Simply Cyber Newsletter #125

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Phishing kits now vet victims in real-time before stealing credentials. Some phishing sites now validate email addresses in real time, showing fake login forms only to pre-targeted users. Invalid emails trigger errors or redirects, hiding the scam from researchers and security tools, which makes these attacks harder to detect and block.

What you need to know: Share this new innovative technique with your end users: Some phishing emails now lead to websites that only display fake login pages if the email entered matches a list the scammers already have. This makes detection harder and allows phishing sites to look clean during checks. If a message asks to log in, verify details, or act fast, use extra caution. Do not trust links blindly. Instead, visit the official site directly or contact the organization through a known number. Even emails that look routine may be part of a trap that only reveals itself to real targets. Reporting anything that feels off helps stop the threat from spreading.

FOR PEERS

New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner. A Chinese-linked threat group exploited a vulnerability in ESET’s command line scanner to sideload a malicious DLL and deploy new malware, TCESB. The flaw (CVE-2024-11859) was fixed in January 2025. TCESB also abuses a known Dell driver to disable security monitoring through BYOVD techniques.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to detect and defend against trusted tool abuse and sideloading risks. Even with patched vulnerabilities, legacy components or overlooked admin permissions can be exploited to bypass protections. This is a good reminder to revisit your detection strategy around driver installation events, especially those involving known vulnerable drivers. Consider how your systems log and alert on DLL hijacking attempts, unsigned drivers, or abnormal system-level behavior. If you rely on third-party security tools, assess how they handle DLL search order integrity and kernel-space activity. Threat actors could be moving laterally using our own tools, and visibility is key.

FOR EXECUTIVES

Fake Passport Generated by ChatGPT Bypasses Security. A fake passport created using generative AI successfully passed a digital identity check, raising new concerns about the reliability of photo-based verification methods. The incident highlights how quickly AI can be used to undermine "Know Your Customer" processes and exposes a growing risk to customer identity systems.

What you need to know: What impact could this have on your business? This serves as a clear signal to revisit how your business verifies and grants access to customers. If current methods rely solely on image-based ID uploads or facial recognition, they may already be vulnerable. As generative AI tools become more accessible, attackers can scale identity fraud with minimal effort. Now is the time to explore stronger authentication methods, such as NFC-enabled document checks, electronic IDs, or layered identity verification models. These technologies offer hardware-backed assurance and reduce the risk of synthetic identity misuse. Begin conversations with your compliance and technology teams to evaluate where your organization may need to upgrade trust and identity controls.

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Find more about what’s happening this week in the Simply Cyber community, below.

Thank you and see you again next time! Have a great week, #TeamSC!

Gerry

SIMPLY CYBER DAILY CYBER THREAT BRIEF

Catch the most popular weekday cyber threat news analysis livestream around and meet the most supportive community ever, #TeamSC!

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM EST via YouTube and LinkedIn - podcast also available on Spotify, Apple Podcasts, or your favorite podcast platform. You can also check it out on our podcast webpage.

SC MEDIA GROUP SIMPLY DEFENSIVE S3 E2

When: Monday, April 14 at 9:30 AM EDT | Presented by: Simply Cyber Media Group

S3 E2: Navigating the Cybersecurity Landscape with Edna Johnson: From Developer to Threat Hunter

Join hosts Josh Mason and Wade Wells as they welcome Edna Johnson, a vibrant and passionate cybersecurity engineer, to Simply Defensive. She shares her journey from initially wanting to be a developer to diving deep into the world of cybersecurity, attending and volunteering at major conferences such as Defcon and BSides.

Edna also discusses her role in various cybersecurity groups, her imposter syndrome battles, and the importance of volunteering and community engagement in this field. Listen in for valuable insights on threat hunting, content creation, and the significance of understanding basic processes in blue teaming. Don't miss this fantastic episode filled with real-world advice and behind-the-scenes stories from Edna's inspiring career!

Click here to Join us and set your notification!

SC ACADEMY PRESENTS LUNCH & LEARN

When: Tuesday, April 15 at 1 PM EDT | Presented by: Simply Cyber Media Group

GRC CIS Controls 18 Lunch & Learn from Simply Cyber Academy

Tune in and join cybersecurity expert Gerald Auger, Ph.D. for an eye-opening session on navigating the complexities of security program assessment! This practical Lunch & Learn webinar from Simply Cyber Academy will equip you with actionable strategies to properly prepare for your next security audit, implement effective assessment methodologies, and create compelling reports that drive meaningful change.

Whether you're facing compliance requirements or aiming to strengthen your security posture, Gerald's insights will help you transform auditing from a dreaded chore into a valuable security enhancement tool.

Set your notifications and join us live on April 15th at 1 PM EDT.

SC MEDIA GROUP SIMPLY ICS CYBER S1 E5

When: Wednesday, April 16 at 9:30 AM EDT | Presented by: Simply Cyber Media Group

S6 E5: Incident Response in ICS/OT/SCADA

How does Incident Response in ICS, OT, and SCADA work? In this episode of Simply ICS Cyber, Don and Tom welcome Kai Thomsen, Director of Global Incident Response Services at Dragos.

Join us as we answer the following questions and provide more insight into how IR works in OCS/OT/SCADA: Is DFIR the same on the OT side as the IT side? What are some of the challenges the OT DFIR team faces? In an organization, who is responsible for OT incident response? What are table tops, how should you conduct them? What are some table top exercises? How do you get into OT DFIR?

Plus, the trio will share TONS of resources for your tabletop exercise journey!

Tune in after the Daily Cyber Threat Brief!

SC MEDIA GROUP THE CYBER MENTORS ARE BACK!

When: Thursday, April 17 at 9:30 AM EDT | Presented by: Simply Cyber Media Group

S3 E1: Mastering the Art of Deception in Cybersecurity

In this episode, join John and Steve in the Season 3 premiere episode!

Discover the world of cyber deception—from classic honeypots to canary tokens and more. Learn how deception isn't just a defense tactic, but a skill every aspiring cybersecurity analyst should master.

We'll explore real-world stories, ethical considerations, and how strategic deception can give you the upper hand against attackers.

Be sure to click this link to set your reminder and meet us there! 

SIMPLY CYBER FIRESIDES FROM I.T. TO CYBER

When: Thursday, April 17 at 4:30 PM EDT | Presented by: Simply Cyber Media Group

Join host Gerald Auger, Ph.D. for an engaging conversation with Zubair Khan, a dedicated Information Security professional who has successfully transitioned from a background in Information Technology to a thriving career in cybersecurity. In this interactive session, Zubair will share his personal journey from IT to cybersecurity, highlighting the challenges and triumphs along the way.

Attendees will have the opportunity to engage in live Q&A, posing questions directly to Zubair, network with fellow professionals considering or undergoing similar career transitions, and gain actionable insights to navigate their own paths into cybersecurity.

Don't miss this chance to learn from Zubair's experience and gather valuable tips to aid your own career progression.

Join us live Thursday afternoon and bring your questions to gain answers live on stream! See you there!

SC MEDIA GROUP WEEKLY STREAM SCHEDULE

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have NEW COURSES - even free courses, including Intro to Hacking with Tyler Ramsbey - all available to help you advance in your cyber career now!

BONUS! Only one day left!!! Click this link or the image below to receive 20% OFF all courses NOW! Use the code NEWUS20 at checkout. Let’s go!