Simply Cyber Newsletter #100 💯

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your end users, peers, and executives. Support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Amazon says 175 million customers now use passkeys to log in. Passkeys allow faster, more secure logins by using biometrics or PINs. They are safer from phishing and breaches but currently tied to individual devices. Future updates aim to make passkeys portable across platforms, improving ease of use and accessibility.

What you need to know: Educate your end users about the benefits of passkeys as a faster and more secure alternative to traditional passwords. Passkeys use biometric data like fingerprints or facial recognition, or a PIN, to verify identity, protecting against phishing attacks and credential theft. Unlike passwords, passkeys can’t be stolen in data breaches because they rely on cryptographic challenges that are stored securely on devices. While passkeys are currently tied to individual devices, future updates will make them portable across platforms. Encourage your end users to become educated about passkeys and embrace this technology for a safer, more efficient login experience if they use a service that offers this feature.

FOR PEERS

Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems. Cybersecurity researchers have found that entry points in multiple programming ecosystems (like PyPI, npm, Ruby Gems) are being exploited for stealthy software supply chain attacks. Techniques such as command-jacking and command wrapping make detection difficult, posing significant risks to development environments.

What you need to know: Have conversations with your peers about the growing threat of software supply chain attacks, particularly the exploitation of entry points in ecosystems like PyPI, npm, and Ruby Gems. Attackers are leveraging command-jacking and command wrapping to inject malicious code that’s hard to detect. These techniques can bypass traditional defenses, posing significant risks to development environments. Encourage your peers to enhance security measures by implementing stricter vetting processes for third-party packages and integrating real-time monitoring and validation tools. By staying proactive and fostering collaboration across teams, you can help reduce exposure to these increasingly sophisticated threats and strengthen the overall resilience of your development processes.

FOR EXECUTIVES

Internet Archive wobbles back online, with limited functionality. The Internet Archive faced a significant DDoS attack on October 9, followed by a data breach affecting 31 million users. Although services like the Wayback Machine are back online, the site remains partially degraded. The attack involved Mirai malware variants targeting Linux-based IoT devices, mainly from Korea and China.

What you need to know: Downtime from cyberattacks like this highlights the importance of proactive measures in any business. A Distributed Denial of Service (DDoS) attack can cripple essential services, leading to disruptions and potential data breaches. Businesses should evaluate their current security protocols, particularly focusing on bolstering their network defenses and investing in DDoS protection solutions. Regular audits and threat assessments are essential to mitigate risks from evolving threats, such as Mirai malware variants. Additionally, companies must have a robust incident response plan in place to minimize downtime and ensure quick recovery while maintaining customer trust. Preventive measures and readiness for attacks are key to minimizing operational and reputational damage.

Stay current on trending topics, tips, events and resources in cybersecurity, connect with me on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Thank you so much and see you again next Monday!

Have a great week, #TeamSC!

Gerry

DAILY CYBER THREAT BRIEF SIMPLY CYBER

Catch the most popular weekday cyber threat news analysis live stream around and meet the most supportive community ever. #TeamSC

Join us on the Daily Cyber Threat Brief, available on YouTube, LinkedIn, and your favorite podcast platform. Click the links below to favorite on your devices.

SIMPLY DEFENSIVE CAREERS REAL TALK WITH FEDX

Premieres: Monday, Oct. 21 at 9:30 AM EDT from Simply Cyber Media Group

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells are joined by FedX of The-FedX-Channel, a seasoned security analyst from Central Florida. The conversation starts with FedEx discussing his transition into his extensive career journey from construction, to IT and cybersecurity.

Click below to set your reminder notification! Simply Defensive happens after the Daily Cyber Threat Brief on Mondays.

2 CYBER CHICKS THE INTERSECTION OF AGRICULTURE & CYBERSECURITY

Premieres: Wednesday, Oct. 23 at 9:30 AM EDT from Simply Cyber Media Group

Join 2 Cyber Chicks hosts, Erika McDuffie and Jax Scott, as they interview their upcoming guest, Kathy Chambers! Kathy has combined her two passions: agriculture and cybersecurity. Due to advancements in agricultural technology, this industry has seen increased productivity and genetic research. These advancements also make the industry more vulnerable to cyber attacks - how does this impact food related industries and what can we do to help this niche area?

We hope to see you in live chat, immediately following the Daily Cyber Threat Brief and Jaw Jackin’ AMA this Wednesday.

SIMPLY CYBER FIRESIDES CYBERSECURITY LEADERSHIP

Livestream: Thursday, Oct. 24 at 4:30 PM EDT from Simply Cyber Media Group

Join us on the Simply Cyber Firesides! This week, Naomi Buckwalter, Cybersecurity mentor and leader, is our special guest, bringing over two decades of IT and security experience.

Naomi is the Senior Director of Product Security at Contrast Security and the brains behind the LinkedIn course "Training Today for Tomorrow's Solutions." Naomi also just shared her insights on stepping into cybersecurity leadership at Wild West Hackin' Fest. We will ask her to share some of those insights with us in this fireside chat!

Tune in live and get your questions answered by our special guest from 4:30-5:30 PM EDT.

SIMPLY CYBER CON IS NEXT FRIDAY!!!

Date: Friday, November 1st at Harbor Walk | College of Charleston, Charleston, SC

Simply Cyber Con is hybrid, available to attend live in-person, or virtual. Speakers are presenting in-person on location. Learn more about Simply Cyber Con talks, how to make it a cybersecurity weekend with B-Sides Charleston, and REGISTER to attend SCC at simplycybercon.org. All attendees must register to attend, whether virtual or in-person.

Click here to help us Spread the Word on Social Media about Simply Cyber Con!  

#TeamSC #SimplyCyberCon

SIMPLY CYBER CON MERCH IS NOW AVAILABLE

Simply Cyber Con 2024 merch has arrived! We have an assortment of styles available for everyone on the website below.

Please note: Merch will not be available for purchase at the conference.

Team SC, it’s time to gear up! Purchase your merch now.

Special thanks to Simply Cyber Con’s non-profit sponsor, Cybersecurity Central, for the design and merchandise support. Learn more about CC at CybersecurityCentral.org.

SIMPLY CYBER ACADEMY FOR GRC CYBER CAREERS

Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. Plus, we have TWO NEW COURSES to excel your cyber career.

We specialize in GRC Cybersecurity Careers. Visit academy.simplycyber.io.