Simply Cyber Newsletter #152

In partnership with

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Microsoft warns of a 32% surge in identity hacks, mainly driven by stolen passwords. Hackers are not breaking in using advanced techniques. They are logging in with real usernames and passwords stolen from other breaches. Microsoft reports that more than 97 percent of identity attacks involve stolen passwords. If you reuse passwords anywhere, you are exactly who they are targeting.

What you need to know: "Educate your end users about the fact that most cyberattacks today begin with someone logging in using a stolen password that was leaked somewhere else. Microsoft confirms that more than 97 percent of identity attacks are password attacks, almost all of them powered by credentials sold on the dark web or harvested by malware. If someone reuses a password across multiple websites, attackers will try that same password on work accounts, banking apps, streaming services, and more. This is not a technical exploit, but a tactic used simply by logging in and hoping the password still works.

Encourage the use of unique passwords on every account and enable multifactor authentication wherever it is offered. And ask one crucial question before trusting any service with personal or financial information: Does it provide security tools such as MFA or login alerts? If a service does not offer ways to protect your login, it may not deserve your information.

FOR PEERS

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks. Storm-2603 ransomware operators abused the Velociraptor DFIR tool in live attacks, exploiting an outdated vulnerable version to escalate privileges and disable defenses before deploying multiple ransomware families, showing deliberate weaponization of legitimate security tools.

What you need to know: Share this with your peers and use it to drive a real security conversation. Storm-2603 abused an older version of Velociraptor, a legitimate DFIR tool, to escalate privileges, disable protections, and deploy ransomware. This is not surprising. Tools like Velociraptor are built to operate with deep system access and rapid response capabilities, which also makes them ideal for threat actors to repurpose for offense.

The question is not whether your organization uses Velociraptor. The question is whether you have visibility and detections in place if a trusted security tool suddenly behaves like an attacker. Do you know what normal usage of your DFIR or administrative tools looks like? Do you treat their activity as benign by default? Would you detect malicious GPO changes or lateral movement if it came from a tool your SOC approved? If the answer is no or uncertain, that is where your next defensive effort needs to begin.

FOR EXECUTIVES

Dutch government puts Nexperia on a short leash over chip security fears. The Dutch government has taken direct control oversight of Chinese-owned chipmaker Nexperia to prevent possible transfer of critical technology. This signals that governments are now willing to intervene inside private companies to protect national economic and supply chain security before any breach or incident even occurs.

What you need to know: This move reflects a major shift in how governments are treating critical technology and supply chains. The Dutch government did not wait for a breach or failure. It acted in advance based on ownership and governance risk, using emergency powers to freeze Nexperia’s ability to make decisions that could affect national interests.

This is part of a global pattern. Strategic industries such as semiconductors, AI, cloud infrastructure, and even healthcare logistics are no longer seen as purely private business domains. They are now considered national security assets. That means board decisions involving ownership, data, or foreign influence can trigger direct government intervention.

Every executive should be asking:

• Could government intervention disrupt us if our ownership or suppliers became a perceived risk

• Do we know which parts of our business regulators would classify as strategically sensitive

• Are we treating supply chain and ownership exposure as geopolitical risk, not just operational risk

If government intervention is now proactive, leadership strategy must be the same.

The Tech newsletter for Engineers who want to stay ahead

Tech moves fast, but you're still playing catch-up?

That's exactly why 100K+ engineers working at Google, Meta, and Apple read The Code twice a week.

Here's what you get:

• Curated tech news that shapes your career - Filtered from thousands of sources so you know what's coming 6 months early.

• Practical resources you can use immediately - Real tutorials and tools that solve actual engineering problems.

• Research papers and insights decoded - We break down complex tech so you understand what matters.

All delivered twice a week in just 2 short emails.

Join 100K+ engineers

SIMPLY CYBER MEDIA GROUP PODCAST HIGHLIGHT

Monday at 9:30 AM ET on Simply Cyber Media Group

What happens when you go from fixing executives’ laptops at Goldman Sachs to defending against cyber threats in a SOC?

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells sit down with Kevin Apolinario — better known as KevTech — to unpack his journey from IT support to cybersecurity analyst, all without a single certification.

Kev gets real about what it’s actually like to land your first SOC role: the flood of alerts, the burnout, learning Excel the hard way, and relying on ChatGPT to survive scripting. He also shares how TryHackMe, Hack The Box, and constant hands-on practice built the foundation for his success.

If you’ve ever wondered what breaking into cybersecurity really looks like, this conversation pulls back the curtain — no fluff, no spin, just honest talk from the trenches. Join us: https://youtu.be/xtGd9ysuj_8

Visit https://www.youtube.com/@SimplyCyber/podcasts to catch up on all of the podcasts available on Simply Cyber Media Group!

SIMPLY CYBER FIRESIDES TYLER RAMSBEY

Next Thursday at 4:30 PM ET on Simply Cyber

From Hacker to Founder with Tyler Ramsbey - hacker, sr. pentester, community founder at Hack Smarter, mentor, and now founder and Principal Security Consultant at Kairos Sec.

Tyler recently made the bold leap from a desirable full-time pentesting role to launching his own cybersecurity company - and he’s pulling back the curtain on what that journey really looks like.

In this live conversation, we’ll cover: 💥 What it takes to start your own cyber company 🧠 Lessons learned from years in offensive security 💻 Insights into pentesting, hacking, and content creation 🚀 The risks, rewards, and mindset shifts of becoming a founder

Plus, live audience Q&A throughout the show!

Bring your questions and join the chat as we explore how one hacker turned his passion into a business built on cybersecurity excellence. 🔒

Don’t miss it - this is where cyber careers, leadership, and entrepreneurship collide: https://simplycyber.io/streams

SIMPLY CYBER CON 2025

When: Sunday, Nov. 2nd & Monday, Nov. 3rd

We’re excited to share Simply Cyber Con is back for the third year in a row!

Registration is now available!

Head over to the website to learn more about conference registration and training day options.

SIMPLY CYBER CON IN-PERSON TRAINING: GRC RISK

Check out the short below to learn more about the GRC training option with Steve McMichael at Simply Cyber Con 2025:

Don’t miss the opportunity to attend onsite training in-person with the amazing instructors on Nov. 2nd!

Stay tuned for updates! #simplycybercon

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

Join us for learning and networking: simplycyber.io/learn & simplycyber.io/discord

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry