So like for this particular one, what I'm saying is, yes, bit locker, all your endpoints F Full DIS encryption. I was going to say fde, but full DIS encryption. All your endpoints. Right? But also educate your end users not to keep sensitive information on their laptops if they don't need to. Right? Use Cloud. Check in, check out. Educate your end users not to take their laptop out with them to the happy hour. I listen Scott, I get it. You're at the brewery having drinks with everybody while you're also still doing some extra work. Or you're standing in the parking lot on a conference call with your laptop. My guy, have some boundaries. Leave your laptop at the hotel, not at, you know, the happy hour where you're going to have three road sodas and leave it in an Uber. You know what I'm saying?
[28:50]
C
So Defense in depth patches 16 Windows flaws Microsoft unveiled M Dash, a multimodal AI system that uses more than 100 specialized agents to discover and validate software vulnerabilities in Windows code bases. The company said m dash identified 16 flaws patched in this month's Patch Tuesday release, including two critical remote code execution bugs affecting Windows networking and authentication components. This follows similar AI driven cybersecurity efforts from Anthropic and OpenAI.
[29:27]
A
Oh my God. I was like what is Microsoft M Dash? Really quick. Oh my God, I gotta just turn off this really quick. If you're watching live this this thing. I love this idea but it's an it's a burden to maintain. You can see I haven't touched it since December 16th. If you're listening on audio only on Spotify podcast or whatever or you're on the the elliptical and you just got me in your ears. We have this like story kind of like menu or agenda of things coming up. I love the idea because they do it in like real news briefs, but it's just a pain in the a since I'm managing it all by myself. All right, so I've never heard of this M Dash AI system. Guys, if I could just put when we think of AI, right? And this is not copilot, although it's kind of in the same vein. I thinking back to how Cloud was, Amazon AWS and Microsoft Azure are juggernauts in Cloud, right? And to me and then Google Compute is like, you know, like the little Chihuahua that's like nipping at the big dog's heels. And then Oracle is like not even on the same street. I feel like that's what's going on with AI. Like Anthropic and OpenAI are the big dogs running around and Then Microsoft is like nip, nip, nip. And like Google Gemini is maybe a mid sized dog. So when you see this M Dash AI system thing, I'm like, what is this? But Microsoft's got deep pockets and they can fund initiatives like this. Also I want to point out Microsoft years and years ago made a. Yes, I don't know, Microsoft like door knocker. Microsoft years ago came out with like a trustworthy computing memoir. Now it was Bill Gates and Bill Gates hasn't been around for a minute and he's also got his own problems that he's kind of dealing with, you know what I mean? But Bill wrote this trustworthy computing memo years and years ago. 2002, here we go. You can see here, I'm showing it on stream right now. And basically said, hey listen, Microsoft's made a ton of money but let's get serious about security. So this is totally on brand. What do we need to know here? Microsoft is going through software and using AI to discover vulnerabilities, which is good because last time I checked, Microsoft isn't a cyber threat actor. They're not an advanced persistent threat. They're actually interested in secure code, which means we're all going to win. We talked yesterday. If you missed yesterday's episode, let me recap it. But if you want the deeper dive, go watch yesterday, May, May 13th episode. We are dealing with this like really interesting time in cyber security, especially around software and software vulnerabilities. The amount of vulnerabilities being discovered because of AI are exponential over the last couple years. Okay? Like there will be absolutely substantial more vulnerabilities discovered over the next couple years, which means we don't have a visibility problem, we have a remediation problem. NIST is getting overwhelmed and cannot enrich these vulnerability. Scanning companies are not going to be getting the feeds from NIST because they're not being enriched, which means they're not going to be able to discover them as easily or as well. Which means there's going to be a longer exposure window for threat actors to write exploits which they're using AI to do, to write them wicked fast. So the, the long story short is there is a tornado on the horizon that we can all see and it is hurtling towards us. Now some of us are just going to be like the cow in the movie Twister and just spin in a circle and then, you know, get put back down and some of us are going to be the barn that absolutely gets shredded. Okay? And it's a, it's a Tornado like you can't run away from it. It's just like, you know, grab your ankles and hope for the best. So at least Microsoft is doing something well here to help accelerate, at least for the, for the good guides to find these flaws and get them fixed. Obviously they're going to be focused on Microsoft technologies, Microsoft operating system first and foremost. So I mean, here's my thing. If you're interested in AI vulnerability management, security research, I encourage you to read this full story as a CISO. Oh man, nice credence reference, Kyle. Hold on. Em-AI as a CISO. What? All I need, all I need to hear and see is that the Microsoft operating system and Microsoft technologies are going to be a bit more secure. Like Microsoft's doing their part to accelerate securing that software. Now the reality is, if Microsoft wasn't doing this, was I really going to migrate all of my end users to Mac or to Linux or something? No, no. Microsoft has a. A massive lock in footprint, so. But I'm just happy to see that they're doing it. I did not know this. DJ B reporting right now that Microsoft is running OpenAI and Anthropic Frontier models under Copilot. So yay.
[34:48]
C
Develops new AI model for banks Bloomberg sources say Mistral AI is developing a cybersecurity focused AI model for European banks looking for alternatives to Anthropic's restricted access mythosystem. The company has reportedly been in talks with financial institutions concerned about AI driven cyber threats and Europe's limited access to advanced US Security models. Mistral CEO Arthur Mensch also argued that Europe needs domestic AI security tools to avoid dependence on foreign systems.
[35:22]
A
Oh, and that story was behind a paywall. So I'm trying to like find. Oh my God. Okay, here we go. So mist. Hey, Phil Stafford, John V. If you guys can comment in chat on Mistral as an LLM, please, please do. I would appreciate it. All right, so here's the deal. We covered in yesterday's news how Europeans are like trying to. Europe is trying to do its own thing kind of. Here, let me, let me pull up yesterday's news. I, I forget exactly what they're trying to do, but there, there's like definitely a movement. Like basically without getting super political. Right. Again, I don't, I want to keep it apolitical, but the decisions and the moves being made by the current U. S. Federal administration in the executive branch is eroding confidence in European Union leaders, countries of European Union leaders. So because of that we're seeing lots of pullback on that now. Gosh, I, I could have swore it was in yesterday's news. Hold on one second. Maybe it's two days ago. Europe, Europe and European Union countries are basically making moves to segment themselves from the United States. Basically. Okay, and this is just more of that. Where is it they don't want dependencies on anthropic OpenAI. Those are US based companies. You could technically argue since the US federal government is involved, that they could be manipulating or doing things with, with those LLMs before they get to European Union countries, export laws, etc. So they're looking for their own thing, right? They're, they're trying to eliminate the dependencies in the entanglements of having to deal with the United States and US based companies. So Mistral, you know, a dark horse coming up the rear is developing models to help European banks. Right? That's it. Because right now Anthropic is only letting mythos be used by certain privileged organizations like big ticket ones like bank of America, like companies with deep, deep pockets or the US Federal government and European banks are like, bro, like I, I want some of that. Like, can I get some? And the answer is no. So this is what free market capitalism looks like. They're gonna go to the next stall at the bazaar, right? Or the, you know, the marketplace and, and see if the next person will help them achieve their goals. This is healthy for competition. Like this is great, by the way, for all of us cyber people. Like this is great because this will be another LLM option on the market for us to use to help protect our organizations. Of course, you know, threat actors can get it too, but
[38:30]
C
huge thanks to our sponsor Doppel. Social engineering attacks look trustworthy. A routine request, an internal email, a familiar face on a call. But Doppel sees through that disguise. Its AI native platform detects and disrupts attacks across every channel while training employees to recognize deepfakes and deception. They fight relentlessly to protect your business brand and your people. Doppel outpacing what's next in social engineering? Learn more@doppel.com that's d o p.com Exum mailer flaw allows remote code execution
[39:12]
A
Bro. All right. Hey, what's up everybody? Welcome to the mid roll. Real quick. Just taking a breather, letting it breathe if you will. Everybody, I'm going to take a slug of the old coffee. Coffee cup cheers to you James McQuiggin and coffee cup cheers to you cyber shin and Gami, all of grand risings. What's up Michigan in the house, Oregon people on their ellipticals if you're, if you're driving right now, white knuckling in gridlock traffic, I salute you. I see you. If you got. If you're in your jammies because you work from home, what's up? Coffee still tastes the same whether it's in the. Well, actually, I gotta be honest with you, coffee at the home office tastes a heck of a lot better than whatever's in the the real office. Like those coffee machines, they always taste like a butt. Ah, so good guys. Shout out to the stream sponsors. Threat locker, anti siphon flare. Again. Links are in the description below. Go check them out. It helps the show if you're getting value from the stream. If you get value from the community, then that is one way to basically show appreciation. Just click on the links in the description. What do we got here? Priceless pancake with a super chat friends. Yep, good to see you guys. Lock in. Yes, Priceless pancake. Long known for requesting the white font on black shirt. I heart nest. I haven't forgotten priceless pancake. It's just unfortunately the queue never, never seemed. I never seemed to get to Q0. Every day of the week has a special segment. And Dan Reardon brings the heat every single Thursday. He's been doing it literally for three years. Plus hundreds of memes. Okay, and today we got one for you. You may have noticed a community member IT career questions. I don't know if he's in chat. Many of you are friends with Zach Hill. Maybe some of you have worked with Zach Hill. He's mostly known for his IT career questions YouTube channel. But you can see him at a conference near you. He's always willing to help. Jesse Johnson, the cosmic cowboy. Three plus years. Oh my God. Now it's coming in hot. Did I just become best friends? David P. Super Zoomy. Good morning, super chat. Thank you very much, Super Zoomy. All right, so Zach Hill, friend of the show, friend of most people here. Here is your meme of the week. He recently started a new job working with network Chuck. I. I don't know exactly what network Chuck calls his business, but here we go. So, ladies and gentlemen, if you don't know, let me introduce you to King of the Zach Hill. So this is like King of the Hill, AKA and then Zach Hill merged up. As far as I know, Zach, this guy's drinking a tall boy beer. I known Zach for years. He's not a beer drinker. He's a crown apple crayon guy. But whatever.
[42:14]
B
King.
[42:15]
A
Ladies and gentlemen, King of the Zack Hill Shout out To Zach IT career questions. Oh, yeah, you know what? Sierra Montgomery reminding me. Ladies and gentlemen, Zach Hill getting a job. We celebrate all of our wins here in the community. Whether it's a, a, you know, super user kind of mod or if it is someone who's here for the first time, we, we recognize and celebrate those W's. All right, let's go. Keep finishing strong. And don't forget, guys, don't go anywhere because at the end of the show. Oh boy. Cyber Career hotline's gonna be coming in hot. Phone lines will be open. Get your Cyber Career questions answered by one James McQuiggin at 35, 000ft. All that and more. But first, let's continue to finish our news Computer
[43:10]
C
code execution. A critical remote code execution flaw was Disclosed in the XM mail server affecting versions 4.97 through 4.99.2 Compiled with GNU TLS and certain SMTP features enabled. The vulnerability stems from that use after freebugs during TLS shutdown that could let unauthenticated attackers execute commands, access emails, and potentially access compromised environments. Researchers at KBAO said AI Assisted tools helped accelerate exploit development, though a human researcher ultimately produced the successful exploits bug.
[43:53]
A
All right, so if you're trying to make a dollar out of 15 cents, you don't want to subscribe to the, you know, techno oligarchs platforms like Google Mail Exchange Online. You may be running XM Exim. It's an open source mail transfer agent, which I think maybe I'm mistaken with like mail server. Like I don't know why they. I've never heard the term mail transfer agent. Like it's. Is this like a Gen Z way of saying mail server, email server can't have nice things? Okay, so it can be exploited by unauthenticated remote attacker, which is not good to execute arbitrary code. All right, guys, if you've been following along and you got your bingo card open. We just got bingo. What do I mean by that? When you see a vulnerability that has unauthenticated rce, that is the, you know, that's the, that's the, the magic combination, if you will. Like, hold on, let me see if I can. This isn't going to be a drink move, but it comes to mind immediately. Sun Temple. Yeah. Okay, this right here, this is what happens when you read, when you're reading a cyber story just for your own benefit. If you see unauthenticated remote code execution or arbitrary code execution, this should be what's in your mind right here. And for those listening on audio only. This is the scene from Indiana Jones in the Temple of. In the Temple of Doom, where he has the special staff and the sun comes through and it highlights exactly where he needs to go inside the city of, you know, whatever, Agrabah, wherever it is. That's what you should see immediately. Unauthenticated remote code execution is the worst possible situation to translate it into, you know, layman speak so, you know, anyone can understand. It means anyone in the world at. With any. With anything, if they have an IP address, can do whatever they want on your machine. Which, of course, Raiders of the Lost Ark. I'm sorry. My God. I knew it wasn't Temple of Doom, but I couldn't think of Raiders. I'm sorry. Oh, my God. Hey, do you remember that show, Daily Cyber Threat Brief, hosted by that nerd, Dr. Geraldosier. Whatever happened to that? Oh, you don't know. In 2026, he got canceled because he said Temple of Doom instead of Raiders. God damn, what a mistake that guy was. I'm gonna be on, like, VH1. Like, I love the 2020s. 2026. The Wikipedia page just has me with, like, the two X's on my eyes. All right, so what are we supposed to do here? If you're running XM version before version 4993, then you are at risk. There's a use after free bug, which is a memory bug in the way that the process is, or the way that the function is loaded into RAM and then executed on the stack. So it actually frees up it. It basically it runs the process, and then when it deallocates the memory, there's a space that doesn't get cleaned up. And that space can be like. Basically, shell code can be written there, and then the threat actor can run the shell code by having the processor go across it. That's. That's how use after free bugs work, basically. Yeah. You can see here the TLS transfer buffer is where that memory is, but then you can call back to it. Not good. I will say this. This is an advanced attack technique. Like, this isn't like a SQL injection or, you know, a URL change. Like, this is like you're tinkering with memory and you're injecting shell code, like custom shell code that you wrote. Assembly. Right. So. Oh, this is great. There's actually an entire video here. Can we. How do we. I'm going to try to share this with you guys. But the thing is, I've got like. Oh, here we go. Did that work? Here. Perfect. I just shared it in chat. You can go look up xbow Expo Expos XM vulnerability. And you can see here, they literally show it. It's called dead dot letter. That's the term that they're using. And you could see here, this is a legit proof of concept. If you want to get a vendor's attention by showing them actual exploitation instead of just describing the potential. The potential. Then you're good to go. You can see here. Yeah, they're. They're showing basically that they are running a Python script that is executing and. Well, I don't know, it's. It's kind of limited. They show the compromise, but it's very quick. All right.
[49:13]
C
Hunter tracks down three massive MCP flawns. An Akamai researcher uncovered three major vulnerabilities in Model Context Protocol, or MCP servers tied to Apache Software Foundation, Doris, Apache, Pinot, and Alibaba rds that could allow SQL injection, sensitive data theft, or full database compromise through AI connected systems. Apache patched an SQL injection flaw in Doris Pinot, added optional OAUTH protections, but still has some unresolved issues. Alibaba reportedly declined to patch its RDS MCP vulnerability, which researchers say could expose sensitive metadata through unauthenticated requests.
[50:00]
A
All right, I don't know why Alibaba wouldn't patch this unless they're being told by their government not to patch it, because it's a great vulnerability to leak sensitive information. All right, here we go, guys. AI is the newest thing, right? It's so hot right now. Can I hear that? Will that Hansel? So hot right now. MCPs are what? What is MCP? I forget. It's like Context Protocol or. Hold on one second. It stands for Model Context Protocol. I forget the acronym. But here's the thing. It doesn't matter. Like, with acronyms in. In cyber security, I know there's a ton of acronyms, but just remember, like, all you got to do is know, like, what it does, right? So an MCP server is essentially like an API or application programming interface into an application. It allows extended functionality of services through AI calls. So an MCP server into, like, Google Workspaces could allow your AI to have all the native functionality of being able to query your email or, you know, look at your. I don't know, like, look through your. Actually, let me give you a great example. This could be like, a pretty good one. Say you're writing some type of custom AI bot that's going to go through your quarantined phishing emails. And identify the ones that are obviously phishes and you know, you know, delete them or flag them or something like that. Instead of writing all that custom code or having AI write all that custom code, you can hook into Microsoft Azure's MCP or if there's an Exchange online protection mcp, I don't know, and have it utilize all the functionality of that, making it modular in nature. The modular is, is how modern software works. You, we don't write monolithic software bases anymore. We leverage libraries, we leverage API interfaces and stuff like that. So if Microsoft updates what they're doing on their end, they'll update the MCP server and we don't have to worry about it, which means our code won't break. That's the value of MCP servers. Now the problem is it is the wild west out there right now and people are, because there's so much money, straight cash homie in AI, people are going full YOLO with MCP servers. And unfortunately this is the storming phase. If you've ever heard like the norming, forming, storming, whatever phases of team building, we're in that phase now where it's a, it's a, it's a Oklahoma sooner land rush to get market share and unfortunately it's ship it on Tuesday, patch it on Wednesday. This used to be Microsoft operating systems or Microsoft's ethos in the 90s. Ship it on Tuesday, patch it on Wednesday, Just let it go. The end users will find the problems. Well, the problem is if we are the beta testers, we are putting our real production data into these environments, which means we could have compromises because these things are half baked and being built like a plane being built in flight. Okay, a lot of acronyms, a lot of metaphors being thrown around there, but hopefully it captures what I'm trying to say. All I could say is even like the most. Well, like here's the thing, even the most well vetted, well, well thought through MCP server can still have flaws. You are taking on risk, you're accepting risk when you start introducing MCP servers to your AI software and you know, custom built solutions. Also from a supply chain perspective, say you're buying like Grammarly just, just to make one up. I don't know what Grammarly's tech stack is, but most people are familiar with Grammarly. Right? Grammarly checks your emails to make sure that it's like written well or whatever Grammarly may be using like let's just say anthropic on the back end and an anthropic MCP server. So if Anthropic has an issue that affects Grammarly because you're using Grammarly, you're going to have an issue. And you didn't even sign up for that MCP server. So this is like a supply chain concern as well. You can educate your developers and engineers in house to be mindful. Limit your MCP usage to just what you need, disable what you don't need, etc. Same thing with like WordPress plugins as another comp. Like if you're not using it, disable it. It just introduces attack surface and exposure. But for the foreseeable future, MCP servers are going to be like playing craps in Vegas, like you're rolling the dice and hoping for the best. All right, computer, we have two more stories to do.
[55:02]
C
Can you weaponize Ruby Gems? Socket researchers uncovered a campaign dubbed Gem Stuffer that abuses the Ruby Gems packet registry as a dead drop system for exfiltrated data rather than traditional malware Delivery. More than 100 malicious gems scraped public facing UK government websites and uploaded the collected data back to RubyGems using embedded API keys, letting attackers retrieve the information without dedicated command and control infrastructure, researchers warn. It highlights how software package registries could increasingly be abused as covert data transport layers in future supply chain attacks.
[55:45]
A
All right, hey, quick shout out to all those watching on LinkedIn. I know the party's over here on YouTube, but we are seeing some LinkedIn chatter. Nightbot Re or Restream Bot echoes back over here. So Nicholas Vidal or Vidal over on LinkedIn. What's up dude? All right, so check it out. We covered this story yesterday. I made fun of Ruby. I made fun of Ruby on Rails. I, I was a software engineer at one point in my life professionally, like someone actually paid me to write code and you know, so you would, you would get all up and you'd get all up in different programming languages. By the way, spoiler alert. If you think you need to know programming to work in cyber security, you do not. It's nice to have also once you learn one programming language and like kind of understand the, the structure of how programming works, like variables, conditional loops, data structures, importing libraries and stuff like that. Once you get that, you can port between other languages pretty quickly. It's like understanding one kind of Latin based language and then learning additional languages. Okay, so tldr, when you're a nerd, learning a new language is cool. Ruby for a minute was like, oh my God, like Ruby was like the darling of the industry. You would have thought that like, you know, you know that the Sistine Chapel where God's touching Adam's finger, like whatever that thing is, you would have thought that Adam's hand was Ruby at one point because everybody was like, oh my, oh my, have you heard of Ruby? And then like it wasn't. It had an entire framework, Ruby on Rails. I, I didn't like it. I found it unnecessarily complex. Metasploit still uses it, so I can't dunk on it. Too bad because Dave Kennedy's Legit and, and Metasploit is used quite a bit. But Ruby Gems is one of these like my understanding is Ruby Gems is like one of these like PI Pies npms, except it's for Ruby stuff. Frankly, I thought Ruby had gone the way of the dodo. You just read about it in history books, but apparently other people are still using it. And some threat actor has released a self propagating worm which is gross, called Shai Hulud. So you can expect a couple things. One, because it's been published open source, other threat actors are going to be able to leverage Shai Hulud in their own ways, weaponize them, improve upon them, etc, and it's being used to compromise open source AI models. Again, not good. AI is a massive attack surface. It makes me nauseous to think of AI. Dude, we're giving AI like identity. We're giving AI tons of permissions and stuff. It's not just like a service account. We're, we're treating them like co workers. So to have one poisoned by malware and begin like basically what, what, what's an example of this? It's like, did you see the Minions movie? I know, I'm kind of, you know, this isn't for everybody but Minions, the Pixar or whatever, Imagination studios, the yellow Minions, at one point they become evil. Not to, not to have a spoiler alert, but one point they become evil and like you've got the yellow minion and then all of a sudden the purple crazy haired evil minion. This is basically what it is. AI is your quirky co worker who's like always wears a fun Hawaiian shirt on Fridays and then all of a sudden shy hallude worm self propagating malware gets up in there and all of a sudden you know, they're not so cute and quirky anymore. They're like straight up, you know, Patrick Bateman. So I'm not super excited about that. I hope that there's a good. I don't have it. This is about Ruby and Ruby gems getting compromised and all that. But the, the bigger concern is how do you protect from shy hulu? That's what I would want to know. All right, hold on one second. If for whatever reason, someone, someone in your environment's using Ruby, let them know, like, because maybe they're using this Ruby gems. But for me, I want to know, how do I protect from shy hulude worm, right? I don't care about Ruby gems. I care about the impact of shy hulud and making sure it's not in my environment. You have to do a combination of immediate remediation for shy hulud. Revoke secrets, rotate keys, of course. Clean environment. Okay, these, these tips are like. These tips are the equivalent of saying like, wash your hands to protect from COVID Like, all right, whatever. Let's finish strong.
[60:37]
C
Tables turn on the gentleman. Checkpoint analyzed leak internal data from the ransomware group the Gentleman after unknown hackers breached the gang's back end systems and began selling 16 gigabytes of stolen data. The leak revealed a structured ransomware as a service operation led by an operator known as Zeta88, with specialized members handling reconnaissance, credential access, negotiations and malware development. With a 90 to 10 affiliate payout model, the group is said to rely on known vulnerabilities, common ransomware tooling, and some AI assisted development. All security.
[61:18]
A
All right, so I don't know, how is this working? Okay, okay, so this is like a threat actor on threat actor group attack. All right, so there have been a few instances in the last 10 years of internal communications being dumped. Somebody attacked the gentleman. If I had to guess, this is some, this gentleman threat actor group probably, you know, pissed someone off or touched, you know, like it's a turf war with these threat actors. And basically someone attacked them and released their internal stuff, their internal comms, their tooling and other data and that's all there is to it. If you want like a really good example of a leak and all these things. Conti Ransomware had a massive leak in 2022. Brian Krebs did a great like, you know, debrief of it all. Go check out. I'm showing it on stream right now. If you Google Conti Ransomware, Krebs, you'll find it. There's a two part blog post series Phenomenal insight on how these threat actor groups work. Dude, when I say phenomenal, let me just leave you with this. Real threat actor groups. Yes, I know some of them are a ragtag bunch of like hooligans but the ones that are getting millions of dollars, they have HR departments, they have QA testers, they have marketing people to recruit affiliates. Like, it is a full blown business. And it's bananas because we like to think of them as, like, nerds in their mom's basement, but they're not. They're wearing suits. They have nine to five. They do, you know. Oh, man. Like, you know, Dimitri's Q4 numbers aren't looking good. We might have to put them on a pip. Dimitri, we're gonna have. Those are, you know, Matthew McConaughey's banging his chest talking about rookie numbers. You gotta infect at least 30 organizations, man. I'm serious. So whatever these threat actor groups are attacking each other, there isn't much for us to do. If you're interested in ransomware threat actor groups and the internal situation of them, perhaps you're a cyber threat intelligence analyst. Perhaps you're a aspiring blue team person. Because this data was leaked, I don't recommend you go on the dark web at all. But if this data is leaked publicly and you get access to it, it could be interesting just to kind of get a vibe for how these groups operate. All right, we're. We're way behind on time, so let me. I'm stealing James McQuiggin's thunder right now, so let me do this. Guys, I want to say thank you very much. We did the show. It was a good one. Daily Cyber threat free. Remember, get your CPES at cyberthreat brief simplycyberio. There's a CP across the top. You register, I'll email you on June 1st. It costs you nothing. This is a free service that we provide here at Simply Cyber to you. Support inclusion, empowerment. Don't go anywhere right now because, oh, by the way, there is no Simply Cyber Fire sites tonight. I'm sure many of you were holding your breath waiting for that. You may have just forgot, but, yeah, we don't have one tonight, guys. Cyber career hotlines happening right now. What is this? Phone lines are open. James McQuiggin's gonna host. If you have a question, should I get this cert? Is this a good job? What conference to go to? Does anyone know this, that, or the other B sides? Tampa. James McQuiggin will answer your questions. He's a delight, and he is a strong supporter of the Simply Cyber community and also a member of. I'm Jerry from Simply Cyber. Guys, thanks so much for your time. I hope you got value. Until next time, stay secure.
[64:56]
B
I'm James McQuiggin at 35,000ft. This is the Cyber Career Hotline. If you're building a career in cyber security, this show is for you. Let's get into it. Well, hello there. And hopefully the microphone is coming through. I can see it on my end. Hopefully Jerry's letting me know that it's coming through here. You guys sound great. Awesome. Well, hello there and welcome to Simply Cyber's Career Hotline. My name is James McQuiggin at 35,000ft, and we're coming off the heels of that nerd, Dr. Gerald Ozier, who doesn't know the difference between Raiders of the Lost Ark, Temple of Doom, and Indiana Jones and the Last Crusade. But we won't hold it to him because he brings us all that knowledge, all that risk mitigation and information that we hear every day in the daily cyber threat brief. So this is the Cyber Career Hotline, and I am excited to be joining all of you here today to answer your questions about careers cyber or anything else relating to my 25 plus years. Boy, that's a long time. And everything from industrial control systems, operation technology, information technology that I did a little bit of programming, database administration, server admin, security awareness manager, networking, both kinds. If you know, you know, did incident response. I've done osint, open source intelligence. I've done product security. Now I've got my own organization, my own little consulting business as founder and advisory CISO of Apparent Security. Got the logo shirt on today. And so every now and again I do drop in a dad joke or two. So drop a cue in chat with your questions so that way I can scan through them pretty easily. And yeah, so let's see. Let's get into this here. Oh, that's right. I got to go back to 9.05Because that's when Jerry turned it over. But he was sharing a lot of good info today. I can't go wrong with that. Let's see here. Have a great day, everyone. Later, Jerry. Jerry's out of here. He's enjoying his coffee cup. Cheers. Now, it was good seeing TJ this P past weekend find the true 2. And we were living the. The. The whole concept of networking as he introduced me to Dawson, who speaks like five different languages. He's based out of New York. He was volunteering at Hack Space Con last weekend, which was really, really interesting overall. Let's see. Pulling the bug. Why was the chicken the comedian? Because its jokes were extra funny. There you go, Carrie. Good one. Yep. Drop. Starting us off with a good data Joke. Here we go. Who's this coming in? Escobar Blue. How do you implement separation of duty to agentic AI and the need for admin rights? Wow, we're dropping in the. The big questions right out of the gate. Escobar. Glad to hear it. You know, separation of duties, when we're looking at even humans. You know, I can think back to working at a bank where I had one half of the vault code and the bank manager had the other half of the vault code. That's separation, you know, basically so one person can't do the whole task. And so separation of duties is where we break it up. So it takes multiple one or. Or two or more people to be able to complete a specific task or duty. Now duty. But now when we start talking about agentic AI, you know, it's kind. I would say the same thing applies. You split up the different tasks and then either the human in the lead, the human aspect is bringing that together, or there's a lead agentic AI. So that way you could separate the agentic AI with different permissions. So again, like humans, you only give them the necessary tasks, the necessary permissions to be authorized to handle a particular task overall. So like AI, like human, kind of do the same thing Overall. Good one to kind of to get us started off there. Escobar. Love the promo ad. Yep. You know, that promo ad, it was funny because I gotta admit, Jerry came to me and said, hey, dude, I wanna, you know, I've got the image and I've got me. Can you make it talk like me? I'm like, can I make it talk like you? I can deep fake that, no problem. So created that fun video and then realized, why does he get to have all the fun? So I turned around and threw my face on there. A little cleanup and editing with AI and then created the deep fake of me as well. So, yeah, always a lot of fun bruising hacks. Good buddy. Good to see you. Hopefully I'll need to hop up T minus 11 days before you're in Florida.
[69:38]
A
Woohoo.
[69:39]
B
All right, Looking forward to that. Bruisenhack's gonna get you out to the ISE2 Central Florida Chapter meetings with me and FedEx and Walter and all the other folks as well. Let's see. Random X skills. I interviewed for a new job. They sent me the offer and it's lower than I'd like. Any tips? Depends. How much lower are we talking? You know, $1,000 a month. Is it $500 lower? Is it for me? I'd Be I'd be looking at, what's the benefit? Am I getting out of the job? Is this a job that my dream is, my dream job and something that I'm going to love doing? Is this kind of a step job? This is something you're going to do for the next year or two? Is it something you can live? I've had friends and colleagues who have gotten new jobs, and it's been their dream job, and it's been a little lower. They took a pay cut, but they wanted to do that job. They wanted the opportunity to be able to network. They wanted the opportunity to gain that experience. And so it was, it was worthwhile. If you can. And this is kind of where I would come in, negotiate with them to an extent. If you can explain why you're worth more. So let's say the offer came in at $65,000 and you wanted 75. It's $10,000 less if you could justify or you could state, hey, I know you've come in at this, but, you know, based on current living inflation, plus my years of experience and everything else that I've done, I feel that it's worth more. And see what, see what comes out of that. You know, they. They may have lowballed it because they're an organization. It's hr, it's that department. They're trying to, they're trying to make money. And so they may have lowballed you on purpose. I'm speculating. I'm not saying that that's always the case and what they do, but essentially negotiate, see if you can get this. Come back with reasons why and see if they'll offer, you know, offer it. If not, then you're like, okay, fine, you know, if, you know, this is a stepping stone type role where you're going to do this for a couple of years, then go look for others. But, you know, hey, it's a job offer. Take it, then keep looking. You know, you do this job for six months and then something else comes along and it's even more money. So that would kind of be my, my recommendation, my advice for you, but keep looking around and seeing what other jobs are out there for you. Got to make a bumper for Jesse, too. I do. I don't have Jesse's voice in my model library, so. And it's not that hard. I know Jesse's got his own YouTube channel. It wouldn't take that. It wouldn't be that hard for me to go out and go get that. I just, I need to go out and get it. So I. I'm slacking on you there, Jesse, but don't worry, bud. We'll get you taken care of. I see we're in ignoring. What was this? I see we're just ignoring Indiana Jones post Last Crusade. You know, it's funny you say that, Elliot, but usually when you deliver things in comedy, you do it in threes. And after the Last Crusade, everything after that was kind of. Yeah, it was all right. I mean, the last one was fun. It was very nostalgic. It was very fanboyish. It was a little ott in. In my book. I love the cast. Loved the. This. The last one they did was decent.
[72:58]
A
The.
[72:58]
B
The fourth one, the Crystal Skull. Kingdom of the Crystal Skull. Yeah. It was just like, okay, let's make a movie, because we can. And we can get Harrison in it, but Indiana Jones, the Last Crusade, just. That was chef's kiss icing on the cake, cherry on top. So. Yeah. But, you know, technically, it's Raiders of the Lost Ark, then Indiana Jones and the Temple of Doom, Indiana Jones and the Last Crusade. It's only years later they came back and decided to go Indiana Jones and the Raiders of Lost Ark. Is it. Oh, Cyber risk. Watch. Did I see that? It's we. Elliot's had a birthday this week. Well, happy birthday if you did. Sierra's coming at me with what's my favorite kind of sandwich? You know, I'm a sucker for PB and J every day of the week, but, you know, sometimes I'll mix it up. I'll take. And don't. This might freak out some folks, but two pieces of sourdough bread with grilled cheese in the middle. The other favorite kind of sandwich, two pieces of sourdough bread, mayonnaise and potato chips crushed inside. Ah, that's so good. Salt and sweet. All. All good stuff right there. What are some ways that you manage ransomware incidents, and how can you educate users to mitigate future ransomware incidents? Very, very good question. Managing ransomware incidents isn't something that you. When you manage it, you're busting out your playbook. You're busting out your process that you've already run through with your team. You've already gone through the exercise of ransomware incidents. You already know what you're doing. Everybody knows their role in a ransomware incident, especially in today's day and age, if you're not testing that type of incident, whether it's on one machine, five machines, 10 machines, all the machines, then you're doing a disservice to your organization. As you know, if you're in charge of incidents, incident response, if you're working in incident response and you do the table on top exercises, when you know that ransomware incident attacks, everybody knows what they're doing. Your sysadmin team is isolating the system they're going through and you've got somebody else reaching out to forensics, maybe to a third party organization. You're getting legal involved because now you're going to have to probably start negotiating or discussions with the cyber criminal team that impacted your systems. You've got to start doing forensics on root cause analysis. How did they get in? Then you've got. Once you've got the machine isolated, then you've got to see okay, let's start restoring from backups. Hopefully your backups are already are in good shape and are working overall. So that education and your education of ransomware attacks, tabletop exercises, that's all before an incident starts. That's not. We're figuring it out as we go along that everybody already knows the role when it comes to it, when it comes to users, educating them. That's all part of your security awareness training. That's all part of that. Not yearly, maybe quarterly, even better if it's monthly. But you're letting folks know in the event of a ransomware attack, part of their security awareness, part of improving your security culture overall with regards to incidents and everything else. Good question. Basically, make sure your folks are already educated ahead of time. There is plenty of training that's out there and information. So let's see. We got Michael Fink. I thought you did a great job monitoring any siphon with a leaf yesterday. What did you think of the talk? Loved it. Right there with you, Michael. Loved her talk. I've known elite now since 2019, since she won her black badge at DEFCON in the social engineering village. I was actually there and saw her deliver the her doing the capture the flag social engineering. She was awesome. She was absolutely incredible. She actually went up on stage, got her black badge with her I think 8 month or 9 month old in her arms. Yeah, it was, it was extremely impressive. She's an awesome mom, she's incredible red teamer and she's got shameless plug but May 29th she's doing her bulletproof pre texting. It's a four hour workshop. Go check it out. You're not going to want to miss it. I loved her talk. Great insights and looking forward to seeing her in person later on this year. All right, let's Keep going down. Attended HackSpaceCon last weekend for my first cyber conference. It was amazing. Thanks, Jared. Glad you enjoyed it. I certainly enjoyed it. I was there both days, Friday and Saturday and had a lot of fun. Kyle, Kyle, coming in with the usual. Do you know when a joke turns into a jad joke? Yeah, when it's apparent. But you know, there's, there's another version of that that I always like. And a joke becomes a dad joke when it's full grown. Yeah. There you go. Let's see what else we got. Today's headlines question. I just registered for November's Simply Cybercon. Woohoo. All right, we're looking forward to seeing there. As a student trying to break into the industry soon, is there any advice you can give about how to make the most of that particular conference volunteer? I don't know if Jerry needs volunteers. Hopefully. He's going to throw up a question that that job offer question. Oh, sorry, Jerry's internal chat to me. I was trying to see if he had any. If he's still on. I'm curious. You need volunteers, Jerry? For me, VAD is one of the great ways to network and connect with other people is volunteering. But if you're going to be attending in person, go to the sessions, chat with the people. Chat with people on here, you know, so bnash, Data Dragon, everybody who's coming to Simply Cybercon, make sure you seek out bnash, connect with them, be connecting with people here on the Discord. When you get to the conference, have a look. Jerry's going to have 11 sessions, so make sure you read ahead, see which one's going to be of interest to you. Think about what you want to learn from each of those. But then also on the networking, make sure you're going around and saying hi to everybody. I'm hoping to be there because it's at the beginning of November, November 7th and 8th. I should know this, shouldn't I? But let's see. Simply Cyber Comm 2026. Where is my window? Let's share this so you guys can all see what I'm talking about. That one. Let's share. There we go. So Simply Cybercon coming to us, you know, later this year in November, November 8th and 9th, day one and two. Tickets are 40 bucks each at the Tides Folly beach, which I know Jerry's already talked about. But yeah, so he's. I know he's got the call. We know the call for papers is open now. So make sure that if you're interested in speaking, definitely Submit. You never know. B and Ash. Hey, if that's one way you get the most out of it, submit A talk. Case studies. Opportunities of what you've learned that you can share with other people go a long way as well. But yeah, GRC guardrail. Good point as well. Check out local conferences, B sides, cybersecurity meetups. You're right. Issa or ISE2 ISACA. Check those to see if they've got opportunities to volunteer or if nothing else, just chance to get out there and network as well. Question about awareness. What is the best framework to follow for ONG organizations? Thanks handping oh so Micchick or my chick 2512 there is a framework. If you check out Perry Carpenter's Transformational Security Awareness, that is a good start. He's got a bunch of different frameworks in there. There's also the sacp, the Security Awareness and Culture Professional Certification. There is a list of. There's a framework that's provided in there. And essentially that framework starts with, you know, obtaining leadership or management permission, getting their buy in. You got to have their buy in first and then you got to figure out and determine what you need to improve. What skills, what behaviors are you looking to change within the organization that you want to improve? You want to improve people being a little more cautious when it comes to email. You want people to be checking their links. You want people to go through and make sure that they are using strong passwords. So it's a matter of figuring out what areas you want to improve on, how you're going to report on that, because you're going to be getting money from upper management. Because we're talking about risk avoidance here and risk avoidance is always tricky. Well, all of cybersecurity really is all about risk avoidance. When it comes to our different programs, we're avoiding a data breach, we're avoiding cybercriminals breaching into our organization. And security awareness training is doing that. And I would focus not on calling it security awareness, I would focus on calling it human risk management or risk behavior management, but basically going through and making sure your users are working to reduce the risk within your organization. Don't do training once a year. Try to do it quarterly. You don't have to do the whole 45 minutes or an hour break it up. But you're looking to improve your culture overall. If you want other resources or want to know more about sacp, you can certainly Google it or connect with me on LinkedIn if we're not already connected and drop the question in there. Tell me. It was here where we talked about it and see what we can do to get you some more resources and more help overall. So let's see. I think this is a question. So at what point in cybersecurity are we going to need to start resetting passwords for AI co workers named Chad GPT after they click on a phishing email at 2am? And how are identity teams supposed to handle proving what's human versus AI? Nicholas, you bring another good question. You know, and this is all things that we're starting to discover we're trying to figure out and think about. But resetting passwords is probably going to be more about resetting API keys and them clicking on a phishing link means that means they've got email. So that means we've given authorization to something, an AI or an agent AI to go through and read our email and respond to it. And so in this case, hopefully we have more tools in place because we can electronically scan. But also when they go to click something, we're looking at what it is that they're clicking on and we can verify that, yes, we want them to access that particular site or you could program it or make it so that going through on email, it doesn't click on any links or anything that's provided. So but identifying different teams, you know, it's going to be within active directory, within the different service accounts, the nhis, the non human identities, we're going to need a way to be able to identify those. It could be something in the name, it could be something in the type of account that gets set up. I know that there's got to be different ways in AD that will allow us to be able to set that up. So 9:26, got about 10 minutes, 5 to 10 minutes as we're going along. Oh, I like this one. I'm finding this is coming from Cyber St. Stephen. I'm finding cyber awareness training to be my favorite aspect of cyber security. Any tips on how to specialize in that? Yeah, connect with me on LinkedIn first of all and we can have a more deeper discussion. But basically specializing in that, if you're not already doing it and you're within your organization, have the conversations, find there are ways that you can do security awareness or human risk management with low cost. I mean people did it for years with very low budget. Sometimes it's as simple as getting stickers made or getting swag so that you can give out to people. You want to lead with the carrot, not with the stick. Reward people for finding phishing emails and reporting. If you're doing phishing assessments, you do a spot. Got the FISH type contest where people are reporting in emails and the one that has, you know, the scariest phishing email that came in because the link took them to, you know, a portal that would get people to enter their credentials and do the mfa. You know, those kind of things go a long way as well. If you're looking to get into security awareness and do it, the National Security Cybersecurity alliance, they do a conference every year called Convene. They do two of them. There's another one in Boston coming up in August, I believe. Then you've also got SANS Secure, the Human sth. They've got a lot of great resources out there as well. There's a lot of great organizations out there that help you with doing security awareness training. So definitely check those out. But connect with me on LinkedIn and I can answer some additional questions if you have those for you. All right, let's keep going through the. The questions that we got here. Hope everybody's gearing up, getting ready for their weekend. Oh, heading to BSides. Who was this? Oh, Jared. Yeah. You're going to be at BSides. I'll be at BSides this weekend as well. I'm going to go check out Eric Crone's presentation from Noble four. Good friend. Looking forward to seeing him there as well. Kyle. Kyle's gonna be there. Yep. Kyle. Kyle is going to be presenting. I know you're on my list of people to go see as well, because I know you've got your presentation. Where can you learn about the different threat actors and their techniques? So here we're talking about threat intelligence, which I need to put in my introduction is also the side hustle teaching Cyber Threat Intelligence over at Full Sail here in Central Florida. Really do enjoy that. Got great students. But where do you learn about the different threat actors? There's tons of reports that come out every year, whether it's the crowdstrikes, whether it's IBM, whether Palo Alto, whoever it may be, you can start there. But things like Pulse Dive, they list. You can go into the Pulse Dive, you can get a free account and go through and look at all the different types of threat actors. Jerry mentioned it in today's show, which is another resource. But for cyber threat intelligence, it's one of the main tools that gets used is the mitre, ATT and CK framework, att, the ampersand, ck. But you go in there and they've got a Repository of all the different threat actors that are out there that they've discovered the different names because CrowdStrike will give it one name, Microsoft will give it another name, Palo Alto will give it another name, Dragos gives it another name. So everybody has their own naming style and setup. But Mitre, ATT and CK framework is a really good place to start. Pulse Dive is really good as well. Those are kind of the places that I send my students to do research. So definitely check those out. Mitre because it talks about the ttps, tactics, tools and proceed processes or procedures. We'll see you later. Marcus Kyler let's see. With companies pushing AI adoption so quickly. All right, we're at the 9:30 mark, we'll give a couple more minutes. With companies pushing AI adoption so quickly, do you think most organizations are actually impaired from a governance and risk standpoint? In a word, Nicholas, no. Sadly we are all still trying to figure it out. Organizations are organizations that have already have a well established governance team are probably a lot further along than people that are, you know, just putting out AI and using it and don't have a lot of grc. People are trying to play catch up. There's not a lot of tools right now that I know know of with regards to AI grc. They're trying to adopt the current ones and the different frameworks. But essentially like any technology, whether it was cloud virtualization, whether it was the Internet, whatever it may be, any new technology that comes along, we still apply the same concepts and AI is going to have some nuances with it, but essentially we still want to apply the same GRC concepts with regards to whatever our compliance is that we need to align with looking at that governance. Then the same thing would apply with AI as it would be with our users. We want to make sure we can audit it. We want to make sure we control authorization and verify that organizations are now having those AI employees, those nhis, those non human identities. And essentially we need to make sure until there's full trust there because it's going to depend on the risk appetite for your organization and how trusting you are of the AI. It's one thing when it's going through and analyzing your own data on a local large language model, but when you are using it to make decisions and act upon it and implement, you know there is where that human in the lead has to be. We have to be leading it. We have to make sure that we're okay accepting whatever decisions it's making because we're already, we're still Hearing the stories of databases being eliminated, websites being deleted, those kind of things, wrong decisions made, links being clicked, those things. So for me, that governance is there overall with organizations, depending on how strong that is. AI is another technology that's in there that we've got to make sure we get our hands wrapped around. But AI specific governance is still kind of in development along with everything else. At least my perspective that I see with that regards to that. All right, let's see. Q. Q. Q. Wanting to add a CVE to the resume. Where would you start your search? I think even Jerry said he would love to have a CVE on his. Sadly, it's not one of my aspirations. I'm not a big threat hunter, so to speak, or malware analyst. With regards to that, I honestly don't know. I will be transparent, completely honest with you, Cody. I would, for me, I'd be looking at a large language model and going because that's the latest technology and looking at. All right, how many vulnerabilities are there looking for querying with the large language models, how you could go about finding CVEs always starting with new technology as a way to go. But then again, we saw today somebody discovered an issue with BitLocker with regards to. To this yellow key now. So, you know, it's always folks that are always continually digging. For me, I would definitely look at your strengths. What is it you are really good working with? Are you good on web applications? Are you good with hardware? Is it. What kind of software? Figure out where that is and then go from there. Overall. All righty, let's see. Just running down. I know some folks have had to drop Turkey Swiss. All right, I'm going to do this question and then we're going to call it because it's 9:34. Nicholas. Oh, you've just been throwing in all the questions. You got to come check us out on YouTube. I see you're doing this from LinkedIn. Do you think cybersecurity professionals are truly ready for the AI shift that's happening right now? Or are we treating AI just like another tool instead of a completely new security and governance challenge? Well, a new tool is a completely new security and governance challenge. Overall, it's a bigger1 Because AI, I mean, artificial intelligence, we've been dealing it for years already. We're now dealing with large language models and agentic AI and each one is almost like an evolution. You know, we had the large language models 2022, end of 2022, explode 23 last year and the year before, we saw a significant increase in agentic AI. Now we're dealing with skills. We've got the huge tech races between OpenAI, Anthropic, Google and essentially we are constantly evolving. These tools are constantly evolving. And so with AI, with governance, with GRC overall, as I mentioned before, it's still a tool and it's a matter of just having to create the programs around it. Are we ever ready for any type of shift? No. A lot of what our industry sadly is, is very reactive. A lot of the time the folks do get ahead and are reactive, but a lot of the time when stuff comes out, it's like we're reacting to it because the technology always comes out and then we're always looking to try to get security in there a lot. You know, there may be some baseline security overall, but a lot of the time we are as security. We're always having to play catch up. People always bring us in late. If you've got an organized big, large organizations and you've got processes and procedures in place that allows you to get engaged earlier, that's always good. But a lot of the times, small, medium businesses, as they're growing, they are always. Security is always kind of a last spot. Or it might be there early, but a lot of the time it's, it's not showing up there until it's too late or it gets released and then it's like, oh, now we need security. And then cybersecurity gets brought in. The GRC aspect, it's brought in overall. So good question. Thank you again, Nicholas. Cool. Let's kind of. If I didn't get to your question, I'll be back next Thursday and I'll be more than happy to continue answering those questions. Kathy Chambers, Media is on. Oh, she's got her show shoot. All right, well that is going to do it for me. Thank you all for giving your questions here today. Great to see Kyle, Kyle and Jared and folks that are going to be here this weekend at B side Stamp. I will be there Saturday morning bright and early. I love my stickers with me. I'll have my apparent security swag on. Looking forward to seeing all of you there. If you see me come over, say hi. Like I said, I love stickers with me and real excited that you're all here today watching Jerry's show asking about simply Cybercon. Love doing these, these questions overall. So again, thanks everybody for your participation today and thanks for stopping by.
[95:39]
A
Do you want cutting edge.