Simply Cyber Newsletter
Posts
Simply Cyber Newsletter #148

Simply Cyber Newsletter #148

Crush Your Week Like a Cyber Pro with Simply Cyber!

Gerald Auger & Chuck Sapp
September 22, 2025

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Google nukes 224 Android malware apps behind massive ad fraud campaign. A massive Android ad fraud scheme called SlopAds abused 224 apps with 38 million installs to generate 2.3 billion fake ad requests daily. End users unknowingly fueled the fraud, and businesses lost money through wasted ad spend and distorted marketing analytics.

What you need to know: Educate your end users about cautious app downloads, and raise awareness with marketing teams about ad fraud’s financial impact. The SlopAds campaign abused 224 malicious apps, downloaded 38 million times, to create over 2 billion fake ad requests daily. For end users, this shows that even apps from Google Play can quietly abuse devices and fuel fraud. For marketing teams, it highlights how fraud directly wastes advertising dollars and corrupts campaign analytics with fake impressions and clicks.

The clear takeaway is twofold: employees should avoid unverified mobile apps, and marketing leaders should build ad fraud monitoring into their strategy. Treating ad fraud as both a user behavior risk and a governance issue ensures protection of budgets and data integrity.

FOR PEERS

Microsoft to force install the Microsoft 365 Copilot app in October. Microsoft will begin force-installing the Microsoft 365 Copilot app on Windows devices outside the EEA starting in October, completing by mid-November. The app will appear in the Start Menu and be enabled by default, though admins can opt out in the Apps Admin Center.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to prepare for Microsoft’s forced rollout of the 365 Copilot app starting in October. The app will automatically install on Windows devices with Microsoft 365 desktop clients (outside the EEA), appear in the Start Menu, and be enabled by default. While Microsoft frames this as a way to simplify access, it could lead to user confusion, support tickets, or policy concerns. Admins can opt out in the Apps Admin Center, but proactive planning is key. Coordinate with your help desk and comms teams now to prevent confusion and disruption later.

One last thought around all of this: while Microsoft frames this as simplifying access, it also raises governance questions around how Copilot will interact with organizational data, what safeguards exist, and which users should be permitted access.

FOR EXECUTIVES

FBI warms of Salesforce attacks by UNC6040 and UNC6395 groups. The FBI warns that cybercriminal groups are targeting Salesforce platforms through employee scams and compromised third-party apps to steal customer data for extortion. Major firms have been hit, making this not just a security issue but a business risk tied to trust, compliance, and reputation.

What you need to know: The FBI recently issued an alert warning that two cybercriminal groups are increasingly targeting Salesforce platforms to steal sensitive customer data and use it for extortion. Their tactics include tricking employees through phone calls that mimic IT support and exploiting malicious app integrations that bypass normal security controls. Once access is obtained, attackers can exfiltrate large customer databases and pressure organizations into paying to prevent public exposure.

While the technical details matter to security teams, the broader issue for executives is the impact on customer trust, regulatory compliance, and business continuity. The organizations named in the alert are household brands, which underscores that the reputational and financial consequences can be severe. Executives may want to consider whether current governance structures treat Salesforce and its integrations as critical infrastructure. It may also be worth reviewing with leaders across IT, help desk, marketing, and finance whether policies for approving third-party apps, training employees against scams, and responding to potential data exposure are aligned. By raising these conversations, executives can help ensure the business is positioned to withstand both manipulation and the loss of confidence that follows.

SIMPLY CYBER MEDIA GROUP PODCASTS

This Wednesday at 9:30 AM EDT on Simply Cyber Media Group

Industrial control systems (ICS) and operational technology (OT) are the backbone of modern society—powering electricity, water, gas, communications, manufacturing, chemicals, and even medical technology. But what happens when these systems must be secured in the middle of a warzone?

On this episode of Simply ICS Cyber, hosts Don C. Weber and Tom VanNorman sit down with special guest Patrick C. Miller, President & CEO of ‪Ampyx Cyber‬, a company dedicated to protecting the industrial world.

This is a rare opportunity to hear experts break down industrial cybersecurity in the harshest conditions. Whether you’re in IT, OT, or just want to understand the stakes, you’ll walk away with practical lessons and a deeper appreciation of what’s at risk.

Join us on Wednesday: https://youtu.be/yjgoVXcfuHM

Visit https://www.youtube.com/@SimplyCyber/podcasts to catch up on all of the podcasts available on Simply Cyber Media Group!

SIMPLY CYBER FIRESIDES

This Thursday at 4:30 PM EDT on Simply Cyber

🔥 In this episode of Simply Cyber Firesides, host Gerald Auger, Ph.D. sits down with AJ, U.S. Army veteran, co-founder of ByteChek, and Director of GRC Engineering at Aquia, to talk about the evolving world of GRC (Governance, Risk, and Compliance) engineering in cybersecurity.

AJ brings a wealth of expertise to the discussion, holding six AWS certifications — including the AWS Solutions Architect – Professional and AWS Security – Specialty — along with the CISSP. With over a decade of experience spanning military service, consulting, and leadership roles, he has built a reputation as a thought leader in cloud security, compliance automation, and governance frameworks.

A regular speaker at SANS Cloud Security events, including the BIPOC in Cloud Forum and CloudSecNext Summit, AJ has also contributed to major publications like CISOMag, InfosecMag, HackerNoon, and ISC2. His work continues to shape the conversation around how organizations can align security and compliance through modern engineering approaches.

Tune in live to hear AJ share his journey, explore what GRC engineering really means in practice, and offer insights for professionals looking to grow their careers in this vital area of cybersecurity.

Join #TeamSC in chat and bring your questions! https://www.youtube.com/live/CsaYycDXQWE

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

⚡ New Week, New Cyber Insights! ⚡

Here’s your chance to catch the best minds in cybersecurity, live all week long with Simply Cyber Media Group:

Mon, Sept 22