Simply Cyber Newsletter #131

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

CFPB to withdraw rule targeting data brokers. The Consumer Financial Protection Bureau (CFPB) has dropped a rule that would’ve limited how companies collect and sell your personal data, including Social Security and phone numbers. Without the rule, data brokers can continue to sell sensitive information to marketers, scammers, or even foreign governments with fewer restrictions.

What you need to know: This isn’t one of those updates where you warn your end users about phishing or other forms of trickery. This isn't actually about reducing risk to the business but helping the people you work with reduce personal risk. That matters too.

When a rule like this gets dropped, it’s easy for people to miss what it really means. Their personal data is still being bought and sold. Their phone numbers, Social Security numbers, and even location history are on the table. No one is coming to protect that for them.

Encourage your end users to freeze their credit. Point them to resources that explain what that means and how to do it. Remind them to use strong passwords and two-factor authentication, even outside of work. Help them think critically about where they share personal info, not just professional access.

You don’t need to launch a campaign. You just need to say, ""we’ve got your back, on and off the clock.

FOR PEERS

KrebsOnSecurity Hit with Near-Record 6.3 Tbps DDoS. KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.

What you need to know: Let’s stop pretending DDoS is old-school. That myth’s dead. The latest round of attacks is short, massive, and fully transactional. You don’t need skill but only a username and $150. If your org hasn’t rechecked DDoS exposure since Mirai, this is your moment. What protections are actually in place? What fails first when it hits? Who owns response, and how fast can traffic be rerouted or scrubbed? And don’t forget your suppliers. Are your cloud providers or partners ready, or are they still betting no one notices them? Risk isn’t just about intent anymore. It’s about how cheap it is to cause damage.

FOR EXECUTIVES

FTC finalizes order requiring GoDaddy to secure hosting services. The FTC has finalized an order against GoDaddy for years of lax security, including breaches linked to weak MFA, poor asset tracking, and unmonitored environments. GoDaddy must now overhaul its security program, enforce MFA, secure APIs, and submit to independent assessments after multiple breaches exposed millions of users.

What you need to know: Shoutout to all the GRC teams walking tightropes over vendor sinkholes. The GoDaddy fallout isn’t just a technical failure, it’s a visibility failure (and that’s a leadership issue). If a provider that large can miss critical signals for years, it’s a reminder that trust without verification is risk waiting to surface. Your GRC team’s job isn’t to file reports. It’s to ask uncomfortable questions, flag weak spots, and hold third parties accountable before the breach headlines land. When they push, back them. Ask for proof, not promises. If a vendor hides behind compliance language, that’s not confidence, but camouflage. The cost of ignoring these gaps doesn’t show up in contracts - they show up in incident reports.

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry

SIMPLY CYBER MEDIA GROUP PODCAST LINEUP

Simply Cyber Media Group presents our family of cybersecurity podcasts streaming Mon/Wed/Thu mornings at 9:30 AM Eastern. More podcasts coming in Q3 2025!

• Simply Defensive - Mondays

• Simply ICS Cyber - Wednesdays (Bi-weekly)

• 2 Cyber Chicks - Wednesdays (Bi-weekly)

• Cybersecurity Mentors Podcast - Thursdays

Visit youtube.com/@SimplyCyber/podcasts to explore and learn more!

SIMPLY CYBER ACADEMY LUNCH & LEARN

Tuesday, May 27 at 1 PM EDT - Reporting phishing campaign results to executives isn't always an easy task.

Join us for another episode in Simply Cyber Academy's Lunch & Learn series to learn about practical approaches to translate phishing attack simulation data into meaningful security insights with GRC leader and instructor, Steve McMicheal.

This episode is ideal for Security professionals, IT managers, GRC specialists - and anyone responsible for security awareness programs.

Gain insights over lunch and ask your questions live on stream. Schedule a reminder!

SIMPLY CYBER FIRESIDES🔥

Thursday, May 29 at 4:30 PM EDT - Ready to explore what a career in cybersecurity sales looks like?

This week, we welcome special guest Josh Mason, an accomplished professional in Cybersecurity Sales and co-founder of Simply Defensive.

Josh will share invaluable insights from his multifaceted career journey, discussing the challenges and opportunities in cybersecurity sales, his experience as a founder, and his approach to security education. As the co-host of the Simply Defensive podcast on Simply Cyber Media Group, Josh brings a unique perspective on bridging technical security concepts with business objectives.

Set your notifications to attend and bring your questions to ask us in live chat!

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy now!