🔴 May 21’s Top Cyber News NOW! - Ep 1137

A

Welcome to the party. Today is Thursday, May 21, 2026, and this is episode 1137. Welcome everybody to the Daily Cyber Threat Brief and do not adjust your set. You are in the right place as I am. James McMurgan at 35, 000ft. Coming to you at ground level here in the ground level studio. Call it whatever you like, but I'm filling in today for Dr. Joel. Called Ozer Jerry, as we call him, he's all good. He had a prior commitment that he couldn't get out of, so he asked me to fill in. So I am excited to be here. I hope this all works out. Well, hopefully I've got things set up right. Yeah, it's. It's kind of nerve wracking. I don't know how Jerry does this, but excited that you're all here, Excited that we've got chat going and we've got eight stories that we're gonna get through. And welcome everybody here to the D. Cyber threat brief. It's 801, 801 here on the east coast, and I know you're looking to stay current on all the top cyber security news stories of the day while what I like to call being edutaint, which is entertained and educated. So, you know, this is, you know, the Daily Cyber Threat brief. And as Jerry likes to say, let's get cooking. All right, so it is awesome to have you here. Had the great intro. Now you're probably all freaking out. Holy cow. James from Quiggins here. We're gonna go through the top eight stories. I've got my coffee with me because I'm gonna need it because I think I practically stayed up all night researching the stories. Nobody's got time for that. Oh, let's see if I've got that. Nope, that's Catch me Outside. I don't have that one. I set up programming my. My sound effects. Did we just become best friends? Yep. So hopefully that came through, but I thought I had the. Oh, well, I have the Catch Me outside. How about that? There you go. I've programmed my stream deck with some of the. The fun tunes that are out there. I've got my coffee, Jerry's out on the road. So we're gonna have some fun today. I'm real excited to do this. We're gonna go through the top eight stories from the Seeso series. I'm gonna give you my feedback, my thoughts, my opinions, maybe some risk mitigations, and maybe if there's any dad jokes that might fit in along the way. So before we get into those stories, we're going to take a couple minutes, we got to do some housekeeping things. Got to do things that keep the lights on, keep the bills paid, so to speak and then in a couple minutes we will get to the the news stories. This is an awesome community. So excited. Got space tacos out here. Brute 7679 random skills neck Michael Ad Tech Dylan Space tacos. Marcus Kyler of the Yeet Crew. Sorry don't have the sound effect programmed. We can all just kind of imagine it in our head. Let's see who else we got out here Cyber saying Stephen, I love some of these screen names that grunt Buddy, good to see you. We had a great time hanging out last weekend. So you know, I know you're probably all imagining waiting, expecting to hear from Jerry. Now you're stuck with the old guy. But no. So every single day of the week we got a special segment and this week is no different. Let's see if I can get the right image to show up here. But the the day with this day of the week, let's see if it shows up. This is the the joy of restream and live hoping things work. So every Thursday, every week there's a different segment and on Thursdays it's what's your mean? Thursday. Coming to you from Mr. Dan Reardon aka the Haircut Fish. He's a long time Simply Cyber community member. He's a friend of mine. We've hung out at conferences and I even had him on the Simply Secured podcast last year and he was just recently on the Anti siphon anti cast. So there's a great opportunity that if you get to meet Dan he'll be a friend of yours as well. But Dan has created a really interesting meme for today that it does, you know, recognize Jerry. He always likes to pick on Jerry and I guess there wasn't enough time for Dan to re redo it and and get one for do one for me thank goodness. But we will hear, we will look at Dan's meme of the week at the mid roll. So before we get started one of the things that we like to do is of course talk about people that are coming here for the first time. People that may have stumbled upon this on a search looking for a way to get daily news. Well, you know this is kind of one of the best places I think to get news. I tell my my students as I teach a cyber threat intelligence class at Full Sail here in central Florida. It's something that I always tell my students, is the fact that, hey, get. You got to stay current, you got to keep up to date with what's going on. And yeah, you could go off and listen to the CISO headlines and listen to it in about six minutes, or you could come to the Daily Cyber Threat brief the. That Jerry does every day and today with me to kind of give you our thoughts, our impressions and everything else. But first and foremost, one of the things that love about this squad, love about this community, is everybody coming together in the chat, seeing lots of emote emotes coming down, and everybody saying hello and connecting and everything else. And as I'm trying to scroll through the chat here, one of the things that we love to do and, and for me, I know as well, is our first timers. If you're here for the very first time, put a hashtag first timer there in chat, maybe it's your first chat message, maybe you're a little leery about doing it, but it's okay. Throw in that chat, the first timer in chat, and I'll see if I can spot it out. Because basically, when you're a first timer, it's one of our favorite. For me, it's one of my favorite sound effects, and it was something I remember saying when we had first timers, and that was, welcome to the party, pal. Welcome to the party, pal. This is a party. This is a fun time that we like to have. And for those of you that are joining us for the first time, we're excited that you're here. We've got some great stories, we've got a great community for you here to hang out with, and we've got a special emote. Of course, it's that John Mlan emote that. That we have as part of a member of Team Simply Cyber. And if you're not a member of Team Simply Cyber, I know Jerry's got ways that you can sign up there through YouTube or if somebody comes along and drops in gifted subs, there might be that way as well. So onto another bit of housekeeping is the fact that maybe you've passed a certification, maybe you're getting a new job, maybe you're interviewing for a job, maybe you're graduating because this is the time of the year for graduation, high school, college, you know, let us know in chat as well. That's one of the great things with this chat is it's your way to be able to interact with the other members. It's a way to interact with me while I'm talking here. But, you know, let us know what wins you've had. We love to celebrate those. And if I can catch it, we've got a special sound effect that we like to play, and I've got it programmed here. Hopefully it comes through as well. So let us know. We want to celebrate those wins with you. That's what communities do. We lift each other up in times of. Of good, and we support each other when it's not a time of good. All right, so you've got your certifications. Now you got to go out and get those CPEs, those continual continuing professional education credits, right? So one of the great things that Jerry does here is with the daily cyber threat brief, he offers a half a CPE for each of his episodes. And today is no different. Today you'll get a half credit TPE that you can take a screenshot. Wait, you don't need to take a screenshot anymore, because now Jerry has got a really cool new way to be able to get your CPEs a lot easier. And that's right, folks. He set up something on the back end on his website. You go to cyberthreatbrief, simply cyber IO and click on the CPE in the upper right hand corner. So cyberthreat brief, simplycyber IO or even slash cpe, and it means you can get your cbs. Jerry will has got it all programmatically set up. You basically drop in your name here. So, you know, you put your name there, you put your email address, you attest it, you attended and watch the daily cyber threat brief. And you grant permission to email them because they got to email you a certificate. And then you will get a little notice that says, yep, I you attended today. And then at the end of the month, I believe that's what he's doing. At the end of the month, he will send you a certificate for all CPEs that you did. Oh, hey, hang on a second. Hang on a second. I think I just saw something. Yes, we've got the. Did we just become best friends? Yep. There you go. Wish me luck. I'm up for Auditor 2 position in my department. Way to go, Space tacos. That is awesome. Good luck with that. Keep us posted with that. Again, this is what we're looking for with regards to the. The wins that you're all doing out there. So thank you very much for that. Jerry thanks you for the $5 super chat. That was awesome. Cool. So getting back to the daily. The. The CPEs, you throw it. You get your name and email address in there. Jerry will get that sent over to you. You can even drop an exclamation mark in the chat and the Nightbot will give you the link if you can't find it. But cyber threat brief dot simply cyber IO he's gonna, yeah, June 1st, he will send you an email with all the CPEs that you've got, nice certificate that you can file away. Don't have to worry about screenshots, don't have to worry about counting. No more arguing. He's made it a lot cleaner. That's the great thing, what Jerry does. He's constantly evolving and growing this group, growing this community, growing what he can provide for you. Overall, very cool. All right, let's, let's go back to full screen. Got the chat hopefully cycling through on there. So now Jerry can't do this show without being able to have sponsors, without being over things. You know, this is his full time job. This keeps him busy, but thanks to the sponsors for the show allows him to do this for all of you. And today's no different because for the ad reads today, rather than having me do it, he's made a video for all of you. So we'll play that now and we'll come back and then we'll get into the stories.

B

All right guys, I hope you are pumped for the James McQuiggin version of the Daily Cyber Threat Brief. Shout out and love to the stream sponsors, starting with Flare Threat Intelligence. Flare's threat intelligence platform is phenomenal. Now if you don't know how value cyber threat intelligence can be, let me just explain to you. You don't want to get dirty and filthy rucking around in the dark web in cyber criminal telegram channels or info stealer logs. Nope, Flare takes care of that for you. They go out on the dark web, they go out on the Internet and they pull back all that delicious threat intelligence information, bring it back into their interface and make it easy and queryable. What does that all mean for you? Very simply put, you have the ability to 100, well, not, I should say, you have the ability to be able to go into their platform and be able to figure out if your end users, your VIPs, your organization is already compromised or has got, you know, a compromised endpoint credentials out there and be able to take action before they are exploited or weaponized. The power is unbelievable. Go to Simply Cyber IO Flare. Now, you'll be able to get this interface right here. You'll fill out the form, they verify that you're a good person and not a criminal. Because the value of the information in their platform is unbelievable. Get a two week free trial, no questions asked, no concerns. Try it. You'll love it. Believe me, I've used it myself and found it incredibly valuable. You know what else is also valuable? Anti Siphon Training. Yes, Anti Siphon training is disrupting the traditional cybersecurity training industry by offering high quality, cutting edge education to everyone regardless of financial position. And you too can take advantage of that. This Friday at noon Eastern to 230. Hands on Kerberos Learning from the man who Invented Kerberos. If you've heard the term Kerberos before, literally, Tim Medine from Red Siege is the one who's done it. This is an absolute steal. 25 bucks for two three hour workshop. Here you'll get an overview of Kerberos based on Red Siege's offense for defense course. You'll get another excerpt from their pen testing beyond the Basics class. This is insane. To get Facetime and trained by one of the best in the offensive side of the business. Go to Anti Siphon Training, look at their upcoming course calendar and you'll see right here on May 22 this Friday from 12 to 2:30pm Eastern. Workshop from Tim Medine. Also want to say love to Threat Locker. Threat Locker Always bring in the heat. Doing an application deny by default security technologies. That absolutely makes it so things that are not allowed to detonate on your endpoints or your environment do not happen. It's a really difficult nut to crack. Threat Lockers done it. They did it for the endpoint. Now they're on the cloud. Bring in the heat. Let's hear from Threat Locker. Then we're going to get into the news with James. Let's cook. I want to give some love to the Daily Cyber Threat Brief sponsor Threat Locker. Do zero day exploits in supply chain attacks. Keep you up at night. Don't worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber.

A

All right and we're back after the commercials. After the the sponsor information that makes this show possible. I personally want to give a shout out Threat Locker flare Andy Siphon you know how they enable Jerry to be able to do this show and with Andy Siphon they do their any cast every Wednesdays. I know I've had the pleasure of being a guest host the last couple weeks and I'll be back next Wednesday as well. Being a guest host. I'm also guest posting today on the Cyber Career Hotline that comes in after the the stories that we're going to get to here in just a second. Hang on, we're going to get to those. But again, real excited that all of you are joining here today for the show, for the stories. So that's what you're here for. Let's get into them now. Let's see if I can make this work because this was something I was practicing all day getting the stories, getting the information in here. So let's go, let's get cooking and I'll see you all at the mid roll from the CISO series. It's cybersecurity headline.

C

These are the cybersecurity headlines for Thursday, May 21, 2026. I'm Sarah Lane. GitHub breach via VS code extension GitHub says around 3,800 internal repositories were breached after an employee installed a malicious visual studio code extension that compromised their device. The attacker linked by researchers to the Team PCP group and accessed only internal repos with no evidence of customer data exposure otherwise. Team PCP claimed responsibility and allegedly tried to sell the stolen code for at least $50,000 and has a history of supply chain attacks across GitHub, PyPi, npm and Docker Shy Haloud.

A

Okay, so that's kind of the fun thing. Got to make sure I hit pause in between the story. So yeah, this first one kind of coming out of the gate nice and strong. GitHub 3800 repos hit upside the head with a VS code extension. You know, supply chain, right. That's what we're always dealing with when it comes to these things. I remember having a conversation the other day talking with somebody and regarding sasses regarding software as a service, talking about, you know, going from on prem into the cloud and now we are seeing so many more supply chain because we're no longer doing it as organizations. We're relying on other organizations organizations to make sure they're securing their environment. And when you've got something like 3,800 GitHub repositories that get impacted by malicious code that's going to impact if you've pulled that down or end up pulling that down or you're constantly getting those updates coming in. That's going to be an impact to you overall with regards to your organization. And we know that supply chain is always a big concern, especially with the different sasses that are going on those software as a service. We know that those are out there and having to deal with it. Now the kicker is, you know, your endpoint detection within your own organizations, your endpoint detection isn't going to detect what's going on outside in a GitHub, you know, once you've brought it into your organization, once you've brought it into your code, hopefully you're going through doing that static analysis. You're going through maybe leveraging an AI agent. Okay, I had 19 minutes was the, was the time before somebody said AI. But we know that we're not able to monitor or deal a lot with what our suppliers are doing. We're having to essentially whatever we get from them, we've got to go through and still analyze. We've got to go through and still review it as well. And that's what we're dealing with. This here is we know your developers are going to use extensions. We know that they're going to be going out to GitHub because why reinvent the wheel when somebody's already done it? They're leveraging that code as well. The kicker is when it comes in, we've got to make sure that we're going through, we're doing the analysis on it, we're going through and making sure that hopefully, you know, there isn't something else that's been injected in there that's going to give us a bad day overall. Cool. All right, so let's get on to the next story.

C

It compromises 600 npm packages. Socket Endor Labs, Aikido Security and Microsoft all say a new Shai Hulud supply chain attack published more than 600 malicious npm packages mainly targeting the ecosystem. Researchers found the malware steals developer and CICD credentials, self propagates using stolen NPM tokens, exfiltrates data through the encrypted session network and then generates legitimate looking sig store attestations to evade detection. Aikido also found persistent backdoors in VS Code and Claude Code configs while nearly 3,000 GitHub repos were automatically created to store stolen data. Huawei behind Luxembourg.

A

Now I know why Jerry has all those frustrations with his computer not pausing on the stories. Okay, so wow, another supply chain story. It must be Thursday day that ends in y these Stories aren't that far off overall when we look at the GitHub repository, we've got this one, what was it, 600 packages? Where'd my note go? There it is, 639 malicious packages, versions across 323 unique packages. That's almost like three to, that's like two to one almost practically of two versions for every unique package that got published within that hour. That certainly showing us automation at scale. And one of the things that I've been talking about for, oh, I don't know, the last four or five years when it came to AI, generative AI, AI attacks, the dark side of AI was the fact that we are finding ways to be able to automate ourselves on the blue team, red teamers are doing the same thing. We also have to realize and accept that cyber criminals are doing the same thing. They're looking for ways to make money faster, do it quicker and do it easier. And essentially when we've got something like this again, another supply chain. Cybercriminals are certainly figuring out ways to expedite roll out the malicious code the malware into. And here this one was inside of Claude code. You know, every time they'd open up a cloud code session, point it to that affected directory, that malware is going to re execute. So cyber criminals are getting extremely more sophisticated, they're getting more specific with the attacks, leveraging the different ways overall. And so as we look at this, you know, we know from a supply chain standpoint, from a developer standpoint, we've got to make sure that we're going through and being aware of the dangers that are out there. Your developers may not be able to spot it. You know, this is where the human and the technology have to work together. At least from my perspective when I see it after spending six years working for KNOW before security awareness training company and going out and talking with people about that awareness, you know, you don't know, what you don't know is a big problem. And so when people aren't aware that cyber criminals can do these types of attacks with dropping malicious code, dropping the different versions of this and making it readily available, our developers have to be aware that cyber criminals are going to find more and more sophisticated ways. We have to leverage our red teams to figure out what are the latest attack founders and get our developers educated and get the information out there so that they have that awareness. Just because they're aware doesn't mean they care. Famous quote from my good friend Perry Carpenter. But we have to make sure that we're getting the education and the technology out there to be able to deal with and reduce the risk of this being bigger than it is overall with regards to these types of attacks. All right, so let's get into our third story of the day. Let's make sure this is being properly displayed here. Cool. Here we go.

C

Telecom crash the record. Sources say a previously undisclosed Huawei router flaw caused a July 2025 cyber attack that knocked Luxembourg's telecom network offline for more than three hours, disrupting landline, mobile and emergency communications nationwide. Investigators said specially crafted traffic triggered Huawei routers to continuously reboot, though there was no evidence that Luxembourg was specifically specifically targeted. Huawei has not publicly acknowledged the flaw. No CVE has been issued and it remains unclear whether other operators are still vulnerable.

A

Microsoft kind of getting there, trying to sense the end of the story there. So on the last story, Roswell UK brought up a good point and I'm going to kind of show it up before we go into the next story. But how would you work, how would that work for an open source library? Lots of software rely on the non warranty status forcing liability isn't exactly possible unless you want to kill open source. You're exactly right. Open source is kind of one of those fun challenges that we have to deal with as security professionals and we know that we have those updates and our own developers are going to be able to leverage those. So here we're dealing with GitHub repositories, we're dealing with the npms, this open source software that's out there, that supply chain that is kind of, for me that's the risk as a virtual ciso, you know, overseeing an organization. If you've got developers, you know, there's a risk that goes along with that. And so again you could go through, run the static code analysis and verify and check. That's not always going to be able to come back and that's not going to be able to come back and give you the results that you're looking for. It may not find it. But having an SBoM, having a repository where you can track, you know, what software, what code is where. So in the event that that open source has a problem, you then can go ahead and take care of it. Yes, you're probably going to get smacked because of the fact that there was that vulnerability. But if you know that you've got, you know, it becomes a, becomes apparent that that software is malicious or there's something wrong with it. You can go into your repository where that Software's been used and that's going to be working with your head developers and going, all right, where have we got it? Because we've got to go through and fix it. I mean, we've been dealing with this for years already. And all I got to do is say log 4J because we know way back then people were like, oh my gosh, do we have this? Don't we have this? What's going on with it overall? So it's critical that when it comes to open source, make sure we know where it's being used. We can do the analysis of it overall and you know, try to reduce the risk of something malicious that would end up coming through overall. Cool. All right, so getting to our third story here. The Huawei zero day Luxembourg telecom outage, if I heard right, 10 months, no CVE, no public patch, no warning to the other operators. For me, that's kind of what I'm seeing out of this. And you know, they provide. Huawei is a very. Outside of the US Huawei is a very popular telecom provider, phones, routers and so forth. But essentially, you know, we've got maliciously crafted traffic that you know, appears to be going through their infrastructure. Go and hitting the Huawei routers. But we've got this failure that's there. Landlines go down, emergency services, you know, with response, with regards to their response, you know, we haven't seen this before. We don't have a solution. That's not what you want to hear from a vendor. You know, when you're working with your vendors. And it's interesting because the first three stories today are dealing with supply chain, third party risk management. This is something that we've got to make sure that we are, we're having a handle on things that we're running through our incident response programs. You know, what do you do when you're vendor, if you're in healthcare, when you're healthcare providers, the Siemens, the ges that are out there, you know, when you're dealing with hospitality and your systems and your third party systems go down and everything else, you know, you need to make sure that you're working with a vendor, that they've got things in place, you know, and here with telecom, your operation, technology critical infrastructure, you know, that's kind of all of that coming into play. So if you're working with an organization, you know, I know some of us are global that are out there, that run a, you know, Huawei networking, you know, this could affect them. So make sure you can check with them and figure out you know what that is, the remediation if there is any with regards to this and be able to move on with that. But that zero day attack with Luxembourg, that's never a fun day with anybody that's going on. Overall cool and oh let's play the

C

ad I believe Rolls out Yellow Key Mitigations Microsoft released mitigations for a BitLocker bypass flaw known as Yellow Key, which lets attackers with physical access use a USB drive and reboot a Windows system into recovery mode to access encrypted data. The exploit abuses the Windows recovery environment by manipulating the FSTX auto recovery utility and deleting a key configuration file, causing Winre to launch a command shell with BitLocker already unlocked instead of the normal recovery interface. The exploit's creator claims the attack can still work even when BitLocker uses both TPM and PIN protection. Huge thanks to our sponsor ThreatLocker, ThreatLocker is extending zero trust beyond endpoint control with their recent release of zero trust network access and zero trust cloud access Access. This isn't based on credentials alone. It requires the right user, the right device and the right conditions. Because as we've seen in recent large scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed and access is limited to exactly what's needed. Learn more and start your free trial today@threatlocker.com CSOW.

A

Still working on the timing on that. So yeah, Threat Locker also helps out the CISO series which is awesome. So getting back to our fourth story here of the day with the Microsoft Yellow key bitlocker and we heard about this last week and I remember when this dropped several of the CISO groups that I'm involved with. A lot of them are like great. Hopefully everybody goes through and starts updating your stolen lap laptop procedures and making sure because now with something like this, this is making it a lot easier for cybercriminals being able to stealing laptops when they would get their hands on1. With BitLocker, it basically is the big deterrent to prevent them from, you know, being able to access the machine and you know, okay, so it might have a CVS score of 68 and I know that Jerry likes to go out to to DJ B sex, but I'm having enough fun right now as it is so we'll just kind of keep it on this screen. But when we look at the CVS score of 68 for me this is physical access, you know Even for me working in the corporate security office and Siemens all those years ago and we're having bitlocker, we wouldn't worry about the fact that a laptop gets stolen because we had BitLocker installed. But having pins, having the TPM forcing that all on there is going to be a huge factor in helping reduce that risk of them being able to get it. Definitely Good point coming from Roswell uk, forcing those TPM and those PIN policies. But if you get physical access, you plug in that flash drive. If you've got the pin, that helps reduce that risk as well. But they can reboot it, no credentials required, no software installation, no network connection, they can just plug it in, they can keep it off the network and gain access to those systems. This is for me kind of a scary thing. Not a lot scares me, but this is one because for years we're like, ah, so we lose a laptop, okay, well we can remote wipe it. If it ever comes back up, we don't have to worry about it. But now with the yellow key, that kind of changes things. So hopefully we get some more fixes from Microsoft to be able to deal with this. But basically I wouldn't be waiting for Patch Tuesday. If you're running Windows 11 Server 2025, there is Microsoft's WinRE mitigation tool that's available now. Make sure you verify your BitLocker configurations and that they're not relying solely on the TPM mode, only having the PIN forcing that tpm, you know, that's going to give you that extra layer. But going through now, of course, you know, Patch Tuesday, that second Tuesday of every month, you know, got to go through and test everything. But hopefully within your organization you're going through and making sure that you're locking down those systems. Overall cool. All right, well that's four stories down. Unfortunately, I don't have all the cool music that Jerry does, so I'm just going to play that I've got here. I sadly do not not have the, the favorite music that we always like to hear. I do apologize. There's only so much I can do in a couple of hours. In the morning I was so worried about getting everything up and running that as I was going through these stories I realized in my head I'm like, oh shoot, I don't have that awesome mid roll music that we all love to hear. So you'll just have to come back tomorrow and you know, kind of hear the, get rid of that. There we go. Come back tomorrow and hear the, hear the music with Jerry on Friday because on Fridays he also tells some dad jokes too, which he gets from this guy. Always have a lot of fun. Yeah, we can drop in Chad. We can drop the hey, hey, hey. And let that go. But you know, it is the third. It's the mid roll. It's Thursday. And on Thursdays we have the meme of the week. I was coming to me. Don't worry, I was getting there. I was getting there. But we have the meme of the week coming to us from Dan Reardon. Real excited. Let me see if I can get that image up here. Share the screen. Get the window. Oh, I should also say just again, a quick shout out to our sponsors that we have. Jerry mentioned it at the mid Rol. Again, threat locker, anti siphon flare. Really appreciate their support overall. But let's get to the meme of the week because I know that that's what you are all looking for. Where's that. There's that title card that I'm looking for. Yeah, our. What's your meme Thursday coming to us From Haircuts Fish. Mr. Dan Reardon. He's been doing these for years and he always does a fantastic job with it overall. So, you know, without further ado, let's get to your meme of the week that he's provided to us. And I'll kind of put it to everybody, the. The meme that he's got, the image that he has represents a certain science fiction television show with a certain race. And I'll be watching in chat to see if you can tell me what race this is. Now this is kind of fun because as soon as I saw it, I. I ended up busting out loud and seeing Jerry like this, it was like, oh, my gosh, that's priceless. It's like those big head guys on our favorite show, Star Trek. So let's see. Is this hopefully coming through, but yes, I'm curious to see if anybody can tell me in chat who this is overall, if any. Yeah, the big brain people coming to you from Star Trek. If anybody knows the name of the ra. Who. Who. What the. The race is called. And extra points if you can tell me what episode they were in. Oh, I think I see it here. Let's see. Telosians. You're not allowed to go to Talos. Yeah, there you go. I like this one. When Mars attacks. Oops. That wasn't the one. That was. Oh, Rise key. Here it is. Come on, show it to us. Come on. Restream the to lotions. Roswell UK coming in there. Philip Phil Stafford coming in there. Yep. I, we knew Jerry was an alien. You know, we bought. If you've seen Men in Black, you know, you know, take a big swig of my coffee, you know, for years I've always had the pleasure of typing it in today, coffee cup. Cheers to all of you that are watching Jerry, you might be watching as he's doing his prior commitments. To all of you that are supporting me here through this. I haven't been able to keep up with chat. I've been too busy focused on the stories, everything else. I'll have to go back and watch the show later. But yes, here we go. I just saw it and probably somebody said it before already, but I just saw it show up. The. There were two episodes. It was the pie. The Telosians don't go to Talos. Yep, that's where this is from, from Star Trek. But Dan, you outdid yourself on this one. I think Jerry should put this on his LinkedIn profile and definitely, definitely have that on there. That's a great shot. The matching's perfect. And I'm very particular because I've done enough Photoshop over the years. Very particular. You've got the skin color matching and it looks great overall, you know, and I had to ping Dan going, okay, so what's kind of the, the purpose for this overall, you know, what, what, what gave you the idea to do this? And he said, well, Jerry had this big brained idea and just kind of gave me the idea that I would do Jerry like a big brained overall. So there we go. Get that turned off there. So I got a kick out of it. So yeah, so Jerry's always got these big brained ideas, but that's why we're here, right? That's why we're here watching the Daily Cyber Threat Brief because of Jerry's big brained ideas of, hey, you know, I could do a morning show and I could talk about the current stories and, and pull them from the CISO series and, and, and I could talk about and give my opinions and give my thoughts and do the show and next thing you know he's got, he's got 10 people watching and 100 people watching and 400 people watching. I mean today, can I see on over here? I can't see how many people we got watching today. It's probably showing me in the stream and I'm missing it. But you know, 400 people coming out to watch the show every day getting events like B side stamping last weekend. Defcon, Wild West, Hack and Fest, Zero Trust world, you know, the simply cyber community coming together. You know, we are all part of Jerry's big brained ideas. Overall, very glad to be a part of it. Very glad to be here with all of you here today. So. All right, we got about 20 minutes left to get through the other four stories. I really wish I had that music that I could, could, I could play for everybody but you know, maybe I'll just work on it for next time. And I'm, I'm also kind of just got myself stuck. Stop that there. Come back into this. I'm having to use the restream functions on it. I don't have obs set up on my, my system here. So that's my homework. So if I want to do the show again, I gotta get obs set up, get those transfers, get those transitions nice and smooth. After working in theater for six years, I'm very much all about the presentations. So yeah, so I like to make sure that it looks as professional. Got a lot, got big shoes to fill here today, but we've also, we've got four more stories to get through. So let's get into those stories and we'll carry on.

C

Reach caused by missed token rotation Grafana says its reach stemmed from a missed GitHub workflow token rotation. After malicious Tanstack NPM packages infected with shy holed malware executed its CICD environments. The attacker stole workflow tokens via the infected dependency and used an unrotated token to access private repositories later exfiltrating source code and some business contact information. Grafana says no customer production systems were impacted, code base was not altered and users don't need to take action. Fake.

A

Still getting used to it overall. Yeah, so with Grafana, you know, Ms. Token Rotation, you know, and that, that's something that we deal with overall. You know, again, Grafana being a supplier and you know, looking at the, the token rotation, you know, like I gotta admit, you know, when it comes to stories like this, you know, the miss token rotation, you know, this is part of procedures and I'm not trying to Monday morning quarterback this overall, but you know, any organization that are running their cicd, their change infrastructure, but you know, this wasn't just missed within the organization. This was, you know, not even detected. This is the incident response process itself. When they realized what happened, they did activate their incident response, they rotated by a number of the tokens. But essentially for me, when it comes to credentials, rotating credentials when it comes to what you're able to see what you're able to do in the particular moment. Incident response is crucial. It's one thing to have your technology. You got your firewalls, you got your sims, you got your IDSS, your IPSS, you got your EDRs, you've got next gen firewalls, you've got everything else. You've then got to have your processes. You've got to have the processes in place so that you're able to respond if there's an incident, if there's an event inside your organization. Now we know that you can't prepare for everything, but you certainly want to make sure that you're going through and preparing for like the big things. Now this particular, this particular incident may not have been something that would have been in your incident response playbook, but this is certainly something when an incident does happen, that no matter what the incident, that you have a process that's part of your tools, technology and sorry, your people process and your technology. We've got our users, we're going to train them, we have our technology, all the firewalls and all that tech. But then our processes and IR processes are one of the key things that are out there. Elliot brings up a good question, and I'll kind of throw that back to a lot of you, but what's the right token rotation timeline? We've had so many stories of token breaches, yet constant rotation is administrative taxing. So bring up an excellent question. I'll be honest, token rotation is kind of outside of my wheelhouse. This is one of the great things that I love about this community is, and I can see chat exploding with different, with the responses and everything else that in there. But you know, the right token rotation timeline. For me this may be something where looking at other organizations trying to rotate them, you know, quarterly, twice a year, once a year. You know, here we're dealing with this particular situation overall and you know, we have this particular incident come up and you know it caused a, caused a lot of problems with the, the malicious NPM package overall. But here goes. Ross Roswell UK coming in. Mandate automated token revocation, right? So you have these exposed tokens, just like credentials, just like certifications, tokens are the same thing. Got to have a way to be able to pull those back, have the different tools capable to do that overall. So definitely be able to pull that back, have your incident response to be able to handle that, have a tabletop exercise, go through it, figure out where the gaps are and then be able to run through it. But whether you're man, whether you're revoking tokens, whether you're revoking credentials, whether you're revoking certificates, you've got to have a process in place and you've got to make sure you've got that overall. So thank you Roswell UK for that. There you go. Yes, Elliot, if the sensors are indicating an anomaly, it could be time. So yeah, certainly when we're looking at key revocation issues arising with it, that is certainly the thing to do overall. Like Jerry, I haven't pre. I didn't have time to prep. I was too busy trying to get all my tech set up today for this show. But yeah, definitely redo. There you go. Cool. All right, let's get on to the next story.

C

Android apps silently charged users. Symperium Researchers say a 10 month Android malware campaign called Premium Deception used nearly 250 fake apps, apps impersonating brands like TikTok, Minecraft and Instagram threads to secretly enroll users in premium mobile billing services. The malware targeted users in Malaysia, Thailand, Romania and Croatia, abusing Google's SMS retriever API, hidden web views and carrier billing workflows to automate fraudulent subscriptions. Researchers also found telegram based Alert alerts, dynamic C2 infrastructure and tracking systems designed to optimize infections and evade detection. Mike.

A

Yeah, almost had it. Need like just another half second before it starts that other story. So Android malware campaign used hundreds of fake apps to silently charge users. Oh, hang on a second, hang on a second. What do we got here? Hold the phone. Super chat. Graduated from Keene University. Did we just become best friends? Yes. Earning my bachelor degree in Information Security, Berg ssj. It gives me great pleasure. And I finally get to play this sound effect. I came in like a wrecking ball. Yep, you came in like a wrecking ball. That is awesome. Congratulations for earning that. The. The bsit. I got the. Whoops. I got the same degree as well, but of course mine was like 20 plus years ago. So congratulations earnings, your bachelor's degree, Bachelor of Science, I guess, in information technology, which is kind of interesting because the bsit, one of the degrees that I had hoped to try to get at some point was a Bachelor of Science in the history of it. So it was a bshit. If you know, you know there's no such degree. But I always thought that was kind of interesting overall. So congratulations to Berg ssj. That is awesome. Congratulations for that. Very excited for you there. We look forward to seeing what you do once you get out there. Get your degree. Thanks again for the, the super chat, the $5 or Jerry does. He certainly thanks you for it overall. All right, so getting back to the Android malware campaign. Hundreds of fake apps to silently charge users. I have a feeling these were not in the Google store, these were not in the Google Play store. These were probably apps that people found online. You know, maybe they wanted to do some gambling, maybe they wanted some insights on stock market information and you know, came across this app somewhere and essentially side loaded them or got sideloaded unintentionally by their own and they ended up loading them on there. For me, you know, this is, it's saying, you know, campaign infrastructure points are well organized commercial operation. Each malicious sample embeds an HTTP refer header in the format with the fake name the country, allowing the attackers to measure which fake Personas and distribution. So they're even doing the attackers, the cyber criminals, they're doing their own marketing, they're doing their own analysis on what's working and what's not. So for me, I'm looking at this going, why are we loading apps still? Why are we still loading apps on our phones that don't come from authorized users? I was Talking about this 15, 16 years ago in my days at Siemens when we would have the issues between Android phones and smartphones. BlackBerries, the iPhone had been out for a few years and people were downloading apps with regards, you know, hey, I can get this app and it's, I don't have to go to Google. And it was loaded with malware. And what was my favorite stat, 99% of the malware that was out there was for Android phones. So that was always my teaser and my joke against the friend of mine with regard who loved the Android and for me who loved the iPhones. But we're going out and downloading apps from places that aren't authorized, haven't been vetted and certainly people get impacted by this. Overall all, you know, there's a lot of, as we see on the screen, there's a lot of, you know, sophistication, operational maturity maybe, but they are certainly stepping up with regards to being able to analyze which ones are successful, which ones aren't pushing more out there. And we're getting now back to, you know, as I said already, you know, if you're, if you've got, hopefully you've got MDMs or mobile device management systems out there, you know, so that way they're only downloading apps that for work machines, hopefully they're only using work apps, not loading Personal apps. I know when you've got two phones you can separate that, but when you've just got one phone and you've got your work stuff on there, hopefully folks are aware of the fact that, you know, you shouldn't be downloading apps from strange places. Don't take candy from strangers. This is what we learned as kids, right? So you know, this isn't from, you know, the billing fraud. This is from, you know, allowing 250 fake apps to get loaded as we go along. All right, we got eight minutes and we've got two more stories to get through. So let's get to it. Next story.

C

Microsoft open sources Rampart and Clarity Microsoft has open sourced two AI security tools called Rampart and Clarity to help developers test and secure AI agents during development. Rampart is a PI test based framework for red teaming AI systems against issues like prompt injection, data exfiltration and behavioral regressions. Clarity acts as an AI assistant design review tool that helps teams identify risky assumptions before coding even starts. Microsoft says the tools are designed to turn AI safety testing into an ongoing engineering process rather than a one time review. Claude.

A

Okay, so the last story will deal with Claude, but looking at Microsoft here today having tools to help us with development. So after we've already heard several stories today dealing with coding, open source issues with repositories with tokens, now we've got kind of something on the flip side. We've got Microsoft over here coming up with tools to be able to help with, with, you know, agentic AI, but also coding issues as well. And Rampart and Clarity are both open source, so that's great. But now we're looking at the AI agentic development and this is huge. There are organizations that I know I'm working with already that are dealing with, you know, implementing AI, having those agents. I know I've been working with agentic AI with vibe coding, you know, and, but now we're having to, you know, the last couple years it's been great just to kind of see that, see what it, it can do. Now we know what it's fully capable of doing. Now we want to start implementing it in the organization. Now we got to start looking at the, start looking at what frameworks we need, how do we reduce the risk, how do we mitigate risk within the coding, you know, and things getting coded by large language models. You know, the AI agent development, we're creating specific agents to do a particular task. That was kind of one of the big notes that I've seen with regards to agentic AI is don't have it do 8 million things, have it do 1 or 2 real things, small things, and then have multiple agents. And then you have like an overall agent. It's kind of like humans in the workplace. Everybody's got their little job and their task that they need to work on, and then you have the manager over all of them there. And so here we've got Rampart and Clarity, Rampart being the testing framework, you know, being able to run security tests against the different AI agents, which is great clarity. The. What was it? The design companion, Design time soundboard. But they've put these out there available. You know, Microsoft's always putting out different tools to make it available. So, you know, for us, for security leaders, for practitioners that are out there, you know, if you're already working and deploying AI agents, and I know a lot of organizations are, whether you've been able to inventory them. You know, I talked earlier about software, bill of materials sboms, knowing what kind of software you have in your system. Now we got to go with AI bombs, artificial intelligence, bill of materials. We got to know what code, what's been created in there. And even then, when we know it's creating code, it's not always 100% effective. There's sometimes other security issues that get in there. Our good friend of the community, Michelle Khan, we, you know, he's out there doing OSINT and investigations, but we were chatting and he's a developer and programmer as well, and we were chatting about, you know, know, create vibe coding and going through and he would find mistakes and errors and have to push back on the large language model as well. So we know that, you know, it's out there creating the agents that are out there. Now we're starting to see more and more tools become available to help us overall. All right, got four minutes left. Got to make this 9 o'. Clock. One story to go. Let's go for it.

C

And box hole real and dangerous. Aonan Guan, a cloud and AI security researcher at Wise Labs, found two patched vulnerabilities in Anthropics Claude code sandbox that could allow network sandbox bypass and data exfiltration when combined with prompt injection. The flaws include a SOC S5 host name and null byte injection to expose credentials, GitHub tokens and cloud metadata. But we're were silently fixed. Anthropic says the issue was already patched before disclosure. Guan argues the lack of clear public notice leaves users unaware their sandbox boundary may have been ineffective for months. Remember to oh Let me play the

A

end of the bit here from since

C

the last story subscribe to the ciso series on YouTube. We've got new shorts videos posting every day and it's where we stream our Department of no show every Friday at 4pm Eastern Time. If you have thoughts on the news from today or about our show in general, be sure to reach out to us feedbackisoseries.com we really want to hear,

A

really want to hear from you. Cool. Alrighty. So last story dealing with CLAUDE code, talking about a vulnerability. You know they're within the Anthropic syntax tool and I love using claude. CLAUDE is my go to overall. But basically being able to go through and find these vulnerabilities again, you know, it's kind of funny, it's interesting. This is the last story after coming after the Microsoft one. So we know we got tools available in Microsoft. Then we've got the ability, we've now got an issue where we could try and test it against it. But with regards to the SoC S5 host name injection, you know, trick the sandbox overall, you know, know yeah, we're finding, we're going to start finding more and more of these overall. They fixed it. So hopefully anybody that's already had it is good to go. But basically shipping a sandbox with a hole is worse than not shipping one. You know, again we're going through and looking to make sure that our code is sound, reviewing it static code analysis, going through the different tools that we've got available. We've got rampart, we got clarity. But you know, AI agents are going to be like employees and this was a conversation yesterday regarding the fact with AI with regards to agentic AI. Those AI agents, they're acting as non human identities. They've got access, they've got authorizations, they've got authentication capabilities, they've got access to systems that are out there. So we have to make sure that we are securing them least user privilege. Again that's why I'm saying having agentic AI with small permissions doing one or two tasks so you can limit their control and then you know, overall everybody comes together and brings it in. So if you're running CLAUDE code, you know, make sure you're on ver I think version was it 2.190 or later and you know, make sure you're going through and verifying the code that's coming through because you know, it's just, it's while it's generating it quick and fast, we got to make sure that it's it's got the reduced risk in there. It's not giving us any problems overall and problems with our organization. Cool. Alrighty. 9:00 on the button. You gotta love it. Let me stop sharing this story. We have gotten to the end of the hour. Holy cow, that hour went by way too quickly. I've had an absolute blast overall. Drop in that little house music underneath there there. I got to say first of all thank you to Jerry for his the fact that he had a a commitment he had to go to. He called me last night and said hey, can you do the show? And I said I would be honored. I'm excited to have have done it here and hung out with all of you today. Now the cool thing is we are going to get to the. The simp. The the Career Cyber Career Hotline. I was going to get there. We've got the Cyber Career Hotline coming up. I'm excited to be able to share that with all of you. Share my advice, share what I can with you. But don't forget you can get your CPEs at the Cyber Threat Brief simply Cyber IO CPE. Hit the exclamation mark type CB you can get to it and Jerry's going to email you your certificate on May 1st first. This community is amazing. What Jerry's done it his big brain. The meme of the week that we got with Dan, the stories that we got today. Hopefully you got some inspiration and some information, some education, some edutainment from it. But more importantly one of the things that this community does that I really appreciate is we all support each other. We're all inclusive and we're all about empowering. Especially to Berg SSJ for getting your Bachelor of Science today. That is absolutely fantastic. So don't go anywhere. We've got the. Oh, hang on, I gotta. I got a couple things I need to share with you with regards to what's going on with Jerry to for the rest of the day. Where is it? Here it is. This afternoon we've got Brian Brushwood CEO, founder, producer. He's. It's the Fireside Chat that's happening this afternoon at 4:30. Then next tomorrow Jerry's got his state of the simply cyber. He's going to share with you everything that's been going on. What he's got plans again. Big brain Jerry, he's got all kinds of cool stuff. So yeah, definitely check that out later on today. But more importantly let's get ready for the Simply Cyber Career Hotline. I'm excited. So let's get to it. I'm James McQuigan at 35,000ft. This is the cyber career hotline. If you're building a career in cyber security this show is for you. Let's get into it. Hello there and hello there. I am back. I didn't grab my glasses enough to do my alter ego but we didn't have that nerd. Yeah. Dr. Gerald Oer joining doing the show today. No I had the pleasure of doing it and now I'm back with all of you here to answer your questions here in chat real excited like I said coming off doing his show talking about the eight stories that we had but now, now we get to talk about you all talk about questions that you might have that I can help answer based on my 25 plus years of experience working in energy working ics ot university professor of cyber threat intelligence worked for know before for six years doing security awareness or advocate evangelist with that everything that's out there. I did see my good buddy FedEx drop in kind of I'm sure I freaked him out. Hello nerds. Yep. Coming to you from Elliot lately now I've spun up my own consulting business called Apparent Security because I like to help make cyber threats apparent for organizations. That's why I've got my fun little logo of a lighting house because used to help the ships that were out there many many years ago that was kind of the old technology to warn people and so I kind of feel that that's what I do now is try to warn people of the dangers that are out there. So drop those questions in. Thanks to everybody for the, the congr. The. The thank you notes for stepping in. Hopefully it was, it was worthwhile and and I did the jo I did the show justice overall. But yeah so for the next 30 minutes we're going to take your questions and I'm going to give you the best responses I can give it overall. Let's see here. Let's see what kind of questions everybody's coming in. Just to kind of give you my background. I've kind of been a jack of all trades over the The Times the 25 since 1998 been working in this industry but ICS ot have done program a little programming. I've done more programming now that I've been able to do vibe coding. I've even been a database administrator, server administrator security awareness. I've done networking both kinds incident response OSINT product security. Like I said part time university professor teaching cyber threat intelligence and now with apparent security overall. So drop your Questions put a queue in there so I can easily, easily see them and be glad to be able to answer any questions that you've got. Let's see here. Thanks for stepping in. Thanks. If if so apparent that you freak out. Yeah. Okay. Looking for CPEs. If you have questions for job jacking. Yep. Definitely drop them in. Oh, here we go. I like this one. Stone stone Steph StonesFund SC why doesn't AI write more secure code? Doesn't it pull from established and secure code code? You're half right. Just my initial thought there. Stones fan, you're half right. They do pull from established code, they pull from documentation. It's been trained secure code maybe. But the problem is sometimes it over inflates. It adds extra code in there. The dabbling that I've done, I know enough to be dangerous overall all but I wouldn't say necessarily all secure code. It's good at what it does. You give it the OWASP and tell it to review the code. It'll go through and review it based off of what it has been trained on overall from the model and it will verify against it. But when I vibe coded an application, my deep fake tool that I made, one of the things that, that once I was done I then had to go back through and review and then it was able to go oh I did this and I shouldn't have and I did this and I fixed that and and I've improved on this so and even chatting with Michelle, a developer as well and him going through he basically was finding, you know, buffer overflows and and other issues that that could be in there. So essentially while we would want it to be more secure, you know, it's only developing what it needs to do to get the job done. So we've always got to go through and verify the trust and verify not only works on our email but we got to do it in real life as well. So great info, great question there. Thank you very much. Data Dragon are you at 30,000ft? Because you fly a lot as a Twilight Zone reference. Both or neither? Bnash Love the question. And so when I was working at Noble 4 I did a lot of traveling especially over the last three years. I was pretty well on the road every week. Last year I had over what did I have like 92 trips and flew like a hundred thousand miles overall. It was over in Europe, was back traveled all over the U.S. i was on the road for practically six weeks at one time I think I got to come home but when I first met Jared. Back in 2022, we met at Black Hat Fast Friends when I would come in on the BE as an audience member on the show and I would drop in a question, a super chat, gifted subs or whatever. He started calling me James McQuiggin at 35, 000ft. It stuck. It stuck so much. Oh, I don't have one handy. I was looking off camera here. Oh, here we go. Stuck so much. We'll see how. Well, I don't know if the camera is going to be able to focus, but there is the. My branded sticker. But at 35,000ft. I've even got it on my stickers, but it kind of stuck. Folks recognize me here in the community, so I thank Jerry for that, for not only getting to do this but also getting to. I got a fun little moniker as well. It's kind of like Jeff Probst and Survivor. If he calls you by his last name, he really, really likes you, you know. So let's see. Yes. Apparent security. Yep. Because a joke becomes a dad joke when it's parent. Yep. There you go. And I've got the. I've got the dad jokes prepped. I gotta text them on over to Jerry. Wow. We've got. Kimberly can fix it in the house. Awesome. Good to see you, Kimberly And Kathy Chambers. That is awesome. Glad to see you there. So, okay, getting insight from the mods. Hopefully my audio is coming through okay. It may have been I got a little too close to the mic, got a little hot and had a little clipping, but hopefully everything's looking in there. You can help mitigate by using master docs outlining your code practices like an sop. Yes. Standard operating procedures are always important. I'm guessing that's based off of. With regards to the AI question that came through earlier. Question 91 with CPTS modules from Hack the Box and. Oh, we'll be writing. We'll be writing SEC plus exam this week. Have Google Cyber Cert looking to break into industry. Attending local conference and. And volunteering. Any suggestions? Straw hat sec. Well, you are certainly on the right path. Welcome to the party, pal. Welcome to the party, pal. Val, essentially you are doing. You're doing it right for me when it comes to. And what I like to tell my students is with this industry, you know, and I've heard the stories where people have opened up Rex and put them on LinkedIn or put them out on Glassdoor. Indeed. Or whatever. And I think Fletus has talked about it. Fleetus Boston iii. I don't Know if he's in chat, but, but Fletus has even talked about they open up the wreck and within an hour they have like 200 applic, 200 resumes, people looking to get a job. The idea here is to try to make yourself stand out, try to make yourself unique. And I compare this to the acting world. My dog, my oldest daughter is a actor and for her, she's trying to stand out. Now, a lot of the times in theater, they are looking for a particular look. They know they can get a triple threat, somebody that can dance, a strong mover, singer act, excellent actor, diamond dozen. So they're always looking for a particular look. But how do you stand out when you know, yeah, they may be looking for particular look, but you bring something special. And that is the same thing that we need to do when trying to break in, especially with this industry. You going to conferences, you volunteering, you're meeting people already, that's huge. Hopefully out of one of those is you get chatting with people and you let them know that, hey, I'm, I'm trying to break in. This is what I'm doing, this is what I've got. One of the things, like an actor I've always talked about is having a portfolio, having something you can share with whoever you get. When you get to interview, there's no point show it. You can have the portfolio out there and people can go see it. But essentially you need that for when you get in on the interview, you know, or have that, you know, GitHub or linked or website or whatever you have on your resume so they can go check it out. If not, when you have the interview, you invite them to go check it out. It might be blogs, it might be diagrams, it might be code repositories that you have overall. But essentially you want to have something that's going to help you stand out. You're going to want to have a, a portfolio per se, that shows what you're capable of doing. What are your deliverables? If you're looking to get it to be a SOC analyst, generate reports, look at current events and write up a report. Keep in mind, you know, and make. And the cool thing with large language models with ChatGPT, Quad, Gemini or whatever, you could write the report, have that report ready to go, and then, then plug in whatever the event is, provide your thoughts of what you want it written for, maybe even for a particular industry, and then have it spit out the report, review it, make sure it's good, make sure it's in your Voice, your style, how you want it. And then essentially you have that available on the website and you just upload it and you keep that going. Posting online, getting on LinkedIn is huge. Making those connections, commenting on people's posts, connecting with people, people, that's going to go a long way as well. So definitely keep us posted on how everything goes. Straw Hatsack. As Emperor Palpatine said to young Anakin, we will watch. We. We will watch your career with great interest. So cool. Let's see. And cares. Kathy Chambers. Hello, Kathy Chambers. If you folks have not checked out the video Kathy Chambers. Chambers just posted the other day. You know what, let's get. Let's go find that because that was for me, I thought was fantastic. I'm just gonna bring up this page here, but Kathy Chambers the other day on authentic cyber. Hopefully I'm getting it right. Here it is. Cyber security. Not gonna play the music, but Kathy Chambers had this video posted the other day day. Cyber security is hard right now. Don't quit, don't give in. Go find somebody, have somebody or have somebody that. That can. Will listen to you. That'll be your. Your. Your shoulder that you can go talk to your ear that will listen to you with regards to whatever issues you've got going on. And Kathy shared that with us. I posted about it on LinkedIn. But pull. She pulls off the. You know, I'm thinking of the Scooby Doo gang. She pulled the hood, the mask off to show us what cyber security is real like with getting into this career. So definitely go check that out. Maybe we can get. I think I can drop it in chat. Let's see if I can drop that link in chat. But all you got to do Campos messages some channels. Okay. Hopefully it went in. If not, I know the mods can probably help me out with it if they haven't already dropped it in there already. But yeah, definitely go check that out. She did an awesome job with that. Love that video. Overall. Overall cool. So good luck with that straw hat sec. I gotta go back and find the. There it is. And hide that. All right, let's keep going through the chat. How are we doing on time? 9:15. All right. Thanks very much. Cyber St. Stephen. I'm glad the. The threat brief. You enjoyed it. Let's see someone legrat's got. How can I get a sticker? Ah, the ever famous question. How can you get a sticker? Jerry. Jared, you gotta find me at an event. So I will be at Secret Con next week. I'll be at Osmosis con next week. Not next week, the week after next. First week in June, I'll be there. I will be at Wild West Hack and Fest in October. I will be at her summer camp this fall. That whole week in August, I'll be there. Trying to think of some other conferences. I know somebody said, hey, do you have a post where your all conferences are to going to be? I'm like, no, I haven't done that yet. But if you're in the central Florida area, you can go to a central Florida chapter meeting. Issa ise2 I'm usually at those and you can get a sticker there. But definitely if you find me, come get me. Come get a sticker. I always got them with me. Either the one that I showed you or my I don't have it handy. But my other one which is the I spotted James McQuagan at 35,000ft. That's, that's another personal favorite that's out there as well. Cool. Let's keep going through the chat. Good morning. Kathy Chambers. Legrat's got to head out. Where? Oh, somebody's asking there. How often do you review the basics of cyber security? Oh, is that a question for me? How often do I review the basics of cyber security? For me, it's kind of every four weeks when I teach my class and talk through them. But we're talking about cyber threat intelligence. For me, a lot of people of the basics, you know, the confidentiality, integrity, availability, risk reduction, risk management. Essentially, I'm, I'm looking at that all the time. What's interesting is over my shoulder, lots and lots of different cyber security books. Usually at the beginning of them, there's always a baseline. There's always an introduction and baseline of what the basics of cyber security. So, you know, now it's always a good thing to make sure we always go back and review. But a lot of what we do is we're dealing with the basics every day because we got to start with the basics, got to have that foundation and work on from that. So cool. Let's see what else we got out there. I saw Kimberly can fix. It's in here. That's awesome. Oh, here we go. Please, any advice for an awareness program manager? Hand pink waving, waving back. Oh, it's mish. Mitch McChick, Nick. Mike Chick. Mike Chick, 2512. Advice for an awareness program manager. I think we've chatted already and maybe even offline through LinkedIn. You know, when it comes to your awareness program, you know, we have all the information we know what we need to share with our audience and we know that we're going to get pushback from them as well. So we got to find ways to make it enjoyable, make it entertaining. And so for me when it comes to awareness is how do we take the concepts and make it fun? How do we make it edutaining that education and entertainment. Yeah, they're going to have to go through and watch the 45 minute security awareness training every year. Or maybe you break it up. You do 10 minute segments or 5 minute segments and break that up over a series of months doing different lunch and learn stickers. Everybody, almost everybody loves stickers. Have stickers when they catch a fish. Have stickers when they finish their training. Have stickers you know, when they recognize something, you know, relating to cyber security and you can reward them. You know, maybe it's coffee mugs. This is my IAC2 Central Florida chapter. The chap. The I was the chapter president with them for eight years now and the past president and still helping out the chapter and still engage with with IAC too. But besides that, you know having finding ways to make it fun. We know cyber security can be boring. We've seen it, we've seen those presentations. We've got to figure out a way to make it entertaining for them. You know, maybe it is. You drop in a couple dad jokes with your newsletter. There's a dad joke at the end of the newsletter so they've got to scroll through it or you bury it in a different spot every week. So they got to read through it to find the dad joke. So definitely check out Perry Carpenter's Transformational security awareness. There's the culture one that's out there as well. Definitely check that out. But yeah, with continuing education one of the things I would look at is the sans secure the human with oh I just blanked on his name. But anyway but definitely check out Stan says secure the human. National Cyber Security alliance. They have their convene that's in Austin coming up. So from a security awareness standpoint those are two great location, two great events that are coming up. If you can get to those, you're going to great opportunity to be able to network other folks. Overall, cool, great question. How we doing 921 all right, moving along here. Just folks. Yes. Straw hat sex and I got LinkedIn, YouTube, got my resume. Robert Wetstein helped you with the resume. That's awesome. You are making all the right choices. Just keep pushing, just keep going. Worst case scenario, maybe it's something you do. What I did and you spin up your own business but definitely keep doing what you're doing. Check out Kathy's video if you haven't seen it already. Keep working with Rob Robert. Keep out there networking, keep applying. It'll come through. All right. Gotta get a big swig of coffee here. Offer negotiation suggestions. $1,000,000. Take it or leave it. Grateful to have an offer but feel a few extra bucks would be nice. And I think I'm bringing value to the role. Just insecure in this market's thoughts. I fail your p pain. I'm right there with you. Usually I get a quote and I'm like, oh my God, I'm getting paid. This is great. One of the things you need to do and, and this is again I'm going back to using Claude or Gemini or Chat GPT but go through upload your resume upload if you know you're looking to get the extra few bucks and you know that you're worth it. Go into chat GPT. Role play with that first with large language model. Roleplay with that. You know, are you going to do the negotiation of the phone? Are you going to do it through email? Whatever you're. If you're. Let's say they've offered you $50,000 a year in salary but you're worth, you feel you're worth $60,000, an extra 10 grand a year. You want to demonstrate why you feel that extra $10,000 is worth it. I've got, you know, you guys were looking for five years experience. I've got eight years experience. You know, you wanted somebody that knew how to use, you know, XYZ applications. I know ABC and XYZ that I can help support as well. You know, you want to give them a reason. The other thing you can check out is and I'm blanking on it. Let me see if I can find it here. It's the FBI negotiator. Yeah, there he is. Never Split the bath. Never Split the Difference is the name of his book, Chris Voss. But he wrote a book called Never Split. Forget that it has. He wrote a book called Never Split the Difference and it's negotiation as if you. I know it's as if your life depended on it. He was dealing with negotiation in, you know, dire situations. But he. His tips and tricks and things that he does when negotiating are critical. As for us in our own day to day lives but also when it comes to something like this. Now do I expect you to read the whole book? No. But you can probably go to YouTube. Let's see how we do it. Never split the difference. Let me go back to YouTube here. Oh, sorry, I was sharing this. I thought I was still sharing. Let me get this. Let me go back. Let me show you the book that I was talking about. So here's the book Never split the Difference. You can find it on Amazon. Written by Chris Voss. But if we go back to YouTube, I bet we might even find one of his. Oh, the wrong way with it. Hang on. Gotta put it in the chat. Gotta put it in the YouTube search. Let's see what we get yet. Yeah, so you've got. He got, he's got a Ted video. He's got a couple videos where he talks about the never split the difference. And he gives you kind of a high level thing overall. I've seen Chris Ross. I had the pleasure of meeting him at an event. He autographed my book. I actually had a copy of the book and then I lent it to somebody and they never gave it back. So. But definitely check out Chris Voss. Be good for if you want to get more negotiation information overall. Cool. Let me hide that. There we go. Cool. So good question. Negotiating for more money is tricky. It's basically showing your value and then, you know, showing your value why you deserve more money overall. So hopefully that helps. Definitely. Folks, if you're getting value, make sure you are hitting that thumbs up logo there. That's at the bottom. That helps Jerry with the algorithms. More people, more people engaged overall. And that helps. I wouldn't got about five minutes left. All right, scrolling through here, looking for the chat. I need to watch the video. Yep, Definitely go watch that video. Yep. And if you do watch it, you're gonna freak out like I did. She recorded God bless it and I love Kathy Chambers numbers. She had smoke detectors beeping. You know, when the batteries are dying, hers were going off. It's faint, but it's enough because when I was listening to it, I'm like, oh crap, are you telling. Because it gets to that time of the year and your 9 volt batteries start dying off in your smoke detectors. She had a couple of them going off and she didn't want to wake up the family to swap out the batteries, everything else. So if you do hear, hear that high pitched beep, it's not your house, it's in her video. But it's kind of a fun little Easter egg in there. Maybe she should just have those beeps throughout her shows overall, keep everybody listening for it. I have a feel got, oh, Phil Stafford's got a Field guide for conferences with a list of people to contact, places to meet and voice. I voice remember every meaningful contact after. Very cool. I don't know how you could share that out, Phil, but if you're connected with Phil on LinkedIn, definitely ask him for it. That's kind of a cool thing thing negotiating every salary offer, do your research on the market exceed 2 to 3%. Yeah. Great advice coming from Elliot. Above the offer. Money's very tight these days, so be careful. You write, you don't want to, you don't want to upset them. If you go back and asking for money, more money, they're like, oh well, forget it. The other person was willing to take the other lower offer. We're going fat and then you're out. They're, they're wanting to accept. HR knows that they're going to have to negotiate a little bit money wise. Overall, if you come back, you're professional, you know, and you give them a reason for it and they may come back and they go, we're just not able to do it in our budget. You go, okay, great, not a problem. You wouldn't, you know, wouldn't know unless I asked. Overall, so definitely good advice there from, from Elliot. Overall, anybody going to Databricks AI summit June 15th or 18th? I don't, I, I know I'm not going to be out there. I wish I was. Elliot, it's always a good time to hang out with you. So if anybody's going, let Elliot know. Jared was at. Or were you at BSides? You were all busy volunteering and working. Didn't get a chance to talk to you. Bummer. Jared, I'm sorry that we missed connecting as well. Next time, if we know we're going to be somewhere, connect with me on link. If we're not already connected, but message me through LinkedIn. Let me know that you're going to be B sides and volunteering and, or defcon or whatever and we'll definitely meet up. I know if, if you're at where we're going to have a Simply Cyber meetup, we'll definitely be able to connect with you there. Cool. Yep. Phil Shafford said with regards to security awareness, people always respond to prizes. Oh, FedEx, who's your VP? My VP is now the P. My vice president at the time was Walter and Walter's now the president over at the ISC 2 Central Florida chapter. FedEx who's here commenting. And you guys, if you, if you're familiar with the Simply Cyber community, you know, FedEx he's the vice president of the Central Florida IAC 2 chapter. He's doing a bang up job already. Where's my favorite spot to gather stories of cyber threats? Jazzy Jazz 88 my favorite spot right here. The Daily Cyber Threat Brief. It's my first stop. I do have Google alerts set up for specific topics that I'm looking for like AI, Agentic AI. I had one set up for Mythos when that was exploding. I have one for security awareness and then I also have one for my name as well. So if I get mentioned out on news articles or stories or whatever, then, then I have that. So Daily Cyber Threat Brief, Google Alerts. And then I used a RSS feed tool. It's called Vienna. I don't have to log in, I have to to give credentials, but all I do is just feed it RSS feeds and it gives me all the stories. So if I need to find, go a little deep, dig a little deeper or find other stories, then I'll go with that and see what's going on. But right now a lot of the stories I'm pulling from the Daily Cyber Threat Brief just to try to stay current and then also my own Google alerts that I've got set up. So yeah, so if anyone else has other, other sources they like to use drop in there. I don't have my resources and bandwidth isn't as good as it used to be where I could spend, you know, two to three hours every day reading all the different stories and writing about them. Now I've got other things going on. So Daily Cyber Threat Brief is kind of where I hear these eight stories and then when I get out of my Google alerts as well. Another question coming in. Oh, it's 9:30. All right, so this will be the last question. We'll get it from, from Adjag Biku. Hey, I have foundation knowledge in GRC and SOC analysis. How do I combine, combine both to stand out and find opportunities. I wish Jerry was here because this is right up his alley. So grc, soc, so you've basically got the governance, risk and compliance. You've got security operations center. You know, now it's kind of like you're might if you've got that, you're kind of primed for what I would think is to be a SOC leader is to be Maybe even Deputy CISO or an InfoSec manager. Figure out ways that you would oversee and run both those departments. Figure out ways that you can get deliverables from those, have that portfolio, have that, that you can show, you know, again posting on LinkedIn, find out, you know, the different stories going on with GRC and stock and combine that and then write about it and do different posts online. That would certainly be something that will make things a lot better for you overall. Maybe even run it through a large language model, have a conversation with that and seeing about ways that you can combine it overall as well. Cool. Well, today. Oh, I'm going to snag this last one question because I thought it was cool. You teach, right? Yep, I do. What's your favorite Cyber security to present to a class? Well, the one I'm teaching right now, Space Tacos is I'm teaching Cyber Threat Intelligence. I've done Windows Security, Linux Security, and now, like I said, the Cyber Threat Intelligence. I love to teach security awareness. I love to teach to people that want just want to learn. And I love to talk about cyber security all the time, every time. And you all have been an amazing audience. Thank you all for taking the time out today for joining not only the Daily Cyber Threat Brief and listening to me get through that. I really appreciate the opportunity. Thanks to Jerry. Thanks to this community. You all are amazing. Keep doing what you're doing, keep pushing forward. And as you know, Jerry's send off is always stay secure. Mine is thanks for stopping by. So again, have yourself an awesome Thursday. We're almost to the weekend and hopefully I'll see you all tomorrow. My dad jokes will be played. We've got the session the this afternoon eat of the Simply Cyber. Tomorrow we got Brian, who is it? Brian Brushwood coming to you this afternoon with Jerry. So definitely check that out. And again, thanks everybody. Thanks for your support. I appreciate it. This has been a lot of fun doing the Daily Cyber Threat Brief. That was a fun challenge. But the more you do it, I can see why Jerry loves to do it. Overall all have an awesome day. We'll see you all soon. And again, thanks for stopping by.