Daily Cyber Threat Brief: Nov 21’s Top Cyber News NOW! (Ep 1011)

Date: November 21, 2025
Host: Jerry Guy (Dr. Gerald Auger, Simply Cyber Media Group)
Panelists (Jawjacking): Daniel Lowry, DJ B Sec, James McQuiggin
Main Theme:
A comprehensive, friendly, and insightful run-through of the day’s top eight cybersecurity news stories, peppered with expert commentary, practical advice, career insights, and live community Q&A—all to help cybersecurity professionals and aspirants “crush their job today and level up tomorrow.”

Episode Summary: Main Themes & Purpose

• Morning rundown of critical cyber news with actionable insights for infosec professionals at all career stages.
• Community-driven show: Live audience, interactive Q&A, and a welcoming atmosphere for beginners (“first timers”).
• Focus on helping listeners build a deeper understanding of threats, industry trends, and professional development.
• Special segments: Friday “Dad Jokes” by James McQuiggin, post-briefing panel (“Jawjacking”) for career and technical Q&A.

Key Discussion Points & Insights

1. Sternus Android Trojan Exfiltrates Encrypted Chats

[12:01–18:36]

• What’s happening:
  Sternus is a new Android malware capable of capturing encrypted messaging chats by taking screen grabs after decryption and staging credential-stealing overlay attacks on banking apps.
  Targets: financial institutions in Southern and Central Europe.

• Notable Insights:

  • Not new behavior in Android malware; overlays and screen-capture attacks are standard.
  • This particular variant raises concern because it bypasses “end-to-end encryption” at the point of decryption, grabbing message contents directly from the device.
  • Dr. Auger uses an analogy:

    “We come up with secure messaging, they come up with screen captures and key, you know, thumb, thumb keyloggers, right? It’s cool. It keeps us on our toes. Dude, I would be so bored if everything was just stagnant...so anyways, be aware, educate your end users.” —Jerry Guy [16:16]

• Actionable Advice:

  • Don’t install apps from unknown sources.
  • In BYOD environments, use solid MDM solutions and data compartmentalization.
  • Even with compartmentalization, if a user is authenticated and malware screenshots the data, “it’s game over.”

2. PowerSchool Data Leak: Schools Share the Blame

[18:36–27:17]

• What’s happening:
  Canadian provincial commissioners faulted school systems for not contracting for proper privacy/security and not ensuring incident response planning. The breaches resulted from a 19-year-old’s hack aiming for a $2.9M ransom.

• Host’s Take:

  • Strong critique of blaming under-equipped, underfunded public schools:

    “...to put this on the school systems is idiotic. [...] Public school systems are grossly underfunded. [...] And then the school systems didn’t have incident response, bruh. How about you fund their incident response program? There’s a concept.” —Jerry Guy [21:47]

  • Argues that major vendors like PowerSchool, with market dominance, won’t bend contractually for small local districts.

• On the Hacker:

  • Pled guilty to federal felonies, received four years.
  • “It is an incredibly difficult accomplishment to be a felon and get into cybersecurity, just so you know.” [26:40]

3. Bill to Boost SEC Cybersecurity (SEC Data Protection Act)

[27:17–33:58]

• What’s happening:
  The SEC Data Protection Act aims to enforce better, uniform data handling/cybersecurity standards at the SEC.

• Host’s Critique:

  • Points out such requirements already exist under FISMA (Federal Information Security Management Act) since 2002.

    “This is a nothing burger for you… There's nothing here that is going to help you at work today, tomorrow, next week, next month, next year, nothing.” —Jerry Guy [30:20]

  • Wants real improvement beyond baseline compliance, not more “theater.”

4. CISA Deadline: Patch New Fortinet Flaw within 7 Days

[33:58–37:58]

• What’s happening:
  CISA orders federal agencies to patch a critical authentication vulnerability (CVE) in Fortinet’s FortiWeb WAF, already exploited in the wild.

• Analysis:

  • “Seven days is enough time to patch a Fortinet device… I certainly hope personally that agencies patch in the next seven days. I really, really do. Sadly and cynically, I believe…we're going to hear a story of some government agency...that suffered a cyber attack because they didn’t patch...” —Jerry Guy [34:39, 36:52]
  • Encourages all organizations using Fortinet to patch ASAP.

5. Germany’s BSI Warns on LLM/AI Evasion Attacks

[43:55–44:57]

• What’s happening:
  Germany’s BSI guidance for organizations using LLMs (e.g., OpenAI’s GPT) to secure against evasion attacks (prompt injection, data poisoning).

• Host’s Guidance:

  • Endorses as one building block for AI governance:

    “If you're responsible for governance...there isn't a perfect solution right now...but putting pieces together, it does help.” —Jerry Guy [45:11]

  • Recommends reviewing the BSI doc as part of layered defenses for AI.

6. Critical Vulnerabilities in ASUS & D-Link Home Routers

ASUS: [46:55–51:21] | D-Link: [55:26–56:13]

• ASUS: Auth bypass flaw (CVSS 9.3) on DSL routers—remote attackers can access devices unauthenticated.

• D-Link: Three RCE flaws in end-of-life DIR-878 routers—no patches coming.

• Core Insight:

  • Residential/low-end commercial network hardware is “notoriously on fire”—ASUS, D-Link, Fortinet, TP-Link, etc.

  • “For this particular vulnerability...a strong password is not going to save you. If anything, it’s going to give you a false sense of security.” —Jerry Guy [48:26]

  • Actionable:

    • Patch if supported.
    • If EOL, replace your devices. Don't rely solely on passwords.

  • Memorable Analogy:

    “Your wireless router is absolutely secured...then it’s like five feet to the right you can just walk past it.” ([48:18], referencing bypassing security gates)

7. Massive GlobalProtect Scanning Activity—Possible Threat Prep

[51:26–55:26]

• What’s happening:
  Explosive uptick (40x) of scans for Palo Alto’s GlobalProtect login page by sources in Germany and Canada. Historically, such activity often precedes CVE disclosure/exploitation.

• Host’s Nuanced Advice:

  • “Stick a honey pot out on the Internet, it's going to get poked, prodded, and jammed up immediately.”
  • “If you are running Palo Alto Global Protect...increase your level of detections...stay close on updates and patches from Palo Alto.”
  • Blocking the entire ASN is likely overkill (“killing a mosquito with a cannonball”).

8. Community & Career Q&A: "Jawjacking" Panel Hour

[60:00–89:02; main answers excerpted below]

• Key Questions and Insights:
  • Certifications vs. Degrees?
    • Best path is both: “Certs give hands-on/practical showing you can do it; degrees show you can focus and get through 4 years of discipline.” —James McQuiggin [75:51]
    • Degrees: Important for long-term career and HR, more relevant now than a decade ago.
    • Certs: Chosen based on desired job (“What cert is best depends on what you want to do.” —Daniel Lowry [78:53])
  • Pivoting from Telecom to Cybersecurity:
    • Leverage project management skills.
    • Learn relevant frameworks (NIST, ISO 27000 series), find practical training (e.g. via Anti-Siphon, Simply Cyber Academy).
  • Feeling Competent in Cybersecurity:
    • Imposter syndrome is real for everyone.
    • Competency grows in increments (milestones like passing CISSP, teaching, presenting).
    • “You're not ever going to know everything...that's why networking is so important.” —DJ B Sec [80:06]
  • Importance of Confidence:
    • “You can have all the skills in the world, but if you cannot communicate or use them in a way people understand...what good is it?” —Daniel Lowry [83:02]
  • Getting Real-World Skills:
    • Hands-on labs, CTFs, and practice (“actually put hands on keyboard and do it”) are essential after book learning/certificates.
    • “Just because you have a cert or degree doesn’t mean you can do the job day 1.” —DJ B Sec [85:44]
  • Red Teaming Path for Military Vets:
    • HackTheBox Academy + Zero Point Security's CRTO program recommended.

Notable Quotes & Memorable Moments

• On Regulations Without Enforcement:

  “This is like my son giving me 10 minutes to make a choice…like, what authority do you have dude?...so again, the problem is you have to empower the agency with authority and then have repercussions if they don't do what they're being told.” —Jerry Guy (patch deadlines) [34:39]

• On Compliance vs. Security:

  “This right here passes a compliance audit. This is a visual representation of why compliance is not equal to security.” [50:54, on “gates” without fences]

• On Continuous Learning:

  “Do I always feel competent? No. Imposter syndrome is very real in this industry...” —James McQuiggin [80:58]

• On Community:

  “That's why networking is so important...Get people that know stuff you don't know, so you can reach out and find out.” —DJ B Sec [80:06]

• Humorous/Light Moments:
  • [38:38] Friday Dad Jokes:
    • “Why is a piano so hard to open? Because the keys are on the inside.”
    • “What do you call a computer that sings? Adele.” (groans and laughter)
  • [16:05] Host’s enthusiasm:
    • “I love educating. I love cyber security, like almost like to a fault...all the things and everybody at every level can level up.”

Timestamps for Major Stories

| Segment | Timestamps | |:----------------------------------------------|:--------------| | Sternus Android Trojan | 12:01–18:36 | | PowerSchool Data Leak & Blame | 18:36–27:17 | | SEC Cybersecurity Bill / FISMA Commentary | 27:17–33:58 | | CISA Fortinet Patch Mandate | 33:58–37:58 | | AI/LLM Evasion Attack Guidance (Germany) | 43:55–44:57 | | ASUS DSL Routers Auth Bypass Flaw | 46:55–51:21 | | Palo Alto GlobalProtect Malicious Activity | 51:26–55:26 | | D-Link DIR-878 Remote Code Execution Flaws | 55:26–56:13 | | “Jawjacking” – Panel Q&A | 60:00–89:02 |

Community & Culture

• Show vibe: Welcoming, supportive, and upbeat (“good times, good people, and cyber security”).
• “First timers” encouraged: Special emotes and shout-outs to newcomers in chat.
• Panelist intros highlight their backgrounds and expertise.
• Resources/Continuing Education:
  • Anti-Siphon Training courses, Simply Cyber Academy, and Barricade Cyber webinars spotlighted.
• Emphasis on networking, community, and ongoing self-development.

Summary: Takeaways for Listeners

• Stay current and think critically about each new threat—both technically and operationally.
• Practical defense: Patch quickly (especially high-profile firewalls/routers), encourage proper app hygiene, and review real-world incident response plans.
• Career growth: Strive for both practical (“certs”) and academic (“degree”) achievement; network and communicate well; hands-on experience is crucial.
• Security culture: Recognize the limits of compliance; true security comes from layered efforts, practical vigilance, and ongoing education.
• Community is key: Cybersecurity is a team sport—don't be afraid to ask questions, share experiences, or lean on your network.

This episode is an energetic, advice-rich start to the day for cybersecurity professionals and enthusiasts wanting a strong blend of news, analysis, and career wisdom—in a community that truly welcomes you to “the party.”