Summary9 min read

Daily Cyber Threat Brief – Episode 1007

Date: November 17, 2025
Host: Dr. Gerald Auger ("Jerry"), Simply Cyber Media Group
Podcast Theme:
A high-energy daily breakdown of the most significant cybersecurity news stories, featuring expert analysis, actionable insights for practitioners, and an inclusive, community-driven conversation. Jerry’s signature lively style makes complex topics accessible and useful for career and interview prep. This episode covers everything from autonomous AI cyberattacks to high-stakes business continuity failures, with a focus on real-world application over theory.

Episode Overview

In this milestone "James Bond" edition (Ep. 1007), Gerald Auger guides listeners through eight of the day’s top cybersecurity stories, amplifying headline news with deep analysis, career advice, and a dose of humor. This episode spotlights the unprecedented use of autonomous AI in cyberattacks, critical patching failures in federal agencies, insider fraud benefiting North Korean IT workers, and the massive operational costs of cyber incidents for global businesses. The conversation also highlights best practices for business continuity and user security awareness in an ever-evolving threat landscape.

Key Discussion Points & Insights

1. Microsoft Windows 10 Update Failure

Story at [09:53]

Summary: Microsoft's KB5068781 security patch for Windows 10 (Extended Security Update) is failing to install for corporate users, rolling back after restart.
Analysis:
- Context: Windows 10 is end-of-life; businesses should be migrating to Windows 11.
- Risk?: The patch addresses certificate expiration in June 2026 — “you've got time.”
- Prioritization: Not urgent; “This is on your vision board… no risk here.”
Quote:
- "With all due respect, this is absolutely not a lead story." — Jerry ([12:34])
- “You want to get the Windows secure boot cert updated all by June. Yes. All right, no risk here. Let’s go." ([13:19])

2. First Large-Scale Autonomous AI Cyber Attack

Story at [13:52]

Summary: Threat actors used Anthropic’s Claude AI to autonomously execute an advanced cyberespionage campaign against tech, finance, chemical, and government sectors, a leap from AI as a tool to AI as an operator.
Analysis:
- Paradigm Shift: “This is a massive shift in the paradigm of threat actor operations... from AI as advisor to AI as operator” ([14:23]).
- *Attack flow mimics the cyber kill chain, with AI agents performing recon, vulnerability scanning, exploitation, and iterative privilege escalation with minimal human oversight.
- Implications: “This is scary, but I see opportunity here. Red teams can build the same tech and you can purple team at scale, which means we can get more secure.”
- Nation-state activity is suspected, but this capability is not exclusive to adversaries: “The NSA can do this too.”
Quotes:
- “This is wild… this is a turn, turn the thing on, go get some tacos and come back and you’ve got persistent access inside a valuable environment.” ([15:50])
- “You’d be a fool to think nation-states weren’t trying to do this already.” ([20:21])

3. Feds Fumbled Cisco Patches – CISA Report

Story at [21:21]

Summary: US federal agencies failed to apply required patches for critical Cisco vulnerabilities, leaving them exposed for extended periods during the “Arcane Door” campaign, reportedly exploited by Chinese actors.
Analysis:
- Perfect Storm: Patch failures were compounded by a government shutdown and miscommunication.
- Persistence Risks: Even after patching, adversaries can maintain access if they established persistence beforehand.
- Real-World Complexity: Large organizations like the federal government face inherent management and communication challenges.
Quote:
- “Government shutdown... people aren’t working, the ones that are aren’t getting good communication… and China is still punching holes in the side.” ([22:17])
- “Once a threat actor has established persistence, they don’t need to exploit this vulnerability again.” ([24:50])

4. Insider Fraud: U.S. Residents Help North Korean IT Workers Infiltrate 136 Companies

Story at [26:02]

Summary: Five US-based individuals pleaded guilty to helping North Korean workers pose as Americans, securing remote jobs at US companies, sometimes by taking drug tests or hosting company-issued laptops.
Analysis:
- Economic Factors: Easy money (e.g., “$5,000 a month”) is a powerful lure, especially for the unemployed.
- Security Breakdown: Highlights the risks of poor identity and remote work vetting procedures.
- Criminal Innovation: One convicted individual created a “match.com” for North Korean IT workers and US identity renters.
- Expect Recurrence: “I suspect that a service like this will crop up again.”
Quotes:
- “Would you do wire fraud and conspiracy against the US for $4,500? I wouldn’t. That ain’t good.” ([28:19])
- “This could help... I could probably fit nine or ten laptops… let’s go, half a million dollars!” ([27:30])
- “Getting laid off at the holidays, man, that’s like an extra punch in the junk.” ([31:10])

5. Cyber Attack on Russian Port Operator – DDoS Disrupts Critical Exports

Story at [37:50]

Summary: Russian port operator Port Alliance suffered multi-day disruption from a 15,000-strong DDoS attack, targeting coal and fertilizer exports via major seaports.
Analysis:
- Attribution: Likely ideologically motivated hacktivist group, not nation-state.
- Impact Assessment: Attack was ultimately unsuccessful due to mitigations; 15,000 IPs is “the kiddie pool” in DDoS terms.
- Business Continuity Lesson: Essential for critical infrastructure and SaaS-dependent businesses.
Quotes:
- “Fifteen thousand unique IP addresses. Not bad. But in the scope of DDoS, 15,000 is the kiddie pool.” ([38:43])
- “Figure out what’s critical and have a backup plan that you’ve tested in place.” ([41:50])

6. DoorDash Data Breach via Social Engineering

Story at [42:04]

Summary: DoorDash disclosed a breach exposing names, addresses, phone numbers, and emails of users, Dashers, and merchants in the US and Canada. Cause: an employee fell for a social engineering scam.
Analysis:
- Communications Matter: DoorDash’s statement is contradictory about what is “sensitive information.”
- OSINT Realism: Such data is already easily available via data brokers.
- Positive Response: The employee immediately reported the incident; company quickly disabled access—“the way to do it.”
- Security Culture: Avoid punitive responses to user mistakes to ensure prompt incident reporting and minimize impact.
Quotes:
- “I have a video on my channel on how to find people’s information. You can buy it from data brokers for a few bucks.” ([44:42])
- “You should absolutely not be chastising or punitively punishing your end users when they report phishes.” ([46:03])
- “This company nailed it… That is how you do awareness training.” ([47:33])

7. North Korean Hackers Use JSON Hosting For Malware Delivery

Story at [50:23]

Summary: North Korean actors are spreading malware via JSON hosting services linked through phishing campaigns, often disguised as job offers on LinkedIn.
Analysis:
- Attack Flow: Victims are lured with supposed job opportunities, receive demo projects with encoded links that fetch malware payloads from services like JSON Keeper.
- Vulnerability: Job seekers and especially developers or researchers are targeted, often acting in secret to avoid employer detection, leading to delayed compromise discovery.
- Defense: Proactive user education, especially amid rising layoffs/job hunting.
Quotes:
- “There is this taboo to look for a new job… people do it secretly, and you could detonate malware on yourself and don’t want to tell anyone.” ([53:00])
- “Make it personalized. Let me help you help yourself from shooting yourself in the leg like Plaxico Burress.” ([55:23])

8. Jaguar Land Rover Cyberattack: Over $220M in Losses

Story at [56:22]

Summary: Jaguar Land Rover reported $220M in financial impact after a ransomware-related shutdown in September 2025, taking out a £1.5 billion government-backed loan to cope.
Analysis:
- Reality Check: Early figures (e.g., "$80M/day") seemed inflated; the final $220M loss is still staggering.
- Business Continuity Planning (BCP) Failures: Complexity in recovery due to interdependent systems; sequence of restoration is critical.
- Actionable Advice: Practice restoration from backups and understand business-critical dependencies; don’t let hope be your strategy.
Quotes:
- “If you have systems that are dependent on other systems, the order you bring things up matters… you’re going to figure it out the hard way by trial and error.” ([60:35])
- “Hope is their strategy. I hope this is the one… You don’t need hope if you do the work, if you talk to the business and figure out what the important parts are.” ([62:50])
- “When this happens, you know what’s sexy? Not spending $220 million.” ([64:10])
- “Thank you for coming to my TED Talk.” ([64:40])

Notable Quotes & Memorable Moments

On AI attacks: “Go get some tacos and come back, and you’ve got persistent access inside a valuable environment” – Jerry ([15:50])
On patching: “I hate to be a pecker head, okay, but like, this is not an issue. This can be on your vision board.” ([12:59])
On reporting phishing: “If you, like, hit them with a stick (after they report a simulated phish), then they’re not gonna like it when they report things.” ([46:03])
On BCP: “Hope is not a strategy… do the boring stuff and freaking take care of your business. Sorry it’s not sexy.” ([64:10])
On career choices: “I know this isn’t gonna win any beauty contest, but David Bianco’s Pyramid of Pain… you’ll always have my heart.” (Jawjacking, ~[75:00])

Career & Community Highlights

Simply Cyber Community Member of the Week: Michelle Khan, recognized for tireless community contributions, educational outreach, and approachability at conferences.
“If you don’t know who Michelle is, I would strongly recommend you make it an effort to meet him. He’s just a great guy, your Simply Cyber Community Member of the week.” ([35:24])
Job Market Real-talk: Numerous references to layoffs, job hunting, and the temptation for quick (fraudulent) money.
“I just got laid off... but wait a minute. I can pay my mortgage if I just put this stupid laptop on my kitchen counter.” ([27:30])
Actionable Wisdom:
- Don’t punish users for reporting security mistakes; instead, foster a culture of transparency.
- Update and practice Business Continuity Plans and BCP tabletop exercises, especially in complex or manufacturing environments.
- Proactively educate users—especially job seekers—about new social engineering, phishing, and malware delivery tactics.

Additional Resources & Community Q&A (Jawjacking, [64:45] onward)

DFIR Training: Recommendations included Jessica Hyde’s resources, malware traffic analysis labs, and differ.report.
GRC Learning:
- Jerry’s own courses and a free day-in-the-life GRC Analyst talk.
- NIST frameworks (SP800-37, 30, 53, etc.) and CIS Controls.
- “Let this wash over you in an awesome wave. May I suggest Chef suggests today you start with the 837 Rev 2 as your appetizer course...” ([76:00])
Recommendation Requests:
- Books for imposter syndrome.
- Practical breakdowns of GRC "engineering" (explained as leveraging code and automation for compliance/audit at scale).

Timestamps for Important Segments

| Segment | Timestamp | |-----------------------------------------------|---------------| | Episode Opening & Tone Setting | 00:01 – 09:02 | | Patch Failure: Microsoft Windows 10 | 09:53 – 13:52 | | Autonomous AI Attack Lead Story | 13:52 – 21:21 | | CISA: Feds, Cisco Patch Failures | 21:21 – 26:02 | | North Korean IT Worker Insider Fraud | 26:02 – 31:34 | | Russian Port DDoS | 37:50 – 42:04 | | DoorDash Social Engineering Breach | 42:04 – 50:23 | | North Korea, Malware via JSON Services | 50:23 – 56:22 | | Jaguar Land Rover Ransomware Fallout | 56:22 – 64:42 | | Business Continuity / BCP Reality Check | 60:36 – 64:40 | | Community Member of the Week | 35:24 | | Jawjacking: Community Q&A, GRC paths, DFIR | 64:45 – 80:00 |

Episode Takeaways

The cybersecurity threat landscape is evolving, highlighted by the leap to autonomous AI-powered attacks.
Human error and patching failures still play a huge role in compromise and incident impact.
Social engineering remains a potent adversary technique, especially amid economic stress and job market churn.
Effective business continuity, security education, and a culture of transparency are more important than ever.
Community and collaboration in security—learning, sharing, and growing together—are at the heart of Simply Cyber’s mission.

“I hope you got value from the show… do the boring stuff and take care of your business. Sorry it’s not sexy. But you know what’s sexy? Not spending $220 million.” — Jerry, [64:10]

[For more Simply Cyber content, streams, and resources: simplycyber.io]

Loading summary

Transcript29 lines

[00:01]
A
All right. Good morning, everybody. Welcome to the party. Today is Monday 2000 or Monday November 17th, 2025. This is episode 1007, I believe he says questioningly. Yes, 007. Welcome to the James Bond episode of Simply Cyber's Daily Cyber Threat Brief. Listen, if you're looking to stay current on the top cyber news stories of the day and be able to use that information to be better at being a cyber security professional as well as being able to crush job interviews in the cybersecurity space, because you will be asked, how do you stay current on the industry? This right here is a banger of an answer alongside the Simply Cyber community who's always bringing the heat. I'm your host, Dr. Gerald Dozier. We're doing it every single day. Welcome to Simply Cyber's Daily Cyber Threat Brief. We're off and run. What's up, everybody? Hope you all had a lovely weekend. I certainly did a lot of good times. Had the old Patriots game on a Thursday night. So a lot of, lot of running around this weekend without the, the Patriots kind of anchoring my weekend also, you know, I hope you are got to stretch the legs a little bit, spend some time with those you care about. If you worked over the weekend or overnight during the weekend, I hope you got something lined up for your days off that's greatly enjoyable, but we got work to do right now. This is the Daily Siren Thrift Brief. We are going to go through about eight cyber stories. I'm going to go give you the headline, obviously, but go beyond the headline and give you analysis that you would not get in a classroom or a text book because I got 20 years of experience alongside the Simply Cyber community that has a collective 8,322 years of experience. And essentially we go beyond those headlines and dig in, giving you insights that you, you know, basically only get from, you know, living the experiences. So a lot of value here. Of the stories, I literally have no idea what they're doing. Was running a bit late this morning. You can even see like my hair is a hot mess. Express us. So I literally have no idea what the stories are. I won't even have the little chiron thing here because again, ain't nobody got time for that. Ain't nobody got time for that. But we do the best we can. I want to say good morning to all of my friends and regulars of the community. Cara of Carrie, Mara, David P. Soul Shine, Amish brain Face Doil over an island bruising hacks in the Mid States. Right? Marlon J. So Many people. Space tacos. James Laundry. No, come on. Space tacos. James Bond is not an 80s reference. Now, if I had said GoldenEye. Maybe. Maybe. All right, we got Rick Kelly in the Upstate Ellipsis. Rick Kelly in the Midlands, Code Brew, Marcus Rutherford, Justin. Got so many great people in the chat. Elliot Matisse and Phil Stafford, probably somewhere running around the San Francisco connection. Guys, before we get into it, if it's your first episode, drop a hashtag, first timer in chat. Hashtag first timer in chat. We love welcoming our first timers, as always, and making them feel comfy. Comfy. We got a special sound effect, a special emote, all the good things. Every episode of the Daily Cyber Threat Brief is worth half a cpe. So say what's up in chat. Grab a screenshot of that. Include this show title, which has the unique episode number and the date. It's not a coincidence that that is exactly why the title of each episode is that way, making it easy for you to capture those cps. Just grab a screenshot, say hi, so you're on stream. Grab a screenshot once a year, count up those screenshots, divide by two. I was gonna have to boogie out of here. No jawjacking today, because I was gonna go to Career Day at my son's school and tell him all the cool things about cybersecurity, letting them know what's hot, right? But I. I guess it was too much. Too. Too hot to handle. Too cold to hold. That's a Ghostbusters 2 reference, by the way. Too hot to handle. They canceled Career Day. I got the email about 6am this morning. Then the kids will never know what cyber security could be. I love it. Now, before we get into it, let me say shout out to the stream sponsors, those who enable me to bring the show to you every single single day of the week. Love it, love it, love it. Starting with Delete Me. I got my monthly report, actually, over the weekend. Delete Me makes it easy, quick and safe to remove your personal data online At a time when surveillance and data breaches are common enough to make everyone vulnerable. Deleting does all the hard work of wiping you and your family's personal information from data broker websites. Delete Me knows your privacy is worth protecting. Sign up and provide Delete Me with exactly the information you want deleted. And they're experts. Take it from there. I love it. It's basically like, listen, as someone with an active online presence, privacy is really important to me also. I say it all the time, y'. All. I don't have time. Like time is literally my most valuable asset. And having being able to outsource, being able to delegate. I know people who are close to me want me to be better at delegating and being better at saying no to things. Hello. I've delegated on managing my online privacy. Take control your data. Keep your private life private by signing up for deleting now at a special discount for our listeners. Get 20 off your Delete Me plan when you go to join delete me.com simply cyber and use promo code Simply Cyber checkout. The only way to get 20 off is go to join delete me.com/cyber and a code simply cyber checkout. That's joinedleamy.com/cyber code simply Cyber. Thank you. Simply Cyber. Thank you. Delete me. All right. Also, guys, what Anti siphon training. Check out this course calendar. Anti siphon training, always bringing the heat. Zach Hill, the team over there. We got a hot one for you this Wednesday at noon Eastern Time. November 19th at noon. Guys, it's getting close to the end of the year and these like retrospective webinars are starting to come up. How you got hacked. 20, 25 deep dive. Here's what I would tell you about this. I'm going to drop a link in chat. I would recommend, I'm going to sign up for it myself. So I'm not just, I'm not just the president. I'm also a client. Now that is a drink reference space. Tacos, if you remember the original Hair club for men. But guys, these retrospectives are amazing. Key nuggets of information that you can assimilate into your own thoughts. And drop in job interviews, always amazing. What's up, av as always, saying hi in chat. Go check it out. You could sign up and if something comes up, then don't go to it. You know what the nice thing is? It costs $0. So you're not out anything if you can't make it, guys, personally. All right, hold on. Thank you. Anti siphon training dot com. I dropped the link in chat. Go check out their course calendar. This is this Wednesday. I'll be at it. Let's hear from Threat Locker while I get my, my background sorted out here. We're off and running about, I'd say like 90 full show today. 90. I'm gonna see if I get this 10 back up here. Let's go. I want to give some love to the daily cyber threat brief sponsor Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night, worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com dailycyber. All right y', all, we are about ready to get after it. Cheddarbob is saying that on December 2nd there's getting started with Miter Attack and Black Hills. John Strand. Yeah, I've, I, I've taken multiple of John Strand's classes. I'm not sure if I've taken that one, but Cheddarbob's hit the nail on the head. Those three courses that John teaches are phenomenal. Sixteen hours, very practical, hands on experience, great community. Don't sleep on that. All right everybody, do me a favor. Sit back, relax, hit the recline and let the cool sounds of the hot news wash over us in an awesome wave. See you at the middle. From the CISO series, it's cybersecurity headlines.
[09:03]
B
These are the cybersecurity headlines for James.
[09:06]
A
McQuigan with 20 gifted subs. Thank you James McQuigan. We just become best friends. Yep, James I James Aquigan at 35,000ft. Amazing community member does the dad jokes. On Friday, MC's track two at Simply CyberCon goes trick or treating with my children. Wonderful human being, just gifted. 20 subs so if you're one of the lucky recipients like Tiger Maple and Jake and Pepe Espinosa, Steve, be sure to say what's up. And the best way to say what's up is obviously hi at James McQuigan, but go into your email tray squad members and drop those Oprah emotes because that's basically the visual cue for community. You get a membership. You get a membership, you get a membership. Love it, love it, Love it.
[09:54]
B
Monday, November 17, 2025 I'm Steve Prentice. Microsoft warns of potential Windows 10 update failure. The company has confirmed it is investigating an issue in which a bug causing the Windows 10 KB5068 781 Extended Security Update to fail to install. It is instead showing numbered errors on devices with corporate licenses. The security update was released on November 11th as part of Patch Tuesday. Some business Windows 10 users have since reported on its failure to install, and more precisely, it Appears to install successfully, but after a restart fails to apply and rolls back China back.
[10:40]
A
All right. I mean, okay. I mean, personally, I, I don't know if this is the lead, considering the next story. To me, this should be the first and second stories. It's so significant. But let's go ahead and talk about a failed Microsoft patch. So here's the deal. If you're running Windows 10 corporate license, chances are you, you may or may not have seen this update over the weekend. You know, it's spitting errors because when you reboot, it fails to apply the patch. For vulnerability management analysts, this sucks obviously, because your, your numbers are going up and that's not. This isn't crypto, right? We're not going up into the moon. This is, you know, risk exposure and unpatched vulnerabilities up into the right. So that, that's not good. Let's see. Microsoft's investigating the issue. This is under the extended security update. Oh yeah, I forgot. Windows 10 went end of life. Really just upgrade, get on Windows 11, stop kicking the can down the curb. And there's no eta. So to me the question is, what the hell did this fix? Or you know, what was it supposed to fix? You know what I mean? Like, as a vulnerability management analyst, as a cso, like the, the question is, what? So what? Like what is the risk exposure? Let's take a look at this thing here. All right? So that you take in, you put in the KB to figure out what exactly Microsoft is fixing secure boot cert expiration. The certs are expiring in June of 2026. Okay, so here is the deal. I mean, this is like, with all due respect, this is. Dude, my TV failing is pissing me off. With all due respect, this is absolutely not a lead story. Okay, so, so here's the deal. Windows 10, which is end of life if you're paying for extended support. Awesome. Maybe you should convince the brass to invest in just upgrading to Windows 11. But I digress. There are reasons sometimes this KB article or this KB is failing and the vulnerability that it's fixing is basically assert expiration that expires in seven months. Seven months. Okay, so like you've got time. Microsoft has seven months to investigate and get this sorted out. So I hate to be, I hate to be a pecker head, okay, but like, this is not an issue. This is on. This can be on your vision board. Ah, vision board. I want to, I want to climb Mount Fuji and I want to get the Windows secure boot certified updated all by June Yes. All right, no risk here. Let's go.
[13:52]
B
Attackers launch first large scale autonomous AI cyber attack. In September, the threat actors used Claude code AI from anthropic to, quote, automate and execute cyber attacks in a sophisticated espionage campaign. They made use of its advanced agentic capabilities rather than using AI only for guidance, and so allowed the attack to execute itself autonomously. Experts describe this as an unprecedented shift from AI as advisor to AI as operator. The attack targeted 30 global tech, finance, chemicals and government organizations and succeeded in a few cases.
[14:36]
A
All right, if you're. I didn't see any first timers in chat, so I don't need to explain this, but. Excuse me. Is it hot in here? Oh, my God. Wow. I mean, there's infographics and then there's this. Oh, look how elegant it is with, with. I mean, those lines, they have rounded edges, color coded, appropriate amount of detail, not too, not too much text, but enough. This, I mean, hold on, I gotta do this. I mean, this is a very special situation. Come on. All right. I mean, without question, this is how we do it. Okay, so. All right, enough. Enough of me, like salivating over this infographic. This is a massive shift in the paradigm of threat actor operations and one that absolutely should warrant your attention. This is the lead story. So using AI to help you do things and, you know, like an assistant. An intern. Yes, yes, yes. Okay, what we're talking about now is you're the general, right? Or you're the captain now, right? Hold on, I'm the captain now, okay? Look at me, look at me. All this, I'm the captain now, right? And AI is being deployed as the operators. Okay? So normally, you know, you've got a PM lead or whatever, and then you've got operators who are in the field doing the thing. This now has one operator, as you can see on the left here, phase one human operator. And it's basically like an N8N flow gone completely off the rails on a crazy train. They've got the phases. This is straight up the kill chain, yo. Right? Scanning, searching, retrieving data, doing code analysis. Different MCP servers, which are basically like specialized services via. They're called MCPs, but they're like API calls. The findings are recorded and analyzed and a human reviews them. So a human does take this information and pump it into the next phase. I can imagine this being automated as well. So there's two human touch points at this point directs an iterative vulnerability scan based on findings. Again, now we're looking for attack surface and exposure attempts Exploits and validates callbacks, right? Once they get callbacks, they're in. Right in. And then they iterate through. So this final phase is they're inside the environment and they're doing basically the kill chain again, iterating over until they find assets of value. So this is wild. What I would say is the, the AIs don't necessarily know what the valuable assets are, the valuable data. I mean obviously you can kind of train them on what's valuable, but this is like a turn, turn the thing on, go get some tacos and come back and you've got, you've got persistent access inside a valuable environment. Like with a command line blinking like, you know, shall, you know, shall we play a game? Like this is what's up. All I can say is this is a, you know, not unexpected. This is a significant maturity or maturation in the utility of AI for threat actor operations. But let me, let me, let me, here's my thing. Before we, like, like, before we start losing our collective minds, two things. One pen testers, red teamers can also do this, which means you can purple team at scale, which means you can, we can get more secure. Okay, so this is not a threat actor only utility. Now of course the United States or whatever country you, you call your own, whatever country you have patriotism for, if you have a first world power cyber capability like the United States does, we can do this too on our adversaries. Now cyber crim, this is nation states doing it. But I mean, you know, the NSA is essentially a nation state backed cyber capability, so we can do that. So for me personally, this is not good, right? This is scary. However, I see it as opportunity that hey, the red sieges of the world, the Black Hills of the world, the Cairo Sec of the world can develop these tools to deliver valuable insights on attack surface kill, not kill chain attack paths. Attack paths are from, like from when you first get into the environment. Like how you navigate around until you get to your objective, your domain admins, your crown jewels, your, your database. Like whatever it is that's like the, the winning target, the attack path to get to it. And then we can use that information to secure and harden and hell if we get really good at it, we can have AI do that too. This is not good though. Again, this shouldn't come as a surprise. Like you would be a fool and I, I don't want to call anyone here a fool, but I, you'd be a fool to think that like nation states weren't trying to do this already. Right. Like, I mean, AI is a freaking game changer. All right, here we go.
[21:21]
B
Feds fumbled Cisco patches requirements says CISA According to a new report from cisa, US government agencies are, quote, failing to adequately patch critical vulnerabilities in Cisco devices despite the presence of hackers who pose significant risk, end quote. This report was published Wednesday after the agency had become aware of, quote, multiple organizations that believed they had applied the necessary updates but had not, in fact updated to the minimum software version, end quote. This follows an emergency directive from the agency after uncovering a widespread hacking campaign known as arcane door targeting Cisco adaptive security appliances and firewalls. Current and former federal cyber officials did say that the government shutdown exacerbated the threat landscape, end quote, by slowing down response and coordination efforts.
[22:18]
A
Imagine that. I'm not gonna dunk on government employees, okay? But this is a perfect storm, okay? Get your best, like, you know, I don't know, 1600s, you know, your 1600 sailor that the Spanish military or Spanish Armada has decommissioned, but you're still floating around in the Caribbean and you're now basically a buccaneer pirate. Our Tis be a perfect storm. China has this capability to punch a hole in the side of Cisco. Cisco's an enterprise, enterprise grade tech government shutdown. So people aren't working. The ones that are aren't getting good communication. Bunch of people said, oh, we patched all the things. Oh, you gotta. Patrick. Ah, you gotta patch it. No problem. I patched it. In reality, you did not patch it or you only patch part of it. And because you can't figure out that you hadn't done it or you did it incorrectly or you did it poorly, whatever, doesn't matter how you did it or didn't do it, it's still accessible and China is still punching holes in the side. And then when you couple that with the execution speed of this anthropic news story, like, Bro, September 26th is when things had to be patched. It is now November 17, almost two months later. But when I tell you that Claude, like, or Claude or like AI Flaming donkey with AI enabled, it doesn't need two months, okay? And then by the way, once you patch this, if the threat actor has already established persistence, they don't need to exploit this to get back in. They have built a back door in that they can come and go as they please. So it. This isn't good, guys. Remember with the cyber kill chain, threat actor does recon figures out where the vulnerabilities are, you know, exploits the vulnerability, gets into the system. The very first thing they're going to do is set up persistence so they can come and go as they please again. And then, you know, all the other things like hide their tracks, pull down additionary payloads, move laterally, whatever they're going to do. But what they don't need to do is exploit this vulnerability again. So this is awful. I will say that the US federal government is like the largest enterprise in the world that I know of. So with the larger the enterprise you got the. The more complicated it gets to manage it. Jose Alfredo, first day of work as an IT support tech. Awesome, bruh. There it is. Very good. Congratulations, Jose. I'm super pumped for you. Chatter Bob drops a link in here. Head over to Double Pulsar. For what it's worth, I love Kevin Beaumont. I think Kevin Beaumont is an amazing contributor to the cybersecurity, you know, larger conversation. So he is. Cheddar Bob's talking about this particular blog post. This is from November 3rd, so two weeks ago. Kevin Beaumont's one of the people that I'd love to get on the channel, but I'm gonna drop a link to this one. Thanks, Cheddar Bob for the recommendation or suggestion. I'll. I'll read this after work today or not after work after the pod.
[26:03]
B
Five U. S based individuals plead guilty to helping North Korean IT workers infiltrate 136 companies. The U.S. department of justice announced on Friday that these five individuals had pleaded guilty in violation of international sanctions. The counts were off wire fraud and conspiracy for knowingly allowing IT workers located outside of the US to use their US identities to secure jobs at American firms. Between September 2019 and November 2022, three of these defendants had also served as facilitators, quote, hosting the company issued laptops at their residences and installing remote desktop software so that the IT workers could give the impression that they were working remotely within the U.S. the defendants also helped with passing employer vetting procedures, including appearing for drug testing on behalf of their North Korean clients.
[27:00]
A
Oh, wow. Okay, so check it out. Couple things here, couple things here. Number one, this is basically, you know, you know, United States is having a tough time. United States is having a tough time curbing North Korean IT workers. Okay? And they're getting in for numerous reasons. One, they're sending their paychecks back to, you know, mother North Korea. Other others, they're getting access to, you know, potential sensitive information. Etc. Yes. Law enforcement, 136 companies. And the way that North Korea has figured out how to do it is to employ Americans or, you know, like local residents basically, of whatever country. Local residents to appear to be the higher. Right. So they're the ones that show up for the drug tests. They're the ones who sign show, like get the laptop mailed to them. Yeah, mail it to me. I live in, you know, Somerville, South Carolina. Mail it to me. I live in Denver, Colorado. No big deal. And then they set it up and it's just basically a, you know, they VPN in through those, those laptops. And honestly, guys, think about it. It seems like very easy money. Like, if you, like, do the, do the economics of it, right? Hey, hey, Steve. Like Steve Young right now in chat. Steve Young. Hey, Steve Young. I'll give you five grand a month. All you gotta do is go to one drug test and then just leave this laptop plugged in in your spare bedroom. Five grand a month, 60 grand a year. What do you say, dude, no one will know. Okay, you know what? That could really help. That could help, you know, or. Oh, I just got laid off. I just got laid off. But wait a minute. I can pay my mortgage, I can feed my kids if I just put this stupid laptop on my kitchen counter and just ignore it. All right, I'll do that. I'll take two. You guys need. Got a huge counter in my kitchen. I. I could probably fit nine or 10 laptops. Let's do this, bro. Half a million dollars. Let's go. All right, so there is a very compelling, there is a very compelling argument as to the incentives here. Now, I will point out there that two of these guys, Salazar and Travis, they actually went for the drug testings. Travis was an active duty US army member who received 50 grand for his role. These other two guys said to have earned 3,000, 4,500 respectively. Now I'll tell you, committing wire fraud, conspiracy against the United States. And as someone put in chat, potentially treasonous charges. You better believe I'm not doing it for $4,500. You know what I mean? Like, that ain't good. Now this guy Didinko takes it to the next level. This guy Didinko says hold my beer because he actually set up a website to facilitate connect, like basically match.com for North Korean IT people. And people who want to have rent out their kitchen counter essentially help overseas workers buy or rent stolen or borrowed identities. The IT workers used the identities to get hired for online freelance platforms in California and Pennsylvania. And you can see the Department of Justice dropping the hammer. Regulators, I love this. And this guy, he had to forfeit $1.5 million. This service is definitely not going to be available. I will tell you the following. I suspect that a service like this will crop up again. Now, hopefully law enforcement can bust it down again. But. But this is obviously a proven model. There is a customer, right? North Korea. There is a customer on both sides of the equation, right? Unfortunately, a lot of people are getting laid off right now. And you know, having some income is very appealing, right? Getting laid off at the holidays, man, that's like an extra punch in the junk.
[31:34]
B
But huge thanks to our sponsor, Know Before. All right, your email gateway isn't catching everything and cyber criminals know it. That's why there's KnowBe4's Cloud Email Security platform. It's not just another filter. It's a dynamic AI powered layer of defense that detects and stops advanced threats before they reach your user's inbox. Request a demo of Know Before's cloud email security@nobe4.com that is K, N O W B E and the number4.com or visit them this week at Microsoft Ignite booth number 5523. Cyber attack on Rush.
[32:20]
A
All right, we're at the mid roll. Give me a second. Yo, where's my warm chocolate? There it is. All right, we are at the mid roll, everybody. Where, where is it? There it is. Guys, thank you so very much for being here. I genuinely appreciate all of you. Hope you're having a great show. I'm trying to. I, I was coming out of the gates really hot this morning, so I didn't have a chance to vet something. I have who I think is going to be the community member of the week. I just want to double check that this particular individual had not received it this year because, you know, that's not, that's not cool. I mean, it's cool, but it's, it's, you know. Okay. Yep. And then me. One second. Stay, stay with me. Ah. Okay. All right, Guys, welcome to the Mid Roll. Thank you to the stream sponsors. Abdullah wants to know where Simple Minds went. Yeah, we get a copyright strike every time and it bans the video on replay in certain areas. So. Davy, crack it. I did watch the Broncos beat the Chiefs. Great game, Great finish. Hey guys, I want to say thank you to the stream sponsors. Delete me. Anti Siphon Threat Locker and Barricade Cyber Solutions. Guys, Barricade Cyber Solutions is disrupting the traditional cyber security training industry by offering high quality cutting it. I mean, not that they're Barricade Cyber. In addition to doing Digital forensics and incident response. They're also doing this Fortify 365 BI weekly webinar series, which is absolutely awesome. Come check this out. If you want, you can Scoop in here November 19th. So two days from today, this Wednesday at 1:00pm Eastern Time. And if you're doing the anti siphon training, it's literally right after that you could have a double shot. Wednesday, November 19th. Free to register, right? Free to register. And what are we going to do? SharePoint and OneDrive. This is a very practical webinar, guys. M365 is very, very. Widespread and adopted. Tons of businesses are using M365. So if you come to this webinar, you'll actually learn how to restrict OneDrive sync to domain join devices. You'll learn how to configure access control for unmanaged devices. You'll understand how to set external sharing defaults for new and existing guests, and so much more. Guys, this is the practical skills that not only make you effective at your job, but also can wow hiring managers about your understanding of what actually needs to happen. Not just theory, but how to help secure and manage that M365 instance. So go to webinars.barricadecyber.com I'll drop a link in chat right now, webinars.barricade cyber.com and check it out. Let me just double check that. Yeah, that's it right there. Whoever asked, we shun. Here, I'll pin this to the chat. Ginger Hackers in the house. Good morning, Ginger Hacker. Our very own Ginger Hacker in chat. Guys, every single day of the week has a special segment. And Mondays are simply Cyber Community Member of the Week presented by or sponsored by Threat Locker. What does that mean? That means that Threat Locker pays to sponsor this segment, which I then use part of that money to give the Simply Cyber Community Member of the Week either merch or a hundred dollar Amazon gift card. And I want to recognize this is another submitted Member of the week. So I listen to the community. If you'd like to sponsor somebody for efforts that they've done, please let me know. This, this comes as another recommendation from a community member. You guys know them. Okay, this is your Simply Cyber Community Member of the Week. And like, if you don't know, I'm gonna tell you. Michelle Khan is the Simply Cyber Community Member of the Week. Michelle Khan, amazing individual. Okay, now let me tell you what this guy does at conferences. He'll give a talk, he'll give a workshop, he'll Give a training. He'll do a book signing. He will walk around with a camera. He's always open to talk. He's very serious. He's very. He's very thoughtful. He's a great friend of mine. I personally am very fortunate to call this guy a good friend. And he is. He's just an absolute rock star when it comes to community and service. If you don't know who Michelle. Michelle is, I would strongly recommend you make it an effort to meet him. He's just a great guy, and he's your Simply Cyber Community Member of the week this week. So, Michelle, I think he's flying right now. I will connect with him and get him his merch or Amazon gift card. He's been on. He's been on Simply Cyber Firesides, you know, a couple times, too. Go look him up. He's a wonderful person. Love this guy. Love what he stands for. That's your Simply Cyber Community member of the week. All right, let's keep cooking, y'. All. What time is it? 8:39. We're right on schedule.
[37:50]
B
Cyber attack on Russian port operator aimed to disrupt coal and fertilizer shipments. The Russian port operator, Port alliance stated on Thursday it was in its third day of disruptions resulting from a cyber attack that was targeting key parts of its digital infrastructure. The attacks took the forms of a DDoS attack and attempts to breach its networks. Port alliance claims the goal of the attacks was to destabilize operations and disrupt business processes tied to exports of coal and mineral fertilizers through its numerous seaports in the Baltic, Black Sea, Far Eastern and Arctic regions. The unidentified hackers used a botnet of more than 15,000 unique IP addresses from around the world and continuously changed tactics to evade security defenses, but were not successful in their mission.
[38:44]
A
All right, so a couple things. One, it was a distributed denial of service attack on a Russian port. The port. So there's a couple things here immediately. I mean, you guys heard the story, but immediately my mind goes to. This is a ideologically motivated hacktivist group that is targeting Russia. This is not a nation state attack. Which is fine. The attack did not work. Which is one of the indicators to me that it was a hacktivist group. Number two, it was 15,000, right? Is that what they said? 15,000 bots? Yeah, 15,000 unique IP addresses. Not bad. Okay, but in the scope of, like, distributed denial of service, 15,000 is, you know, like the kiddie pool. Okay. Like, you're not gonna really. You need more. Like, it's got to be Bigger and you have to sustain is November. And obviously coal is used to fuel all sorts of, you know, like heat related things as well as factories and systems and stuff like that. So. So disrupting coal and fertilizer could be an impact on energy and agriculture. Very critical infrastructure for, for Russia. Plus it's in the Baltic Sea which if I'm not mistaken, Elliot Mati let me know but I'm pretty sure the Baltic is currently like, there's like a whole lot of, what do they call it, soft power being employed around. The Baltic and oh no, I'm thinking of the Black Sea. So the Baltics right in here. This is a hotly, hotly contested area. I don't understand where Russia's getting. Oh, I guess it's up in the St. Petersburg area right here. I mean, dude, this sucks. Like you can't really get anywhere without passing through this Gulf of Finland, which is pretty gnarly. But anyways, this is, this is dinking around with critical resources at, you know, at nation state levels. As always. It's a distributed denial of service attack. So for your own business, ensure that you have capabilities if you need online, like if you're an online retail store, for sure. If you depend on online services, which many of us do now with SaaS products, you know, either make sure that SaaS products you're depending on have just, you know, denial of service protections. Like Cloudflare is like a common one. And if you can have backup plan that you've tested in place, a business continuity plan. Right. These port operators, I mean they were able to continue and maintain operations but you know, maybe you think through like what's critical. Is it critical to get the package or the mill crates off the boat and onto the trucks? Yes. No. Well, if it's yes, how do you do it without, you know, critical systems? That's a tabletop exercise effort very difficult to execute because those ports are oftentimes 24, seven super busy. So yeah.
[42:04]
B
War Dash suffers new data breach. This attack occurred on October 25th. In an announcement sent to customers this past week, the company says the information stolen may have included first and last name, physical address, phone number and email address, end quote. The incident has been traced to, quote, a doordash employee falling victim to a social engineering scam, end quote. The notification does not specify how many users were affected, but they did say it impacts consumers, Dashers and merchants in the US and Canada. This is the third notable security incident suffered by the company.
[42:44]
A
All right, what did they get here first, last physical email? So all your contact information. Basically. Okay, It's so funny. Their email here says the information may have included this element, but then. It says, identified a cyber in a cyber incident. This makes no sense, man. That involved an unauthorized third party gaining access and taking certain user contact information. And then in big bold letters, it says, no sensitive information was accessed by the third party, and we have no indication that the data has been misused. So no sensitive information was accessed by this party. Yet. They. But in the previous one, it says an unauthorized access gained access to and took certain user contact information. So either this particular individual's information wasn't affected, or they're contradicting themselves in this blast email that they've sent out. You can see at the bottom, they are committed to protecting your privacy and grateful for the service. And they are offering a phone number you can call to get more information. You. You won't be getting your, you know, your identity theft protection. So Elliot Mati hits the nail on the head. Words matter, right? So they said, oh, this information, your first, last phone number, email, physical address were compromised. No sensitive information. So the key word there is sensitive, right? It's very subjective. Define sensitive, right? That is not. That's not a, like, medical, like, not medical term, but it's not an objective statement, right? Like, we don't have a clear definition for sensitive. It now becomes a stupid lawyer game where, like, oh, sensitive is where you can use it to make, like, only financial information is sensitive now. Okay? Like, you can do legal gymnastics where, like, you could say, oh, like, you could even be a real jerk and be like, oh, hey, like, only your blood type is sensitive. That's what we think is sensitive. And doordash executives are like, well, we don't ever ask for or capture blood type of anybody that works here, uses our service, delivers food. And the lawyers are like, I know. We will never have sensitive information disclosed. Oh, hand me another pina colada. Right? Like, so the. The devil's in the details. And there's always nuanced ways, like not declaring a breach. This. This data incident is still under investigation four years later. Oh, no, no, no. No breach. We haven't completed the investigation. Naughty, naughty, naughty. All right, so for what it's worth, though, I will say two things. One, this information, to me in 2025, it's scary, it sucks, but it's like, I mean, this information, I have a video on my channel on, like, how to find people's information. You can buy it from data brokers for a few bucks. You could literally buy this from a data broker for a couple bucks. If not just straight up, Google someone's first, last physical phone number and email address. Okay? 2025 OSINT is very, very good. So to me, while this is like, I wouldn't want a data breach, but this information is not super like, oh, my God. Okay, number two, how did this actually happen? An employee fell for a social engineering scam and immediately made the IR team or incident. Excuse me, the cyber security. Oh, my God. The information security office aware, and they shut down that person's access. Smart. Honestly, guys, this is the way to do it, okay? I don't know about contacting law enforcement. Here's the thing. This. This is all good, okay? Employee falls for a social engineering scam, they immediately notify information security. Let me share something beyond the headlines here, okay? You should absolutely not be chastising, embarrassing, punitively punishing your end users when they report fishes. This is why I'm not a huge fan of fishing my employees. Or I don't actually, I should rephrase that. I don't mind fishing employees. I don't like making them take training. If they fail for it, if you, like, hit them with a stick, then they're not gonna like it when they report things. So then if they're like, if they're 67 on whether or not an email is a fish or whether or not they fell for a fish, you're. You've already instilled in them, well, if I report it, I'm gonna have to take a stupid training, and I don't like the stupid training or I don't have time for a stupid training. So I'm not gonna. I'm not gonna report it. And now you've got exposure for a longer period of time. Meantime, to discovery is a very valuable metric that you want. Very low. So this company nailed it. And this is why when you do awareness training, you should stick your face in the email or your face in the video or do it at the all hands. Make yourself visible, right? That way, when Carl clicks on a fish, Carl's like, jesus Christ. Okay, I'll just call Jerry. I know Jerry's cool. I know Jerry won't bust my chops. I know Jerry's gonna try to sort this out without making me feel bad about it, okay? That is how you do awareness training now. They didn't. They. They shut down the access, which is amazing, right? That should be the first thing you do. Hey, we don't know if this account is compromised or not. Maybe we're Seeing logins from Cambodia, whatever, shut it down, John Taffer style. Start an investigation. Brilliant. Did they create a new user account? Did they try to log into other things? Did they set up multi factor on a phone that the. The victim doesn't own? Right, okay. Also, by the way, they got in probably no multi factor authentication. They absolutely need mfa. And then they said they referred the matter to law enforcement. Whoa, whoa. Regulators. I'm gonna have to stop you right there, chief. Okay? Just. I've. I've been doing information security for so long that it was called information security when I started. Okay. I don't know if I've ever. In my career, maybe once. I have never looped in law enforcement. That is a. That's a lever that you don't necessarily always pull. Okay? So. All right, let's keep going.
[50:23]
B
North Korean hackers turn JSON services into malware delivery channels. Building on their extensive experience in using job offers to distribute malware, these threat actors are now using JSON storage services like JSON Keeper, JSON Silo, and Endpoint IO to, quote, host and deliver malware from Trojanized code projects. End quote.
[50:47]
A
Yeah, Chatterbob. Chatterbob. Just. I feel seen. Chatterbob. Information Assurance. Yes, that. Okay, so, you know, it was called, like, communication security, then information Assurance, and information Security, then cybersecurity. And I will tell you, Cheddarbob. I'm so old that my. I'd have to look at the dates on it, but I have a master's degree in information assurance. That's. That's how old by. I have one tooth. It's so long. I trip over it from time to time.
[51:21]
B
As is often the case, they approach victims through networking sites such as LinkedIn, either under the pretext of conducting a job assessment or collaborating on a project, as part of which they are instructed to download a demo project hosted on platforms like GitHub, GitLab or BitBucket. Jaguar Land Rover.
[51:42]
A
All right, so I. Let me see here. So they're using JSON storage services to deliver malware. Okay, so. All right. Ooh. Okay, hold on. Wow. Okay, so this. The Hacker News, saw the anthropic infographic and said, hold my beer. Let's look here. Stop it. These threat actor names, Beaver Tail and Invisible Ferret Flaming Donkey online, too. What do you think? Wow. Beaver Tail and Invisible Ferret. I saw them at Cyber Criminal Con 2024. All right, all right. So basically, they send a LinkedIn message and invite a candidate to basically do a challenge to help vet themselves. The base 64 inside the environment variable looks like an API key. They make it look like an API key. And in actuality it's a link to a JSON storage service which pulls down and then they start running stuff on you, stealing your crypto, wallet key logging, data fill, persistence mechanisms. They will drop an any desk downloader at some point. I mean, at this point you're absolutely screwed when they're running any desk and log it into your system. So here's the deal, number one, and I say this all the time, Educate your workforce. Okay? Educate your workforce. But you might want to target developers, researchers, engineers, I t and frankly the cyber team. Here's the real, here's the reality, okay? There is this like, like talking about your salary is considered taboo. Like, way to go employers. You've made it so people can't, you know, like consult. But also, and, and no surprise, it is very taboo to look for a new job or have your employer look for a new job. Now obviously an employer has a right to fire you right away if they want to. If you say you're looking for a new job, maybe they don't lay you off immediately, but when there comes time for layoff, your name's probably top of the list, right? Like I've seen this happen multiple times because you're not part of the family anymore, right? So people do it secretly. When you do it secretly looking for a job, you could detonate malware on yourself and you, or on a company asset or whatever. And you don't want to tell anyone, right? Because you're afraid of repercussions because you were trying to be secretive. I'm not saying it's wrong to be secretive. I'm not saying it's wrong to look for a new job. I'm not saying it's wrong to not tell your employer. They, they have no, they have no right to know what you're doing right? Be the CEO of you. But what I will say is if victims aren't aware of this attack technique and they do it, the time to detection is going to be longer and you're going to rely on your tech stack, your EDRs, your detection engineering in your SIM to discover the compromised assets. And then you're going to have to unpack what the hell is going on with these compromised assets. So educate your end users on these things, especially in this market right now where tons of people are either looking for work or being laid off and looking for work or not happy and looking for work. Right? I just think there's an uptick in this stuff. So it looks like it's coming from LinkedIn DMS. So make that part of your awareness campaign. Hey, listen, guys, every, you know, this is how I would say it. Okay, listen, everybody. I know we love the mission here and we love working here, but let's be honest. At some point, you may move on from the company. Hope you don't love you mean it. But if you do, I just want you to be safe out there because I care about you being safe. All right? Make it personalized. Let me help you help yourself from shooting yourself in the leg like Plaxco Burris. Drink. Careful. These LinkedIn messages.
[56:22]
B
Cyber attack cost the company over $220 million following up on a story we have been covering since September, the Jaguar Land Rover car manufacturer has published its financial results for July September 30th and has warned that the cost of the September cyber attack totaled 196 million pounds, equivalent to 220 million dollars in that quarter. The attack forced the British carmaker to shut down production at its major plants and send its staff home. Data was stolen during the attack, which was allegedly deployed by the Scattered Lapsus Hunters group. Remember to join us.
[57:01]
A
All right, so Jaguars back up and running. They were down for months, guys, and $220 million in losses. Which is better? Like, dude, at one point they were saying it was like $80 million a day. And I was thinking, I don't know if you guys remember, if you're a long timer here with the community, you might remember. But I was like, 80 million a day. Like, how many freaking Jaguars do you sell a day where you're making 80 million a day? That seems a little, a little aggressive. Okay, not to say I like, oh, I called it. But like, yeah, $220 million. Dude, this makes me want to vomit. A quarter billion dollar loss. Like, I don't want to own that. But being down two months, yeah, I could see this as like reason a reasonable estimate, not $80 million a day. Get out of here with that noise. Now. I mean, obviously Jaguar's back up. They had a data breach. I, I think really the, the Shiny Lapses Hunters, it's this like, collective of the younger hackers that are very aggressive. They use a lot of social engineering on help desk to, to get in and stuff. They were more about taking the manufacturer down than they were about data exo. But while they're there as part of their standard playbook, exfilling data and then trying to either lord it over the victim to pay or to sell it to Anyone who wants it, dude, they, they had to take out a billion and a half dollar loan to maintain supply chain. In fact, they got a government bailout. Roswell uk. Is Roswell UK in chat? Roswell UK is not in chat. I'm curious what the, what the citizens of the United Kingdom feel about this. Government bailouts are always an interesting topic. Who gets them and who doesn't. Like, here's my thing, man. The cyber attack which halted production and disrupted sales created a significant dental in profits. Dude, I run a business. I don't want a dent in my profits either. But like, why does the British government bail them out? You know what I mean? It just makes me wonder like any like co op, Marks and Spencer, like these other businesses that are in the UK that suffered massive cyber attacks, like, can they apply for a loan now? Like what? What? I hate to be such a jerk, man. I mean like what's the, what's the percentage on that loan? Like right now? If I could take a billion and a half dollar loan out for like 2% interest, like way below market or whatever. Anyways, here's the tldr. I have heard that Jaguar was actually not negligent in their operations. What? Okay, let me rephrase that. Here's what I would say. If you don't want to be down two months. And this is a hot take, not a hot take, but this is it. They are a manufacturing company. Jaguar, they were down two months, they lost $220 million. They had to get a billion and a half dollar loan. These are real numbers and real money. If you work in manufacturing, what I would highly recommend is, you know, like these numbers might mean nothing, right? Say you're a manufacturing company and you generate, you know, $200 million in revenue a year, right? You make, you make weed whacker line. You know that line that you put in the weed whacker? It's a super pain in the butt. Like it's so frustrating putting the stupid plastic whip and the weed whacker thing and then you go for like 30 seconds and it snips down. You gotta flip the thing over. It's like the most infuriating thing ever. You make that and you make $200 million a year. If you say, oh, they lost, you know, $220 million for two months, like, yeah, that, that hurts. And that feels like our whole business. But at the same time you're like, oh, it's Jaguar, whatever, so don't worry about that. What I would recommend, number one idea, execute business like Basically work through your business continuity. They got hit with ransomware, they had multiple facilities, they didn't know how to bring it back up in a, in a, in a timely way. So now I don't. Listen to me, this is something that you may not know, okay? Because in a textbook everything just works magically together, right? In a classroom, professor just says, oh, you restore from backups. Let me drop a knowledge bomb that lives in reality where the rest of us operate. If you have a complicated system across many facilities, tens of thousands of end users, complex ot integrated everywhere, right? And it all goes down at the same time, the order in which you bring things back up matters. If you have systems that are dependent on other systems and you bring a system up, that's like in the middle of the chain, the systems like, so you bring up system like A, B, C, D, E, okay? You bring up system C because that's the one that makes money. And then you realize that it depends on system B existing, so you can't use C, so you bring C down and then you bring B up. You're like, all right, we're gonna fix this now because the, the thing that makes money depends on this one. So let's bring that up. And you're like, all right, we're going to be making money, boss, by Tuesday. And then you realize that system B depends on system A, you gotta bring it down. Let's bring up system A. Don't worry, boss, we're going to be making money by Thursday. So you're telling management expectations on when things are going to happen and you cannot deliver on them because you don't realize what systems have dependencies on other systems and, and you have no friggin idea what order to bring these things up. This is reality. And when you have things like active directory or domain controllers in multiple locations, when you have things like ERP solutions that handle logistics, when you have things like payroll systems, right? When you have all of these complicated systems interfacing with each other and you don't know the order to bring them up in, guess what? You're going to figure it out the hard way by trial and error. And you know what? When you have advanced notice and you can practice and you can test and you can verify, and heaven forbid you can document, then when, when things hit the fan, you can literally execute the order of operations instead of turning the lights off, putting a blindfold on and just flipping switches and hoping. Hope. A lot of people that work in cyber security and it's hope is their strategy. I Hope this works. I hope this is the one we have to spin up. You don't need hope to be your strategy. If you do the work, if you do the preparation, if you talk to the business and figure out what the friggin important parts of the business are, what applications do you need? What systems do you need? What makes money here and then work backwards from there? It's called business continuity. It's called business impact analysis. It's called critical systems. We did that. We figured this out 25 years ago, y'.
[64:43]
B
All.
[64:43]
A
All you got to do is do the work. Instead, let's talk about a side channel attack and a hardware piece in L2 cache. Let's give it a cool name like Meltdown. No, do the boring stuff and freaking take care of your business. I'm sorry it's not sexy. I'm sorry a tabletop exercise and business impact analysis isn't sexy. But you know what? When this happens, you know what's sexy? Not spending $220 million. That's sexy. You know, it also looks great to the shareholders. Not getting a billion and a half dooll bailout by the government. Profits took a dent. Get out of here with that noise. How about you just. I never know what's going to come up here. Thank you for coming to my TED Talk. All right, everybody, thank you. Thank you very much. I hope you had a great show. My name is Jerry from Simply Cyber. I think my glasses are inside the house. Oh, no. Oh wait, I got a backup. Oh, hey. As a practitioner, I practice business continuity. My glasses are in the house, but I have a backup pair for such an occasion. Thank you. Hey, Jaguar. Call me. I can help you. I hope you got value from the show. Shout out to Michelle Khan again for our Simply Cyber community member of the week. Great guy. If you guys got to get out here. See you later. Otherwise, don't go anywhere because we got Jawjacking coming up in just a hot minute. I'm Jerry from Simply Cyber. Till next time, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some jawjacking. What's up, everybody? Welcome to Jawjacking. I'm your host, Jerry Guy. Coming hot off the heels of Simply Cyber's daily cyber threat brief podcast, hosted by by that red Hulk screaming mess, Dr. Gerald Ozier, talking about a master's degree of information Assurance. Sit down, nerd. We're having a good time here at Jawjacking. What we do is we mentor at scale. I don't have time to do one on one mentoring. I'm sorry, I just don't. The time is super valuable, but what I can do is mentor at scale. And that's what these jawjacking sessions are. 30 minutes. Ask any questions. I will answer to the best of my ability or I will give you resources. Other people in chat can certainly help. It takes a village. This is a great community. The Simply Cyber community. Hashtag Team sc. If you vibe with the Simply Cyber community, which I do. So I'm actually going to drop Team SC myself. But the deal is many of you have the same question. So by doing mentoring at Scale, if I answer the question once, I can help several people at the same time. And that is economies of sales scale when it comes to time, time management and utility of time. So let's get the questions here. Phil Stafford first out the gate. I missed it. How many times did you say I told you so when the anthropic story came up? Oh my God, bro, seriously. But Phil, you know, I, I said treat it like an opportunity. Red teams can use the same tech stack and do purple teaming way, way faster. So thanks for asking. All right, Bruising hacks is on. Is caught up here. Elliot says we'll help Jaguar with their business for the low price of a vehicle. Yeah, I don't know if I'd want a Jaguar. You know, here's the thing. Like, yes, having like a really nice luxury car is cool, but like the maintenance of it, like, honestly, it's no different than buying a piece of technology. Actually here, no one asked for this, but here's a. Amy Cheney says the meltdown is not helpful. Sorry, Amy. Some things just get me passionate. And you know, businesses that don't do proper business continuity planning, I, I'm passionate about. So sorry that it was not helpful. I hope you got value from the show in other ways. All right, what did I want to say? Oh, yeah, when you buy a piece of technology or an application or something like that, a lot of people just look at the price tag. Same as like buying a Jaguar, right? It's like, oh, it's an eighty thousand dollar Jaguar. Here you go. Okay, well, what people should be thinking about in addition is what's the annual maintenance costs? What's the sale like, what's the property tax on it? Like, does it actually serve your needs? Like, or you're gonna have to upgrade it like do you need to buy a luggage rack? Do you like, do you need to buy special tires? Does it take special oil? Does it take premium gas? Like there's a lot of hidden costs that come with buying a tech for the operations and maintenance. So a lot of people only look at procurement. But O and M is where you're going to get caught paying a lot more. And this is why people get go house poor, right? Because they buy a house they can't afford, they buy a car they can't afford, and then they discover that there's additional costs that they weren't banking on. Soul Shine. How big will GRC become in AI and cloud space? Very, very big. I mean managing AI and the governance of AI is very important. We're actually going to have Jason Rebels coming on simply cyber firesides. I had a call with him the other day. Very nice guy, very smart and he's actually looking at governance around agenic AI. So I think, honestly guys, I mean I've been trying to, I had no idea this was going to happen but I've been trying to make GRC cool for years and now, I mean not only do I think we've got a seat at the table, but I think we're being asked by the other people at the table to stand up and please speak about governing AI. What's the hottest infographic I've ever seen? Thank you. Face Doyle. You know, I don't know. The hottest one I've ever seen. I mean that the anthropic multi stage one today was pretty, pretty hot. I mean honestly, I wish it had. I wish it was like retro synth, wavy and dark mode but you know, can't have it all. Cyber Risk, which says she loves the passion. Thank you. And honestly, 100 right. Cyber risk, which I appreciate that. What I will say is if you don't enjoy my style of delivery, that's okay, right? I'm not everybody's cup of tea or cup of coffee or glass of beer or whatever your favorite beverage is. Right? I, I, I understand that. But what I am is me. Like what you see is what you get. This isn't an act. I'm not putting on a Persona, you know, except Jerry guy for the first two seconds of the show. So if you don't vibe, that's okay. That's okay. There's a lot of, there's a lot of different. In fact, honestly, I'm seeing an uptick in other content creators focus on cyber news lately. That's an interesting development. I'm not Asking this to rush anything. I'm just making sure I didn't overlook the email by mistake. Have the CPS for simply CyberCon been sent out? Yes, they have. They went out on Friday. So if you attended Simply Cybercon, you would have gotten an email either from me or from. Kimberly sent the emails out. She may have sent them from my email address because she used the. The system that you registered for the ticket, right? It's called Ticket Bud. She was able to email everybody out from that. Essentially all the certificates, the CPE certs are inside a Google Drive and you just got to go get your name. Now there is a potential concern there. If anyone is upset about this, I'm happy to delete your certificate if you would like. One member brought my attention that technically you can see everybody who registered for the conference. I mean we were. It was a very open conference with a lot of sharing, so I didn't find this to be a. A data risk or anything. But if anyone's interested in having that deleted, go for it. But yeah, bruising hacks. The email did come out and the. There's a Google Drive for it. Kimberly's typing right now, so maybe there's more information coming. Amy. Amy or Amal, can you. Hey, Am L yv you're passionate. The meltdown was needed in therapeutic. Well, thank you very much. I appreciate it. Also, can you put a. How should I pronounce Your name, please? Am live MLive. Let me know. I. I like saying people's names correctly. Okay. Yes, the email came from Ticket Bud. So check your spam folder. It did come out Friday though. Just so everybody know, Ginger Hacker says I got a mentee looking to break into grc. I told him to pick up the SEC plus what other sources can I kick them to learn? Yeah, check this out. Ginger Hacker. And this isn't even a pump for my. My academy, but look at this. Ginger Hacker. I have lots of free GRCs, so some of this is paid. But like right here, this break into GRC Mindset Methods and Skills. This is a free class. GRC Foundations for Modern Security. This is a free class as well. So that's those two classes. Ginger hacker academy. Simply cyberIO Also, guys, don't sleep on the classics, okay? Ginger Hacker NIST SP800. Let this wash over you in an awesome wave. May I suggest Chef suggests today that you start with the 837 Rev 2 as your appetizer course, then maybe move into 830 for your salad course guides for conducting risk assessments and then if you want perhaps more of a buffet, the 850 chef recommends 853 Rev 5 with the 853B as an accompanying course or, excuse me, 53A Rev 5. So the 53 is a catalog of controls and the 53A is a mapping one to one of how you assess those controls. Also, Ginger Hacker, if you don't want to go to this fancy steakhouse restaurant of NIST special publications, may I suggest CIS18 critical security controls and go through those. Looking at these controls right here and Implementation Guidance 1. Also, I don't know if Wild west hack infest deadwood 2025. Okay, is this. Oh, this is two years ago. So, So really quick, Ginger Hacker. I. I did a talk two years ago. Complete day in the life of a GRC analyst right here. Okay. And then, so there I am. Complete day in the life GRC analyst. I'll drop a link to that. And then what I was looking for is this year I did a talk on how to, you know, basically A to Z of audit. Okay. So hopefully that helps everybody, including your mentee. Oh, yeah. Actually, yeah, you know what? Cheddar. Excuse me, Cheddarbob does bring up a good point. I don't think it's my favorite infographic, but he does bring up a really good point. This infographic by Paul Jeremy. I don't even think he. I don't even think this is kept updated anymore. But this thing right here, yeah, this was last updated July 2024. So I think he, I think he abandoned this project. But yeah, this is very hot. Chatterbob. Great point. The old cyber security certification roadmap, this one. Okay, so not the hottest, it's not the hottest infographic, but this one's good. And then of course, you know, listen, you. You dance, you dance with the infographic that you brought to the dance, okay? Or you go home with the infographic that you brought to the dance. You guys picking up what I'm putting down? Just because there's some better looking infographics at the dance, you go home with the one you brought. And all day long, this one right here, I know this isn't gonna win any beauty contest, but David Bianco's Pyramid of Pain, you'll. You'll always have my heart. Also, fun fact, I was in an elevator with David Bianco in December last year, and I had no idea it was him. I would have fanboyed out. Instead, I was like, hey, how are you? What floor? Absolute jack wagon. Me, not him. He's good. All right. Knox Lumen says my company's wanted me to sit for the Ahima certified in healthcare privacy and security. I saw your video a few years ago. Struggling to find training, did you? Yeah. So this is a very obscure question, but I've got the answer. This particular cert.
[78:49]
B
You.
[78:49]
A
There's one. There is only one certified training, and it will get you the cert period, full stop. And it's the official book that's tied to it. It's like a little purple book. I'd send it to you if I could. Let me see. Unfortunately, this is like a money thing. Hold on. I'm getting it for you right now. Yeah, it's purple. I knew it was purple. This is the book right here. If it's the same. Yeah, it's the CHIPS exam. Get this book. I'm sorry, there's not a better answer. It's. How's this book? 500. Hold on. Stop one second. That's a bunch of crap. I don't know who the A hole is that put that up on Amazon for 500. But hold on, I'm trying to find this book for you. Hold on. We will get this book for you. Okay? Hey, listen really quickly. Knox Lumads. Knox Lumens. Listen really quick, okay? This is. I'm sorry, this is for Knox Lumens only. Knox, can you go on to the Simply Cyber Discord server? So go to Simply Cyber IO Discord and then do. At Geraldozer and just ping me so I know it's you. I'll mail you my copy. There's no way you're. Anyone should pay 500 for this ridiculous book. It's like. It's a. It's not even that big a book. This is like. To me, this is like. This is. This is wrong. So message me. I'll go into my. I'll go to my bookcase upstairs. I'll find this book. Unless I threw it out, and I'll send it to you. This is ridiculous, bro. All right.
[81:06]
B
Foreign.
[81:11]
A
Is your master class on GRC a great starter for me? Can I use it for other fields? Or should I leverage, say, leverage its skills? So, personally, again, I have financial interest in this, so ask other people. Soul Shine. But I will answer your question anyways. I just want to disclaimer that up front. I think my GRC analyst master class is phenomenal for preparing people to actually do GRC analyst work. I've. I've had people ask me, like, oh, will it help me pass Security Plus? Will it help me pass Cisa the course is designed to make you effective at doing the job, not to have you pass a cert. As far as using it in other fields, I mean I do teach you how to like analyze things, do assessments, engage with business. There's a whole section on how to find jobs. I mean as far as other fields, I mean it's not going to make you a better healthcare worker. It's not going to make you a better business owner. So I guess, you know, I'd leave it at that. So. Question from Amish brain. Dfir. I knew about different diva and I'm on that path but lots a few year old content which doesn't teach how AI any current direction you could use. You know, honestly I would recommend this. Jessica Hyde always. Jessica Hyde always gives me such great information. Is this it? Yeah. Look at this. This is the differ report. This is a really great resource. There's also another resource I want to share with you. Amish brain. It's like a. It's like a massive eye chart. Hey, for any of the DFIR people in here, there's this website. It's really, really well known in the DFIR space and it's basically just a huge list of links. It doesn't look pretty, but if someone knows what I'm talking about, I'd really like to share that with you. No, I. All right, let's keep going here. Let's see. We have not done bingo in a while. We haven't done bingo in a while. We could do bingo, I guess. I mean if you guys want to do bingo next Friday. The thing is the bingo card needs to be updated. The soundboard needs to be updated. I haven't had time to update those things, unfortunately. Says they didn't get the email and they registered. Check your spam folder. Thank you. Check your spam folder for sure. That would be like the best place to start. And we could certainly make it available on stream or in the discord server. Nerman with a super chat become best friends. Yep. Let's go here. Looking for questions with a queue. I wonder if this is a cell book like Atomic Habits that focuses on imposter syndrome. Know any silence poet? I do not know any. I have several videos on the channel on dealing with imposter syndrome. I don't know of any books. Does anyone in the chat know books for helping with imposter syndrome? All right. Rich464 I don't understand your question. Kishan Infosec says my differ Is that that guy's channel I think that it's a guy's channel. Yeah, it is. I've messaged this guy a few times. He's a pretty cool dude. I like him. This guy right here. I like this guy. 72,000subs here. Here's a link. Tell them you're from with Simply Cyber. All right, let's. Oh, space tacos is saying very nice things about the JRC master class. Here it is. Nerman. Super chat. Do you have any recommendations for a good Differ lab or training course? I'm looking for something hands on that can help me strengthen my digital forensics and incident response skills. Okay, let's see. I mean, yes, I feel like I might be. I might be speaking out of turn. So my different people. My different people weigh in on this. But I do feel like there are, there are good labs, but they're like tied to the. To like FTK or autopsy. Like they're tied to the forensics captures tools. So I'll give you a couple options. Okay, hold on one second. Okay, so check this out. Nerman and others, I know that the differ report here is considered by different people, including Jessica Hyde, as incredibly legit. They haven't accessed differ labs here. I don't know anything about this, but it is tied to differ report, which makes me suspect that it is legit just by association. Another one. If you. Look, if you're here in chat and you're interested in free malware, traffic analysis is another good type of digital forensics. It's a different type of digital forensics. Like you're analyzing PCAP and network traffic traffic. Okay, Be careful you don't infect yourself. But these are really great challenges. Look, you can do Japanese phishing emails or. Hold on, Android malware, right? And here is the PCAP file. And then there's typically challenge questions. Where's the challenge questions? Okay, I don't see the challenge questions here, but a lot of times there's challenge questions. Anyways. This is a very cool service. All right, so waiting through Logs has chimed in and said that he's taken differ labs. I think this is what he's talking about and it's good. So there you go, Nerman. Thank you. We've got Simply Defensive starting in just a minute here, guys. So we're gonna raid over there. I hope you got value. Thanks, everybody. I did enjoy talking different. Jessica Hyde's gonna be coming back to Simply cyber in 2026. Early 2026. It's good. Really quick speed running here. El Cyberpinguino says What's GRC engineering? What's the fuss about? It's basically doing GRC work like auditing and asset inventory and assessing at scale by using code to interface with cloud infrastructure, CI CD pipelines. So in like for example, instead of sampling five systems out of a population of a thousand, you can just query all thousand systems and get that information. So it's incredibly more insightful and powerful for doing true governance of systems. All right, looks like the stream is up. We're going to go over to Simply Defensive waiting through logs and fungus their show. Let's go Raid everybody. I'm Jerry from Simply Cyber. Until next time, everybody. Have a great day and stay secure. See you tomorrow. I'll see you over in chat on this guy.