Simply Cyber Newsletter #135

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with macOS Backdoor Malware. Threat actors are now using fake Zoom meetings, deepfaked company executives, and phony audio issues to trick remote workers into downloading malware. These attacks are crafted to look legitimate, and they target professionals in industries like cryptocurrency and finance where trust and urgency are exploited.

What you need to know: Forget the specifics of this article and think about all the ways something like this could happen. This isn’t just about crypto or deepfakes. It could be a job interview, a virtual coffee, a vendor intro, or someone “friendly” from a Discord group. That’s the point; it feels normal until it’s not. If your organization has approved platforms like Teams or Meet, tell your end users that it’s okay to say no when someone asks to switch tools, especially last-minute. Push back on urgency. Warn them about mid-call download prompts or “fix your mic” tricks. These aren’t technical hacks, they're trust hijacks. Copy this message and send it to your team. Share it with people who meet online for work or personal reasons. This one’s worth talking about before it spreads further.

FOR PEERS

Scattered Spider is now targeting major insurance companies using social engineering tactics that bypass MFA and manipulate help desks. This group is fluent in both language and process, allowing them to convincingly impersonate staff and trick support teams. Enterprises with large or outsourced IT support should take this threat seriously.

What you need to know: Now is the right time to revisit your help desk protocols. Have a conversation with your internal support teams and your external contractors to walk through exactly how account resets and MFA setup are handled today. Do staff know what good verification looks like in a real-world scenario? Are they equipped to handle high-pressure requests from someone impersonating a VIP or internal IT? Make sure sensitive accounts, including those belonging to admins, executives, and service accounts, are flagged for enhanced scrutiny and layered validation. Review escalation paths, role-based access controls, and how suspicious activity is reported or paused mid-process. Don’t assume these controls exist, but verify them. This threat group counts on gaps between policy and execution, especially where trust and routine intersect.

Review Help Desk protocol and speak with your contractors - what does it look like to reset credentials, setup MFA, work through what type of verification needs to happen, IT accounts, VIP accounts get flagged for additional levels of scrutiny and validation.

FOR EXECUTIVES

Danish government agency to ditch Microsoft software in push for digital independence. European governments are moving from Microsoft to open-source software, aiming for "digital sovereignty" and cost savings. This strategic trend highlights a global re-evaluation of dependence on major tech firms for core business functions, forcing conversations about cost versus control.

What you need to know: "Speak with your senior leaders about this concept: When major platform shifts are discussed, the conversation rightly focuses on cost and vendor independence. The hidden variable to consider is the tax on your workforce's productivity and attention. Introducing new, unfamiliar tools, even simple ones, creates a learning curve that temporarily slows operational speed.

More subtly, when your team is focused on navigating a new system, their guard can be lower. This cognitive overload makes them more susceptible to mistakes, including security errors like clicking on a convincing phishing link that looks slightly different in a new email client. It's a critical, temporary vulnerability created by the change itself, and it's a risk worth discussing before any migration.

FROM THE DESK OF GERALD AUGER, PH.D.

I'm constantly reading, and typically its a non-fiction book to help me develop a new skill or see an existing skill in a new light. But when I relax, I run. But running is a physical activity and my brain is bored, so I'll listen to a fiction audio book.

Recently, I started "The Martian" from Andy Weir. Most people are familiar with the successful movie adaptation starring Matt Damon (Go Boston!), but like most situations the book outshines the movie.

Although only about 10 chapters in, the book style is engaging, delivering its content as journal entries of a human trapped on Mars gripping with survival in an incredibly logical approach.

I love analysis and problem solving and this book checks it off, plus the writing style truly captures the personality and vibes of the main character who is basically the only person the reader interacts with.

If you're looking for rabbit hole to fall down into and be entertained while mentally stimulated, scoop up The Martian! I'm loving it.

Also side note if you're curious, my non-fiction book I'm currently reading is "Get Over Yourself," a book on delegating and not trying to do all the things by yourself.

The Martian: https://amzn.to/3HSLwR4 Get Over Yourself: https://amzn.to/4jVooyF

SIMPLY CYBER LUNCH & LEARN

Tuesday, June 24 at 1:00 PM EDT - Fast Track to Domain Dominance

Ever wonder why companies with "secure" systems still get pwned? The answer lies in how hackers think versus how defenders think. While blue teams often view security linearly ("if this is secure, that can't be hacked"), attackers see everything as an interconnected graph of opportunities. Join us for an eye-opening session on Active Directory security and Bloodhound with red team expert Ryan Yager!

In this hands-on demonstration, Ryan will expose the critical gap in defensive thinking using BloodHound - the open-source tool that reveals hidden privilege relationships in Active Directory environments that both red and blue teams rely on for deeper environmental understanding.

This Lunch & Learn is perfect for cybersecurity professionals wanting to think like an attacker, blue team members looking to strengthen their defenses, IT professionals responsible for Active Directory security, and anyone curious about real-world attack methodologies.

Set your notifications to attend!

TEAM SIMPLY CYBER METACTF FLASH CTF

Thursday, June 26 from 5-7 PM EDT - Register to be a part of TEAM SIMPLY CYBER!

Every month we gather as community members and represent Team Simply Cyber in the MetaCTF Flash CTF event! Be sure to elect to be a part of Team Simply Cyber before the event starts! Did we mention it’s free to enter?

The top 3 participants pick 2 prizes from some amazing prizes - click here to check them out and register.

In addition, as a Simply Cyber Team Member who gets the highest score, you also gain a special Discord badge in the Simply Cyber Discord!

SIMPLY CYBER MEDIA GROUP PODCAST LINEUP

Simply Cyber Media Group presents our family of cybersecurity podcasts! We are on break until Q3, but check out the podcast episodes you may have missed in the meantime.

More podcasts coming in Q3 2025!

• Simply Defensive - Mondays

• Simply ICS Cyber - Wednesdays (Bi-weekly)

• 2 Cyber Chicks - Wednesdays (Bi-weekly)

• Cybersecurity Mentors Podcast - Thursdays

Visit youtube.com/@SimplyCyber/podcasts to explore all the podcasts!

SIMPLY CYBER CON 2025

When: Sunday, Nov. 2nd & Monday, Nov. 3rd

We’re excited to share Simply Cyber Con is back for the third year in a row!

Training Day is Sunday and the Main Conference is Monday at the Charleston Downtown Marriott. Check out the conference website for details currently available at simplycybercon.org.

Registration for training and the conference is coming soon - hotel room block is available now.

Interested in sponsoring? Reach out to Gerry and let him know, sponsor packet coming soon. It’s going to be the best one yet! Stay tuned for updates! #simplycybercon

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

COMING SOON:

• Hands-On Phishing with Tyler Ramsbey - Release Date: July 8th

• OSINT for Pentesters with Mishaal Khan - Release Date: End of July

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry