Simply Cyber Newsletter #143

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Deepfake AI Trading Scams Target Global Investors. Threat actors are exploiting AI and deepfakes to make fake trading platforms appear legitimate. They use fabricated videos of public figures, phony news articles and staged reviews to trick people into investing. These scams rely on psychological pressure, urgency and social proof to steal money and sensitive information.

What you need to know: When I think about AI and deepfake scams, it is not only about the grandchild voice scam or the CFO impersonation, but also about a growing type of fraud that may be even easier for threat actors to abuse. These scams use AI-generated videos, fake news articles, and fabricated reviews to create a false sense of legitimacy and urgency. Educate your end users about slowing down and verifying before acting on any investment opportunity or urgent online offer. If a video or ad promotes a platform, verify it through official websites, trusted financial institutions, or speaking with someone you know. Do not rely on links inside ads, social media posts, or unsolicited emails. Be cautious about requests for ID scans, credit card photos, or other personal data, as this is a common tactic to steal money and identity.

My recommendation for your business around this is to implement technical controls that require a second check before releasing money or sensitive data. This could be multifactor authentication, dual authorization, or an out-of-band verification step. Building these workflows reduces risk significantly. When planning these controls, involve your end users because they know the systems and processes most intimately, and their perspective can highlight where fraud controls should be built in.

FOR PEERS

Microsoft removes PowerShell 2.0 from Windows 11, Windows Server. Microsoft will permanently remove PowerShell 2.0 from Windows 11 and Windows Server 2025 starting in August and September. While most organizations use newer versions, legacy scripts and applications that depend on 2.0 will break. IT teams should validate dependencies and migrate tools to supported releases.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to prepare for the removal of PowerShell 2.0. The risk is not theoretical. If you upgrade and still depend on PowerShell 2.0, custom scripts, automated workflows, or nightly jobs could stop functioning. If those scripts handle reporting, data movement, or integrations, this can create an unexpected business impact. Ensure teams inventory their scripts and confirm compatibility with supported PowerShell versions before upgrading.

As mentioned on the stream, you will send this around, and people will acknowledge it, but it may not rise to the top of their list. The second those scripts fail, however, you will hear about it (don't pull your hair out).

FOR EXECUTIVES

Wikimedia Foundation loses first court battle to swerve Online Safety Act regulation. A UK court dismissed Wikipedia’s challenge against the Online Safety Act but left room for future judicial review. Ofcom has yet to decide if Wikipedia will be classified as a Category 1 service, which would impose strict verification requirements. The decision highlights regulatory risks for online platforms.

What you need to know: The Online Safety Act is designed to create a safer online environment, and the recent ruling against Wikipedia reinforces that regulators are serious about holding even knowledge platforms to higher standards. While Ofcom has not yet decided if Wikipedia qualifies as a Category 1 service, the case demonstrates how broad these requirements could become. Businesses operating online communities, hosting user-generated content, or relying on recommender systems may eventually be included. My recommendation for your business is to fully support online safety while proactively considering how identity verification, moderation, and compliance obligations could impact your operations, costs, and customer trust. While this may be a process you see down the road, you have time to strategically think about how your business could evolve to meet this requirement.

SIMPLY CYBER MEDIA GROUP PODCAST LINEUP

This Wednesday is the Premiere of Season 7 for 2 Cyber Chicks Podcast!

Visit youtube.com/@SimplyCyber/podcasts to explore all the facets of cybersecurity Simply Cyber Media Group have to offer! There’s something for everyone. #TeamSC

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

SIMPLY CYBER CON 2025

When: Sunday, Nov. 2nd & Monday, Nov. 3rd

We’re excited to share Simply Cyber Con is back for the third year in a row!

Registration is now available! Head over to the website to learn more about conference registration and training day options.

Ready to share your knowledge? Navigate to the Call For Papers section of simplycybercon.org and submit yours now!

Interested in sponsoring? Review the sponsor packet. It’s going to be the best Simply Cyber Con yet, don’t miss out on this chance to sponsor and share your business with #TeamSC!

Stay tuned for updates! #simplycybercon

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry