Simply Cyber Newsletter #128

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi. Researchers found serious flaws in Apple’s AirPlay technology that could let attackers on the same Wi-Fi network take over smart speakers, TVs, or even car systems. While Apple has patched many of its own devices, third-party products may remain unprotected for years.

What you need to know: Share this with your end users: If you use AirPlay with smart TVs, speakers, or car systems, it is time to double-check their updates. While Apple has resolved many of the issues, third-party gadgets may still be at risk, especially those you rarely think to patch. Anyone on the same Wi-Fi network could potentially gain control.

Here is what you can do:

• Secure your home router with a strong password and as Eric mentioned, think about network segmentation.

• Turn off AirPlay on devices you do not use.

• Visit the manufacturer’s website to check for updates.

• Avoid using public Wi-Fi when streaming or screen sharing.

Every device on your network matters. Do not leave one forgotten just because it plays music. Awareness is not about fear; it is about taking back control. In a connected world, security is not just a setting. It is a mindset.

FOR PEERS

SAP zero-day vulnerability under widespread active exploitation. A CVSS 10-rated vulnerability in SAP NetWeaver is being actively exploited. It allows unauthenticated file uploads that lead to full system compromise. Threat actors are deploying web shells, and researchers confirm widespread probing. SAP issued a patch, but access to the advisory requires credentials, slowing critical response.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to detect and respond to exploitation attempts targeting SAP NetWeaver. Prioritize internal communication between infrastructure, application owners, and third-party vendors who manage or monitor your SAP stack. Assume exploitation has already occurred and implement telemetry to detect unusual activity across your Java application servers. Limit internet exposure and validate that Visual Composer is not accessible externally. Patch urgently and verify deployment. It is important for end users to understand that they are truly the last line of defense in some situations, but in this case, detection and response fall heavily on security teams and SAP administrators.

If your team does not use Visual Composer, disable it entirely to reduce attack surface.

FOR EXECUTIVES

Maryland man pleads guilty to outsourcing US govt work to North Korean dev in China. A U.S. citizen secured remote developer roles with federal contractors and outsourced the work to a North Korean national in China. This misuse of identity and trust enabled unauthorized foreign access to sensitive government systems, revealing gaps in remote work oversight, labor verification, and contractor management.

What you need to know: Executives should take a hard look at how their organizations confirm who is really doing the work. Vetting résumés and checking boxes is not enough, especially when the job connects to sensitive systems or federal contracts. Review how contractors are hired, onboarded, and monitored. Make sure device access, identity validation, and location tracking are part of the process. Ask your team this question: If someone fake got through your pipeline today, how would you know? Controls should expect deception, not just mistakes.

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Find more about what’s happening this week in the Simply Cyber community, below.

Thank you and see you again next time! Have a great week, #TeamSC!

Gerry

SIMPLY CYBER DAILY CYBER THREAT BRIEF

Catch the most popular weekday cyber threat news analysis livestream around and meet the most supportive community ever, #TeamSC!

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn - also available on Apple Podcasts or your favorite podcast platform. Check out our podcast page.

SC MEDIA GROUP SIMPLY DEFENSIVE PODCAST

When: Monday, May 5 at 9:30 AM EDT | Presented by: Simply Cyber Media Group

Join hosts Josh Mason and Wade Wells as they sit down with David French for an insightful episode of Simply Defensive.

Discover David's journey from coding CCTV systems to becoming a staff security engineer at Google Cloud. Explore their discussion on detection as code, automation, detection testing, and relevant tools like Dorothy and Atomic Red Team.

Learn why coding skills are crucial for modern cybersecurity professionals, and get tips on leveraging AI in the field.

Whether you're a beginner or an experienced blue teamer, this episode is packed with valuable insights and actionable advice.

SC MEDIA GROUP 2 CYBER CHICKS PODCAST

When: Wednesday, May 7 at 9:30 AM EDT | Presented by: Simply Cyber Media Group

S6 E6: Deepfake Defense & AI Cybersecurity: Stopping Social Engineering with Aaron Painter

In this episode of 2 Cyber Chicks, Erika and Jax discuss the rapidly evolving world of AI-powered cyber threats with Aaron Painter, CEO of Nametag Inc. and a deepfake expert. With cybercriminals leveraging AI to clone voices and fabricate identities, businesses face a growing threat from social engineering attacks.

Aaron shares insights on how his company is using AI and machine learning to fight back against deepfake attacks—especially in healthcare, IT, and insurance sectors, where identity fraud is skyrocketing. We break down what deepfakes are, how they impact individuals and organizations, and why Gartner predicts that by 2026, nearly one-third of enterprises will consider identity verification unreliable due to AI-generated deepfakes.

Don’t miss this insightful conversation with one of the leading voices in AI-driven cybersecurity!

SC MEDIA GROUP CYBERSECURITY MENTORS PODCAST

When: Thursday, May 8 at 9:30 AM EDT | Presented by: Simply Cyber Media Group

Craig Sheffield shares his unconventional journey transitioning from teaching English in Taiwan to pursuing a cybersecurity career, highlighting how his background in music and audio engineering provided unexpected transferable skills. He also shares his candid experiences with Try Hack Me’s Security Analyst Level 1 certification

Join us Thursday morning on Simply Cyber Media Group!

SIMPLY CYBER FIRESIDES SUBMIT YOUR FIRST CFP

When: Thursday, May 8 at 4:30 PM EDT | Presented by: Simply Cyber Media Group

Have you wanted to submit for a talk in cybersecurity but unsure of where to start? Do you have a desire to share something you’ve learned with others in the industry but fear you may miss out during the submission process? Tune in for the upcoming Simply Cyber Firesides with host Gerald Auger, Ph.D. walking you through the steps to take with the logistics needed to rock your next talk submission.

Set your notifications and join us in live chat!

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have NEW COURSES - even free courses, including Intro to Hacking with Tyler Ramsbey - all available to help you advance in your cyber career now!

NEW FREE COURSE HOW TO BREAK INTO GRC

What’s standing in the way of your career crossover into cybersecurity? Have you heard of the Governance Risk & Compliance (GRC) function, or that’s awesome and underrated? In solving the catch 22 problem of cybersecurity hiring managers wanting experienced applicants to add value from day one, and applicants wanting a shot to get that experience, GRC is a great feeder role for you to break through.

Break into GRC with tips from Steve McMichael today and register for this course.