Simply Cyber Newsletter #149

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Another Steam Game Infects Players' PCs With Malware, Steals $150K in Crypto. A malicious game called BlockBlasters on Steam secretly installed malware that stole cryptocurrency from players, draining more than $150,000. The scam spread through direct messages inviting people to try the game. It shows how personal downloads and curiosity can turn into real losses—financially and through stolen personal data.

What you need to know: Educate your end users about how online games, apps, and even browser extensions can be used as Trojan horses to steal information or money. The fake Steam game BlockBlasters lured players with messages promising rewards, then secretly installed malware that hijacked cryptocurrency wallets. Victims lost more than $150,000 in total.

While gaming platforms like Steam are usually blocked at work, the habits people form at home often follow them into the workplace. Encourage users to think twice before installing software, even from trusted platforms, and to avoid clicking promotional links or messages from strangers. Remind them to keep personal and work accounts separate, store credentials only in secure password managers, and use antivirus software that scans new downloads automatically. Curiosity should never override caution.

FOR PEERS

npm Package Uses QR Code Steganography to Steal Credentials. A malicious npm package named Fezbox used an unexpected obfuscation trick: embedding its payload inside a QR code image. Once decoded, it attempted to steal browser credentials and send them to a remote server. The incident underscores why continuous dependency scanning and behavioral analysis are critical in modern software pipelines.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to detect stealthy threats within software dependencies. The Fezbox package used QR code steganography to conceal malicious code that executed after a delay to steal browser credentials. This unusual approach bypassed traditional signature-based detection, emphasizing how creative threat actors are becoming.

Peers should evaluate whether their CI/CD pipelines can detect delayed execution and encoded payloads, not just known signatures. Review who has authority to approve or publish new packages and confirm that sandbox analysis and behavioral scanning are part of the process. Discuss detection for image-based or encrypted payloads that may hide within dependencies.

Also, it is important for end users to understand that they are truly the last line of defense in some situations. Teach your end users how to recognize unsafe browser prompts, manage session data carefully, and report any signs of credential reuse or unauthorized logins immediately.

FOR EXECUTIVES

Inside the Jaguar Land Rover hack: stalled smart factories, outsourced cybersecurity and supply chain woes. Jaguar Land Rover’s cyberattack exposed the risks of outsourcing core IT and cybersecurity functions. The company’s connected “smart factory” setup prevented isolation of affected systems, forcing a global shutdown. With no active cyber insurance in place, JLR faces staggering weekly losses and an extended disruption to production and reputation.

What you need to know: This is a great example to bring to your executives for a tabletop exercise, and a reminder that outsourcing does not outsource accountability. Leaders must ensure that service contracts include immediate isolation capabilities, transparent escalation paths, and authority for internal teams to act decisively when a breach occurs. Evaluate whether your organization could continue limited operations if a vendor system failed or was compromised.

Financially, the timing was even worse. Reports indicate that JLR had not finalized cyber insurance coverage when the attack struck, leaving losses estimated at fifty million pounds per week uninsured. The combination of tight digital interdependence and insufficient risk coverage highlights a key governance lesson: operational agility means little without resilience.

If the conversation turns to this topic, be prepared to ask:

• Can we isolate vendor-managed systems during an active incident?

• Who holds final authority in a shared response scenario?

• Is our cyber insurance current and accurately scoped to our dependencies?

FROM THE DESK OF GERALD AUGER

Check out my recent experience at the BSides Greenville Conference this weekend in my LinkedIn post below:

SIMPLY CYBER MEDIA GROUP PODCASTS

This Wednesday at 9:30 AM EDT on Simply Cyber Media Group

AI isn’t just the future, it’s already here. But are businesses truly prepared to move beyond the hype and harness its full potential?

In this episode of 2 Cyber Chicks, we sit down with Santosh Kaveti, technologist, entrepreneur, investor, and CEO of ProArk. With 18+ years of experience driving innovation across 23 countries, Santosh brings unmatched insight into how AI is reshaping industries from Energy and Healthcare to Life Sciences and Manufacturing.

Join us on Wednesday: https://youtu.be/TEmnCI7rgko

This Friday at 9:30 AM EDT on Simply Cyber Media Group

Welcome back for Season 2! We kickoff with a graduating senior from Rensselaer Polytechnic University as she transitions from academic research to industry applications in the world of cybersecurity.

In this episode, we sit down with Shoshana Sugerman, to explore her journey from classroom to conference room. We delve into Shoshana's work on Grover's algorithm for quantum-enhanced threat detection and her experiences during a summer internship at Cisco.

Shoshana offers advice for aspiring cybersecurity professionals, emphasizing the importance of networking, asking questions, and embracing failures as learning opportunities.

Join us this Friday: https://www.youtube.com/watch?v=YcBkcY3zcwY

Visit https://www.youtube.com/@SimplyCyber/podcasts to catch up on all of the podcasts available on Simply Cyber Media Group!

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

Your Cyber Week at a Glance (Sept 29 – Oct 4) with Simply Cyber...

From threat briefs to community AMAs and podcasts, Simply Cyber Media Group has you covered:

Mon–Fri 📰 Daily Cyber Threat Brief – 8:00 AM EDT

🎤 Jaw Jackin’ AMA / Panel – 9:00 AM EDT

Wed, Oct 1 🎙️ 2 Cyber Chicks Podcast – 9:30 AM EDT

Fri, Oct 3 👉 Simply Secured Podcast – 9:30 AM EDT

Sat, Oct 4 🎓 Slay Security+ with SlaySecurityPlus (YouTube) – 4:00 PM EDT

💬 Discord Highlights

M–F: Pre-Show Jaw Jackin’ – 7:30 AM EDT

Thu, Oct 4: Cybersecurity Monthly Mentorship AMA – 1:00 PM EDT

Join us: simplycyber.io/learn & simplycyber.io/discord

SIMPLY CYBER CON 2025

When: Sunday, Nov. 2nd & Monday, Nov. 3rd

We’re excited to share Simply Cyber Con is back for the third year in a row!

Registration is now available! Head over to the website to learn more about conference registration and training day options.

Don’t miss the opportunity to attend onsite training in-person with the amazing instructors on Nov. 2nd!

Interested in sponsoring? Review the sponsor packet. It’s going to be the best Simply Cyber Con yet, don’t miss out on this chance to sponsor and share your business with #TeamSC!

Stay tuned for updates! #simplycybercon

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

🆕 Two New Courses Just Launched

Ready to break into offensive security? Our new "Hacking Linux" course with Ryan Yager is live and already making waves. This isn't just theory—you'll build vulnerable machines, then systematically break them down using real attack vectors like FTP, SSH, NFS exploitation, SUID bits, sudo abuse, and privilege escalation techniques. Perfect for anyone looking to understand how attackers think and move through Linux environments.

👉 Start Hacking Linux Today

For our GRC professionals, Steve McMichael brings you "Cyber Risk Management Fundamentals"—your foundation for speaking the language of business risk. Master the NIST Risk Management Framework, learn to identify and prioritize threats, and develop the skills to communicate risk effectively to stakeholders who control the budget.

👉 Master Risk Management

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry