Simply Cyber Newsletter
Posts
Simply Cyber Newsletter #111

Simply Cyber Newsletter #111

Crush Your Week Like a Cyber Pro with Simply Cyber!

Gerald Auger & Chuck Sapp
January 06, 2025

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Hackers steal ZAGG customers' credit cards in third-party breach. ZAGG customers’ credit card details were stolen in a third-party app breach. End users should update their payment information, request new cards, and consider using privacy tools like virtual credit cards or services like Privacy.com to limit exposure in future breaches. Vigilance in online purchases is critical to protecting financial data.

What you need to know: This is a great topic that you can share with your end users, especially during Data Privacy Week from January 27 - January 31, 2025:

Online shopping is convenient but can also be risky for your financial data. To safeguard yourself, consider requesting virtual credit cards from your bank or using a service like Privacy.com to generate secure, disposable payment details. These tools prevent your actual card details from being exposed to breaches. Additionally, monitor your bank and credit card statements regularly for unauthorized transactions and set up alerts to catch suspicious activity early. If you spot something unusual, contact your bank immediately to report fraud and request a replacement card. Secure your shopping accounts by creating strong, unique passwords for each site and enabling two-factor authentication.

Finally, audit the personal data you share online and consider services such as joindeleteme.com to aid in this effort. By adopting these practices, you can reduce the risk of fraud and ensure your financial information stays protected.

FOR PEERS

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation. Cybersecurity researchers uncovered security flaws in Azure Data Factory’s Apache Airflow integration and Azure Key Vault. Exploitable vulnerabilities include misconfigured Kubernetes permissions and privilege escalation risks, enabling attackers to deploy malware, exfiltrate data, and manipulate logs. Weak logging practices in Amazon Bedrock also obscure threat detection in cloud environments.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to secure cloud services and monitor third-party integrations. Recent findings about Azure Data Factory’s Apache Airflow integration expose vulnerabilities like misconfigured Kubernetes RBAC, weak Geneva service authentication, and poor secret handling. Attackers could exploit these flaws to gain unauthorized cluster access, deploy malware, or exfiltrate sensitive data.

Similarly, Azure Key Vault's privilege escalation risks allow users to bypass role-based access controls and manipulate sensitive vault contents. Weak logging practices in Amazon Bedrock further complicate detection of malicious activities, masking failed API calls as legitimate. These examples emphasize the critical need to validate Kubernetes configurations, monitor cloud service access, and improve logging precision to detect anomalies. Take this opportunity to review your team’s controls for managing service permissions, auditing logs, and protecting sensitive data to ensure these risks are addressed in your environment.

FOR EXECUTIVES

It's only a matter of time before LLMs jump start supply-chain attacks. Generative AI tools like LLMs are increasingly used by threat actors for spear phishing and social engineering, posing risks to businesses. Stolen credentials enable attacks, costing victims significantly and threatening supply chains. Mitigation includes cautious clicking, verifying email senders, and deploying AI-driven security tools to counter emerging threats.

What you need to know: Emerging threats involving generative AI tools, such as large language models (LLMs), are reshaping cyber risks for businesses. Criminals are leveraging stolen credentials to exploit AI models, creating tailored phishing emails and social engineering tactics that can lead to unauthorized access, operational disruptions, or reputational damage.

To mitigate these risks, executives should prioritize the following strategic actions:

• Empower Employees: Implement regular, engaging training to help employees recognize and report phishing attempts, reinforcing their role as the last line of defense (assuming the phish bypassed Endpoint Detection and Response (EDR).

• Fortify the Supply Chain: Collaborate with vendors to ensure their cybersecurity measures meet your organization’s standards, minimizing third-party vulnerabilities.

• Strengthen Access Controls: Deploy multi-factor authentication (MFA) across all systems and enforce the principle of least privilege to limit exposure.

• Leverage AI Against AI: Invest in modern threat detection tools that harness AI to identify and block AI-driven attacks in real time, reducing the burden on internal teams.

Proactive investment in these areas reduces exposure to advanced cyber threats, ensuring operational continuity and safeguarding stakeholder trust.

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Find more about what’s happening this week in the Simply Cyber community, below.

Thank you and see you again next time! Have a great week, #TeamSC!

Gerry

SIMPLY CYBER DAILY CYBER THREAT BRIEF

Catch the most popular weekday cyber threat news analysis livestream around and meet the most supportive community ever, #TeamSC!

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM EST via YouTube and LinkedIn - podcast also available on Spotify, Apple Podcasts, or your favorite podcast platform. You can also check it out on our podcast webpage.

Visit simplycyber.io/streams

SIMPLY CYBER MEDIA GROUP NEW PODCAST ALERT

When: Thursday, January 9 at 9:30 AM ET | Presented by: Simply Cyber Media Group

Simply Cyber Media Group is excited to announce our latest podcast, the Cybersecurity Mentors Podcast starting Season 2 this Thursday. The CMP features co-hosts and industry experts, John Hoyt and Steve Higareda.

In this podcast your hosts discuss mentoring in cybersecurity, information for those that are looking to get into cybersecurity, and tips for those that are looking to advance their careers.

Connect with the Cybersecurity Mentors Podcast and get to know them better! Sign up for the CMP newsletter, join the CMP Discord, check out the CMP YouTube channel for the past season and additional content, and follow the CMP LinkedIn page.

Join us for Season 2 Episode 1 on Simply Cyber Media Group this Thursday - click the link to set your reminder and attend! https://youtu.be/o-7WLmbDnAk

Join us for Season 2 Episode 1 of the Cybersecurity Mentors Podcast!

SC FIRESIDES YOU’RE DOING DFIR ALL WRONG!

When: Thursday, January 9 @ 4:30 PM ET | Presented by: Simply Cyber Media Group

Ready for Part 2 with of Simply Cyber Firesides with Brandon Poole, Founder and Principal Consultant at Panoptcy Security? In Part 1, we discussed how you are doing #cyber all wrong, and the community loved it!

In this follow up episode, we will talk with this Digital Forensics and Incident Response seasoned professional about how you're doing #DFIR all wrong! With over 14 years of expertise in cybersecurity, Brandon brings a deep understanding of DFIR, disaster recovery, SOC operations, regulatory compliance, security architecture, and general security consulting. He holds the CEH, CCNA, GSEC, GCIH, GCCC, GCWN, GCTI certifications and is a member of Infragard, ISSA, and the SANS Advisory Board. If anyone knows what you're doing wrong in DFIR, it's this guy! Did we mention Brandon is a former SANS Associate Instructor?

Don’t miss this episode and get your chance to hear directly from Brandon as he is interviewed by your host, Gerald Auger, Ph.D. Bring those questions and drop them in live chat when you arrive and we will answer them throughout the episode. Get ready and set your alarms for this exciting upcoming episode presented by Simply Cyber Media Group. Let's go! Follow Brandon Poole on LinkedIn, on X.com, and on GitHub.

We hope to see you in live chat! https://www.youtube.com/live/9YZBAJFg69k

Visit simplycyber.io/streams

SIMPLY CYBER ACADEMY FREE CAREER COURSE

Quick reminder: SC Academy has a NEW FREE COURSE available to everyone! It’s designed to help you get ahead of the career transition game with my FREE Cyber Career Launch Pad Course!

Make sense of those cyber resources today! Learn more about this new resource here.

Start this course today and launch your cyber career!

SIMPLY CYBER MEDIA GROUP WEEKLY STREAM LINEUP

simplycyber.io/learn

SIMPLY CYBER ACADEMY THE PLACE FOR GRC CAREERS

At Simply Cyber Academy, we specialize in making GRC Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have NEW COURSES available to help you advance in your GRC Cyber career. Check them out!

Visit academy.simplycyber.io to learn more now.

Visit Simply Cyber Academy to Learn More