Simply Cyber Newsletter #101

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your end users, peers, and executives. Support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Tricky CAPTCHA Caught Dropping Lumma Stealer Malware. Lumma Stealer malware now leverages fake CAPTCHA pages to trick users into downloading malicious files. This multi-stage attack bypasses typical detection, exfiltrating sensitive data like passwords and cryptocurrency wallet details. It highlights the need for vigilance against increasingly sophisticated phishing tactics targeting unsuspecting users.

What you need to know: Educate your end users about spotting malicious CAPTCHA attacks, a tactic now used by Lumma Stealer malware to compromise systems. Cybercriminals lure users to phishing sites with familiar “I’m not a robot” CAPTCHA buttons, but unlike normal verifications, these may prompt users to open applications or paste unfamiliar commands. Such unusual steps are clear warning signs of a potential malware attempt. If end users encounter CAPTCHAs leading to unexpected downloads or strange actions outside the webpage, they should avoid proceeding and immediately report the issue to IT. By staying vigilant and verifying unknown sites, users can help safeguard sensitive data like passwords and cryptocurrency wallets from multi-stage attacks that evade easy detection.

FOR PEERS

Here’s how attackers are getting around phishing defenses. Threat actors are bypassing natural language processing (NLP) defenses in anti-phishing tools by embedding benign links and text. These tactics cause NLP systems to inaccurately assess malicious emails as safe. Egress researchers found that 78% of phishing emails incorporate obfuscation methods, allowing phishing attacks to evade detection and reach users’ inboxes.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to address evolving phishing tactics that exploit NLP-driven email filters. Egress’ recent findings reveal that threat actors are embedding benign links, text, and random characters in phishing emails, tricking NLP systems into categorizing them as safe. These manipulations often use legitimate links, such as those to Bank of America and Uber, to bypass detection further. Notably, 78% of phishing emails employ multiple obfuscation tactics, emphasizing the need for layered defenses. Discussing these trends can help reinforce adaptive defenses and ensure teams are aware of how NLP obfuscation strategies evolve over time.

It’s also important for end users to understand that, in some situations, they are truly the last line of defense.

FOR EXECUTIVES

Penn State fined for failing to meet cyber requirements in federal contracts. Penn State University faces a $1.25 million fine for failing to meet federal cybersecurity requirements in contracts with the Department of Defense and NASA. The settlement reflects serious risks in unaddressed security controls and oversight lapses.

What you need to know: This case underscores the risks of unaddressed cybersecurity vulnerabilities within any organization. Regular identification and correction of security gaps are essential for protecting sensitive data and maintaining trust with clients and stakeholders. Executives should prioritize cybersecurity assessments to gauge current vulnerabilities, incorporating findings into a risk register to track and address risks systematically. A dynamic risk register enables continuous updates as threats evolve, ensuring that mitigation actions are not only documented but also followed up. Clear communication with leadership about identified risks and their potential impacts fosters informed decision-making and resource allocation. This proactive, transparent approach helps build organizational resilience, safeguarding data integrity, protecting client trust, and ultimately enhancing the organization’s long-term stability against cybersecurity threats.

Stay current on trending topics, tips, events and resources in cybersecurity, connect with me on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Thank you so much and see you again next Monday!

Have a great week, #TeamSC!

Gerry

DAILY CYBER THREAT BRIEF SIMPLY CYBER

Catch the most popular weekday cyber threat news analysis live stream around and meet the most supportive community ever. #TeamSC

Join us on the Daily Cyber Threat Brief, available on YouTube, LinkedIn, and your favorite podcast platform. Click the links below to favorite on your devices.

SIMPLY DEFENSIVE SEASON 1: EPISODE 5

Premieres: Monday, Oct. 27 at 9:30 AM EDT from Simply Cyber Media Group

In this week's episode of Simply Defensive, host Josh Mason and co-host Wade Wells welcome incident response expert Blake Reagan. The discussion delves into Blake's journey from the building trades to cybersecurity, a field he entered after the 2008 economic downturn. Blake shares his experiences in digital forensics, emphasizing the importance of soft skills like public speaking and effective communication in cybersecurity roles. The trio also discuss the merits of tools like the Autopsy Digital Forensics platform, the utility of Toastmasters for public speaking, and time management strategies, making this episode a comprehensive look at the tech and human sides of cybersecurity..

Click below to set your reminder notification! Simply Defensive happens after the Daily Cyber Threat Brief on Mondays.

SIMPLY CYBER CON IS THIS FRIDAY!!!

Date: Friday, November 1st at Harbor Walk | College of Charleston, Charleston, SC

ARE YOU READY??? Simply Cyber Con is hybrid, available to attend live in-person, or virtual. Learn more about Simply Cyber Con talks, how to make it a cybersecurity weekend with B-Sides Charleston, and don’t forget to REGISTER to attend SCC at simplycybercon.org.

Click here to help us Spread the Word on Social Media about Simply Cyber Con!  

#TeamSC #SimplyCyberCon

SIMPLY CYBER CON MERCH IS STILL AVAILABLE!

Simply Cyber Con 2024 merch has arrived! We have an assortment of styles available for everyone on the website below.

Please note: Merch will not be available for purchase at the conference.

Team SC, it’s time to gear up! Purchase your merch now.

Special thanks to Simply Cyber Con’s non-profit sponsor, Cybersecurity Central, for the design and merchandise support. Learn more about CC at CybersecurityCentral.org.

SIMPLY CYBER ACADEMY FOR GRC CYBER CAREERS

Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. Plus, we have TWO NEW COURSES to excel your cyber career.

We specialize in GRC Cybersecurity Careers. Visit academy.simplycyber.io.