Simply Cyber Newsletter #121

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Medusa ransomware continues to attack infrastructure. Since June 2021, Medusa ransomware has targeted over 300 critical infrastructure organizations, stealing and encrypting data while demanding ransoms. They use phishing, exploit unpatched vulnerabilities, and employ legitimate tools to evade detection, engaging in double or triple extortion to pressure victims.

What you need to know: This story is a reminder that phishing is a key cybercrime entry point. Attackers stole credentials and exploited vulnerabilities, bypassing strong passwords and MFA. Encourage your end users to remain alert and mindful in the following areas:

• Spot red flags: Watch for unfamiliar senders, urgent requests, or odd attachments.

• Verify links: Hover to check URLs before clicking.

• Avoid risky downloads: Skip unapproved software that may hide malware.

• Report issues: Notify IT of suspicious activity or system oddities, quickly.

Remind them that in a digital landscape where threats lurk behind every corner, their instincts can quietly turn the tide. Encourage them to pause before they click, question what seems off, and flag the unusual.

FOR PEERS

Blind Eagle Targets Colombian Government with Malicious .url Files. Blind Eagle targets Colombian institutions with malicious .url files mimicking CVE-2024-43451, patched November 2024. Using platforms like GitHub and Google Drive, they deploy Remcos RAT, infecting thousands. A February 2025 phishing slip exposed 8075 credentials, highlighting their stealth and danger.

What you need to know: Spark conversations with your peers about evolving threats, specifically campaigns like Blind Eagle's recent shift leveraging .url files and WebDAV, and the persistent challenges surrounding NTLM. Are there opportunities to reevaluate your current security postures? How are they working around the NTLM patch? How can your organization enhance your detection of anomalous NTLM negotiations, especially those tied to WebDAV traffic? Further discuss file-sharing platform usage, from Google Drive to GitHub, and the implications for your own environments. Are your anomaly detection rules and phishing resilience exercises keeping pace? Their focus on Colombian entities provides a real-world case study.

FOR EXECUTIVES

Developer sabotaged ex-employer with kill switch activated when he was let go. A senior developer, demoted during a restructuring, sabotaged Eaton Corporation’s systems with malware and a "kill switch," locking out thousands of employees globally and causing hundreds of thousands in damages upon his termination. This highlights the critical cybersecurity risk of insider threats with high-level access.

What you need to know: This case underscores the severe threat disgruntled insiders with elevated privileges pose to businesses. Beyond operational downtime and financial losses, such incidents can damage reputation and trust. Executives must see cybersecurity as encompassing internal risks, not just external attacks. Ignoring insider threats risks business continuity and stakeholder confidence.

Bringing this to executives’ attention not only highlights a real-world example of insider risk but also positions you as a proactive leader in protecting the company’s assets and resilience:

• Proactively manage insider risks by enforcing least privilege access, limiting permissions to essentials.

• Conduct regular access reviews, especially during restructurings or terminations.

• Establish a robust offboarding process; revoke access instantly and audit systems.

• Foster security awareness and open dialogue to address employee discontent early, preventing escalation.

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Find more about what’s happening this week in the Simply Cyber community, below.

Thank you and see you again next time! Have a great week, #TeamSC!

Gerry

SIMPLY CYBER DAILY CYBER THREAT BRIEF

Catch the most popular weekday cyber threat news analysis livestream around and meet the most supportive community ever, #TeamSC!

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM EST via YouTube and LinkedIn - podcast also available on Spotify, Apple Podcasts, or your favorite podcast platform. You can also check it out on our podcast webpage.

SIMPLY CYBER FIRESIDES AZURE SECURITY RESEARCH

When: Monday, March 17 at 12 PM EDT | Live on Simply Cyber

Join host Gerald Auger, Ph.D. for an enlightening conversation with special guest Matt Kiely, @huskyhacks, Principal Cybersecurity Researcher at Huntress and renowned instructor at TCM Academy and The Taggart Institute.

Explore the evolving landscape of Microsoft Azure security as Matt shares exclusive insights from his cutting-edge research in cloud vulnerabilities and defensive strategies. Discover how modern threat actors are targeting cloud infrastructure and what security professionals need to know to stay ahead.

Plus, get the inside story on Matt's journey from his beginnings to becoming a respected voice in Identity Threat Detection and Response (ITDR), along with updates on his latest projects.

🔥 Perfect for security professionals, cloud architects, and anyone interested in the future of cloud security!

Bring your questions and have them answered live on-stream! Set your calendars and meet us there. Don't forget to share with your network!

Tune in this Thursday and join us live on Simply Cyber Firesides!

SC ACADEMY LUNCH N LEARN NIST SP 800-53

When: Tuesday, March 18 at 1 PM EDT | Live on Simply Cyber

Seeking an introduction to NIST SP 800-53? We have you covered in this Lunch n Learn session from Simply Cyber Academy.

📋 NIST 800-53 is an InfoSec standard providing a catalog of privacy and security controls for information systems. It is referenced by many industry security standards and helps orgs across all industries improve their security posture and mitigate risks.

❓ But what is the path to get started implementing this golden security standard in your org or business?

👉 Join us for this Lunch n Learn with Instructor John Hightower, a.k.a. Professor Black Ops. He will take you on a journey to discover NIST SP 800-53 and help you gain a better understanding of where to get started.

✔️ By the end of this session, you will have a clear understanding of the NIST SP 800-53 and takeaways on policy, procedure, plans, compliance process, and risk. In addition, John will take questions from live chat throughout the stream and provide you with answers to help support your learning.

🏫 His accompanying course on NIST 800-53 will be featured in SC Academy soon, so please stay tuned and check the website for updates! https://simplycyber.io/academy.

Join us live at 1 PM EDT: https://youtube.com/live/DmVe-qB6ZQ4.

SC MEDIA GROUP SIMPLY ICS CYBER PODCAST

When: Wednesday, March 19 at 9:30 AM ET | Presented by: Simply Cyber Media Group

S6 E2: How Self Leadership can Change Your Life

In this episode of Simply ICS Cyber, Don and Tom interview Gus Serino, water sector expert and Owner at I&C Secure, Inc.

Listen in as Don, Tom, and Gus answer the following questions:

• What is Critical Infrastructure?

• What are other types of Industrial and Automation?

• Is cybersecurity different between the two?

Join us for this episode and watch with #TeamSC on Simply Cyber Media Group every other Wednesday.

SC MEDIA GROUP WEEKLY STREAM SCHEDULE

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have NEW COURSES - even a couple free courses, including Intro to Hacking with Tyler Ramsbey - available to help you advance in your Cyber career.

Visit academy.simplycyber.io to learn more now!