Simply Cyber Newsletter #138

Sponsored by

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Hundreds of Malicious Domains Registered Ahead of Prime Day. Security researchers flagged over 1,000 fake Amazon-related domains created ahead of Prime Day, most of which were malicious. These scams aim to steal your login, payment info, or gift card balance by spoofing emails, refund notices, and Amazon checkout pages.

What you need to know: You know how it goes: whenever there's a big event – Prime Day, Black Friday, even something like the World Cup or back-to-school sales – the scammers come out to play. This year, for Prime Day, it was insane. Over 1,000 fake Amazon domains popped up in June alone, and yep, most were bad news.

These folks are sending phishing emails, setting up fake checkout pages, and blasting out "urgent refund" alerts. Their whole goal is to get you to act fast, without thinking, usually when you're busy or excited. That's exactly how people lose their accounts, their hard-earned money, and their personal info.

So, here's what you absolutely need to share with your team and everyone you care about:

• Go to Amazon directly! Type "amazon.com" into your browser. Do NOT click on links in emails or texts, no matter how real they look.

I want to interrupt this list to call out the method above. I feel it has so much power and want to explain it in more detail: This habit is called out-of-band verification. It means you don’t respond through the same channel the message came in on. If I get an email, I don’t click the link, but instead, I open a browser and go straight to the site. If I get a phone call, I hang up and call back using a number I trust. Out-of-band means stepping outside the script the attacker is hoping you follow. It’s simple, but it works.

• Be suspicious of unusual or shortened links. If it doesn't clearly say "amazon.com" (or a legitimate Amazon subdomain) in the main part of the address, it's probably fake.

• Use strong, unique passwords for all your online accounts.

• Turn on two-factor authentication (2FA) for Amazon and any other important accounts. It's an extra layer of protection that can save you.

• Consider using virtual cards or payment apps for online purchases when you can. They add an extra buffer between your main bank account and potential fraud. Sure, your bank may refund you if there is fraud, but is it worth the additional and downtime that a virtual card could have saved you from?

MOST IMPORTANTLY: Slow down. Seriously. If something feels "off" whether it be an email, a text, a deal that's too good to be true, just pause. Take a second look. Verify.

Prime Day might be over, but these fake deals and scams aren't going anywhere. Let's all stay sharp and help each other avoid these traps!

FOR PEERS

RondoDox Botnet, a Stealth Malware Targeting Surveillance Systems with VPN and Gaming Traffic Camouflage. A new botnet called RondoDox is targeting embedded Linux devices used in surveillance and industrial control, exploiting recent vulnerabilities in TBK DVRs and Four-Faith routers. It cloaks its traffic to mimic gaming or VPN data, renames system binaries, and kills analysis tools to stay hidden and persist through reboots.

What you need to know: Take this story and share it. Get a conversation going with your peers about how your organization handles embedded device visibility and patching. If you're on TBK DVRs or Four-Faith routers, then updating your firmware needs to be at the top of your list. If there's no patch yet, then seriously lock down external access.

For everyone else, this is your cue to take a hard look at how exposed your connected devices really are. Do you have network segmentation set up? Are you using file integrity monitoring? Do changes to startup scripts and binaries trigger alerts? We need to encourage the treatment of these devices with the seriousness they deserve. Even if RondoDox itself doesn't directly hit you, its methods are a clear sign of how attackers are evolving to be stealthier and more persistent.

FOR EXECUTIVES

Outlook takes another sick day. Microsoft Outlook was down for over 11 hours in a global outage that impacted desktop, mobile, and web access. While service was eventually restored, the event raised fresh questions about email resilience, operational continuity, and how dependent businesses have become on a single communication platform.

What you need to know: This is the kind of outage that should spark serious reflection at the leadership level. If your business relies almost entirely on one platform like Outlook, what happens when it goes dark? In highly regulated industries, you may already have alternate communication plans in place. But ask yourself this: would your team, your partners, or your suppliers trust an unexpected email from an alternate domain? Has that backup method been vetted? Is it safe to use for sensitive business information?

Alternate channels should be more than just an idea; they should be practiced, secure, and recognized by the people you need to reach when it counts. Whether it’s a secure messaging platform, an internal site for updates, or a second verified email domain, the time to build that trust and test those processes is before the next blackout, not during it.

FROM THE DESK OF GERALD AUGER, PH.D.

Quick little pro tip that I knew but forgot and then was reminded recently. When you make a LinkedIn post, LinkedIn will only show the first 3 lines to people scrolling. They get a "...more" button they have to click.

This introduces "friction" and "action" from the viewer. Which means there’s a chance it won't happen, and they won't get to consume your great content.

Whether you like it or not we live an "attention" economy. Your LinkedIn posts are competing with everything else on LinkedIn. Now if you don’t care if people stop at your post or not, this is fine, but reach and building a network on LinkedIn has value, so I encourage you to read on.

The deal is, much like YouTube, you want a “hook.” Some phrasing that catches attention, challenges beliefs, or causing wonder. No matter what, you only have 3 lines to do it, and once someone clicks "...more" they are much more likely to read your whole post.

You can use AI to help you. Try this out next time you write a post, literally any post on LinkedIn. Put the whole post in AI and say, "I'm posting this on LinkedIn and want to get more people to click the more button and read the whole post. Help me make the first 2 or 3 lines hyper engaging and more likely to get a viewer to read my whole post."

This isn't AI generated content, its AI helping you make your content more accessible and better performing but still in your own spirit.

Hope it helps with your network growth.

P.S. Always add a graphic, video, or document to your posts. Only text will definitely underperform.

Gerry

SPONSOR POST

Clicking on the link below will directly support this newsletter and keeps it coming out every week; Thanks for clicking! 💙

Not All AI Notetakers Are Secure. Here’s the Checklist to Prove It.

You wouldn’t let an unknown vendor record your executive meetings, so why trust just any AI?

Most AI notetakers offer convenience. Very few offer true security.

This free checklist from Fellow breaks down the key criteria CEOs, IT teams, and privacy-conscious leaders should consider before rolling out AI meeting tools across their org.

Get the Security Checklist

SCMG PRESENTS SIMPLY OFFENSIVE PODCAST

Tuesday, July 15 at 9:30 PM EDT - Red Teaming vs. Pentesting, Certs That Matter, and Breaking In w/out Coding

In this episode of Simply Offensive, host Phillip Wylie welcomes offensive security veteran Ben Thal for a deep dive into the world of red teaming, penetration testing, and breaking into offensive security.

With over a decade of experience across red teaming, pen testing, and hardware hacking, Ben brings practical insights for anyone interested in or currently navigating the field.

Click here to join us, subscribe, and set your notifications!

SIMPLY CYBER ACADEMY COMMUNITY PRACTICAL CYBER WORKSHOP

Tuesday, July 15 at 9:00 PM EDT - (Late Night Live Workshop) Stealing Sessions with Evilginx: Phishing Beyond Credentials with Tyler Ramsbey

In this workshop, we'll dive into real-world offensive security techniques used by threat actors - and how defenders can spot and stop them.

You'll see a live demonstration of Evilginx, a powerful man-in-the-middle phishing framework used to steal session tokens and bypass MFA.

We'll start with WordPress enumeration, covering how attackers gather intel from users, pages, and employees to craft convincing phishing lures.

Then, we’ll move into session hijacking with Evilginx, showing how a legitimate login can be invisibly intercepted and weaponized—no passwords required.

Register to attend now and meet us there, live!

SCMG PRESENTS SIMPLY SOCIAL ENGINEERING

Wednesday, July 16 at 1:00 PM EDT - Professional Vishing and Threat Hunting with Edna Johnson

In this episode of Simply Social Engineering, host Eddie Miro is joined by Edna Jonsson, a cybersecurity engineer who applies social engineering in real-world operations.

Edna shares insights from their work in threat hunting and detection engineering, as well as competitive experience as part of the Rizz Kitties team in the Social Engineering Community Village Vishing Competition at DEF CON 32.

We also talk about building community: from helping organize DEATHCon Orlando to founding the SEA Village at BSides Tampa and Orlando.

If you're curious about what it looks like to use social engineering both defensively and offensively—professionally and competitively—this one’s for you.

Click to join us for this exciting new podcast premiere!

SIMPLY CYBER FIRESIDES PSYCHOLOGY IN CYBER OPS

Thursday, July 17 at 4:30 PM EDT - How to Protect Children from Online Predators

Learn how to protect kids from online predators from private intelligence and security professional, Charles Finfrock in this episode of Simply Cyber Firesides with your host, Gerald Auger, Ph.D.

Join us for this informative livestream where we discuss the true story of child sextortion, a growing cybercrime impacting children and teenagers all over the world.

With over 25 years of experience in national security, counterintelligence, law enforcement, security operations, anti-money laundering, and supply chain security, Charles brings knowledge and insights, and a personal perspective on child sextortion.

This is a livestream you do not want to miss - share with your network and help spread awareness. As always, there will be a LIVE Q&A - bring your questions and have them answered by the pros.

Set your notifications and meet us there Thursday afternoon.

SCMG PRESENTS SIMPLY SECURED PODCAST

Friday, July 18 at 9:30 AM EDT - Cyber & Drones: Exploring the Intersection of OSINT and Vulnerabilities

In this episode, James interviews Luke Canfield, as he shares his path into cybersecurity, which started 20 years ago and was reignited by an interest in hardware tinkering and drones.

Luke discusses how he prioritizes vulnerabilities in systems, the significance of writing detailed reports, and the challenges faced in vulnerability management.

He also touches on the emerging threats involving drones in cyber warfare, and the future role of AI in open source intelligence (OSINT). Luke shares his professional experiences, the importance of networking, and personal projects such as utilizing drones for cybersecurity purposes.

Whether you're a seasoned professional or aspiring to enter the field, Luke's insights offer a unique perspective on the evolving landscape of cybersecurity.

Join us this Friday as we explore the intersection of technology, intelligence, and defense in the digital age.

Visit youtube.com/@SimplyCyber/podcasts to explore all the SCMG podcasts!

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

SIMPLY CYBER CON 2025

When: Sunday, Nov. 2nd & Monday, Nov. 3rd

We’re excited to share Simply Cyber Con is back for the third year in a row!

Registration is now available! Head over to the website to learn more about conference registration and training day options.

Ready to share your knowledge? Navigate to the Call For Papers section of simplycybercon.org and submit yours now!

Interested in sponsoring? Review the sponsor packet. It’s going to be the best Simply Cyber Con yet, don’t miss out on this chance to sponsor and share your business with #TeamSC!

Stay tuned for updates! #simplycybercon

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry