Simply Cyber Newsletter #122

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Microsoft 365 Targeted in New Phishing, Account Takeover Attacks. Attackers exploit Microsoft 365 vulnerabilities for phishing and account takeovers. One campaign uses legitimate Microsoft domains and misconfigurations to send fake billing emails. Another campaign uses malicious OAuth apps impersonating Adobe and Docusign to steal credentials and deliver malware.

What you need to know: This is a great reminder to educate your end users on the importance of scrutinizing all email communications, especially those appearing to originate from trusted platforms like Microsoft 365. Emphasize that even official-looking emails may conceal sophisticated phishing attempts designed to steal credentials or manipulate them into calling fraudulent support lines. Instruct them to independently verify any communication by navigating directly to the official website or contacting known support channels, rather than relying on links or contact information provided within the email itself.

Beyond scrutinizing email content, call out the risks associated with certain types of requests; highlight the heightened risk associated with emails demanding immediate action, particularly those concerning billing discrepancies or urgent account updates. Reinforce the necessity of exercising extreme caution when granting permissions to third-party applications, particularly OAuth applications, and to refrain from authorizing access to sensitive data without absolute certainty of the application's legitimacy and purpose.

FOR PEERS

Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day. A zero-day vulnerability in Windows .lnk files, exploited since 2017 by nation-state actors, allows hidden malicious command execution. Trend Micro reported the issue, but Microsoft has not committed to a patch. Hundreds of organizations are affected, with ongoing exploits.

What you need to know: Frame this discussion with your peers by emphasizing the prolonged, active exploitation of this zero-day, highlighting the sophisticated techniques used to hide malicious code within seemingly innocuous .lnk files. Initiate conversations on how to collectively bolster defenses against such attacks. Specifically, focus on sharing practical strategies for enhancing EDR to detect anomalous .lnk file behavior, and stress the importance of implementing rigorous file handling policies for downloads from untrusted sources. Advocate for the rapid dissemination of threat intelligence related to this vulnerability, including known IOCs. Urge immediate patching upon Microsoft's release of an update, and in the interim, explore and collaboratively assess the feasibility of temporary mitigation measures, such as disabling .lnk file execution, to reduce the attack surface.

FOR EXECUTIVES

Court filing: DOGE aide broke Treasury policy by emailing unencrypted database. A former DOGE aide violated Treasury policy by emailing an unencrypted database with personal information to officials. He lacked authorization and failed to encrypt the data. This occurred during DOGE's review of Treasury systems for potential fraud.

What you need to know: Initiate discussions with your leadership team about the importance of robust data handling policies and stringent access controls. Emphasize the need for mandatory encryption of sensitive data, both in transit and at rest, and reinforce the importance of adherence to established authorization procedures. Advocate for regular audits of data handling practices and access controls to identify and mitigate potential vulnerabilities. Stress the necessity of thorough background checks and rigorous vetting processes for individuals granted access to critical systems. Use this incident to reinforce a culture of security awareness across the organization, highlighting the potential consequences of data breaches and unauthorized access.

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Find more about what’s happening this week in the Simply Cyber community, below.

Thank you and see you again next time! Have a great week, #TeamSC!

Gerry

SIMPLY CYBER DAILY CYBER THREAT BRIEF

Catch the most popular weekday cyber threat news analysis livestream around and meet the most supportive community ever, #TeamSC!

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM EST via YouTube and LinkedIn - podcast also available on Spotify, Apple Podcasts, or your favorite podcast platform. You can also check it out on our podcast webpage.

SC MEDIA GROUP 2 CYBER CHICKS PODCAST

When: Wednesday, March 26 at 9:30 AM ET | Presented by: Simply Cyber Media Group

S6 E3: Navigating the AI Dark Side: Rebuilding Trust in the Age of Deepfakes and Phishing

In this episode, Navigating the AI Dark Side: Rebuilding Trust in the Age of Deepfakes and Sophisticated Phishing, Jax and Erika sit down with Andrey S, Co-Founder and CEO of BrightSide AI, to explore how generative AI is transforming the cyber threat landscape.

From the evolution of email phishing to the real-world impact of deepfakes, Andrey breaks down why traditional security measures are no longer enough. He also reveals how BrightSide’s hands-on approach helps individuals and organizations safeguard personal data and maintain trust in an era where the lines between real and fake are fast disappearing.

If you’re looking to stay ahead of AI-driven attacks—and keep your team and family secure—this conversation is your essential guide.

Join us for this episode and watch with #TeamSC on Simply Cyber Media Group every other Wednesday.

SC MEDIA GROUP WEEKLY STREAM SCHEDULE

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have NEW COURSES - even a couple free courses, including Intro to Hacking with Tyler Ramsbey - available to help you advance in your Cyber career.

Visit academy.simplycyber.io to learn more now!