Simply Cyber Newsletter #127

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

New payment-card scam involves a phone call, some malware and a personal tap. Criminals are using a sophisticated scam that tricks people into installing malware on their Android phones, then steals payment card details using the phone’s NFC technology. Victims are lured with fake bank alerts, pressured to provide PINs, lift spending limits, and scan their cards near the infected device.

What you need to know: Use the template below to share with your end users.

Subject: When Security Feels Wrong, Trust That Instinct

Team,

Attackers are not just targeting technology anymore - they are targeting your judgment. A new scam abroad shows how easily urgency, fear, and fake authority can be used to push people into ignoring their instincts.

[link to article]

Here is the takeaway: Real security strengthens your protections. It never asks you to hand over PINs, lift spending limits, or scan payment cards through unfamiliar apps. If something feels wrong, that feeling is your early warning system. Trust it. Pause. Verify independently through trusted channels before taking any action.

In security, your instincts are not the problem. They are part of the defense.

[Signature].

FOR PEERS

Attackers hit security device defects hard in 2024. Mandiant’s new M-Trends report highlights that exploits of security devices like VPNs, firewalls, and routers were the most common way attackers broke into networks in 2024. Lightweight edge devices, often lacking advanced monitoring, continue to be prime targets for both espionage and ransomware groups.

What you need to know: Bring your peers into a discussion about how edge devices are being managed, monitored, and updated across your environment. Start by asking: When was the last time we fully reviewed firmware versions, support status, and segmentation practices around VPNs, firewalls, and routers? Challenge any assumption that "secured" means "safe." Critical devices deserve the same attention as any other high-value asset. If gaps exist such as missing logs or weak access controls, flag them early.

FOR EXECUTIVES

Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year. According to Verizon’s latest Data Breach Investigations Report, third-party breaches doubled last year, rising to 30 percent of confirmed incidents. Weak supply chain controls, credential misuse, and delayed vulnerability fixes continue to widen attack paths and deepen organizational risk.

What you need to know: Speak with your business leaders about reshaping how trust is extended across partnerships. Your security perimeter is no longer where your network ends. It is everywhere your trust extends. Treat third-party relationships as active extensions of your own risk landscape. Set expectations early by requiring practices like MFA, minimal access, and fast credential response as part of vendor selection. If a partner cannot meet essential security standards, be prepared to find alternatives. True defense is not built on hope or trust alone. It is built through deliberate choices that prioritize resilience at every connection point.

Lastly, have an alternate plan if critical services depend on a third party that might not always be there.

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Find more about what’s happening this week in the Simply Cyber community, below.

Thank you and see you again next time! Have a great week, #TeamSC!

Gerry

SIMPLY CYBER DAILY CYBER THREAT BRIEF

Catch the most popular weekday cyber threat news analysis livestream around and meet the most supportive community ever, #TeamSC!

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn - also available on Apple Podcasts or your favorite podcast platform. Check out our podcast page.

SC MEDIA GROUP BREAKING BARRIERS IN CYBER

When: Monday, April 28 at 9:30 AM EDT | Presented by: Simply Cyber Media Group

S3 E4: Breaking Barriers in Cybersecurity with Eddie Miro

Josh Mason and Wade Wells bring us an exciting episode of Simply Defensive, featuring special guest Eddie Miro. Eddie shares his journey in cybersecurity, offering insights into his experiences at DEFCON, the creation of Octopus Game, and his mission to make cybersecurity more inclusive.

Join us as we talk about the benefits of Capture the Flag (CTF) competitions and how they can help new entrants feel comfortable and connected in the cybersecurity community. Learn about the importance of diversity in cybersecurity, tips for getting started with CTFs, different types of CTFs, and how networking can make a significant impact on your career.

Don't miss out on this engaging conversation packed with practical advice and inspiration for both beginners and seasoned cybersecurity professionals.

SC MEDIA GROUP SIMPLY ICS CYBER FRAMEWORK

When: Wednesday, April 30 at 9:30 AM EDT | Presented by: Simply Cyber Media Group

S1 E6: ISA/IEC 62443 Cybersecurity Framework

In this episode of Simply ICS Cyber, Don and Tom interview their guest, Jim Gilsinn. Together they discuss the ISA/IEC 62443 Framework and answer the questions:

- What is ISA/IEC 62443 Series of Standards and how do they help?

- How do you get access to the ISA/IEC 62443 documents?

- How can you help improve the standards?

Tune in to get the answers to these questions, and more!

SC + ANTISYPHON TRAINING CIS CONTROLS 18 AUDITING WITH GERALD AUGER

When: Wednesday, April 30th from 12-1 PM ET | Presented by: Antisyphon Training

PreShow Banter starts at 11:30 AM ET, come show your support and learn more about the CIS controls for auditing! Register now for the Anti-Cast, CIS Controls 18 Auditing: Prep to Reporting with Gerald Auger.

SC MEDIA GROUP MASTERING CYBERSECURITY PT. 1

When: Thursday, May 1 at 9:30 AM EDT | Presented by: Simply Cyber Media Group

S3 E3: Mastering Cybersecurity: Part 1 - Why Learning How to "Build" is Essential

In this episode, join your co-hosts, John and Steve, as we delve into the often-overlooked yet fundamental importance of learning how to "build" systems, networks, and applications for cybersecurity professionals.

Coining the philosophy "Build, Secure, Hack," we explore why hands-on experience in building provides an essential foundation for effectively securing and ultimately understanding how to hack those environments.

We discuss the pitfalls of skipping these foundational IT skills, highlight the immense value of setting up a home lab for practical learning, and offer concrete examples of what to build to enhance your cybersecurity expertise and career prospects in today's job market.

Join us Thursday morning on Simply Cyber Media Group!

SIMPLY CYBER FIRESIDES CLOUD SECURITY

When: Thursday, May 1 at 4:30 PM EDT | Presented by: Simply Cyber Media Group

Join cybersecurity expert Gerald Auger, Ph.D., for another episode of Simply Cyber Firesides with special guest, Christophe Limpalair, Founder of Cybr.

In this livestream, we'll thoroughly explore cloud security challenges and solutions with Christophe, an entrepreneur who has dedicated his career to bridging the gap between technology and business.

Having built multiple tech companies from the ground up, Christophe now leads Cybr, an organization tackling one of the industry's most pressing problems: the global cybersecurity skills shortage.

We'll explore: The current state of cloud security, How orgs can better understand their security needs, Strategies for finding and developing cybersecurity talent, Practical approaches to closing the cybersecurity skills gap.

📣 LIVE Q&A: This is YOUR opportunity to engage with industry experts! We'll be answering questions from the live chat throughout the stream, so bring your cloud security questions, career inquiries, or thoughts on the cybersecurity talent landscape.

Don't miss this chance to learn from Christophe's unique perspective at the crossroads of technology, business, and security education.

SC QUARTERLY MEETING STATE OF SIMPLY CYBER

When: Friday, May 2 at 3:00 PM EDT | Presented by: Simply Cyber Media Group

Simply Cyber continues to expand every quarter, thanks #TeamSC! We are committed to sharing what we accomplished together as a community, review where we've been, and discuss where we are going with goals for the second half of 2025.

Updates on the State of Simply Cyber include:

➡️ SC Academy - More Cybersecurity courses at Pay What You Can pricing, even free.

➡️ SC Community - What's happening in Discord?

➡️ SC Media Group - Upcoming podcasts and content.

Bring your questions and drop them in live chat to get answers live on stream.

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have NEW COURSES - even free courses, including Intro to Hacking with Tyler Ramsbey - all available to help you advance in your cyber career now!