Simply Cyber Newsletter #120

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Phishers Wreak 'Havoc,' Disguising Attack Inside SharePoint. A phishing campaign uses SharePoint and Microsoft Graph API to deploy the Havoc command-and-control (C2) framework. Victims are tricked into running malicious PowerShell commands via a ClickFix attack, giving attackers full control over systems while hiding malware in trusted services.

What you need to know: Educate your end users about recognizing phishing emails that urge them to take unusual actions, such as copying and executing commands. Highlight the risks of interacting with suspicious attachments or following instructions involving PowerShell or terminal commands.

Key training points should include your organizational process to verify the legitimacy of urgent notices by contacting IT support directly, while encouraging them to report any suspicious activity immediately. Emphasize the importance of vigilance with legitimate services being used to hide malicious activities as cybercriminals continue to evolve their process. Regular security awareness training and phishing simulations can further enhance user preparedness against such sophisticated threats.

Additionally, users should be cautious when visiting compromised sites, as seen in ClearFake attacks, where they may be prompted with fake error messages or updates that instruct them to run malicious PowerShell commands directly in their systems.

FOR PEERS

Silk Typhoon Shifts Tactics to Exploit Common IT Solutions. Silk Typhoon, a Chinese espionage group, has shifted tactics to exploit common IT tools and cloud applications, leveraging unpatched vulnerabilities and credential abuse to infiltrate networks across various sectors.

What you need to know: The shift in tactics highlights the need for robust vulnerability management and credential security.

Have conversations with your peers on streamlining your security posture by focusing on a few key areas. Start by enhancing your vulnerability scanning and patching processes, particularly for public-facing devices.

Next, emphasize robust credential management by implementing multi-factor authentication and regularly auditing services principles.

Finally, integrate zero-trust principles into your network architecture to limit lateral movement and scrutinize multi-tenant applications for potential risks. By addressing these core areas, you can significantly improve your organization's resilience against similar threats.

FOR EXECUTIVES

Exclusive: Fired US government workers with top security clearances were not given exit briefings, sources say. Some U.S. Government workers with top security clearances, dismissed in recent layoffs, did not receive standard exit briefings - potentially increasing security risks. This oversight could expose them to foreign adversaries seeking classified information.

What you need to know: It is important for businesses to ensure that all employees understand their obligations regarding company data upon departure. This includes emphasizing the importance of confidentiality and the potential consequences of unauthorized data disclosure.

Speak with your executives about the importance of implementing comprehensive exit procedures that include thorough briefings for departing employees. These briefings should cover confidentiality agreements and data protection responsibilities (anything that could impact the business), emphasizing the ongoing obligations of former employees. Additionally, focus on mitigating insider threats by ensuring that access to sensitive information is promptly revoked and by maintaining a culture of security awareness throughout the organization. Regularly review and update your exit procedures to align with evolving security best practices.

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Find more about what’s happening this week in the Simply Cyber community, below.

Thank you and see you again next time! Have a great week, #TeamSC!

Gerry

SIMPLY CYBER DAILY CYBER THREAT BRIEF

Catch the most popular weekday cyber threat news analysis livestream around and meet the most supportive community ever, #TeamSC!

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM EST via YouTube and LinkedIn - podcast also available on Spotify, Apple Podcasts, or your favorite podcast platform. You can also check it out on our podcast webpage.

SC MEDIA GROUP SIMPLY ICS CYBER PODCAST

When: Wednesday, March 12 at 9:30 AM ET | Presented by: Simply Cyber Media Group

S6 E2: How Self Leadership can Change Your Life

Erika and Jax chat with Elizabeth Lotardo about her recent book, Leading Yourself.

Tune in as the trio talk about the concept of Self-Leadership, discussing how to provide feedback and avoid awkward conversations.

In this episode, you'll walk away with valuable tools to add to your leadership toolkit. Whether you're an individual contributor or an executive, there's something for everyone to help you up level your leadership in all areas of life.

Join us for this episode and watch with #TeamSC every other Wednesday.

SIMPLY CYBER FIRESIDES SOULTIONS ARCHITECT

When: Thursday, March 13 at 4:30 PM ET | Live on Simply Cyber

Ever thought about a career as a solutions architect? How does someone get started down this path? What are the best ways to break in and advance in this career? We answer these questions and more on this episode of Simply Cyber Firesides with special guest, Brandon Stephens.

As a U.S. Army veteran, Brandon worked as a satellite communications operator. After the military, he launched his career in InfoSec as a SOC engineer. Brandon gained further industry experience an information security analyst and an IT security manager.

With a background in manufacturing, health care, higher education, and enterprise managed services industries, Brandon will share insights on how he discovered his current path as a solutions architect.

Bring your questions and have them answered live on-stream! Set your calendars and meet us there on March 13th. Don't forget to share with your network!

Tune in this Thursday and join us live on Simply Cyber Firesides!

SC MEDIA GROUP WEEKLY STREAM SCHEDULE

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have NEW COURSES - even a couple free courses, including Intro to Hacking with Tyler Ramsbey - available to help you advance in your Cyber career.

Visit academy.simplycyber.io to learn more now!