Simply Cyber Newsletter #110 🎆

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Defense Giant General Dynamics Says Employees Targeted in Phishing Attack. General Dynamics employees fell victim to a phishing campaign targeting their benefits accounts via a third-party login portal. Attackers accessed personal and financial information, changed account details, and compromised credentials. The company is offering affected employees credit monitoring and urging immediate password resets to prevent further misuse of credentials.

What you need to know: Educate your end users about verifying communications from approved third parties. The General Dynamics phishing attack shows how attackers impersonated a trusted benefits provider, tricking employees into sharing credentials on a fake login site. This breach highlights the importance of verifying any unexpected emails or changes to your accounts.

When a third party contacts you about updates to benefits or other accounts, always verify the legitimacy of the message. Look for confirmation through internal communications, such as company emails or announcements. If you don’t see such confirmation, treat the message with caution. Contact your HR or IT department directly to confirm its authenticity. Key actions: - Avoid clicking links in unsolicited emails. Instead, go directly to the provider’s official site. - Report suspicious emails to your internal IT or security team immediately.

- Educate: Legitimate changes should always be communicated internally, first. If that isn't setup in your organization, you should speak to leadership as an additional protection measure against this threat.

FOR PEERS

New PaaS Platform “FlowerStorm” Attacking Microsoft 365 Users. A new phishing-as-a-service platform, "FlowerStorm," targets Microsoft 365 users, bypassing MFA using adversary-in-the-middle (AiTM) techniques. Replacing the disrupted "Rockstar2FA," it exploits .ru/.com domains and Cloudflare services, primarily impacting U.S. organizations in services, manufacturing, retail, and finance. Experts recommend AiTM-resistant MFA tokens, email filtering, and DNS filtering for protection.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to counter phishing-as-a-service (PaaS) threats like "FlowerStorm," which targets Microsoft 365 users by bypassing multi-factor authentication (MFA) with adversary-in-the-middle (AiTM) techniques. This platform rapidly replaced Rockstar2FA following its collapse in November 2024, offering user-friendly evasion tools, phishing portals mimicking Microsoft login pages, and a botanical-themed design.

It’s important for end users to understand they’re truly the last line of defense in some situations. FlowerStorm heavily targets U.S.-based organizations in sectors like services, manufacturing, retail, and financial services, using .ru and .com domains alongside Cloudflare for hosting. To defend against threats like FlowerStorm, adopt AiTM-resistant MFA methods, such as FIDO2-compliant hardware keys. Strengthen email and DNS filtering to block malicious domains, and ensure teams are trained to recognize modern phishing tactics. Discussing robust incident response strategies and threat intelligence sharing can also enhance defenses against these evolving PaaS threats.

Bonus: Here is a link to a post that our very own DJBsec wrote on this topic.

FOR EXECUTIVES

These were the badly handled data breaches of 2024. In 2024, we saw major security incidents from companies like 23andMe, Change Healthcare, and Snowflake, largely due to poor handling of breaches and delayed responses. Common themes included inadequate security measures, such as missing multi-factor authentication, and lack of transparency, underscoring the critical need for proactive cybersecurity and timely stakeholder communication.

What you need to know: High-profile breaches at companies like 23andMe, Change Healthcare, and Snowflake reveal critical cybersecurity gaps. 23andMe’s breach exposed 7 million genetic profiles, while Change Healthcare’s delayed response disrupted U.S. healthcare systems, exposing 100 million individuals. Snowflake’s insufficient authentication led to client data theft, endangering customer trust. These incidents demonstrate how security failures disrupt operations, erode trust, and draw regulatory scrutiny. Key vulnerabilities include lack of multi-factor authentication and delayed breach disclosures, underscoring the need for proactive risk management. Executives should mandate immediate security audits and implement multi-factor authentication as a baseline. Clear communication plans must be in place to maintain trust during crises. Strategic investments in advanced threat intelligence and automation can enhance resilience and reduce exposure. Addressing these risks proactively ensures business continuity and protects the organization’s reputation and financial stability.

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Find more about what’s happening this week in the Simply Cyber community, below.

Thank you and see you again next time! Have a great week, #TeamSC!

Gerry

SIMPLY CYBER DAILY CYBER THREAT BRIEF

The Daily Cyber Threat Brief has a fresh new look for 2025, sporting our recent win from the SANS Difference Maker Award for Podcast of the Year, as voted by the cybersecurity community at large!

Catch the most popular weekday cyber threat news analysis livestream around and meet the most supportive community ever, #TeamSC!

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM EST via YouTube and LinkedIn - podcast also available on Spotify, Apple Podcasts, or your favorite podcast platform. You can also check it out on our podcast webpage.

SC FIRESIDES ACCESSIBLE CYBER TRAINING FOR SOC

When: Thursday, January 2, 2025 | Presented by: Simply Cyber Media Group

Join us for an exciting episode of Simply Cyber Firesides with your host Gerald Auger, Ph.D. and his special guest, Anthony Bendas, Co-Founder of Level Effect! Anthony, known for designing and delivering the Cyber Defense Analyst Program, brings over a decade of experience in penetration testing, security consulting, project management, and engineering. He's also the mastermind behind the industry-first Virtual SOC training environment, a platform that has earned top accolades.

Don't miss this opportunity to learn from a leading expert in the field. Mark your calendar and join us to empower yourself with innovative training and consulting solutions from Anthony. Bring your questions and join us in live chat - see you there!

https://youtube.com/live/d1S3KUDOPIE

SC ACADEMY PBCC LIVE JAN 2025 LAST CHANCE!

Your Personal Branding for Cyber Careers Masterclass (PBCC) LIVE COHORT is happening January 6-9, 2025, presented by Gerald Auger, Ph.D. and Simply Cyber Academy!

Employers want practical skills... SHOW THEM YOU HAVE THEM! YouTube is the #2 most accessed site on the Internet. Leverage it to establish, showcase, and engage as a practical cybersecurity professional. Our all-inclusive online course guides you through every step of building a successful YouTube channel.

From planning to publishing content, managing with YouTube Studio, to monetizing and networking professionally - we empower you to make your mark on YouTube. All Cohort students are issued a limited time 50% off code for the on-demand version of this course to enable up to 1 year of revisiting curriculum.

Course Logistics: January 6-9, 2025 from 11:00 AM - 3:00 PM EST daily. Format: Live virtual sessions with some pre-recorded content. Expected Daily Homework: ~1 hour.

Click here to register now! #branding #cybersecurity #masterclass

SIMPLY CYBER ACADEMY FREE CAREER COURSE

Last week I made an announcement about a NEW FREE COURSE available to anyone and everyone on Simply Cyber Academy! It’s designed to help you get ahead of the game with my FREE Cyber Career Launch Pad Course!

Make sense of those cyber resources today! Learn more about this new resource in this video I created.

Click here to get my FREE AWESOME new career changer course! 

SIMPLY CYBER MEDIA GROUP WEEKLY STREAM LINEUP

SIMPLY CYBER ACADEMY THE PLACE FOR GRC CAREERS

At Simply Cyber Academy, we specialize in making GRC Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have NEW COURSES available to help you advance in your GRC Cyber career.

Visit academy.simplycyber.io to learn more now.