Simply Cyber Newsletter #154

Crush Your Week Like a Cyber Pro with Simply Cyber!

AuthorAuthor

Gerald Auger & Chuck Sapp
November 03, 2025

In partnership with

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Why You Should Swap Passwords for Passphrases. Security experts are updating password guidance. Instead of using complex combinations of symbols and numbers, they now recommend long passphrases made of random words. A 16-character passphrase is far stronger than an eight-character “complex” password, making it much harder for attackers to guess or brute-force.

What you need to know: Educate your end users about why password length matters more than complexity. Attackers can test billions of guesses per second, so short, complicated passwords are no longer reliable. The best defense is a long passphrase made of unrelated words.

For example, your retro-themed phrase “rewind-walkman-slurpee-rundmc” is fun and memorable. It’s useful for showing the concept, but not ideal if someone knows you love that stuff. A stronger, less personal example might be “sunflower-nightmare-algorithm-pizza.” It feels random and unpredictable.

To go further, consider salting your passphrase. Pick a short secret word that only you know and insert it somewhere specific. If your salt is “lantern,” your passphrase could become “lantern-sunflower-nightmare-algorithm-pizza.” This private twist gives you an edge if a password vault or breach ever exposes your stored passwords.

And what if we decided our salt always began at the 13th character of every passphrase, or counting back from the end, just to really mix things up? Security can still be creative, and the smallest unique habits can make a big difference.

FOR PEERS

New Android malware mimics human typing to evade detection, steal money. Researchers discovered a new Android banking malware called Herodotus that mimics human typing patterns to avoid detection. It can remotely control infected phones, steal credentials, and intercept SMS codes. Campaigns are active in Italy and Brazil, with fake overlays targeting banking and cryptocurrency apps worldwide.

What you need to know: Share this story with your peers and have conversations about how well your detections handle automation that behaves like a person. Herodotus shows how attackers are adapting to bypass behavioral analytics by imitating real typing speed and pauses. This evolution challenges the reliability of fraud systems that depend only on interaction tempo or cadence. Analysts should review how their visibility stack distinguishes between real users and remote control. Look for signs of consistent timing intervals, beaconing, or hidden command activity within normal traffic. Tools such as RITA from Black Hills Information Security can help uncover these patterns. The goal is not just to detect malware but to detect mimicry. The more attackers study human behavior, the more your detections must learn to recognize its counterfeits.

FOR EXECUTIVES

Business rival credits cyberattack on M&S for boosting profits. Marks & Spencer suffered a cyberattack that disrupted operations from April through July, costing an estimated £300 million. Competitor Next saw a 7.6% sales increase and raised its profit forecast, crediting “competitor disruption.” Other retailers with strong online presence also benefited, highlighting resilience gaps in digital operations.

What you need to know: When one brand’s cyber incident becomes another’s opportunity, the issue is not what failed but who was ready. Next gained customers because its systems stayed stable while M&S struggled for months. The question is how quickly we could recover if a similar disruption occurred. Cyber investments are often justified only after loss, but should approval for additional funding hold more value when eight percent of our customers turn to a competitor? This is the time to have that conversation with leadership. Identify where downtime would hit hardest and where recovery funding remains thin. The discussion is not about risk theory. It is about protecting customer loyalty before the market makes that decision for us.

Looking for unbiased, fact-based news? Join 1440 today.

Join over 4 million Americans who start their day with 1440 – your daily digest for unbiased, fact-centric news. From politics to sports, we cover it all by analyzing over 100 sources. Our concise, 5-minute read lands in your inbox each morning at no cost. Experience news without the noise; let 1440 help you make up your own mind. Sign up now and invite your friends and family to be part of the informed.

SIMPLY CYBER MEDIA GROUP PODCAST HIGHLIGHT

The growing need for visibility and response in industrial environments is driving more organizations to consider ICS/OT Security Operations Centers — but what does that actually look like for small and medium-sized operations?

In this episode of Simply ICS Cyber, Don and Tom sit down with Dan Gunter, CEO and founder of Insane Cyber, to discuss how ICS/OT SOCs function, what data truly matters for monitoring, and how incident response changes when operators have (or don’t have) the right information at hand.

Drawing on experience from the Air Force CERT to founding an OT-focused security company, Dan shares a practical look at the realities of SOC implementation across industries — from utilities with limited staff to large-scale enterprises managing thousands of assets.

Listeners will gain insight into how to start building visibility, selecting the right MSSP partners, and managing SOC fatigue — all while keeping industrial operations safe and resilient.

⚙️ Tune in to learn how data, process, and people come together to make ICS/OT SOCs work in the real world.

Visit https://www.youtube.com/@SimplyCyber/podcasts to catch up on all of the podcasts available on Simply Cyber Media Group!

SIMPLY CYBER CON 2025

When: Monday, Nov. 3rd

Simply Cyber Con is here!

Head over to the website to learn more about conference and check out the schedule.

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

Join us for learning and networking: simplycyber.io/learn & simplycyber.io/discord

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry