A

All right, what's up, everybody? Welcome to the party. Today is worldwide. Wednesday, November 19, 2025 Thanksgivings next week. Oh, my God. If you're looking to get informed on the top cyber threat news of the day while engaging with an amazing community of active cyber security professionals and go beyond the headlines of what those top news stories are to get insights and value props and just so much more of your morning brief. Well, then you're at the right place. This is Simply Cyber's daily cyber Threat brief. Every day, 8:00am Eastern Time, we're going through the top stories. I'm taking my 20 years of experience applying it, helping you level up as a practitioner, go beyond your, your normal routines, deliver excellence for your business stakeholders, be the CEO of you crush, job interviews. All of this and more. It's all about good times here at Simply Cyber. And let's go. We're off and running on this beautiful Wednesday morning. All right, good morning, everybody. I hope you had a great Tuesday and ready to crush it this Wednesday, wherever you are. Good morning, good afternoon, good evening. Hope it's going well for you. Yes, this is the daily Cyber Threat Brief. We're going to go through eight cyber security stories, keep you current. It is vitally important that you stay current on the top cyber news of the day. This is called threat intelligence. Basically, this is the grind, everybody. In order to be able to make effective decisions, understand where to allocate resources, understand where to go look for threat hunting, you need to stay current. This isn't a guessing game. You don't just like, listen chat. GPT and Claude are pretty great, but you can't ask it to go threat hunting or, or do like ingest threat intelligence for you. I know you can, so don't fight me on that. But what I mean is you have to do it yourself. It's, it's kind of one of those things you gotta, you know, chew on. And that's what we're doing here alongside many of our regular people. Mara Levy, Mike Andrusy, Cali Queen, irl, Space Tacos, Elliot Matice, Marcus Kyler, you know, gosh, Jay Gold, J crypto, J mod, all of them here in chat. If today's your first episode, drop a hashtag first timer in chat. Hashtag first timer in chat. We love welcoming our first timers. We have special sound effects, special emote. If you're a first timer, you would not know that I got my hair cut yesterday and I'm feeling human again. So that I was battling, I was like, paran Ibarra from Wheel of Time. Fighting the wolf dream as I my main was taking me over getting its own personality. Every single episode of the Daily Cyber Threat Brief is worth half a cpe. So say what's up in chat. Rhonda Rummerfield tricks or Horner Stones fan Steve Young. Say what's up in chat. Grab a screenshot, include the stream title, which has the date and the unique episode number, which, by the way, this is episode 19 of Simply Cyber's Daily Cyber Threat Brief. Putting in the work, day in, day out, all about good times. E Lucky. E Lucky. We've got. We've got a first timer. If you're a squad member, please do me a favor and let's welcome El the way that we normally do first timers. Hope you have a great experience. Welcome to the party, pal. Welcome to the party, pal. Love it, love it, love it. All right, guys, we did the first timers. I don't research or prep for any of these stories. Ain't nobody got time for that. So just so you know, I have no idea what I'm gonna say. I have no idea what the stories are going to be. We're gonna go through this together. It's all about good times. Abdullah 600 third timer. Welcome to the party, pal. Welcome back. All right, guys. Hey, let's pay the bills really quickly. Want to say shout out and thank you to the stream sponsors, those who enable me to bring this show to you 1009 times, starting with Delete me. Delete me does all the hard work. Oh, wait, hold on. Delete me makes it easy, quick and safe to remove your personal data online at a time when surveillance and data breaches are common enough to make everyone vulnerable. Delete me does all the hard work. Wiping you and your family's personal info from data broker websites. Delete Me knows your privacy is worth protect and sign up and provide. Delete me with your exactly what information you want deleted and the experts take it from there. I've used Delete me for at least a year and a half now. It's very clean. It's like basically outsourcing your online privacy as someone with an active online presence. Privacy is really important to me. I tell you guys daily. I have a wife, I have kids, I have a home. I exist in real life. I'm not deep fake up in here. And like I'd like to choose who. Who knows where I am and who I doesn't, right? Because sometimes I have some spicy hot takes, sometimes people don't agree with me, right? I like to choose it. So take control of your data also and keep your private life private by signing up for to Leave me now at a special discount for our listeners. Get 20 off delete me plan when you go to join deleteme.com simply cyber and use promo code Simply Cyber checkout. The only way to get 20 off is to go to joinedelete me.com/cyber and enter code/cyber checkout. That's joinedeleteme.com/cyber code simply Cyber. Thank you very much Delete me and thank you all of you. Did you know that anti siphon training is absolutely disrupting the traditional cyber security training industry by providing high quality, cutting edge education to everyone? And I've been telling you guys all week about this. Today at noon, it's November 19th. We finally got here. Today at noon. You can do a 2025 data deep dive. This is basically a retrospective on the year of 2025 and all the different hacks, macro, insights, trend data, you know, big stories that stood out. This is a wealth of information. Okay, what, here's the deal. This is a free webinar to go to. Why would you want to go to this if you're, you know, interviewing for jobs? Dude, I'm telling you, this is huge. You're going to be able to steal their ideas and their thoughts, ingest them, assimilate them, make them your own, have those insights, be able to remember and cite different major incidents from 2025. You know, the person on the other side of the table interviewing you knows what those stories are. They may even forgot. It shows that you're proactive. It shows that you're analytical. It shows that you know what's going on and that you put in the effort to. This is a huge opportunity. Plus, if you're an active practitioner, you know the best way to prepare for 2026. It's called lessons learned. I know, it's super boring. Oh my God, Jerry. Why would we follow process? You know, the best way to learn is from your mistakes and from other people's mistakes. Go check this out. Go to AntiSiphon Training.com today. I'm going to do everything I can to be there today. So you'll see me in chat. All right. We are going to go around the world in just a hot minute. So giddy up on that in the E. Lucky. You're about to see how powerful and amazing this community is. Let's get a quick word from Threat locker and then it's Daft Punk all up in your face. I want to give some love to the daily cyber threat brief sponsor Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. Yeah, look at this. I just registered myself. So I will be there. I am registered. I am ready for a how you got hacked 2025 retrospective. Let's go. But before we do that, now e lucky you might be like, dude, I was told the show did the news. And we do do the news like a boss. But on Wednesdays, every single day has a special segment. Wednesdays is particularly special. Mondays we focus on one community member. On Wednesdays we focus on all community members. So e lucky first timers, Abdullah 600 third timers. All I want to do is set the timer to 2 minutes, 22 seconds. Mods, get ready. Gonna ask you to tell me where you are, what country you're in and I'm going to use this map that Marcus Kyler developed. Marcus Kyler's in chat. Thank you, Marcus Kyler. And here we go. I'm going to show you in two minutes how freaking awesome this community is. Let's go. Hold on. Set the timer. All right, there we go. Timer set. Go. Where are you at, everybody? Tech run. First on the board with Denver, Colorado, America's online. Dallas, Fort Worth. What up, Philly? Brotherly love. Texas in the house. Big Texas. Greenville. The Upstates representing killing Texas. Huntsville, Alabama. Face oil across the pond. Ireland is in the house. Let's go. Ireland. Houston, Texas. Boca Raton. Yes, sir. Virginia Beach, Australia. Andrew Gardner staying up late for us. Thank you, Andrew Gardner. I know it's hard. Pensacola, New York. What up, Mississippi? The UK is in the house. Daylight M very nice. We got Europe. Oh, why is it so hard to click today? San Francisco. Medine G is bringing Africa online. Hello. Let's go. Africa. Dirty Jersey, New York City, Big Apple, Ontario, Canada. Arturo's in the house. I think I saw another one. Norway printer device. Let's go. Norway. Scandinavia is representing India. Sarwana Gupta bringing India online in the greater Asia. Bangladesh, right next door. To India. Thank you. Bangladesh. Good morning. The Philippines. Look at us getting going today. All right, here we go. Bangladesh. Ghana. Yes, sir. Ghana. All right, Ghana. I love it. Saki. Chicago. Nigeria. Blue Badge. Nigeria. Thank you very much. Oh, my God. Dude. David. XW8SN, Nigeria. Virginia cyber risk, which of course, Perth, Washington. Thank you very much for getting up early this morning to be with us. Queens, New York is in here. Minneapolis. I love it. Steve Young, always in chat. Charlotte. I do like Charlotte. Good to see you, Charlotte. Queen City, I believe. What else, dude? South America. Where you at, bra? Tanzania. All right, Africa's flexing for first pole position today. Where is South America? Andres Molina, can we get Colombia online? Argentina. Peru. Ecuador, where you at? Paraguay sometimes is in here. Chai Town. 260 people. We don't have a single. A single South American. Cyprus. Yes, sir. We got the Mediterraneans online.

B

Chile.

A

Melly Pass floor. Thank you for coming in right at the deadline. Yes, sir. And Melly Pass. Flora, I don't recognize your profile graphics, so I don't know if you're typically a lurker and jumped on to save us from not getting the full. The full thing, but we're. We're doing it. Guys, check it, check it out. Now. E. Lucky. This is what's up. North America, South America. Holy crap. I didn't know Norway owned these islands up here. What's going on up here? Norway. Wow. Okay. Europe, Africa. You guys took pole position with all this representation. Asia, Australia. Staying up late. Ladies and gentlemen, congratulations. This is what I'm talking about, guys. Our community, simply cyber. Just absolutely amazing. The Dr. Jeremy representing. Guys, this is what community looks like. This is what, you know, inclusion looks like. I love it. This is why the chat pops off, because we have all sorts of perspectives in this chat. Love it, love it, love it. Thanks. Good to see you. And shout out to the mods. Jenny Housley, Haircut Fish. Kimberly can fix it. As always, Justin Gold, who's. Who's operating kind of in a side channel method right now. We got it. All right, everybody, let's get to work. Sit back, relax, and let's let the cool sounds of the hot news wash over us in an awesome way. I will tell you really quick. Someone mentioned Antarctica. I have a good friend. Well, I have a friend named Scott Walker who I. I worked with when I used to go to Antarctica. And he just posted on LinkedIn. Yes. Yesterday. That he actually is taking a. Not a permanent position. You can't have permanent positions in Antarctica. You have to rotate in and out. But you could have really long positions and he's got one at McMurdo Station, so I can reach out to him and try to coordinate. I believe McMurdo operates in Eastern time zone, so I can reach out to him and see about getting some, some Antarctica action. Special edition for you guys. So stay tuned for that, I'll see what I can do. But do me a favor, let's relax, let's get to work, let's put in the cycles, let's go.

B

From the CISO series, it's cybersecurity.

A

Computer, load up the headlines. Thank you.

B

These are the cybersecurity headlines for Wednesday, November 19, 2025. I'm Sarah Lane, FCC to torch rules from Salt Typhoon. The FCC is set to vote on scrapping former cybersecurity rules imposed after the 2024 salt typhoon attacks, which required telecoms to implement basic security controls like MFA role based access and patching. The FCC under the current administration argues the rules were legally overreaching and ineffective, favoring a collaborative voluntary approach with industry and federal agencies. Instead, Salt Typhoon, a China linked cyber espionage campaign, compromised US government, telecom and university networks, affecting sensitive data from millions globally.

A

Group bruh. All right, for those who are not in the United States, basically there's a bunch of different ways to govern, okay? And one way is to be, you know, really prescriptive and really over the top and like kind of like a lot of government involvement. Right? And this isn't a politics show. I'm not going to get into like libertarian views versus, you know, like Democrat versus Republican versus, you know, socialist approaches. But the thing is the, under the previous administration there was edict push down or regulations pushed down that you required these telecommunication companies to adopt certain cyber security controls. And the idea is, hey listen, you guys are critical infrastructure. You have to put these controls in place in order to be minimum secure and get after it. Now China, allegedly, I, I don't even know if it's considered alleged anymore. But like Salt Typhoon basically exploited and got into the top nine telecommunication companies in the United States, right? Your Verizon, AT&T, Sprint, Boost, Right. I think maybe jitterbug was in there. I'm joking, I'm just joking. But, but the idea is that they got in and this argument is saying, and so this is like heavy government oversight and involvement. The other side is, hey listen, you're a private company, you know what's best for you. Just you do what you think is best for your situation and we'll hand it from there. This is A lot of like, hands off. Now obviously for profit companies are going to do. They have shareholders, right? They're in the interest of making money, lots of it, right? So since cyber security is a cost center, which is just a fancy business term, meaning it doesn't generate profit or revenue for the company, it sucks money out of the company, but it's the cost of doing business, spending less, right, on cyber increases profits. Okay, so this argument is, hey, listen, the rules that you have placed on us are, are too burdensome. And it's, it's causing us to be less effective as a business, I. E. Not making as much money, but also very difficult to meet the rules because they're burdensome. Now listen, really quickly. I have worked in, I've worked in all sorts of environments where like the United States, this is a perfect example. United States Marine Corps, right? I worked on a project when I was at the Marine Corps and they had this laptop, right? And the laptop was part of the war fighters kit. And this is like 2005, right? So this is going to show how dated this is. But they had a drone and they had a laptop and they would throw the drone and then they would control the drone from the laptop in the field. Okay? It was like a closed system. It was a closed system. It wasn't even on the network. It was just like the drone and the laptop. And because of it, well, FISMA, but basically in the DoD world, it's called DIAcap, but like, because of these strict regulations, like the laptop had to have a password on it, an mfa, it had to work with nmci, it had to have all these controls on it. And it, it basically made it not really usable for the warfighter, right? So if the war fighters, you know, in the field, behind enemy lines and like throws the drone and then they have to like multi, you know, log in and then stick a CAT card in and do all these other things. By the time they get in, the drone's like gone. Right? So there's, there's. Sometimes it's overburdensome, right? Not all the controls fit all the situations. Okay, Having said that, multi factor authentication is too burdensome, bro. Like, you, like, we're not asking you to implement a change control board for routine changes. That would be ridiculous and burdensome. What we're asking for is foundational cyber hygiene. Don't do it anyone. Don't. Don't say it. I feel like Phil Stafford's gonna say it. Don't say it. And, and I think that this is more of an opportunity where for profit companies are taking advantage of a new administration that would have different views. Excuse me? Oh, I guess I'm 14 and I just went through puberty. Did you hear that? This, this administration has different views and now they're pushing back in order to get it. At the end of the day, the telecommunication companies got punched in the mouth and absolutely compromised. So I, I don't care if it's regulated. I don't care if it's your own choice. Put on the mfa. Put the controls in place. Burdensome. Get out of here with that noise. Jay Gold. No. Ah, rogue cyber.

B

No.

A

I'm melting. Oh s. What a gross word. I don't even know like what would be worse, like quishing. Sigh. High eating sour cream.

B

Claims hits on Danish party websites. Pro Russian group no Name 05716 briefly knocked several Danish political party sites offline with DDoS attacks ahead of local elections. But officials say voting was unaffected because ballots are counted by hand. Targets included the Conservatives, Moderates, Social Democrats, Red Green alliance and the Copenhagen Post. Danish authorities reported a broader spike in nuisance style DDoS attacks from Russian aligned groups in the week before the vote, mirroring similar activity seen during elections in Moldova, Poland and Romania.

A

And all right, so I mean this is essentially a ideological hacktivist terror attack, which I mean basically didn't really disrupt anything. This is more optics than it is anything else. Because those Danes, they count the ballots by hand, which is very, you know, like very artisanal. Right. I feel like that's happening down in the Village in soho. Right? And you New York City people, I don't even know if that just made sense. It's like me talking about California people taking the 405 to the 1 to the 17 to the 248 up the PCH. Like I don't even know if those things make sense. But it's, it's, it's, it's, it's on brand like this is dude. I guess the more things change, the more they say say the same. We just had a story yesterday of a Kenyan government website being defaced. Now this pro Russian group is defacing Danish websites or denial of service attacks. This is just to shake confidence and scare people not really doing any disruption to the political process in Copenhagen. So yeah, it just, if anything to me like this doesn't. Two things. Number one, from a GRC perspective, this is great business continuity, right? It's not even business continuity. It's actually great risk management. The Danes realize that if they do an online or digital election they introduce the risk of having hackers or, you know, activists disrupt that operation. So in the world of risk, we can mitigate the risk, accept the risk, transfer the risk, or just get rid of it all together. Right? And that's what they've done here. By taking it offline and make it a hand ballot, they eliminate all the risk. There's no cyber attack that you can do to disrupt counting by hand. Okay, now if we wanted to get creative, I could think of a couple scenarios where cyber attacks could, could disrupt the hand count. But it's ridiculous hyperbolic scenarios where you're attacking the individuals lives personally that are doing the hand counting and threaten them. So you manipulate them. But whatever. All right, let's keep going. Way to go, Copenhagen. Also, by the way, just as a quick side note, simply CyberCon 2026, the dates are set. I, I signed the contract yesterday. It's going to be November 8th and 9th in Folly Beach, South Carolina. It's a two day conference based on feedback from this year. We will not do the training the day before. Also based on feedback, also B sides Charleston is November 7th. So we've partnered with them throughout that weekend. But the reason I bring it up right now is because sadly, James McQuiggin at 35, 000ft will be in Copenhagen, coincidentally during the time of our conference. So it will be the will be so sad to not have James McQuiggin at 35, 000ft. But don't worry, just like Zach Hill was our official one of these like fat heads for 2025, there will be a James McQuiggin fathead for 2026. Mark my words.

B

I5 warns Chinese spies are using LinkedIn. Britain's domestic intelligence service issued a warning that Chinese operatives are trying to recruit and cultivate UK lawmakers and policy influencers through LinkedIn headhunters and front companies tied to China's Ministry of State Security. The alert names two suspected recruiters and says economists, think tank staff and government officials have also been approached. It comes as the UK faces criticism, but over a collapsed spying case involving two men accused of aiding China and follows earlier warnings about Chinese political interference, cyber espionage and theft of tech secrets. Team.

A

Yeah, I mean, guys, Jesus, like from the, from the office of like Captain Obvious. So like there's, there's a bigger story here. And by the way, one of the things I like to do, one of the things I like to do is go beyond the headlines, deliver value insights that are applicable to you at work, right? So for many of us we're not worried about MI5, you know, talking to like, you know, like this is around targeting lawmakers and Chinese espionage campaigns. So the bigger Picture here is LinkedIn. Not everybody you talk to on LinkedIn is real. Not everybody you talk to on LinkedIn, you know, looks the way they do. Right? It's, it's nothing in 2025 for a, you know, spy essentially to create a handsome man profile or a beautiful woman profile, to create a backstory of Silicon Valley and Harvard educated and VC investments and all these other things. Right. Like it's, it. We do sock puppet accounts on our side. There's no, like, of course this is happening. So all I would say is espionage campaigns and cultivating assets for spying. Yeah, social media, it's where it's at. Now LinkedIn is obviously for business, so that's where it's being targeted. But you should educate your end users, educate your workforce, educate your executives, educate to be mindful. Like to me it's like ridiculous that you would be so like a babe in the woods or like a toddler wandering out into traffic using LinkedIn and, and being like, oh my God, look at this, look at this vc. They want to invest heavily in me, but first I have to send them my blueprints. No problem. Oh man, this is great. This person wants to take me on an all expenses trip to, you know, whatever, Epcot. All I gotta do is vote this way on the current coming vote in the Senate. I'd love to do that for that free trip. What, what are we doing here? Who is that dumb? Now I will say that they, you know, China is excellent at playing the long game. So they're not going to be like, hello, I saw your profile. I think we should connect. Connection made. And then the next thing out of their mouth is, would you like to commit treason for, for China? No. Like it's, it's a slow build. Go, dude. Talk to, well, not talk to Charles Finfrock, but the C. I talk to the people in the CIA. These relationships you build over time, you establish trust, you establish relationships, reciprocate, and then you ask for the thing. So educate your workforce and especially your executives. Anyone with buying power, right? Anyone who has access to money. Straight cash, homie. They're the ones. All right?

B

Users can report messages wrongly flagged as threats. Microsoft is adding a new option in teams that lets users report messages that were incorrectly flagged as malicious. The feature, first introduced back in September, is rolling out globally by the end of November and will be enabled by default for Organizations using Microsoft Defender for Office 365 Plan 2 or Defender XDR. Users on desktop, mobile and web will be able to flag false positives and admins can manage the setting in the Teams Admin Center. The new option arrives alongside other recent safety updates, including malicious link alerts and screen capture blocking.

A

All right, so Microsoft Teams, I guess, becoming somewhat useful. More useful. I'm not a fan of teams. I guess given the choice between like WebEx and Teams, I'll take teams. But like, I don't know, not a fan. All right, so they're basically crowdsourcing, I guess. False positives, crowdsourcing whether or not, you know, policy decisions are accurate or not, because humans are the ones who are going to do it. False positive thread alerts triggered by messages incorrectly flagged. Right? So this is, I mean, this is pretty cool, right? So think about Discord, right? We have an amazing Discord server. If you're not part of the Discord server, by the way, go to simply Cyber IO Discord in your web browser. Simply Cyber IO Discord. But anyways, the point I want to make is, you know, it takes a village, right? Like, this is why it's so important to educate your end users. When somebody does something super dodgy in Discord, like, hey, check out this crypto opportunity, or hey, does anyone want to buy stolen data? It's usually a community member that does at mod and then like two seconds later, one of the members of the mod team absolutely boot like it's Battle Toads that user off the server, right? And shout out to Battle Toads if you know, you know, that game was wildly underrated. Super hard too. So that, that's all they're doing here. They're basically Microsoft is getting with the program, right? So there, if you see, if there's a message that gets incorrectly flagged, they enable workforce people to say, this is not a, not a problem. This will lead to better, better user experiences for sure. And remember, most people are not going to report something as a false positive unless they feel comfortable and confident that it is a false positive. So your chances of this kind of getting weaponized or polluting your overall ecosystem or with real positives that are being flagged by false positives is highly unlikely. Yeah, dude, I remember. I didn't realize there was such a Battle Toads contingent up in chat. Oh yeah, and for you youngs, I'm sure you can get it on one of these like, you know, consoles that has like a thousand games on it. Go get Battle Toads a try make sure you clear your schedule though. I don't even think you can continue on Battle Toads. I think you have to. I think you have to play it straight through. Like, I think you can continuously like continue, but you can't. There's no like code. You can't get to like level 8 and then start on level 8 again. Oh, to be young and have zero responsibility. Be able to play Battletoads for like 80 hours in a row. All right, let's keep going. I remember. Oh yeah.

B

Huge thanks to our sponsor. No, before. Your email gateway isn't catching everything and cybercriminals know that. That's why there's KnowBe4's Cloud Email Security platform. It's not just another filter. It's a dynamic AI powered layer of defense that detects and stops advanced threats before they reach your users inboxes. Request a demo of KnowBe4's Cloud Email Security at nobe4.com or visit them this week at Microsoft Ignite Booth 5532.

A

You know what made Battle Toad so cool was that like, it was like edgy. Like, I don't know if you guys again, you youngs would have no idea. But in the, in the 90s, like extreme became a thing. Like, that was a whole thing. Like, that's where the X Games started, like in Providence, Rhode Island. Like, I think it was like 92, 93. It was the X Games. It was Extreme. That's when Mountain Dew Code Red came out. Like, it was like everything was to the max. Extreme Extreme Extreme. And battletoads was kind of like that first game that was like ridiculously over the. Like, it was hyperbolic. It was so ridiculous. But God, it was fun. Oh, it was so fun. All right, let's go. I wish I could play our song, but we can't. All right. Hey, real quick. I see a lot of squad members. Ray. Wow. 699. What's up, Ben? Or Burn Rosario. Good to have you guys here. Guys, I want to say shout out and thanks to the stream sponsors really quickly. Delete me. Anti Siphon Threat Locker and Barricade Cyber Solutions. Guys, today's the day. If you would like to get educated on configuring your Microsoft 365 environment in a way that's impactful and meaningful. Specifically securing those OneDrive and SharePoint instances, right? Your. Your workforce. Every single person in your tenant gets a OneDrive. So are you properly configuring it by default, including guest access, sharing links, retention, folder redirection? Are you Even compliant. Well, you're going to learn all of that and more in this one hour webinar today at 1pm still time to register for that. Eric Taylor is going to be the one hosting it. I'm going to drop a link in chat to it as soon as I can type correctly. Webinars.barricade cyber.com Go get some of that hot action. Thank you Eric Taylor and the Barricade team for bringing this bi weekly series. So if you missed today's episode, I think you can watch it on repeat and you can catch the next live one two weeks from now. Great series as always. I appreciate all of you. We had the fun activity at the mid roll worldwide Wednesday where we did in fact go around the world because this team is awesome. So let's keep going. Keep, keep cooking on the news. Let's go.

B

NPM packages abuse ad spect code brew.

A

You know it dude.

B

Socket Researchers found seven malicious NPM packages using ad spec cloaking to filter victims from security researchers before redirecting users to crypto themed scam sites. The packages uploaded by a threat actor called dinoreborn, collect detailed device and browser fingerprints, send them through a proxy to ADSpect and decide whether to show they.

A

Should have an infographic that leads to.

B

A malicious crypto site or a decoy page meant to fool analysts. All packages have been removed from npm, but researchers warn this cloaking plus open source distribution method will likely reappear under new names.

A

Bruh, this absolutely deserves an infographic. All right, hold on, hold on. There's a blog post. Maybe the blog post has the infographic. Let's go. Come on, come on. I'm rolling a D20 dice here. We got some screenshots, we got some source code. Okay, okay, I feel you my guy. We got some Cyrillic comments. Russian based or Belarusian, Eastern European no doubt. All right, I don't see any, I don't see a pro. A process flow diagram. All right, here's, here's a pretty cool situation. I'm gonna drop a link to the actual blog post. So here's the deal. NPM packages have been, you know, compromised and polluted and there is a malware campaign going on right now presenting fake websites. And the interesting thing here, the a little bit more sophisticated you don't typically get this, is that it tries to do essentially anti analysis. So it tries to tell whether or not the visitor is a target of interest, I. E. They have a crypto wallet or if it's a security researcher. If it's a security Researcher, it evades them and sends them somewhere else that's not useful. And if it's a victim or potential mark, it sends them to the, the attack. Right, the, the, the trap. If you didn't know this, this is how sophisticated malware works. Really good malware has anti analysis and evasion techniques. So security researchers know. Well, security researchers have tools that they use to analyze malware all the time. Malware analyst, malware authors, bad guys, they're well aware of this. So they can look to see if certain processes are running. They can reach out to certain domains to check if they're enclosed in a sandbox and not able to access the network. And if any of these things map to true, they can disable or the really sophisticated ones will do something else altogether. And that's kind of what this NPM package is doing. So unfortunately, if you're working with researchers or you're working with developers, or you're working with power users that screw around with npm, they could accidentally introduce this into their code and not know any better. Trying to see how you could figure this out. All right, so the threat actor manipulates by abusing ad spec, which is a cloaking service that allows websites to show a different content to legitimate visitors and unwanted traffic. Okay. All right, they're using malvertizing, which is essentially malicious. Like malicious ads that like, you know, it's in the, it's in the iframe on the side or whatever, but it's going to a malicious website. Honestly, this is a interesting development. Right? So the NPM polluted packages in the malware, in the software supply chain, that's, that's been done, right? Not to say it's not important, but like we've seen that multiple times. What's interesting here is that the threat actors are now leveling up their game by using some of these tools that are frankly designed for good of cloaking anti research and open source distribution. Like they're combining the three of these things in order to achieve a more effective piece of malware. And frankly not just effective in detonation, but effective for the threat actors because they are more likely to only get true positive victims. Right? Victims that have crypto wallets. Right. They don't want to screw around with a security researcher. So let's see, what do you do? What do you, what's one supposed to do here? Holy crap. The malware is only 39 kilobytes. That's very small. That would work on a Commodore 64. I joke, but you get the point. Drink. All right, I'm trying to figure out here. What is the. What, what are you supposed to do? Like, all right, this is clearly bad. Like, how do we, how do we, how do we protect our users? That's really the question here. All right, the packages have already been removed. So you know, this is like almost a retrospective at this point. But the technique, the technique doesn't change. Right? The, the threat actors still exist. The humans are still there. They still have the code. They can just introduce it into a new NPM package or into a PI PI package or anything. Right. So. The threat actor has an email address of Gene Boo at Proton Me. I mean, I don't know if you can look for that in your environment. Probably not, but email addresses can be changed quite easily. URLs, domain names can be changed quite easily. Yeah, you can see here it's likely to reappear with a brand new facade. Of course, until you arrest or make the person behind the keyboard disappear. This is just gonna. It's like having a rash, dude. Yeah, you could put some medicine on it. It'll go away. But you haven't treated the problem. It's going to come back. All right. Sadly, this doesn't. The only thing I can give you here is it says network defender should monitor for ad spec-proxy php and ad spec-file php across any of their domains because they're reliable indicators of the threat actors toolkit. So unfortunately I, I don't know why. Like it's a file name. Yes, for sure. But like you can change those things. I don't know if the ad spec is not something that threat actor can configure, it's just what they're weaponizing. But I'll drop it in chat. You can look for it in your sim. If you see it, you might want to take action.

B

Sneaky to FA fishing kit adds bitby pop ups the Sneaky 2 FA phishing.

A

I'm also going to drop a link to this blog post that goes into much more detail as a service Kit.

B

Now uses browser in the browser, also known as Bitby pop ups to mimic Microsoft login pages, tricking victims into giving credentials and session data. The attacks employ bot protection, conditional loading and obfuscation to evade detection. Researchers warn that phishing resistant methods like passkeys can be bypassed via malicious browser extensions or downgrade attacks. Push Security emphasizes that identity based attacks remain the leading cause of breaches and urges users and orgs to exercise caution and enforce conditional access policies to prevent account takeovers.

A

All right, Google crump All right, so a couple things. Browser in the browser attack. Okay. And I do want to give a quick shout out. They mentioned here that this technique was first documented by Mr. Docs in March of 2022. Anytime this guy comes up, I love mentioning him. I don't know who this person is, okay? They are a security researcher. They do amazing work. As far as I know. They don't want to be known. Maybe I'm mistaken, but I, I don't know who they are. I've never heard their name. Their blog is awesome. Their research and work is awesome. This person is legit. I'm gonna drop a link to it. If you didn't know about them. I feel like a lot of people don't talk about it, but it's very good stuff. All right, so what is the deal here? Browser in the browser attack. Let me, let me explain this to you. And this is like definitely one of those ones that you can say in a job interview. They might, the person interviewing you may not know about it. The end users may not know about it when you educate them. But here's the deal. In your web browser, you have seen pop ups, right? Of course you have. Pop ups happen all the time. Pop up, pop up, pop up. This technique has a pop up that occurs and using a blend of CSS or cascading style sheets and HTML hypertext markup language, right? Basically the bits and pieces that develop a web page, you're able to do a really large pop up that looks exactly like a web browser. And because you now control it as the threat actor, you can make the domain name say anything you want, including Microsoft.com Very legit, right? And then you can make a login page look exactly like Microsoft.com's login page or Google's login page or whatever, WhiteHouse.gov because you control the entire frame, you can make it say anything you want. And that is the rub. Because a victim that doesn't know any better doesn't realize it's a pop up. We've trained them to look at domain names. They're going to look right at the domain and say Microsoft.com or my business.com or whitehouse.gov or google.com or whatever. And they're going to be like, this is legit. I log into this every day. This is what it looks like, this domain name. Because Jerry always tells me to make sure the domain name makes sense. Here are my credentials. And then threat actor moves on with, with this. Now it says 2fa fishing kit. Again, if they control the whole thing. They can do an adversary in the middle attack where they take your creds and immediately fire them off to the correct website. And then when they get challenged for 2fa, since they control the browser, in the browser pop up, they can flip it and make it ask you for your two FA code. You type it in, they steal it, they pass it on, and now they are logged into your account. And because they're controlling the browser in the browser, they can give you a server error, timeout issue, bad2f8, whatever. They can do anything. They can do anything. They control the damn pop up. And now threat actor is in there. So number one, if you have browser extensions that can stop pop ups, definitely if you. Oh, I forgot, I haven't been doing the stupid ad thing. Not ad. I wasn't moving the little ticker around. Educate your end users. Right? This is a tough one for people to wrap their head around though, okay? Because it's gonna look real. The domain name is gonna look real. For, for me personally, I feel like trying to tell the workforce about this one is going to result in just some people feeling apathetic, like, oh my God. So all the things you've been telling me for years, the threat actors figured a way around that? Forget it. I'm just, there's no hope. Just be careful, okay? If you can prevent pop ups maybe or have alerting for pop ups or something, I don't know. Definitely have detections in place for weird logins, conditional access, geolocation, geofencing odd time zones or odd times of logging in, et cetera.

B

Bug exploited as a zero day. Google issued emergency patches for two high severity Chrome zero days in the V8 JavaScript engine. A type confusion flaw actively being exploited in the wild. Both can allow arbitrary code execution and potential full system compromise. The first was discovered by Clement Lessing of Google Tag and the second by Google's Big Sleep tool. Users are urged to update immediately to prevent exploitation. If you're keeping track, and I know you are, these are the seventh and eighth chrome zero days patched in 2025.

A

Ah, you gotta patch it. All right. Ah, Everybody go, go, go. All right, let's look at how bad this really is. It is a zero day. Google themselves is. Is advising a patch now, I. E. Patch immediately. Let's check out epsslookup.com drop in this EPS score. Hit search. Okay, so very low EPSS score, meaning the likelihood of you, the real Kyle, Kyle and James Bender experiencing this attack within the next 30 days is seven hundredths of a of 1%. All right, so very low, very unlikely. The CVSS score is 8.8. So high, not critical. So this is not a. Even though this story makes it seem like patch now or risk full compromise, right? Like, do it or. Or die, right? Like, that's basically what this is saying. According to the EPSS score, it's a get it done during normal patch cycles. Now, as a Chrome user, what I would say is it's incredibly easy to update Chrome. Like, guys, I usually have like, like, I'm not even exaggerating. I probably have like 75 tabs open at any given time. I get that it's a pain in the A when you close the tabs if you're working on something. But like, I do try to close all my. I try to close out my Chromes at the end of the day, every day. So you can work an update in your. Into your routine. And if you're doing centralized management, you know what I mean? Just push it. Here's my thing. When you're trying to manage a group, like an organization or something, that has more than a hundred people, which is many of us, you're not gonna please everybody, right? Someone's gonna get pissy no matter what. So push it. Try to, try to aim a maintenance window. Like, I don't know, like Saturday night, 2am Whatever. Send out communication. This is happening normal patch cycles and then send it. Or as I think the librarian Christina Paulika said it's Sandy, right? If you're, if you're like Cindy. Cindy, right. I think Gen Z, like people like me started saying send it. And then Gen Z's like, oh my God, we can't say send it anymore. We gotta, we gotta update it. SENDI now we've taken that from them too.

B

Pazen PLA REPORTS DATA BREACH Posen pla, France's Social Security service for parents and home based childcare workers, says a breach discovered on November 14 may have exposed data on more than 1.2 million people. The stolen information could include names, birthplaces, postal addresses, Social Security numbers, banking institutions, and internal identifiers. Though no ibans, emails, phone numbers or passwords seem to be accessed. The service warns affected individuals to watch for targeted phishing attempts.

A

Okay. I mean, yes, that's what they should advise. You should be aware of targeted phishing attempts. However, like, that is not like satis. I mean, it's not satisfying, right? It's like, oh, 1.2 million records compromised. Careful, you might be targeted by cyber criminals. We're still going to See you on Thursday for pickleball. Huh? Huh? Like, what are we doing here? Enjoy your two years of life. Or identity theft protection, which you may or may not getting. Yes. So anytime you're involved in a data breach, you could have an increased targeted attack, by the way. Like, just like. How about. How about just in General, like, tech grunt 11G. You could have a targeted attack, right? Like, like you should just be on guard all the time. I hate, like, I'm sorry that I'm robbing everybody of their innocence, but our data is all out there. If threat actors want to target you, they're going to target you. Okay, so like, like, whoever, whoever is like, involved in this attack. Like, this isn't the event where they turn on their brain and be like, oh, I guess I better pay attention. What. What are we talking about, man? We, like, the Internet is like, got all of our data. The Internet's incredibly hostile. There's all sorts of threat actors running around. Your data's been involved in so many different breaches, it's ridiculous. So, yeah, be on the lookout for targeted attacks. And by the way, targeted meaning like in this particular instance, threat actor pretending to be from like some caregiver organization offering you a job or something like that. Just be on the lookout all the time, man.

B

Hey, you.

A

No, no, we're not doing that. Okay, here we go. All righty. Here we go. Yo, here we go. Here we go again. What's my weakness, man? Okay then. All right. Hey, that's a salt and pepper reference. Great song. Memorable drink Space tacos. Guys, I hope you had a great show. Today was episode 1009 of your Simply Cyber Daily Cyber threat brief. It was an absolute pleasure to serve. Thank you for the opportunity. I relish and appreciate every single day that I get to come out here and yell in my garage by my. I mean, in my shed by myself. It's really, really an honor. Thank you for this opportunity. Don't go anywhere because we have a 30 minute AMA session. I will answer any and all questions that you have if E. Luck. E is still here. Yo, how was your first time? I'm asking E. Lucky about his first time here on the show. See if. See if they enjoyed it or if they got some constructive feedback. Maybe they. Maybe they're excited and want to come back. Maybe not. I don't know. We'll see. Whoops. Guys, I'm Jerry from Simply Cyber. I'll take it from here. I'll go. Oh, wait. Excuse me. I'm Dr. Gerald Ozier from Simply Cyber. I'll go get Jerry Guy. If you guys got a boogie out of here, have a great day. To everybody else, I'll see you in a hot second. Let's go. Ever wonder what it takes to break into cybersecurity? Join us every weekday for Jawjacking, where industry experts answer your prediction burning questions about the cyber security field. Live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking. What's up, everybody? Welcome to Jawjack, and I'm your host, Jerry Guy. Coming hot off the heels of the daily cyber threat brief hosted by that nerd, Dr. Gerald Oer. Oh, my God, dude, can you pump the brakes on MFA and FCC regulation? I know the FCC won't let me be or let me be me, so let me see. So just chill on all that. In all seriousness, though, this is Jawjacking. I cannot do one on one mentoring. I just don't have the time for it. But I do love the opportunity to serve and help as many people as I can. So we have Jawjacking. It is a mentor at scale. 30 minute show. Many people have the same question. So if I answer once, I can help multiple people at the same time. Drop your questions in chat with a Q. It it can be career related, cyber security related, simply cyber con related. Jerry related. Whatever it is, you got me for 30 minutes. I'm going to be doing a lot of recording today. Super excited. What's up, ab? How you doing, man? Guys, A, B, Showtime. Love this guy. Always bringing positivity to the crowd. All right, what do we got? What do we got? Space tacos. Did you hear my salt and pepper riff? I will tell you also, we will have tons of activities at simply CyberCon 2026, including open mic night. You can expect Tyler Ramsey and Joe Hudson to be rap battling, among other things. Maybe we can get Jesse Johnson to bring an ax, get a little jam going. All right, Rich464 with our first question says, have you heard anything about the Samsung backdoor apparently built by Israel? China looking to ban Samsung and Brazil may follow suit. I had not heard of that, but I'm not surprised. Let's take a look at this. Sam Sung, Back door. Oh, my God. Hold on. Is this the Landfall one? We did cover this on the show a couple weeks ago. I feel like. But is this what you're talking about? Because there's a difference between. I don't. I haven't heard about this. If this is just spyware back, like a backdoor spyware I don't know why they would ban Samsung now if Israel has been able to get into the supply chain and actually bake in the back door to the devices. That is much more wild and complicated. And I wouldn't put it past them because remember, guys, it was a horrible, horrible attack. But do you remember the pagers? Exploding pagers. That was, that was getting into the manufacturing supply chain of technical devices. So Samsung's a really super legit technology product maker. So I, I don't know. But if this is, you know, I don't know. I will tell you this. If China is looking to ban Samsung, that is going to have alarm bells going off at Samsung. China is a huge market and spends a lot of money on technology, so Samsung would take a massive blow if their tech was not allowed to be sold in China. So I'm just telling you right now 100%. That's something that's going to be on their radar. All right, next question. Hold on, Give me a second. Really quickly. I'm. It's just me here and I'm trying to flag, I'm trying to flag these questions. Give me a second. Put the Q because it's easy for me to find. All right, here we go. I'm gonna do this really quickly. Hold on. What is this? All right, here we go. What's that shirt? Real Kyle. Kyle, this is Kyro Sec. Kyro Sec is a pen testing company that Tyler Ramsby and I run. So if you're Interested, go to kyrosec.com. If you didn't know, now you know. Kyro Sec is a penetration testing company that. Yeah, Tyler Ramsey. There we are right there. Tyler Ramsby and I run. He's a founder and principal consultant. I'm director of strategy and business development and represent the CSO perspective on sales calls and stuff. So I'm wearing it today because Tyler and I are launching a podcast around pen testing and explaining it to executives. And I wear my Cairo sex shirt when I'm doing that podcast. So thanks for asking. Gerald, I noticed GRC Master class is discounted. Could you talk about the class? Good for people with zero experience. Don't need GRC software. So we will be running for those who are here. I started telling people we will be. Oh, thank you. Real Kyle. Kyle, that's kind of you. We are running a Black Friday pricing at Simply Cyber Academy. It'll be 30 off. I'm announcing that it's effective November 22nd through 29th, but technically I already configured it so you can use BF30 and get 30 off. Now, as far as my GRC Master Class, J to the E. It's. It's our flagship course. Lots of people have taken it. Lots of. I mean 10, like 10, 000 plus students have taken it. I've got tons of great feedback. I personally designed it literally to address a gap in the GRC training market because all the GRC training sucks. You need zero experience. I literally designed the court. I designed the course to give you an IT primer. So if you don't know it, it'll help you out there. Then I go through every practical skill that a entry level GRC or junior GRC analyst would be expected. Then I show you how to clean up your resume, clean up your LinkedIn, go find a job. I actually, every section of the GRC course has resume bullets that if you complete it, you get the bullets. You don't need any special software. Excel spreadsheets. All right? Also, I teach you how to do awareness training effectively. I don't know if you guys saw. I promised you yesterday on stream. I promised you yesterday on stream this and I did it right. I told you I would make this click fix awareness training thing. I did it right here so you can steal this, okay? I literally made this so you could stick your own company logo right here. I made it super agnostic. This is an example of what you would learn in my GRC Master class. So. Yeah, and again, because. Because I have a financial interest in you buying that class. I. I totally want to call out that. Don't take my word for it, okay? Like, I would love for you to buy it. I think it delivers great value. It's how I help fund Simply Cyber. But ask someone else. Ask somebody who doesn't have a financial interest, okay? Just, you know, just to be transparent. Rob Cooper, any resources on nerc, WEC compliance, standards and auditing might have an interview. Bro, if. I do not have resources. But what I would say is Don Weber at Cutaway Security would be the absolute number one person to go to. 1A would be Mike Hul, Stones fan if you want. Rob, let me. How do I freaking can you? Hey, can you do me a favor, Rob? Can you put this question in chat again just so I can copy and paste it? And I will send this question to dawn and Mike and ask them and then I will give you the answer, please. Do phone back doors really matter with zero click attacks being a thing? Well, I mean, Justin, they're two different things. The zero click is the initial exploitation. The backdoor is the persistence mechanism that would be deployed post exploitation. So yeah, they do matter because with a zero click attack, you, you'd still want to load a persistence mechanism if they're installed at the manufacturer, then I mean, effectively you don't need the zero click attack because the exploitation is installing the back door at the manufacturer. No matter what. You have to have an initial, initial exploitation. Right? Always. So if it's back door at the 6, 7, if it's the back door at the manufacturer, it's a zero click attack. And then installing a back door, it's, you know, it's one, it's, it's, it's basically six and one half dozen. What is making you excited for recording today? Any particular topic? Okay, so I'm excited about the CairoSec podcast. We're recording two episodes that's going to launch in 2026. We're just getting some episodes in the, in the queue. I have another two hours of recording today with Simply Cyber. Community members Kamira and Jesse Johnson are coming on. I don't want to disclose it yet because I want to surprise everybody, but I have. Okay, I'm not even exaggerating. I truly believe this. I have a video series coming out in 2026 that I think is going to be absolutely unbelievable. I think it's going to go viral. I think it's going to deliver ridiculous amounts of value to you. I think it's. I'm so. I think it's such a cool idea that I think other people are going to steal it. That's how insane I feel about this particular thing. So I'm keeping it under wraps because it's, it's, it's complicated. I have to review a bunch of things and in combine like, it's not just me turning the camera on, being like, hey, in this episode we're going to talk about auditing. It's like much more involved, but it's exciting. Look forward in 2026, I will say GRC mafia, you are going to be digging it. All right, all right. Space Taco says that my salt and pepper was good. Push it. Push it real good. I will tell you. Salt and peppers, they're having a tough time with the record labels right now, stealing their property. Jared Rodriguez says it's been a year since he found Simply Cyber. Jared, my man. Happy anniversary. Let's see. Continuing to look through chat for questions. Do you see larger enterprises? Hold on, hold on one second. I see Rob put this question in here. Hold on. Sorry, group chat. I just put the question in group Chat that I had because I just needed to get it off the clipboard. Do you see larger enterprises, socks integrating CTI teams into their ops? Could you briefly explain how they can be effective defenses? Sure. Okay, so first of all, large enterprises are the ones that actually have in house sock. A lot of small mid sized businesses outsource their sock to MDR or MSSP providers. CTI teams, that's a luxury. You're only going to see that at larger enterprises, like maybe financial services companies. Right? So as far as integrating them, the way that they would be integrated is a CTI person is going to be like on the bleeding edge of what threat actors are doing, what they're developing, what, like what's real, what's going to surge tomorrow, what techniques are they evolving? This is what a CTI analyst does. They're basically, they do more than this, but they're kind of like an undercover agent, right? They're Mr. Well, spoiler alert for Reservoir Dogs. If you haven't seen Reservoir Dogs and for some reason you want to see it, you got five seconds to block your ears. 5, 4, 3, 2, 1. Essentially, CTI analysts are like Mr. Orange in Reservoir Dogs, right? They're undercover, they're getting all the intel. Mr. Orange knows that the bank is getting robbed at noon tomorrow. That's why all the police were there, right? CTI analysts do that and they bring the information to the sock to detection engineers and they say, hey bro, look at this. There's an uptick in this. They're going to be doing this. Get the detections in place, look for these things, block this website, block this C2, block this IP. That's how they integrate. It basically gives the sock advanced notice to be able to put in the proper defenses in order to mitigate down the risk and hopefully prevent exploitation from happening. Instead of, you know, having a meantime to detection where like, you see it already exploited and then you're cleaning up, right? Come here. Come on now. All right, all right, all right. What else we got here? We're at 9 11. Chat. I mean, not chat. Oh, by the way, tomorrow at Simply Cyber Firesides, my guest is Nick Escoli. Dude, I gotta tell. I gotta ask Kimberly to stop running this thing. Nick Escoli, this guy is awesome. You guys want to talk about like community and like our people? This guy, this guy's awesome. Don't miss tomorrow. Nick Escoli is going to be an absolute delight. I promise you really, really enjoy this guy, okay? His vibes are epic. I just wanted to know, do Mod Chat. If mods are here, can we. Is there a show at 9:30? Today's Wednesday. Is there a Simply ICS cyber schedule? Please? Can you check and let me know, please? All right, Continuing to look a B. I was thinking about it yesterday. Are the state of SC meetups still happening? When's the next one? I haven't done one in a minute because I like the conference almost broke me a B. But I can do, certainly do a simply. I will do a state of simply cyber. Listen, here's the deal. For those who don't know I'm going on vacation the last two weeks. I haven't taken a vacation like 16 years. I'm going on vacation the last two weeks of the year. December 19th is my last day. I will do a state of simply cyber maybe as the last thing I do of the year. And it'll basically it'll be a retrospect of 2025. But more importantly it'll be about what can you expect in 2026? Because Kathy Chambers is working with me like extensively now. Kimberly has increased her workload with Simply Cyber. So we've got a ton of amazing, amazing developments for 2026. So yes, AB, thank you for reminding me. I will take that for action. In fact, give me one second. Here's the deal. If it doesn't get written down, then it doesn't happen and if it doesn't get put on my calendar, it doesn't happen. But I'm gonna, I'm adding it right now, So bear with me. There you go. It's on the list. Ab. I'll make sure when we run it, everyone can. Thank you for making sure it happens. Mar? Le at work there's a push to ask third party vendors more questions out AI. What's the big questions? Would love a video to learn more. Thanks, Mar? Le Gez. It's really, that's a really difficult one. I guess when you're talking about AI components, you're saying like it's like you're buying an application or a tech stack and they're integrating AI into it. Or is it like, like you're asking these firms how they're using AI to do work. Based on your question, I think you're asking about integration. I mean I would ask if it's their own models or if they're just utilizing APIs to reach out to OpenAI or Claude. You might want to ask them, you know, which models they're interfacing with, like Sodded versus Opus. If you want the anthropic I. You could ask that. I don't know if they said sonnet or Opus. I don't know if I would be like, oh, that's. That's a game changer to me. A lot of these tools are just using API wrappers to make it look like it's now AI enabled. In reality, they're just going out to frigging Anthropic, same as you, and then passing the cost of the API license tokens to you. I would. I mean, if they're rolling their own AI, that is curious and interesting. What, what data are they training it on if they run their own AI? Yeah. What data of yours goes into their training? Right. Because you, you know, it's your data. Right. They don't have right to it unless you've said they have a right to it. But if they're just ingesting your data and then training their AI models on it, that's interesting and potentially problematic. So. Good question. Mara Levy, looking at discord. Oh, hold on one second, one second. All right, I'll have to. Kimberly, I'll have to look into that after this stream is over. All right. Do we have Simply ICS at? Oh, we do. Okay, we do. Thank you very much, Dan. We have Simply ICS at. This is. Hold on one second. This is at 9:30am Eastern time. So Stones fan Rob, if you are interviewing at a OT job, they're talking about the value of ICS and OT exercises. This is definitely material that you can use to straight up wow the interviewers. Okay. All right, continuing on with the questions. Do you ever reach a point Jack Technology? Do you ever reach a point of burnout? If so, how do you recuperate stoking that fire again? Yeah. So good question. Fair question. So I have reached burnout three times in my life. And burnout isn't like, oh, I'm just tired. Like, at least the way I've experienced it. I haven't studied burnout academically, so this is my own experience and anecdotal. I've experienced burnout three times. Twice was the same way. The first two times was the same way. So I thought that's what burnout was for me. The third time was a different experience. I, I also think it has a lot to do with what your work ethic is and how you perceive, you know, yourself and what you allow yourself to do. Like, say you have a raging migraine, but you, like, refuse to take the day off from work because you feel you need to work. Right. For example, people do that. The first two times I had burnout, I just. My brain stopped working. I. I literally, you know, I usually have tons of thoughts going on all the time. I. I was just blank. It. It actually h. The first time, it happened live on air during the daily cyber threat brief. I. I literally couldn't think. Eric Taylor had to come in and take over the show, which was embarrassing, but at the same time, I didn't have a Choice. It took 36 hours to recover. I basically did nothing for 36 hours, and then I was just back to normal and I just leaned back in and grinded. So the third time was the Simply CyberCon 2025. Unfortunately, that was not something where I could just not do anything for 36 hours because I had an incredible amount of responsibility and it took weeks to continue to grind through it. Ultimately, I got through it and. But it was dark. I was having a lot of, like, like mentally unhealthy. Like, I was mentally unhealthy, and that wasn't good. Right. So as far as burnout goes and dealing with burnout, personally, I like to recuperate, but two ways. I personally have found that physical exercise is a great way to help with burnout. Personally, I like to run. I know some people like to box. I know some people like to work out. Nick is on the elliptical. Derek pumps iron. Whatever it is, I find that releasing the endorphins and. And like engaging my body itself versus my brain makes me feel better. Right. So that's good. Also just kind of doing something you enjoy. Like, I love analysis. Right. So I've recently got back into magic, the gathering, both digital and paper, which means the physical cards. And I love going through the physical cards and, like, reading the text and thinking of, like, interesting things I can do with these cards. So for me, that's how I like. Please in chat, if you would like to. If you would like to share how you like to recuperate from burnout, please share it because it takes a village. And this is a really important topic and one that I'm glad that is, like, very nice for people to talk about. Also, guys, it. This is why I'm taking two weeks off at the end of the year. I try to be a good husband. I try to be a good father. You know, I went full time with Simply Cyber in 2023, September 2023. I told my wife and family I was going to take December off that year. I worked every day last year. I tried to be more reasonable. I told my wife and my family I was taking the Last two weeks of December off, I worked every day, which is embarrassing to make a commitment like that and then just absolutely steamroll through it. I told my wife and family I was taking two weeks off this year, and I'm going to. And I'm. I'm super excited. I. I need. I need to be able to. All right, so next question. Can you talk about the 2026 SC Con updates? I missed it. Yes. So simply CyberCon 2026. I signed the contract yesterday. We will update the website, you know, and there'll be all sorts of activities. So number one, it will be at the Tides Hotel in Folly Beach. Okay, let me show you this. The dates are November 8th and November 9th, 2026. So check this out. Tides Hotel, Folly Beach. Okay, so check this out. This is Folly Beach. Okay, really quick, let me orientate everybody. Okay. This is Charleston proper. Okay, wait. Whoops. The hell. This is Charleston proper right here. Okay, so this is the peninsula. This dot right here is literally where we had the conference this year. Maybe 20 minutes away. Look at all these islands and coast is Folly Beach. Now, Folly beach is a very, like, bohemian. Think of like the dude from Big Lebowski. He'd want to hang out here. This is a very cheap, chill area. You'll notice there's only one road that comes into it. Okay. And at the end of that road is the Tides Hotel, which is where the conference is going to be. This hotel, like, right, if you step right outside, this is the main thoroughfare right here. There's restaurants and bars and all sorts of shops and stuff all right here. So it's very, very walkable. Tons of opportunity for activities. There's a cool pier here that you can walk out on. It's going to be November 8th and 9th, which is a Sunday and Monday. Besides, Charleston is the previous Saturday. So. Looking at a quick calendar, if you look at this right, BSides Charleston is the seventh. Our conference is the eighth and ninth, and my birthday is the tenth. Right. So there will be. You can stay at the. At the Tides Hotel. We're gonna have block room rates. Very, very affordable. I think the rooms are like 139 a night. Also, I want to point out the hotel is pet friendly. I'm. I am trying to organize, like, family related, like, activities that, like, you might want to bring your kids with you. Right? I can't promise that yet, but I will tell you, like, because it's pet friendly, we have dogs, we don't kennel. I will be bringing, like, my whole family is going to Be staying here, including my dog. So I'm super excited. Cyber risk, which I hope that answers your questions. I'm happy to talk about it. Are you in cairosec interested in partnering on contracting ops? Yeah. Elliot Matais. Yeah, we can absolutely do that. Here, let me drop this into Slack for. Give me a second. I gotta send this to Tyler bro. All right. Sent. All right, next question. C. Mendoza, how widely is tenable used in DoD environments compared to private companies and do they use it differently? Basically? Vulnerability scanners, there's like three main ones, Qualis, Tenable and Nexpos. Right. Or Rapid7, depending on what you want to call it. Tenable is really widely used as far as dod. I mean, I don't. I haven't worked in the DOD for a hot minute, so I don't know what the contracts look like, but it is one of the popular ones. I'd be stunned if Tenable didn't have a DoD contract since they're one of the big three and it's used the same way. It's a vulnerability scanner. Right. I will tell you that you can download the nessus, which is the scanner part of it, and use it for free, the community Edition, up to 16 IP addresses so you can get used to it. Great opportunity, Great opportunity. And the pricing, careful with the pricing because at my last company or my second to last company, I did roll out Tenable and the scanner itself was like three grand a year, I think, which is like super affordable, right? But the reporting, which is very important, the reporting was like 70 grand a year. So I had to use like power bi and duct tape and some bubble gum and like make my own reporting dashboards, which was a pain in the a. So just be mindful of that. C. Mendoza. But yeah, it's definitely widely used and recommend it. Michael Gillette, Are CTI teams being utilized more in sock ops and larger orgs? Oh, I already answered this question. Yes, Sean Sailors just submitted an RFQ for CairoSec. Thanks. Sean Saylors, we will definitely get with you. All right, continuing here. Let's see. Continuing to Look. We have nine, 25. We got five minutes. Cyber risk witch. Can you just let me know if that answered your question? If anyone has questions about the con, let me know. I'm very excited about the con. All right, so Stones fan, I got this question. I will get it to the guys. Complete this sentence. If I could have one thing for Christmas, it would be. Oh, man. If I could have one thing for Christmas, I. It would be a. Like a A better understanding of AI, Agenic AI and a couple use cases built in N8N by me that work and help me with my business. Now, if you're looking for, like a gift under the tree, a stream deck would be great. All right, what are the benefits of having my address passwords and a password manager instead of a browser? Well, I mean, it's more secure, right? Password managers are, you know, they're. They're protected. Typically, the password manager or the password vault company doesn't have access to the keys to get to your password. So it's a little bit better. You don't take on the risk of the vulnerabilities of the browser potentially leading to compromise. A password vault moves with you. If you store it only in your browser, well, then you really only have use of it in your, you know, your instances. But if you are on your phone or whatever and you're not using your browser, the decentralization of the password manager from the browser allows you to have more utility. Good question. Continuing to look for questions with a queue while we have two minutes until air time. Sorry. Yeah. Okay, come here. All right, next question. I'm gonna try to go lightning round now for the sake of questions. Phil Stafford. I don't even know. I'm not gonna fight Tyler Ramsby. The dude knows how to box. And he's bigger than me. He's in a different weight class. And I mean that politely. Cyber Risk, which. What books would you recommend for developing a consulting mindset? Reading the Trusted Advisor now about building trust and relationships with clients. That's a good question. I mean, if you're talking about building your own business too. May I recommend. This is a. This is a classic, right? This book is classic. I've read this book twice. Where's the COVID of the book, Dude? Yeah, The E Myth revisited. This one's a good one. Not necessarily the consulting mindset, but it. It does help you think about how to structure your business and. And not get here.

B

The.

A

Basically, the deal behind this book is not getting so wrapped up in the delivery of business that you're not actually able to run a business. Now, if you're talking about working for another business as a consultant, I don't know a book off the top of my head. But what I would say is having high EQ empathy, listening and trying to understand what are the challenges and frustrations that your clients are dealing with is very important. They will tell you what the problems are if you ask the right questions. So instead of just coming to them and being like, oh, here's a problem. Let me solve it. You know? You know, the listening and the EQ is pretty important. I mean, I was a consultant for years. I. I don't know if I ever read a book, though. I. I worked at Booz Allen, which is like one of these big firms that has like a. Basically a really well defined workflow processor. Molding you into a consultant. It's a good question, though. I'll ask. You know what? One of my very, very close friends is a partner at Deloitte. I will ask him if he has an answer to this question. Hold on, let me. My. My. My friend's group chat is getting blown up here. Book on consulting mindset. All right, let's see. Elliot. Matthias does a daily meditation. Oh, we're going live here. We're going live. See if I can answer Silence po question in a hot second. What can you do to not become a spin on a topic? Even seem to know more than. I don't know why you wouldn't want to be a smee on a topic. But I mean, basically, I guess the way to do it would be the way that you present yourself, right? So constantly be talking about other things besides the thing that you're a subject matter expert on, but, you know, like, basically show that you're a jack of all trades and a master of some. All right, good job. Silence, poet. All right, everybody, we're going to get out of here. Thank you, everybody, for your time. It's a pleasure to serve. I hope you got value from the stream. E. Lucky, come on back tomorrow. And I'm Jerry from Simply Cyber. Let's go raid this ICS Cyber. I'll drop a link in here. See you until next. Wait. Jesus Christ. Until next time. Stay secure.