Simply Cyber Newsletter #114

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Ransomware gangs pose as IT support in Microsoft Teams phishing attacks. Cybercriminals spam employees with thousands of unwanted emails, then pose as IT support via external Microsoft Teams calls. Victims are tricked into granting remote access or installing malicious files, resulting in ransomware or data theft. Blocking external contacts in Teams and being wary of unsolicited “IT support” are key defenses.

What you need to know: Share this story with your end users to help them spot and avoid email bombing scams that could lead to ransomware attacks. Threat actors are flooding inboxes with spam and impersonating IT support in Teams calls to trick employees into granting remote access or installing malware.

What to Tell End Users:

• Be cautious of large volumes of spam emails or unsolicited Teams calls.

• Verify IT support claims with your official IT department.

• Never allow remote access or software installations without approval.

Empower your employees to act as the first line of defense by reporting suspicious activity immediately. Their awareness and quick action are key to preventing a small issue from escalating into a major incident.

FOR PEERS

Major Cybersecurity Vendors' Credentials Found on Dark Web. Thousands of credentials from at least 14 cybersecurity vendors were discovered on the dark web. Gathered from infostealer logs, they include internal and customer accounts. Threat intelligence firm Cyble warns that these leaks highlight the importance of dark web monitoring, robust authentication measures, and security awareness to prevent major cyberattacks.

What you need to know: Share this story with your peers and use one of these questions as a jumping-off point:

• If industry giants are losing credentials to infostealer logs, how does your team ensure that your own accounts remain safeguarded?

• Are you auditing your password policies, rotating credentials, and implementing zero-trust solutions regularly?

• Are you scanning the dark web or employing threat intelligence to spot potential leaks early?

This event underscores not just a vendor risk scenario, but a fundamental shift in the threat landscape: attackers target credentials across supply chains. By comparing notes with your security counterparts, you can discover new strategies, highlight overlooked areas, and refine your incident response.

Some considerations in conversation should be around asking if your third-party agreements include robust breach notifications and if you are training your team to handle suspicious device or web login alerts effectively.

FOR EXECUTIVES

Employees of failed startups are at special risk of stolen personal data through old Google logins. A security researcher found that failed startups often leave their domains vulnerable to exploitation, allowing threat actors to access sensitive employee data via cloud services. This highlights the importance of properly closing down digital assets during business closures to prevent data breaches and protect sensitive information.

What you need to know: When a business effort concludes, whether due to a merger, loss of funding, or strategic pivot, overlooked digital assets like domains and active cloud accounts can pose serious security risks. Threat actors can exploit expired domains to access sensitive data stored in cloud services, including HR systems containing Social Security numbers, banking details, and employee information.

This issue is not limited to failed startups. Any transition that leaves systems active or domains unclaimed creates vulnerabilities. Although Google’s OAuth sub-identifier solution offers some protection, inconsistent adoption and implementation leave gaps that can be exploited.

Executives should consider prioritizing secure transitions or closures by conducting a thorough inventory of digital assets, deactivating accounts, reclaiming domains, and establishing clear processes for managing cloud services. Effective management during these transitions protects sensitive data, mitigates legal and reputational risks, and ensures the organization maintains its integrity during times of change.

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Find more about what’s happening this week in the Simply Cyber community, below.

Thank you and see you again next time! Have a great week, #TeamSC!

Gerry

SIMPLY CYBER DAILY CYBER THREAT BRIEF

Catch the most popular weekday cyber threat news analysis livestream around and meet the most supportive community ever, #TeamSC!

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM EST via YouTube and LinkedIn - podcast also available on Spotify, Apple Podcasts, or your favorite podcast platform. You can also check it out on our podcast webpage.

SC MEDIA GROUP SIMPLY DEFENSIVE PODCAST

When: Monday, January 27 at 9:30 AM ET | Presented by: Simply Cyber Media Group

S2 E3: Unlocking the Potential of Blue Teaming with Simeon

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells talk with Simeon, an Intel Analyst at Microsoft. Listen as they explore his journey from aspiring doctor to cybersecurity expert, discussing his innovative contributions like the creation of KC7 Cyber, a tool that democratizes access to cybersecurity training.

Learn about Simeon's early influences, challenges, and the importance of critical thinking, analytical reasoning, and communication in cybersecurity. He also shares his passion for breaking down biases and encouraging diversity in the tech world while offering practical advice for both new and seasoned blue teamers. Discover how KC7 is shaping the future of cyber defense training and get inspired by Simeon's dedication to making cybersecurity accessible to all. Connect with Simeon.

Join us at 9:30 AM EST on Monday after the Daily Cyber Threat Brief and Jaw Jackin’.

SC MEDIA GROUP CYBERSECURITY MENTORS PODCAST 

When: Thursday, January 23 at 9:30 AM ET | Presented by: Simply Cyber Media Group

S2 E4: From Marine to Mandiant with Ryan Rath

Ryan Rath shares his inspiring journey from the military to a significant role in cybersecurity with Mandiant (now part of Google Cloud), discussing the challenges faced during the transition. Key topics include the importance of networking, the evolving skill sets required, and the ethical responsibilities of cybersecurity professionals, highlighting the need for mentorship and continuous learning.

Join us here for Episode 3 of Season 2 at 9:30 AM EST, immediately following the Daily Cyber Threat Brief and Jaw Jackin’ on Simply Cyber.

SC MEDIA GROUP WEEKLY STREAM SCHEDULE

SC ACADEMY THE PLACE FOR GRC CAREERS

At Simply Cyber Academy, we specialize in making GRC Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have NEW COURSES available to help you advance in your GRC Cyber career. Check them out!

Visit academy.simplycyber.io to learn more now.