Simply Cyber Newsletter #136

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Apple, Netflix, Microsoft Sites ‘Hacked’ for Tech Support Scams. Scammers are buying ads that send people to real sites like Apple or Netflix but use a trick to show fake tech support numbers on the site’s search pages. If someone calls these numbers, the scammers pose as official support to steal information.

What you need to know: This is a great example to share with your end users to show how convincing threat actors can be when they hijack trust. People are used to checking for misspelled domains, suspicious pop-ups, or fake websites, but here the site is completely real. The clever part is that scammers inject a phone number they control into the site’s search page, hoping no one notices. Remind your teams to always verify support numbers by visiting the company’s official homepage and using the real “Contact Us” page. Numbers in ads or search bars can be fake even if the site looks legitimate. Slowing down and verifying small details keeps information secure and helps everyone spot these simple but effective traps.

FOR PEERS

Microsoft nOAuth Flaw Still Exposes SaaS Apps Two Years After Discovery. A severe flaw called nOAuth still leaves at least 15,000 SaaS applications exposed to account takeovers through Microsoft’s Entra ID. Two years after discovery, insecure identity patterns and misconfigurations continue to put user accounts and data at risk, bypassing common safeguards like MFA.

What you need to know: Developers should see nOAuth as a clear signal to revisit long-standing identity assumptions. This threat has persisted for two years because insecure identity patterns and overlooked misconfigurations slip into production unnoticed. Take time to confirm you are not using unverified email claims as trusted user IDs. Check your OAuth and OpenID Connect flows for token validation gaps, look at cross-tenant permissions, and verify that consent scopes are limited appropriately. Review your Entra ID app settings and align them with Microsoft’s current best practices. Strong identity hygiene, verified claims, and thorough log correlation across Entra ID and your application environment can help catch signs of abuse early. Teams that share knowledge about secure identity patterns can close silent gaps that attackers count on staying hidden.

FOR EXECUTIVES

Dire Wolf Ransomware Comes Out Snarling, Bites Technology, Manufacturing. A new ransomware group known as Dire Wolf has already targeted at least 16 technology and manufacturing organizations across 11 countries since May. The group uses double extortion and custom encryptors, threatening to leak stolen data if victims do not pay demands averaging around $500,000.

What you need to know: Ransomware continues to make headlines through direct attacks and supply chain breaches that spread far beyond the original target. This is a clear reminder that ransomware readiness needs regular attention at the leadership level. New groups like Dire Wolf show how quickly threat actors adapt when well-known operations are disrupted. Now is the right moment to check that backup and recovery plans work as intended, that critical systems are secured, and that crisis and legal response steps are clear in case data is stolen and used for extortion. Board discussions should reinforce that paying ransom never guarantees privacy or control. Strong preparation, clear policies, and trusted advisors help protect operations, customer trust, and the company’s reputation when new ransomware tactics appear.

FROM THE DESK OF GERALD AUGER, PH.D.

I feel really confident about my choices I make today, in the now.

I'm sure when you make choices to, you get as much information as you can given time/resource constraints and you choose what you believe the optimal/logical choice is.

If this is true, then an odd phenomenon occurs, namely I have made some TERRIBLE choices in my life. I'll give you an example.

I've never invested money myself. I don’t have a finance degree (or clue). In 2008 I invested $2500 into Fannie Mae. I spent days (lol, even typing it cracks me up of how woefully inadequate this prep was) watching business news and I knew I was gonna have a winner!

I invested $2500. Hours later (that’s right hours), Fannie Mae and many mortgage related businesses massively failed in the housing crash of 2008. I lost $2498 - thanks for the bus fare to get home Fannie Mae.

The thing is, at the moment, I was sure I had it figured out. The reality was, I was an idiot. I share this story just as a personal reflection on my own psyche of how I view myself. I have always felt confident about my choices, yet there are numerous instances of reflecting back and saying, "wow that was dumb."

So today in 2025, I always wonder what choices I'm confidently making that 2030 version of Gerry will say, "what were you thinking?"

This keeps me grounded and hungry to keep learning, keep developing, and never feel like I've summited the mountain on personal development.

Hey! I've got plenty of terrible decisions left in me, lol.

How do you stay grounded? Any life choices you felt great about that looking back you were like "HOW DID I EVER???"

Hopefully, you've got a system to help you keep developing, too. Have a great week.

Gerry

SIMPLY CYBER MEDIA GROUP SIMPLY OFFENSIVE

Tuesday, July 1 at 9:30 PM EDT - Cracking the Offensive Security Career Code

In the inaugural episode of the Simply Offensive podcast, host Phillip Wylie interviews Michael Kim, a cybersecurity professional with a diverse background.

Michael shares his journey from music to cybersecurity, emphasizing the importance of networking, certifications, and continuous learning. He discusses the challenges of breaking into pen testing, the interview process, and the significance of coding skills in the field.

The conversation highlights the value of experience, both formal and informal, and encourages aspiring pen testers to leverage their training and connections to succeed in the industry.

Join us after the Daily Cyber Threat Brief on Simply Cyber for this exciting premiere episode of Simply Offensive - set your notifications to be there now!

Welcome to Simply Cyber Media Group, Phillip Wylie!

Visit youtube.com/@SimplyCyber/podcasts to explore all the SCMG podcasts!

SIMPLY CYBER CON 2025

When: Sunday, Nov. 2nd & Monday, Nov. 3rd

We’re excited to share Simply Cyber Con is back for the third year in a row!

Registration is now available! Head over to the website to learn more about conference registration and training day options.

Ready to share your knowledge at Simply Cyber Con? Navigate to the Call For Papers section of simplycybercon.org and submit yours now!

Interested in sponsoring? Review the sponsor packet. It’s going to be the best Simply Cyber Con yet, don’t miss out on this chance to sponsor and share your business with #TeamSC!

Stay tuned for updates! #simplycybercon

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog! New course coming soon include:

• Hands-On Phishing with Tyler Ramsbey - Release Date: July 8th

• OSINT for Pentesters with Mishaal Khan - Release Date: End of July

🎆 4TH OF JULY SPECIAL AT SIMPLY CYBER ACADEMY!!!

Starting on Tuesday, July 1st and available through Sunday, July 6th - get 20% off! Use promo code: FIREWORKS20 at checkout. https://zpr.io/SMAn94UTN4y3

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry