Loading summary
A
All right, what's up, everybody? Welcome to the party. Today is Monday, May 26, 2026. This is your Simply Cyber's daily Cyber Threat Brief podcast. I'm your host, Dr. Gerald Dozier, coming to you live from the Buffer Osier Flow Studio. And I would love to say good morning and welcome to the party. Realizing just now I didn't do the chat. So we'll get that cooked up right now. If you're looking to stay current on the top cyber news while engaging with what I would consider an amazing, talented, caring and intelligent cyber security community. There you go. We've got the chat up and running. Then you're in the right place. Sit back, relax. Got a great show for you. We're off and running on this Monday morning, but on this Tuesday morning. Oh, yeah, long weekend. Always enjoy the long weekend. But then it throws me for a loop when I get into the work day. The good news is I said Monday. It's Tuesday. So we're already ahead of. We're already ahead of it. Yes. Good morning, James McQuiggin. Good morning, Space Tacos. Marlon J. Super Zoomy, 32 months. Thanks so much for being here for the long haul. Guys. Listen, we're going to go through the top stories. We're going to cover eight stories this morning. Of course, you can go through the headlines yourself. Why would you want to be here with us? Well, there's additional value, there's additional insights that you'll get. I've got 20 plus years and a passion for cyber security, and my goal is to go way beyond the headlines and give you insights that you wouldn't normally get unless you'd been in the
B
seat
A
and basically be able to level up as a practitioner. That's the goal here. It shouldn't take you as long as it took me because if I can give you, you know, more information, have you take shortcuts to get to the knowledge you need to, you know, basically be the best cyber security professional you can be, then that's what I want for you. I'm super excited about it. I know we've got many, many community members in here who all about leveling people up. Like I said, James McQuiggin, stay tuned. We got Cyber Career Hotline at 9am Eastern Time with Cosmic Cowboy, aka Jesse Johnson, again continuing to deliver on the mission here at Simply Cyber, which is support, inclusion and empowerment of each of you to be able to drive your own cyber career. Now, in light of that, continuing to support the cause every single, single episode of the Daily Cyber Threat brief Sans Podcast of the year award winning podcast which you're live with right now is half a cpe. So if you have a continuing professional education credit requirement for your cyber security certifications, come check it out. Go to Cyberthreat Brief, simply Cyber IO cpe. You can see a link in chat or just go to the website and pull it up right here. You'll see on stream. If you're watching live with us right now, you can claim your CPE. So put your name, email address, two check boxes, hit enter and next week, June 1st, I will email you a beautiful email with a certificate of completion with all the days you attended and the number of cps you got. It'll look wicked clean, super, super tight. So fresh and so, so fresh and so clean clean. So you'll get the dungeon family here of cpes I just outcast is great, but they are not anything to do with cps. I do want to remind everybody, be sure to check with your cyber security certification bodies CPE policies. Right? So if you have a SANS certification, for example, SANS is a tricky lot. They actually don't recognize any CPEs that don't come from sand. So that's, that's kind of a tricky capitalism move where you have to pay for SANS things in order to be able to maintain your SAND certs. But I digress. Go ahead and check those certification bodies and see if this would qualify as an instructor led webinar. Now you might be like, wow, this guy's got a lot going on. Sounds like you would be a first timer because this is a pretty standard episode of Simply Cyber Daily Cyber threat brief. So do me a favor, if you are here for the first time, drop a hashtag first timer in chat. First timer in chat. If you're here for the first time, Whether you're on LinkedIn or YouTube, drop that hashtag first timer. Let us know. I got a special sound effect, a special emote. The community, the simply Cyber squad here, the community has definitely knows what to do when someone drops in here. We got Kyle. Kyle, the real analyst, Philip Martin. Kathy Chambers is in the house. Zenith Z myth, my guy. We did the State of the Union address on Friday last week because you asked for it, called me out for not having done it in Q1. I didn't see you there, Zemif. I hope. I had to pull it down. I played copyrighted music throughout the entire thing and it was like blocked in multiple regions. So lesson learned. Don't do that. Although it was good. It was the midnight all Right, guys, what do we got? We did our first timers, we did our cpes. I explained what we're going to do. Oh, this show, it's not possible without the support and love of the stream sponsors links in the description below. If you'd like to support the channel, hit those links for the. For the stream sponsors. Every time you hit one, it's like a little ticker. Like the. The guy at the roller coaster, he's like, tick, tick, tick. How many people click through here? All right, so Dominic Laplant says you can try to attempt a webinar. There you go. All right, so every day of the week has a special segment. By the way, Tuesdays is tidbits. Tuesday share a little bit. You may notice I'm wearing a collared shirt, but it is. School's out of session, so why am I wearing a college shirt? I'll share that with you at the mid roll stream sponsors. Guys, we got a bigger one. Stay tuned because it's a new ad read for Flair.
C
Flair.
A
Hold on. We got a first timer here. Is it Corlock? Who's the first timer? My guy. Core Lock. All right, so at Core Lock. Welcome to the party, pal. Hold on. Jesus criminy. Can I get. There we go. Corlock for the first. First timer. I want to do this. There we go. All right, so holler at Flare Academy. Flare. Cyber Threat Intelligence platform. But they also do webinars, which by the way, is good for two CPEs. And this Thursday, May 28th. Or. Yeah, Thursday. Elicit network mapping using data pivots to develop illicit connections. Guys, this is going to be an OSINT meets Cyber Threat Intelligence meets. Awesome. In one swift two hour session, they're going to be showing you how to use DNS domain name system, the backbone of the Internet. The thing that makes IP addresses easy to remember. To uncover forensic artifacts. When doing investigations around threat actors, you can track, trace and disrupt criminal infrastructure. All with DNS. Who knew? I could tell you for a fact. I have registered for this and I will be there. So come join the Simply Cyber community to learn and engage in, you know, whatever. Good, good time, good spirits. Two hours. I'll drop a link. No, no, actually, if you go to Simply Cyber IO Flare. Simply Cyber IO Flare, you can also register free. Two hours. Here's my thing. Register. Here's what I do. I registered. And if I can't make it, I will not make it. But if I want to make it, it'll be on my schedule. Simple as that. Right? There is no Cost associated with attending this free two hour session. Go check it out now. We got a special one for Anti Siphon as well. Everybody's coming out of the woodworks. June 18 through June 26. Specifically June 17. 10:00am to 4:30pm Anti Siphon is running a Threat Hunting Summit. This is essentially a virtual conference. They've done it before. It is awesome. June 17th, 10am to 4:30pm so six and a half hours of conference. Live training is available. They have eight days of training, so there's something for everyone. The training does have a cost associated with it. You'll have to check the specific training because the costs do vary. But the ticket to the summit is free. So if you'd like to register for the Cyber Threat Hunting Summit, Wade Wells is doing a training there. We actually raffled off a voucher for Wade's training on Friday. We have two more raffles to run over the next week or so, so stay tuned for that. Wayne Wells is my guest this Thursday on Simply Cyber Firesides where we will be raffling off a $575 valued ticket to his course. Go check it out. Anti Siphons Threat Hunting Summit. If you are interested in doing a conference for free. Six and a half CPEs learning defensive characteristics, defensive techniques. Why not? You got 22 days. Plenty of time to get it sorted out. Go now. Anti Siphon train, Threat Hunting Summit. You'll be glad you did. Also want to say holla, holla, holla, holla, holla. The Threat Locker, the world's leading Zero trust platform. Application denied by default. Yes please. I'll take two. They're doing it on the endpoint. For years now they moved into the network in cloud. Hello. Stop code from running that isn't allowed in your environment. Doesn't matter what the threat actors come up with, it's not going to run. Let's hear from them and then I'm going to melt your face. I want to give some love to the daily cyber threat brief sponsor Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right y', all, it's that time, so do me a favor. Coro Corlock, our first timer. I hope you have a great experience here at Simply Cyber. I hope you can join us on the Discord server. Exclamation point. Discord. All right everybody, do me a favor. Sit back, relax and let the cool sounds of the hot news watch over all of us in an awesome wave. I'll see you at the mid roll from the CISO series.
C
It's cyber security headlines. These are the cybersecurity headlines for Tuesday, May 26, 2026. I'm Sarah Lane. Megalodon infects GitHub repositories Researchers at SafeDEP say a supply chain attack dubbed Megalodon infected more than 5,500 GitHub repositories after attackers pushed 5,718 malicious automated commits in a six hour window on May 18. The commits inserted GitHub action workflows that stole CI secrets including cloud credentials, SSH keys, API tokens and database strings, while planting dormant backdoors that could be triggered later through GitHub's API. The campaign surfaced after compromised versions of Tile Desk were published from a poisoned GitHub repository, adding to a growing wave of software supply chain attacks targeting developers.
A
All right, so this is pretty, pretty big. I will say in full disclosure, I don't research or prep for these shows. If you didn't know, ain't nobody got time for that. So I don't know what stories are going to be coming. Corlock. I, I literally don't know what we're going to be covering. I did see this in the news yesterday though. I mean I'm a cyber security professional and in love cyber security, all things cyber security. So like, it's not like I'm not aware of these things, especially on a three day weekend. I do want to say when I saw this, I read it as Megalodon, which I think is like the dinosaur shark. I was like, oh, Megalodon. This sounds big. Lol. Right? But she called it Mega Loadon. All right guys, GitHub repositories. Obviously these would be public repos allowing automated commits which I'm sure they used AI to help develop this move quickly. You could do this without AI, by the way. You just write a script to do it. You'd have to have all of those repository names to be able to, to write to them. But it did two things. One, let's see, two payloads right One was designed to add a new workflow that would be triggered on, on every push and pull request. So everything going forward, you know, to do something. Okay, like it doesn't say what the payload does yet, it's just on every pull and push request. So anytime codes checked in or check, it checked out. Another one replace existing workflows with specific triggers, creating dormant back doors, which is gross. All right, so it excels all CI environment variables, creds for aws, Google Compute, Azure, private keys, Docker, Kubernetes, Basically everything that you would want kept sensitive, kept secret. This thing excels, which is gross. So patient zero is this tile desk package. Let's see. Oh, this is complicated. So it looks like they attacked a specific developer. So patient zero was like a legit developer who they got the code into and then that person was committing the code and infecting things without realizing it. Kind of like, you know, you. When you have, you know, whoever had Covid first and they're walking around coughing on people, allegedly. Right, let's see. Okay, this is actually kind of clever. So they included a GitHub Actions workflow. GitHub Actions again, I, I've been like vibe coding the last couple weeks and screwing around. So the, the Daily Cyber Threat Briefs website has a GitHub action that basically goes on app after the show and runs through the words I'm saying right now. Right. The transcript of what I'm saying right now and then develops show notes Afterwards. That's a GitHub action. So it's basically like a trigger that you can activate. Pretty clever. They include a trigger which they can then Pull with a GitHub API engagement, but they have to use credentials to do it, which they use stolen GitHub tokens to do. All right, so they'd still need access to that. So obviously if you have these malicious GitHub actions in place, you technically could revoke the tokens and then that the threat actor would not be able to call it. So I guess remediation in depth to coin a new term. Let's see. All right, so this is pretty clever. All right, so, so check it out. Here's the thing. You may be impacted by this mega lowdown attack, right? And unfortunately it is not so much your GitHub repo, it may be software you're using, used one of these GitHub repos or uses some of these GitHub repos, which could mean that, you know, you have downstream impact that you don't feel necessarily today, but you could have, you know, here's the thing. If a threat actor steals all the secrets in a GitHub repo, meaning all the credentials, all the API keys, all the tokens, all the things that allow access into the things that that software needs to access, whether it's Azure, awb, Google, whatever, that means that threat actor now has that access. They don't need to run through the software. They, they can reach directly into the aws, the Azure, whatever, using the API key and have all the permissions that that software has. Which means if you're using one of these softwares to store your own information, your own sensitive data, whatever, the threat actors are going to be able to access that. So it, it has like a cascading effect of potential impact. So first of all, you can't be like, oh, I don't run GitHub, so I'm fine. No, that's not how it works. This is why it's called the supply chain attack. You may be using it by virtue of software that you are using now. Here is the reality, okay, number one, you know there is going to be some fallout from this. You may or may not have a problem. It's very difficult to be able to tell if you have a problem simply because you don't know what GitHub repos you're using in your environment. I'll put a pin in that one. Really quickly, I do want to point out NPM who has been just. NPM is like one of these code repositories for node JS type stuff. They've been getting bamboozled and you know, just slapped around frankly from these supply chain attacks. And they announced last week that they are invalidating all tokens that do not have MFA authentication enabled on them. Which is kind of weird because like typically you don't use like multifactor on API keys maybe in order to generate an API key. Who's this guy or Bane with five gifted subs? Guy or Bane? Thank you very much. At at G Y R E B A N E 6449 thank you, thank you, appreciate it. So this is part of the defense in depth, right? Like you guys hear me all the time freaking screaming from the rooftops. Multi factor, all the things. This is what you got to do, all right, You've got to do that. And unfortunately, you know, they're basically, you know, putting multi factor authentication on the barn door. But the friggin horses, you can barely see their butts in the distance. That's how far out of the barn the horses are. Let me Let me take you just one second. You again. This is a big attack. Supply chain attacks have existed for a minute. So this isn't like, you know, a new paradigm. But let me tell you one other thing. And I'm going to do this because, hello, GRC Mafia. We get the opportunity to flex a little bit, guys. This is why acid inventory is so important. And for anyone in chat who's like, oh, grc, you suck. Yeah, guess what? Oh, we suck until this happens. And then you're like, well, wait a minute, where is the software in our environment? And then like we're over here like, like whatever, Sassy Grc. Look, you want to give whatever kind of told you, so you got just be like, This is what asset inventory is. And I got to tell you, the software bill of materials is the holy grail of knowing what is in your environment and what kind of repos there are that are being used. There are companies working on this right now. I actually just demoed one like last week or the week before. That does a really interesting job of telling you the fingerprints of the software in it. Not by having people tell them, but actually they disassemble the code and look at it. Very cool. But anyways, yeah, GRC for the win. Oh, wait, hold on. Whoops.
C
Netherlands seizes 800 misfire cyber attacks Dutch authorities have arrested two men and and seized more than 800 servers tied to hosting providers MIR Hosting and Work Titans BV, accusing both of helping provide infrastructure used by Russian linked groups for cyber attacks, influence operations and disinformation across the eu. The investigation centers on Stark Industries Solutions, a network previously linked to DDoS attacks and proxy services used in Russian cyber operations, whose infrastructure was allegedly transferred to the Dutch companies after earlier EU sanctions. Ghost CM regulators.
A
All right, so first of all, cool. Stark Industries, right? Like leaning into the Iron man and the whole Marvel universe. So law enforcement takes them down. It was a 57 year old and a 30 year old, further emphasizing that, you know, anyone can do it, right? So what do these guys do? Let's see, They're a sprawling hosting provider that materialized just two weeks before Russia invaded Ukraine. Okay, not bad. So they've been around since 2022. Can you believe that? Ukraine, Russia conflict's been going on for four years? Over four years at this point, it's insane. So Stark's doing a distributed denial of service attacks against European targets. I mean, obviously the timing seems awfully coincidental, right? That like, you know, right before there's a massive invasion and geopolitical conflict, a Capability of nation state level strength comes online. See, they're two Moldovan brothers. Let's see, the two Moldovan brothers were providing the Internet access for this stuff. But in September 2025, some stuff, you know, whatever, I guess. Hold on, this doesn't make any sense I guess. Here's the tldr. There was a distributed denial service capability that oftentimes have what's called bulletproof, bulletproof hosting, which means they can operate inside of Russian controlled space Eastern Europe without worrying about law enforcement taking them down. In this instance though, the Dutch were able to get a hold of these guys and their IT infrastructure and bring it down, which is interesting because they were doing it in the Netherlands. I here's my thing guy. If you're going to become a cyber criminal, do not live in a country that you're likely to get arrested in. I don't know how like who it needs to hear this. Like I don't promote cybercrime. I don't want anyone to commit crime. Right. We got enough problems as it is. But like what are you doing? If you're smart enough to execute crime for four years and make millions of dollars, how are you not smart enough to know that you shouldn't live in a like, like a country that's going to arrest you? Like in my opinion, in my opinion, humbly, you make a decision like the, the trade off by having millions of dollars from illicit activity. The trade off is you can now no longer live in cool places. You have to live in Siberia, enjoy your millions of dollars. You can have a castle and be and do cool stuff. You, they sell Xboxes. You can get one, you know, Amazon to your castle in Siberia, but you can't, you can't live in Miami. Okay, I don't know who needs to hear that. But anyways, way to go again. 800 servers is quite a bit distributed denial of service attacks. There's a bunch of those services out there. So another, another threat actor is just going to pick up the, the reigns here. So this is a speed bump as far as the war on cybercrime goes. But you know, whatever.
C
It's a w exploited for click fix attacks. Researchers at Ch on Sheen XLAB say attackers are actively exploiting a critical ghost CMS Hua to hijack more than 700 websites and inject malicious JavaScript tied to click fix attacks. The bug was discovered by Anthropic using Claude and patched back in February, letting attackers steal a site's admin API key and then bulk modify published articles with malware. Loaders, victims visiting compromised sites are funneled to fake captcha pages that trick them into running malicious commands, ultimately installing persistent malware. Nigel Farage.
A
All right, so this is a pretty gross serious issue, one that you can recreate in your own home lab environment if you wanted to make some content. If this aligns with like what you're up to. So ghost CMS. CMS's content management system. Think of like website or, you know, WordPress or something like that. Ghost. In fact, actually, if I'm not mistaken, The interesting thing here is I don't know if this is the same thing, but this Ghost, this is Ghost right here, which is like basically an online website type thing. I'm assuming you can download and run your own local instance of Ghost. Hold on one second, Hold on one second. I'm actually looking at this to see if this is. Oh, this isn't good. Okay, so check it out. This is interesting. So I'm thinking that this is two things. One, this is, this is this platform. The only reason I know about this platform is because I tried, I, I screwed around with AI and tried to like start a blog thing and, and it AI told me to use Ghost. So I, I, I had this platform. I had, I have a website on this platform actually, but I don't tell anyone about it because it's unrelated to anything cyber. So here's the deal. If you, what is this? If you run. Okay, if your business runs a website on this platform, which is a SaaS platform, right? So not installed locally. Unfortunately, there was a vulnerability. It looks like it was a SQL injection vulnerability, which means you can custom right in the input field and submit it and have it do something, something on the back end in the database which would allow a threat actor to pull the admin credentials from your website. So the Ghost platform, you did nothing wrong. You could have multi factor authent, you could have triple factor authentication. You could have all the things, you could, you could have all the secure things. This platform was vulnerable, which means Uni's website was vulnerable. Now they have since patched it, so the exposure is closed. However, there may have been victims that got, you know, basically impacted in the interim. It's quite complicated because like, let's pretend Simply Cyber uses Ghost CMS as a platform, right? So Simply Cyber uses the platform and Ghost has a vulnerability. You all come to Simply Cyber's website and then get hit with this click fix bug, which means you think you're at my website, but. And you are, but you're about to give up your own credentials or get. You're going to infect yourself using Click Fix. So really it's the customers or the patrons of the 700 websites who are actually the compromised entities. So like you, Phil Staffer, you zf. So unfortunately there's a lot of, there's a lot of wrong going with this. Of course, at the end of the day, the, the trick here would be to educate your end users on not falling for Click Fix style attacks. Meaning you're never going to hit Windows key R and then Control V into a terminal shell or into. Into a start run box. Okay? Show your end users that. Right. Hey, hey, this is Jerry from the Infosec office. Hey, this is Phil Stafford from Cyber Team. Hey, this is Space Tacos from the GRC Group. Watch this. Start run. Don't ever do this. You shouldn't see this. This is what threat actors are doing. Please get the word out. Because even if they compromise your website and they get successfully a click, a JavaScript infection to get the click fix come up, if the end user does not run the click fix attack, they won't get infected. It is required for the victim to actually execute the code. All right. Jesus. So anyways, yeah, not good, obviously. Go CMS fix this. Also want to point out if you do not know how, if anyone in your organization is using Go cms, well, then that's an opportunity to learn. To learn. But I wouldn't, I wouldn't send this out to your non IT people, honestly, just because if you're talking about a vulnerability inside of a, you know, a content management platform, you're going to lose. Carl. Right.
C
Claim to be without any merit. Former UK Cyber chief Kieran Martin says Nigel Farage, leader of Reform uk, has provided no evidence for his recent claim that Russia hacked him and leaked information behind a Guardian report on an undeclared 5 million pound donation from crypto billionaire Christopher Harborne. Martin called the allegation a serious national security claim without any merit unless backed by technical proof, and said Farage should report any evidence to the UK's National Cybersecurity center immediately.
A
Hold on. What happened? Hold on. So this is definitely like British related. I don't understand. An aspiring Prime Minister has claimed that Russia launched an unprecedented aggressive intervention into British politics. Okay, is somebody saying that someone got paid off here or. All right, so he got a 5 million dollar gift and didn't declare it. I mean, that. I don't know, man. People in power, they're always dodgy. So this guy got $5 million and was like. So I mean, obviously the idea here is like say, you know, whatever, like the mayor in your town. You give the mayor in your town like a fifty thousand dollar gift or you give them like, you know, a nice dinner or you take them out on your boat or whatever, get them all liquored up and then all of a sudden you get like a very favorable judgment on where your property line is. Right? People would say, oh, there's some, you know, collusion going on, there's some Tom Foolery going on, there's some shenanigans going on. This guy got 5 million dollar gift from somebody and people are saying that, oh, he's, he's being bought off basically. I don't know, man. I don't know these people. I don't know who they are, what they're doing. I don't understand how this has anything to do with cyber, honestly. All right, so they're saying that this guy's phone was compromised, his email was compromised, his bank accounts are oper. All right, I mean, hey, listen, it is possible to give somebody money without them wanting it. And you know, like say that mayor story again, right? Like say I hack into the mayor's account and I put $50,000 into his account. Now all of a sudden there is a traceable transaction in his financials that he received a large gift from somebody at some point that he would have to explain. I don't know, dude, I. Here's my thing. I don't know how rich you have to be where like $5 million shows up in your bank account. You just don't notice it. You know what I mean? So anyways, they're saying that someone hacked in and put 5 million in this account. Okay. I mean, if this guy's an aspiring prime minister, I'm sure he has access to all the cyber security professionals, digital forensics experts to, to do what they need to do on this one. I'm going to go ahead and say like, I, I probably spent more time on this story than I really needed to. It doesn't feel like it's a cyber story. Roswell UK is our local UK person. I'll allow him to do any additional insights. He says nothing really to do with cyber. Okay, I'm glad we covered it. That's sarcasm. I wish that was, I wish this was not in the stories today.
C
Huge thanks to our sponsor, Guard Square. Your back end is only as secure as your front end. Research shows that client side compromise is now a primary driver of API risk. With 63% of leaders detecting mobile app tampering or cloning last year. Don't leave your mobile app security to chance. Get multi layered protection for your entire mobile app ecosystem from the outside in. Learn more@guardsquare.com.
A
All right, all right, all right, all right, guys. Hey, thank you so much for being here. Shout out to the stream sponsors. Threat locker, anti siphon flare. As I said, links in the description below. Go check it out. A lot of great information. Two hour webinar on using DNS to track threat actors. Six and a half hour virtual conference. All of these are free links in the description below. Guys, every day of the week has a special segment. Tuesdays is tidbits Tuesday. Love it, love it, love it. I share a little bit about me with you. We see if we vibe. I'm gonna give you two, two items today. One's a special shout out for my son. You may notice I'm wearing a collared shirt. I'm typically a T shirt guy, but I have to put on a costume every once in a while. Going directly from here. Jesse Johnson, AKA the Cosmic Cowboy, is going to be doing the Cyber career hotline at 9.0am but I am going to be throwing a smoke bomb like a ninja and getting the hell out of here as I rush to my son's elementary school as he is graduating from fifth grade. That's right, Callan has got a suit on today. He's looking sharper than a knife that's just been sharpened. And we're gonna, we're gonna go do the graduation, take the photos and go get a delicious lunch at wherever he would like to go. So shout out to my son and for everybody who's got the kids graduating, whether it's college, high school, elementary school, just, it's a special time. Shout out to all the parents out there. Also want to give you another quick little tidbits Tuesday since, you know, it's a fun thing to do. Guys, I find it wild how smart the algorithm is. Now listen, you know, all of us use YouTube. Many of us are on YouTube right now. Literally. I may have popped up in your feed on YouTube at some point. You're like, hey, I'll give this guy a shot. I will tell you the algorithm, like, I'm all here for it. I love it. There has been a like female bartender who basically makes content and it's like, it's just like stories that she's experienced over the years. Being a bartender, I would never have thought I'd be into this content. They're usually shorts, but it's like, I don't know. I don't know if anyone else knows about this female bartender story. She's got, like, brown hair. But anyways, the point is. Tidbits Tuesday. Has anybody been turned on to some kind of new content creator on YouTube or whatever that's in a vein of content that totally doesn't make any sense? Like, I would never think, like, of Googling, like, bartender short true stories, but sure enough, I've probably watched 30 of them, so. Yeah. So anyways, to the algorithm. Holler. All right. I don't know, Tony. I could tell you. I bet you if I open her up right now, she'll be, like, in my feed immediately. Yeah. Oh, she's actually got blonde hair now, but, like, this. This lady right here. Yeah, that lady right there. So anyways, like, literally the first one in the feed. Also, shout out to Mad Hat, who's my number one recommended video right now. I love that guy's content. All right, guys, we're gonna finish strong, but let's do the la, la, la, la. Come on now. Let's go. Thank you for all the well wishes, everybody, for Helen. Appreciate it. I'll let them know. There we go. Code brew talking about itself. Cell phone repair guy.
B
Here we go.
A
Oh, yeah. So true. Hey, like, quick shout out to Justin Anderson. He's talking about he's gotten into van camping videos and outdoor cooking. He doesn't know why. That's what I'm saying, dude. The algorithm's like, you know what you want? You want bushcrafting videos for 18 hours. And I'm like, you know what I do want? Bushcrafting videos for 18 hours. Dude, I. I don't know how they do it. They've got some big brains over there at Google, but you know what? It is entertaining, so I'm here for it. All right, guys, let's finish strong, shall we?
C
Fake streams, counterfeit merch and scams. Oh, my. According to the Bitdefender Cybersecurity Grand Prix Fan Threat Index, cybercriminals have built a broad scam ecosystem around Formula one, targeting fans with fake streaming apps, hair, counterfeit merchandise, bogus ticket offers, and social media scams. This is all to steal personal and payment data, spread malware, or monetize victims through ads and redirects with some fake streaming tools, even enrolling devices into botnets. Researchers say the pace and popularity of F1 make fans especially vulnerable.
A
All right. Hey, I mean, sure. Why not, dude? Whether it's F1, FIFA Master, the Masters, Mike Tyson, Logan, Paul Fighter Mike Tyson. Friggin whatever. Jake. Paul. I don't care. Fight. People are gonna want to steal stuff, right? Like, especially right now. Guys, in case you haven't been paying attention, gas is like 450 a gallon. We're going into the summer. People are driving around, it's costing more to do everything. Size of grocery, like cereal in cereal boxes. You're getting less in the box. Like, money's tight right now and it sucks. So hey, you know what? Like, if I can watch F1 and steal the stream, why not? And then threat actors like, hey, you know what, let's go ahead and pollute these and then promote the crap out of the. The fake apps and just have these people install malware. I'm telling you, the easiest way to get people to install malware is to have them do it for you. Whether it's click fix or having them basically, you know, try to steal something, install it now. Counterfeit merch. I gotta tell you that people are going like the. Playing the long game with counterfeit merch. I mean, yes, you're stealing copyright and, you know, whatever, but my. My guy, like, counterfeit merch has been around forever, right? Like right now you can walk down the street in New York and buy a, you know, a. A fake Gucci handbag or, you know, a fake Rolex watch. Like, counterfeit merch has been around forever. Hold on. Give. What? Hold on. Space Tacos is doing a wrecking ball. So Gib. What I. Space Tacos has a very high fidelity when it comes to wrecking balls. So what is it? You know what? We're just gonna lean into it. Gib. What can we get. Can I get a. A link here or a screenshot, y'? All on what give what did. So here's what I would do. I'm just gonna fire it off. Came in like a. All right, all right. Congratulations, Gib. What? I wish I knew what it was. You did. I mean, obviously you got a job, but I don't see the link. But all right, so here's the deal. F1 has blown up in popularity. Thank you, haircut fish. So, Gib What? Signed a contract on Friday starting on June 1st. New work, my guy. Straight crushing it now. Gib. What? The good news is you got the job. The interesting news is, yes, the work now begins. But all the effort you've been putting in up to this point has prepared you to go forth and crush it. Shout out to me. I have a video on the channel on how to crush your first 90 days. Give what? I recommend you watch it. A lot of people have watched it and really gotten value from it. You will be a juggernaut, so keep crushing it. All right, guys, so here's the deal. F1. It's F1 today, but it'll be something tomorrow. I would. I would. This is an. Educate your end users, okay? Educate your end users and enable them to be able to easily communicate this to their family and loved ones. Dude, nothing. Nothing is more effective than empowering others to be the savior, right? So don't try to be like, you know, oh, I'm the one who's going to be saving everybody. No, equip people with, like, obviously educate them, but equip them with the tools to be able to look like, you know, the. Like, basically the man, or like the. The leader or whatever. The. The. The. The subject matter expert on being able to protect their family, their loved ones. Believe me, I may not download a fake F1 streaming app, but my son might, right? Because he's like, oh, this is cool. I'm gonna check this out. So, anyways, yeah, check it out. Also. Also holler really quick at Formula Dank, The. The. The Reddit meme channel or whatever you want to call it for Formula one. I got into Formula one a little bit. I thought for a second I might be there. I was entertaining, doing a podcast with Red Bull Racing. They were reaching out to me as a talent, which was super sick. So, like, I tried to get all trained up on F1. Spoiler alert. I didn't get the job. But F1's pretty cool. So anyways, yeah, threat actors are going to threat act any. Listen, anytime you're stealing something, chances are it's like the people who are hosting it or providing it, they have an incentive. Most people aren't just like anarchists, where they're like, oh, we're going to stream all the things. No, there's definitely value for them. So think about what that is.
C
Those class models headed to the public. Anthropic says it plans to eventually release public versions of its Mythos bug, finding models once it can build stronger safeguards against misuse. For now, access remains limited under Project Glasswing, though it is expanding to governments and some other partners. Anthropic says Mythos has scanned more than 1,000 open source projects and found more than 6,200 high or critical severity vulnerabilities, including a major flaw in Wolf ssl. But the volume of AI generated findings is also adding strain to security teams. Lazarus.
A
Yeah, okay, so Mythos is, you Know, anthropic Mythos is the, you know, the. The Claude model that can basically look at code and magically find all the vulnerabilities critical and high. Like the, like be able to walk right through. Like. Do you guys remember the Matrix? Hold on. The. The Matrix twins? Ghost twins. Okay, you guys remember these guys? Hold on one second. What are we doing here? Remember these ghost twins here where they could like phase out basically this thing right here. I. Stay with me on this analogy, okay? These ghost twins that could phase out. I'm showing it on stream right now. That's basically what Mythos does. It can look at source code and just like phase through it and basically find all the bad. All the. All, you know, bypass authentication, remote code execution, all the things. And the U.S. government. Thank you, Dan. The U.S. government has kind of like controlled who has access to this because the argument is it's too powerful. If it got out, threat actors would immediately weaponize it. And we over loaded, overwhelmed with being able to try to defend from it. At the same time, they've begin releasing it to more people. You could see more users, including governments. So in a perfect world, right? In a. In a. In a utopia, only the good people are using this to harden things in preparation for a widespread release. But we live in reality, not utopia. So chances are people. Listen, here's the deal. If I was the nsa, right? If I was the National Security Agency for the United States government, you know what I would be doing? I would be building a giant toolbox of weapons using Mythos for all the tech stacks that my adversaries have. And then I would maybe release it, if that. Right. Maybe some nerfed version of it. We'll see. Here's the deal. This is not. This is like a nuclear weapon, except the problem is you don't need all of the physical, you know, enriched uranium that only certain countries can produce, the tritium and all these other things. It's. It's software. And so many governments are working on their own AI models. There's a ton of research, there's a ton of open source, there's a ton of all these things. So, you know, the United States can wrap their arms around Mythos all they want. China, Russia, they're gonna find their own versions. Justin Anderson says. Oh, hey, might not be the right time, but I did just complete my degree in cyber security concentration and cloud computing at Purdue Global. Heck yeah, buddy. Congratulations, Justin Anderson. It's. It's always the right time to share that kind of w. I love it here's the TLDR guys. Whether you're u. S based, foreign based or whatever, whether mythos gets released today or next year, two things. One, I've been telling you already, we are going to be dealing with a massive, massive issue of old, you know, last 20 years of software. All these zero days coming out because AI is going to find them and it's just going to be a hot mess. Express. I sincerely strongly encourage you to do two things. One, increase your vulnerability management program so you're aware of how, where software is, how to patch it, who are the right people in your environment. Number two, get have decent incident response in place. Whether it's a third party incident response firm or it's internal, whatever it is, get ready because you are literally lots of people are going to get their mouths punched. You're going to have a bloody lip, maybe a missing tooth, like you're a hockey player. Like you're going to have some issues here and it's going to be, you know, a freaking field day probably for a few years, okay?
C
Deploys remote PE memory only rats Researchers at fox it say the North Korea linked Lazarus group is using a stealthy memory only remote access trojan called remote PE in attacks on financial and cryptocurrency firms. It's delivered through social engineering on telegram and fake scheduling sites and loads entirely in memory. Evades endpoint detection and leaves almost no forensic traces while giving attackers persistent access for surveillance, data theft or potential financial heists on call.
A
All right, so Lazarus group is the North Korean financially motivated cyber criminal apt. They have been around for a long time. They're super strong. It's called remote pe. If I had to guess, PE is typically associated with portable executable more commonly known as a windows binary. It is cross platform. So I guess the name is kind of not indicative of what it is. Cross platform I would assume means Linux and Linux variants like Mac OS and Windows. Let's see. See, it says cross platform but then it talks about how it like literally uses a Windows API to load the malware into memory. This doesn't have file written to disk. This is exclusively in memory. So if you're like looking at disk with your edr, you're not going to see anything. It is a remote access tool. It has C2 of course. Basically the question now becomes like how does someone get this installed on their machine to begin with? Someone has to have initial infection. It doesn't just appear. Let's see. The intrusion employees device through social engineering having approached the victim on telegram under the guise of an existing employee of a trading company and scheduling a meeting on a fake calendly app. All right, so my guy, listen, if someone reaches out to you on telegram, pretending to be a. An A coworker, first of all, you can fact check that, but let's just pretend you don't. And then they send you a calendly link to set up a, a meeting with them. And then somehow you download a binary, like, I mean, it's at the point where you're setting up a meeting invite, and then somehow you install a binary. Like that's the. That's where you jump the shark. That's a bridge too far. What are you doing? What are you doing? Okay, not to mention, like, this is a little bit of a crime of opportunity, because if you're doing it on your iPhone, this isn't going to work, right? Like, unless maybe the payloads in the calendar invite, but even then you'd still have to execute it. I don't know, man. It's working, obviously. Oh, hey, we get a little graphic here. Windows servers are side loaded. Okay, All right, so here's, here's what it is. This is like a fully flushed out piece of malware. Of course, a lot of threat actors that are nation states backed have very robust, good malware. It's the initial infection you always got to look at. Finally, just because I'm a GRC nerd and I'm thorough on things, it says cross platform malware, but all signs indicate this is a Windows only thing. So maybe they mean cross platform. Like it affects Windows 11, Windows 10, Windows 7, Windows XP, Windows 3, 1, Windows NT. No. Yeah, okay, but in reality, it's not cross platform. It doesn't feel cross platform. The title Remote PE seems more on brand that it attacks portable executable Windows binaries. So take your cross platform and go get it fact checked.
C
The institute discloses breach. The Oncology Institute, or toi, which delivers specialized cancer care through a network of clinical clinics across five US States, says a previously disclosed cybersecurity incident at a third party software vendor exposed patient data across its systems. While the vendor was not named, the timeline points to Trizetto Provider Solutions, which earlier reported a breach affecting multiple healthcare customers and about 3.4 million people. The full scope of the impact and who was behind the attack? Still unclear.
A
Cloud. All right, here we go. Hold on. Is there another story? We got four minutes and then I gotta. I like I'm gonna smoke bomb out of here. So this is the last story I'm gonna do. Before turning it over. All right, so oncology discloses data breach. This is a health and human services data breach. Unfortunately it's, you know, cancer patients. What kind of information got out? CRO is the. I don't know how Kroll's involved. CRO is like one of these big kind of conglomerates that have tons of business units. But so this looks like it's a third party data breach. So some, you know, a lot of healthcare companies are using healthcare technologies, that healthcare technology got compromised and people are suspecting it's Trizetto. So that means that this oncology institute is the one in the news. But first of all, they didn't do anything wrong. It was a third party that had a breach. And then second of all, there will be other companies because I, I assure you this oncology institute is not the only customer of this third party platform. So unfortunately, this is how it works in 2026, man. SaaS products move quick, break things supply chain. But when they're, when there's someone upstream that gets impacted, lots of other businesses suffer. A lot of healthcare businesses are going to have to send out identity breach letters and you know, probably try to sue the third party affected in, in this case allegedly Trizato, in order to recoup the cost that they're going to have to dole out for all of this data breach remediation. Three million individuals compromised. That sucks. So basically you already have cancer, you're fighting a fight against cancer, and then you, you find out that your data has been breached. Thanks a lot. No, I'm not doing the Citadel. Citadel is done for the semester. I am going to go to Callan's graduation. All right guys, it's 8:58. Really quickly let me do a couple things. Number one, our very own Ben Wilkinson cyber. The trucking cyber guy. He's simply cyber community member. I did a podcast with him. Go check it out. I'm going to drop a link in chat. Only 400 subs right now. He's just building this up. I love it. If you're into transportation, if you're into the trucking and logistics space. If you want to know why organized crime is willing to steal a truckload of pistachios. Spoiler alert. It's worth over a million dollars. You're gonna want to check out the trucking cyber guy. Love his content. And let's see. And again, not to say that I'm any great shakes, but if you'd like to learn more about me, we go deep into my story and my Thoughts on current events. Right, so definitely. Very cool. Here's the by the way, retro synth wave, all the things. Yes, sir. Yes, sir. Also we've got Cyber Career Hotline coming up with Jesse Johnson, AKA the Cosmic Cowboy. He's been slaying it in the month of May. Definitely appreciate Jesse. Hold on one second. I'm gonna get you the the graphic. Here we go. There we go. Cyber Career Hotline. Phone lines are open. I can see him. Big old smile. Jesse Johnson. I love you guy. Double thumbs. Love it. All right, so Cyber Career Hotlines coming up. And then at 9:30, as if we didn't have enough content for you. Kathy Chambers, Daniel Lowry talking about tech layoffs and self doubt. Even though it seems heavy, I promise you you're gonna leave this conversation feeling inspired and at least know that you are not alone. I'll drop a link for that in chat as well. In fact, I'm gonna pin this in chat. Let me go ahead and pin that. And Kathy's got something coming on in a Discord server un unrelated to Simply Cyber later today. I think she'll be in chat and can share that. Guys, I'm Jerry from Simply Cyber. Don't go anywhere. Cyber Career Hotline's coming up. I'm gonna go see my son graduate fifth grade. Until next time, stay secure. Thanks, Jesse. I'm Dr. Gerald Osher. This is the Cyber Career Hotline. If you're building a career in cyber security, this show is for you. Let's get into it.
B
Good morning, good afternoon, good evening. Welcome to Cyber Career Hotline. I mean the rains on this rainy Tuesday morning. I think it is Tuesday, isn't it? Still all day? I have returned from leave. I was in Santa Fe, New Mexico, celebrating a seven year anniversary with my wife. It was wonderful. Beautiful area, beautiful food. Back in the cockpit. Ready to answer some cyber security questions about breaking in, leveling up music, magic, the gathering fitness. Ask me anything. Hey, Kenneth J. Good to see you. Kellen, congratulations on your graduation. You probably can't hear this, but I'll see you soon and I'll tell you in person. Congrats. It is Tuesday. James McQuiggin all day feels like a Monday. How's everybody's cyber security journeys going? Where are we at? How's our Certs coming along? How's our studies, our home labs? How's that volunteer experience coming along? How's the job applications? I know it's a scary world out there, but I'm telling you, stick with it. It's a world of attrition. Cyber shinigami. Congrats, jesse johnson. I love the aot shirt. Thanks, buddy. Good to see you. Scrolling through chat, making sure I have not missed any questions yet this morning. Looks like everybody's just rocking and rolling. Doing some cyber career, hotlining some jawjacking in chat. You bought a microphone. So finally, hopefully your audio will be sufficient. I take it. Do you mean for streaming and stuff? Hey, printer device breeder ruckus. Two more classes to get done with your master's program. Nice. Congrats on the master's program. There we go. We're back. Grc guardrail. Good morning, Kenneth J. Just bebopping at work, working on size of plus. It's a world of perception. Whoever gives the best perception that there seems to win. Where I'm at, you're getting. You go put in the motions. You've tuned in to slay cert plus yet. We're doing size of plus right now. I'll use that opportunity for a shameless plug. Anybody going to any cons? Do we need defcon? Folks? I know I'm super proud to be supporting noob Village again this year as we take over defcon. Helping folks navigate and understand cyber security conferences, things of that nature. I'll be at defcon and I'll be at Wild West Hack and Fest and then simply CyberCon. That will be it for my con season. Phil Stafford. The sun has risen and the sun is good, right? Can I get a hallelujah? Everybody's having a good Tuesday, it looks like. I don't see any questions, so I'm down to just hang. I don't want to. Want to make sure I'm providing value if possible. And if hanging out chatting while you're getting to work or doing your morning routine provides value, then I'm here for it. James McQuiggin, 35, 000ft. Oh, you're gonna be at New Village too. Let's go. That's gonna be an absolutely crazy month for me. We got New Village defcon and then I'm also doing a four day Disney trip with my kids for the very first time. I didn't grow up going to Disney. Grew up extremely poor. So Disney was like a that didn't exist as a child. So now trying to give k my kids some of the things I think would be cool that I didn't have. Luke Canfield. Good morning, buddy. Deadwood. If your CFP gets picked up, well, I hope it does because it'd be cool to see you again. You're always a good Fun. Always a good hang. Hey Random, any big summer plans? Playing music live, putting together. I'm putting like an alternative jam, experimental dance world music project that I'm trying to kick off for fun and then I'll doing some I've got some shows lined up into fall with another project. I'll be playing some live music. I got some family Trips size of coming up work of course, maybe some work trips. Going to see my brother Magic the Gathering of course fitness, just normal life. Just hanging out with the family family and trying to keep my cup full as much as possible. In this economy and in the world we live in, you got to do everything you can to stay stay above water, right? Hey Space tacos. Long time no here good friend. How was my weekend? My weekend was great to hang out in Santa Fe, New Mexico enjoying good food. James McQuiggin if you want to catch him in August he'll be teaching his public speaking workshop defcon Black Hat and B Sides Las Vegas, the Cognitive Security Conference and sans secure the Human and convene with a trip to the UK for the wedding. So you probably can't go with James to the wedding but if you want to catch him, that's where he'll be. Awesome dude to plug into and soak. So much knowledge to to take in. You got B sides Harrisburg on Friday within Wild West Hack and Fest in October. Be good to see Haircut Fish Temmie this is a great question. Do you know if Comptia accepts screenshots of Jerry's streams for CPES? CompTIA does accept streams screenshots of Jerry streams for CPES. He also has his CPE program of a moderator. There's a mod handy that could put that in chat. I'd appreciate it. Question Soap flavored heading to DEFCON for the first time myself. Would love to meet up if there's a Do you have any other recommendations? So for the minute you get there, check in, come find New Village. Partially because the New Village folks just remember that name. N o o B Village. The New Village folks are tightly intertwined with a lot of the Simply Cyber community. But also this the Simply Cyber community does show up pretty strong at defcon. And then we have a meetup, we take a picture with Jerry. It's super fun. You don't want to miss it. If you go to DEFCON and just say Team Simply Cyber, it'll only take a few minutes before somebody from the Simply Cyber community will find you. I will be there Casually Joseph will be there. Steve McCauley will be there. James McQuiggin, Josh Mason, many, many others who are in their own little communities but also rub elbows and, and help and plug into the Simply Cyber community. So show up, be ready to walk around and, and to talk to folks and you'll find us. Want to remind everybody that we have Kathy Chambers Authentically Cyber talking about burnout, layoffs, probably getting into cyber. Some of the fears that we might have as we work navigate the tech industry with just kind of the, the way the environment it is with how AI is proliferating, kind of the social climate, the geopolitical climate that we're in. So there's a lot at play. Keep your head up. Say it over and over again and I'll keep saying it. Keep your head up, stay focused, keep doing your labs, keep doing your volunteer work, keep doing your certs, keep showing up, putting in the work because it will pay off. Noob Village. N O B Village. That's right. Soap flavored. I need to work on my enunciation and I am working on that. I just don't want to use the hard S's like an influencer. Man, it's good to see everybody. It feels like I was gone in Santa Fe. It feels like I was gone for an eternity. Yep. Oh, how could I forget the Hack Smarter and simply Cyber meetup. Tyler Ramsby from Hack Smarter Kyra Sec Security Kairos Sex Security hacker, pen tester, mentor, rapper, friend. You don't want to miss that meetup. Pocket Pixel Good morning, Soulshine C2 asks, Is there a difference between IT GRC and cyber GRC? I don't think that there is. I'm sure there's maybe some slight differences. It's like saying, hey, is there a difference between a cyber security analyst and an IT security analyst? I think it really depends on, again, the classic answer, it depends. But I really do think it depends on what your role entails. I think that at this point between IT GRC and Cyber grc, you're really splitting hairs in ITS semantics. They could very well be the exact same role. They could be very similar roles. If IT has GRC in it, you're going to be working with frameworks, compliance frameworks, risk assessments, all of the things that we talk about here. The daily Cyber Threat brief in the GRC space, hashtag GRC Mafia. You might be doing vulnerability management. Is there a difference between IT GRC and Cyber grc? Probably not. A ton maybe. It may be more focused on just the assets itself in the IT space, whereas Cyber GRC maybe is Focused around that cyber resilience, cyber security posture of the organization, something like that. It's going to be splitting here. There's going to be slight differences. LinkedIn user good morning tmsc. Good morning. LinkedIn user. Burnout from the layoff. 18 months, baby. Man, Luke, I'm so sorry, brother. You're an asset to the community. I think you'd be an asset to a lot of teams you work for. But I am bummed to hear that and I hope you find something soon. Sup? Simply cyber famous. Questions. Ask me anything. You're just dropping in? Maybe somebody sent you here from Slay Cert plus or sans training. Or maybe the anti siphon folks we're talking about Simply Cyber Daily Cyber Threat brief. If you're just joining us, this is a 30 minute ask me anything. I'm coming off the heels of that nerd Dr. Jerry Oer and his daily cyber threat brief. This is a 30 minute ask me anything. Breaking into cybersecurity, leveling up fitness, magic, gathering, music, whatever you want it to be. Travel, food. Let's chat. I'm here. The phone line is open or you can just drop your question in chat. There's no actual phone line, so don't call me, please. How long do I think it's going to take to become a SOC analyst? Well, that question. Unpack that for just a second because I can't give you a number. To become a SOC analyst requires a little bit of hands on stuff. It requires a good clean resume, it requires some healthy networking and it's going to require a little bit of luck. So I think there are things that you can do to speed that along. You can do volunteer work. You can do your hands on home labs if you, if you already work in IT or cyber security. It may be easier. If you're coming in just fresh, fresh off the train from no experience town, then it might take you a little bit longer. So it really depends on what you're how much are you willing to invest in yourself? Are you willing to save money from spending on coffee, junk food, streaming services? To invest in training, both paid and unpaid free training? Because I think there is. I love free training and I'll do the free stuff. But there is something to be said for some of the paid training. Right? Right. Do your due diligence, do your research, investigate, find out if it's worth brings you value. But are you willing to invest in yourself and how much? About three to four months to be a SOC analyst. I don't want to discourage you and for some folks it may take three to four months. There are some folks with credentials and experience that have been trying to become a SOC analyst for three to four years. I'm not saying that's going to be your story, but. But I would be very, very, very realistic with yourself and say it could take me three to four months. I might have some training, I might already know somebody. Maybe I'm just in the right place where there's a lot of job opportunities and the demand is high and I'm the supply. Maybe that's just your story and it could take you three to four months. For most people trying to break into the industry to become a SOC analyst, that number of 3 to 4 months is not realistic and could take anywhere between 1 to 3 to 4, 5 years depending on education, training. How much time do you have to invest in yourself? How big is your network? Who are you rubbing elbows with? All of those types of things? How are your soft skills developed? So don't want to, don't want to break your spirit. Three to four months could happen. And for some folks it does. The reality is could take a year, two or longer to become a SOC analyst. It really depends on so many factors. But keep plugging into the daily cyber threat brief, Anti siphon training, TCM Security, Zach Hill, IT career questions, Kathy Chambers, Authentically Cyber, Daniel Laurie, so many others. And before you know it, you'll start to pick up on things in the industry. Concepts, networking, meeting the people, finding out if SOC analyst is really what you want to do. So stay plugged in. Cosmic Links Love the handle. What is the best certification to get a beginner role as a SOC analyst? Are you already a SOC analyst or you want to become a SOC analyst? And so you want a. Basically if you're going to be applying for most government jobs or a lot of other cybersecurity jobs, the first cert they're going to be looking for is the security plus by CompTIA IT. No, it is not an end all be all. It gives you a high level overview of multiple facets of cyber security. Does not make you an expert nor does it get you a job. But the typical hiring manager is going to at least be filtering for the CompTIA security plus. After that, if you are really trying to become a SOC analyst, you're going to want to have some hands on experience. I would start with first the anti siphon training sock home. You know the SOC home lab skills class, teaching sock skills. That's a free class. Or pay what you can and go to anti siphon training and check that out. Then I would look at maybe getting blue team level one hack the boxes, soc analyst certificate and then maybe size of plus. But really it's going to be about getting that hands on experience, building up labs, understanding how routing, switching, understanding the network, understanding what attacks look like, indicators of compromise, threat detection. So many little things that you need to understand so that you can start to narrow down in that becoming a soc analyst. So I start with to recap start with security plus start getting some hands on experience. Then maybe I would look at doing a hack the box or Blue Team Level 1 hands on cert at the same time continuing to build out home labs. I'm continuing to do the the hands on training and then I'd maybe look at getting size of plus and I know there's a lot of other ones maybe that I'm missing. Those are the ones that I've seen bring other folks value. I did the Blue Team Level 1 training, did not take the cert but I did the training and that brought me a ton of value. Cosmic links from this is from Cyber Shinigami who is who is a sock analyst says that the security plus going to the size of plus are going to be the most beneficial and it's probably going to be the most on paper requested by a hiring manager in HR company. Coffee in my Broncos cup. Hey Straw hat sec. I'm looking for entry level roles doing the work. Almost done with CPTs. Within a week I should be getting SEC place plus. I did volunteer B sides. I found 3 duplicate bugs in the last 4 days. Straw hat sec. You are crushing it. I don't want to compare myself to you. I don't want anybody to compare yourselves to straw hat security or straw hat sec. But you can use this as information as as some inspiration. Gotta do the work. You have to put in the work. So this person so straw hat's been studying for some certs looking at getting the CPTs they're looking to get in their SEC plus 2. Pretty good search to have on a resume. And now we've got some volunteer B sides work. You found some bugs, doesn't have to be perfect but you are documenting a living resume for yourself. Straw hat sec. Use that as maybe a springboard for yourself. If you're trying to break in there's what three things that you can do. Very, very very actionable. The barrier for entry is really low, especially with the help of AI tools. Use them as a force multiplier to broaden your Horizons. Justin Anderson. What's going on and welcome to the party. Mentioned earlier that you completed your master's in cyber. Congratulations. You've gotten your Networks plus and your ccna. You're working on some vulnerability remediation projects at work and you're building a Proxmox based home lab again doing the work. What do you do? Next document I would look at. Maybe this is what for me because I want to think holistically. I would do the lab and either open it up to the Internet, run Atomic Red team, do some kind of automated pen testing. Then I would do a report. I would put together a pen test report and pick your framework. I don't care what it is. It can be NIST special publication, it can be cis, whatever your controls. Find a framework and then document a risk assessment. Have a clean documentation. So not only did you build the lab, not only have you looked at for indicators of compromise from legit sources because you're going to have it opened up to the external face, to the public facing Internet, right? So you're going to have actual brute force login attempts. You're going to see actual indicators of compromise. I would do a framework analysis, gap assessment, risk analysis. For this I'll create a pretend company and I would do a whole repo of this pretend company. Talk about make it whatever you want to make it. Proxmox is a great idea. I personally love using something like oh, ansible or something something to spin it up in the cloud using infrastructure as code. Because you can spin up an entire small company for 100 bucks in just a matter of minutes. Something to consider and then some of the cloud based and virtual networking is makes it really simple. But I think the Proxmox is a killer idea. Continue it. So that's what I would do. I would do a full on risk assessment, penetration testing. I want to submit with my resume. Hey, this may or may not be beneficial. Here's an example. This is not AI, this is my work. Here's an example of what my documentation looks like. Here's an example of my understanding of threat hunting. Here's the doc. Here's some documentation of my understanding of penetration testing. Submit to them either a holistic package or have it targeted, ready to go. So that's what I would do. Still no patch for BitLocker. Should we tell users don't lose their stuff? I think when we see things like this, excuse me, all of the cyber security basics apply even more specifically, especially with the identity thing, making sure, I mean identity and Access management to the device. I know it's BitLocker, so we're not really talking necessarily at the identity level, but we still need to have all of network segmentation set up. Understanding the difference between roles, users and administrative roles, the cyber security hygiene basics come into play. Monitor look for those IOCs that we have that you see listed. For somebody that asked how long it would take, I think it might have been Pocket Pixel, Dan Reardon or the Haircut Fish. It took me three years from the time I started looking into cyber until I landed a job as a soc analyst. It takes time but is well worth it. I did my learning while still working IT related jobs. That's similar to my story. If it wasn't directly in IT or cyber, it was IT adjacent or audio video adjacent. Even when I worked in law enforcement as a street cop, part of my duty was because I just said duty A and B. Part of what I did was help manage some of the IT ish infrastructure. Kind of the go to person on house. They had a managed service provider so no matter what I did I kind of tried to stay IT adjacent. There were a few times while I was working either trying to get back into IT or to level up in cyber security that I was rejected many times even with referrals. A referral isn't a guarantee, but it does help. Network. Chuck David Bombal Anti siphon training and of course Professor Messer helped me get the same inserts. And Dr. Jerry Ozier was the my biggest and most important key to my success. That is a story we hear time and time again regarding the good doctor. You got the size of Test plus this weekend? I do I have any tips? I do have some tips. Let me I lead. I'm taking my Size of plus in four weeks and I currently lead a study group every single day when I'm not on vacation or work. Family, all that kind of stuff gets in the way. But it's called Slicer Plus. Right now we're going through Size of Plus. We're doing official practice test questions, performance based questions. We're walking through Domain 1 all the way through Domain 4. It's live, it's every day at 2pm Eastern and then a long form podcast interactive study session on Fridays with the fabulous Tech Ricky as our co host. Let me drop this link in chat. I've been a PC person and now back on a Mac. Give me make sure I remember everything. Yeah, check out slaycert plus. We can give you some advice but the same thing that I would Tell anybody taking a multiple choice question you've already taken probably some it sounds like so same thing as always understand. Make sure you read the question really carefully. Skip the PBQs at the beginning, come back for those. Do your multiple choice ones first. Rock them out by, you know, reading the question, understanding as you're reading it. Do any keywords pop up? Is there anything that you're formulating as a possible answer? Once you read the question clearly and you know what it's asking you, look for your you'll get four answers to choose from. Typically. Typically you get four answers to choose from. Of those four answers, two of them are going to be obvious no go's and from the two you're going to be left with one you need to do a better or best option. After that it's going to be identifying looking what the question is asking you and what answers are Comptia giving you. If you work in the industry and you've worked in the industry for a long time and you go to take the size of plus or the Security plus, it may be difficult because sometimes what happens in the real world isn't exactly what happens in the textbook world. I tell, I say this time and time again. Just go with what Comptia gives you. They're going to give you a few answers to choose from. Maybe the best real world answer isn't there. Don't get hung up on it. Go with the best option that COMPTIA gives you. Make sure you answer every single question. Flag them. If you need to go for review, go back to your pbqs and you should be solid. Comptia does give partial credit on questions that say best most give you multiple selections. You know, pick two and they also give partial credit from what I understand on the pbqs. So it's really important to answer every component as cleanly as possible because you never know when you get just partial credit. If a person is recognant and getting the entry IA am so identity and access management, how would they recommend to go about it? That's a great question. I would YouTube, I would YouTube Jerry's podcast. See anybody else that's working in the industry. And then same thing with LinkedIn. Just start looking at I am analyst or identity access, excuse me, management analyst. Start watching videos, understanding tool sets, understanding some of the terminology as you do that, maybe start making some posts here and there on LinkedIn, maybe contribute to other people's posts that are on LinkedIn. So if you're trying to get in that's how I would do it and then learn from people in the industry. You obviously understand that the identity is our. That's the golden ticket, right that Jerry said this and we say this. Hackers aren't hacking in, they're logging in. So that identity piece is huge. Poner Joe, good to see you buddy. Jesse, nice to see you man. And hello everyone. Hey, Poner Joe, man, what a story. Did the work, wanted to get into cyber, did the home labs, did the healthy networking, ended up working in penetration testing as a full on ethical hacker. It does happen. Luke Canfield lamenting he's at the point that he's accepting you have to relocate. That also has its issues. Anything we can do to help you out, man, I think you have my mobile. If not, hit me up. Happy to help where I can. We got about three minutes left and then we're gonna rock and roll. Over to Kathy Chambers, Authentically Cyber. Currently a sock cyber analyst. Goal in the future is to get a senior role. Any advice? Do I possibly need to find a niche? So I work in vulnerability management, security operations. At some point I would like a senior role and I think that finding a niche is really important because you can specialize if anybody that's remaining in chat that works in a senior role. Philip Stafford. Elliot. James McCoogan. Any advice for somebody who with a future goal of getting a service, a senior role, do they need to find a niche? Can they continue to stay broad? Should they start to plug in with other managers? Maybe you could find somebody who's in a senior role, offer to take them to coffee, ask them questions about the senior role lifestyle, ask them their path to getting that senior role. Might not be exactly for you, but again, just like Bruce Lee would tell us, take what works, discard what doesn't. Right? Take what works, put it in your toolkit, discard what doesn't. Any advice in chat for those that I want to look into a senior role, I think finding a niche is important and if you don't find a niche, you probably will. I think having a holistic view of cyber security and understanding holistically how it functions is, is crucial. But then being a specialist. Oh, that's good. Read the answers bottom up and your brain will not jump immediately to the first answer. Did that on my season and it was a game changer. Ah, Elliot. I'm taking that into our live study sessions. We're going to start reading the answers from the bottom up because it does. Sometimes you jump to that first or second answer you read clean. I like that tip Gib. What says? Thank you for the link. I've been struggling the first through chapters of the size of study guide issues with setting up alien and Nessus. I'm going to check out your study stream for sure. Yeah, check it out. We do mostly practice questions. We do get a little bit hands on. It's really about helping people identify what those questions look like. All right, team. A lot of good questions, a lot of good conversation. We gotta roll. We gotta turn over to Kathy Chambers. Authentically cyber. I don't want to leave you hanging or leave her hanging. I look forward to seeing everybody later today as we do some siza plus studying. I gotta get on. I gotta boogie on out of here so that we can get Kathy Chambers rocked and rolling. Man. It was awesome hanging out with all of you. Until next time, take care. Everybody stay secure. See you.
Host: Dr. Gerald Auger, Simply Cyber Media Group
Special Segment: Tidbits Tuesday
Date: May 26, 2026
This episode dives deep into eight of the top cybersecurity stories relevant to practitioners, analysts, and business leaders. Dr. Gerald Auger, a seasoned GRC professional and cybersecurity educator, goes further than the headlines and delivers practical insights and context. Key topics include a major GitHub supply chain compromise, takedown of Russian-linked infrastructure, ghost CMS exploitation, political disinformation, malicious AI code scanning, and the ongoing evolution of phishing and cybercriminal tactics. Plus, a lively, supportive chat community and engaging career development AMA.
(Cybersecurity Headlines story begins @ 11:46)
(Story @ 21:33)
(Story @ 25:57)
(Story @ 31:52)
(Story @ 41:03)
(Story @ 46:41)
(Story @ 51:33)
(Story @ 55:36)
| Timestamp | Speaker | Quote | |-----------|---------|-------| | 15:57 | Gerald | "You may be impacted not so much for your GitHub repo, but software you’re using that uses one of these repos…" | | 17:57 | Gerald | "Multi-factor all the things!... Unfortunately, they're putting multi-factor on the barn door, but the horses are way out of the barn." | | 19:46 | Gerald | "This is why asset inventory is so important... software Bill of Materials is the holy grail." | | 24:19 | Gerald | "If you’re going to become a cyber criminal, do not live in a country that you’re likely to get arrested in... how are you not smart enough?" | | 28:38 | Gerald | "You could have multi-factor authentication, you could have all the things. If the platform is vulnerable, your [site] is vulnerable." | | 30:48 | Gerald | “Never do this: Ctrl+V into a run box! [to avoid click fix attacks]” | | 32:28 | Gerald | "...probably spent more time on this story than I needed to. It doesn't feel like a cyber story." | | 41:41 | Gerald | "The easiest way to get people to install malware is to have them do it for you." | | 47:21 | Gerald | “This is like a nuclear weapon... but it’s software… [other adversaries] are going to find their own versions.” | | 49:23 | Gerald | "We're going to be dealing with a massive, massive issue... AI is going to find [zero-days] and it's just going to be a hot mess express." | | 52:09 | Gerald | "At the point you're setting up a meeting and then somehow you install a binary, that's where you jump the shark. That's a bridge too far." | | 56:12 | Gerald | “Unfortunately... SaaS products move quick, break things... when there's someone upstream that gets impacted, lots of other businesses suffer.” |
This episode was a tour de force of practical cybersecurity news, actionable advice, and community spirit—an essential update for any cybersecurity professional seeking enrichment and career progression.