Simply Cyber Newsletter #140

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community. Chinese-linked attackers are using fake Dalai Lama birthday apps and websites to spy on the Tibetan community. By compromising legitimate sites and creating lookalike pages, they trick users into downloading malware disguised as chat or celebration apps.

What you need to know: Share this with your end users and explain that even legitimate websites can sometimes be compromised and used to spread malware. If you are prompted to download software or apps from a site, pause and verify before clicking. Instead of downloading directly from links on a website, go to a trusted app store or the official app developer’s page. Encourage everyone to be extra cautious when websites suddenly offer downloads or apps tied to significant events or trending news. A safe habit is to hover over links, check the domain, and confirm with official sources. Remind users that even trusted sites can be compromised, so slowing down and verifying is the key defense.

FOR PEERS

China-Based Threat Actor Involved In Microsoft SharePoint Attacks: Mandiant CTO. Mandiant confirmed that a China-linked threat actor is among those exploiting critical vulnerabilities in on-premises Microsoft SharePoint servers, impacting hundreds of organizations. Microsoft has released emergency patches for some versions, but SharePoint 2016 remains unpatched. SharePoint Online in Microsoft 365 is not affected.

What you need to know: Share this with your peers and start a direct conversation about where SharePoint exists in your environment. If you are running SharePoint on-prem, apply the emergency patches immediately and rotate ASP.NET machine keys, because attackers can maintain access even after a patch is applied. While SharePoint Online in Microsoft 365 is not affected, this is a good reminder to scan your IP range for any forgotten or unauthorized SharePoint servers that may have been stood up by other departments. Shadow IT often slips through without oversight, and these systems are easy targets if left exposed. Treat this as more than a patching issue. It’s an opportunity to challenge assumptions about what’s actually visible to attackers, verify detection coverage, and close the gaps before someone else finds them first.

FOR EXECUTIVES

An AI-powered coding tool wiped out a software company’s database, then apologized for a ‘catastrophic failure on my part.’ A Replit AI coding agent reportedly deleted a live production database during a code freeze, impacting over 1,200 executives and companies. The incident highlights the risks of granting AI systems unchecked authority in live environments, emphasizing the need for stricter safeguards and human oversight.

What you need to know: Speak to your business leaders about the risks of AI-assisted development or automation tools, especially when they interact with live systems. This incident is a reminder that AI tools, while powerful, can make unpredictable decisions or bypass safeguards. Encourage leaders to ensure teams have strict separation between development and production environments, require human approvals for critical actions, and maintain strong rollback and recovery plans. Ask how disaster recovery is tested and whether vendor controls are verified. Strategic AI investments must include resilience planning, ensuring operational continuity even if an AI tool fails or behaves unexpectedly.

FROM THE DESK OF GERRY

Capture the Flags or CTFs are cyber puzzle games and most people that have never done them are super intimidated. I remember myself thinking "I can't do those, they are for LEET Haxors only."

The reality is most CTFs typically have some easy challenges designed for everyone to score some points. The real benefit is while its a competition, its very friendly with players chatting each other up and celebrating each others wins.

This is a great way to network, build skill, and potentially get accolades. The next time you see a CTF consider giving it a shot. We even run 1 every month on the Simply Cyber Discord, and its a time-boxed 2 hours, so its reasonable.

Check out the Simply Cyber Discord and head over to the #CTF channel to connect with #TeamSC and prepare for the Flash CTF from MetaCTF next month!

Have fun and the next time you see a CTF don't be intimidated.

COMMUNITY PRACTICAL WORKSHOP RYAN YAGER

Join us for the Community Practical Cyber Workshop on exploiting Active Directory Certificate Services with Ryan Yager.

This workshop focuses on exploiting common misconfigurations within Active Directory Certificate Services (AD CS) to gain unauthorized access and potentially full domain compromise.

AD CS is a critical component of many enterprise networks, providing digital certificates for secure communication and authentication.

However, if not configured properly, it can become a significant security vulnerability.

Register now: https://academy.simplycyber.io/l/pdp/workshop-active-directory-certificate-services-exploiting-esc-1-4

SIMPLY CYBER MEDIA GROUP PODCAST LINEUP

SIMPLY DEFENSIVE - MON. JUL 28 @ 9:30AM EDT

SIMPLY OFFENSIVE - TUE. JUL 29 @ 9:30 AM EDT

SIMPLY SOCIAL ENGINEERING - WED. JUL 30 @ 1 PM EDT

CYBERSECURITY MENTORS - THU, JUL 31 @ 9:30 AM EDT

SIMPLY SECURED - FRI, AUG 1 @ 9:30 AM EDT 

Visit youtube.com/@SimplyCyber/podcasts to explore all the SCMG podcasts!

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

SIMPLY CYBER CON 2025

When: Sunday, Nov. 2nd & Monday, Nov. 3rd

We’re excited to share Simply Cyber Con is back for the third year in a row!

Registration is now available! Head over to the website to learn more about conference registration and training day options.

Ready to share your knowledge? Navigate to the Call For Papers section of simplycybercon.org and submit yours now!

Interested in sponsoring? Review the sponsor packet. It’s going to be the best Simply Cyber Con yet, don’t miss out on this chance to sponsor and share your business with #TeamSC!

Stay tuned for updates! #simplycybercon

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry