Simply Cyber Newsletter #155

In partnership with

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

You'll never guess what the most common passwords are. Oh, wait, yes you will. Weak passwords remain the most common across billions of leaked accounts. Attackers easily guess predictable patterns like 123456 or qwerty123. Long passphrases or passkeys dramatically reduce risk and protect you from simple mistakes that lead to account compromise.

What you need to know: Educate your end users about how weak passwords continue to fuel real-world account compromises. In last week’s newsletter we focused on building strong passphrases, and while today’s story might seem like more of the same news cycle, it is important to stay on this topic because attackers are exploiting the exact behaviors these new studies reveal.

Even with all the guidance out there, billions of leaked passwords still follow predictable patterns like 123456, password, qwerty, and simple keyboard sequences. These shortcuts are cracked instantly by automated tools. When people default to quick, familiar choices, they undo every advantage a strong passphrase provides. Treat this as reinforcement, not repetition. If you already created a long passphrase and salt, keep applying that mindset everywhere you sign in. Never reuse credentials, avoid shortcuts, and enable passkeys when available to remove passwords entirely.

FOR PEERS

Cybercrooks team up with organized crime to steal pricey cargo. Cybercriminals are hijacking load board accounts, deploying legitimate RMM tools, and coordinating with organized crime to redirect shipments. This is a cyber-to-physical supply chain threat requiring immediate operational controls.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to protect accounts and business workflows that attackers can exploit. Criminal groups are compromising industry load boards, deploying legitimate RMM tools, and impersonating brokers to redirect shipments, but the underlying risk applies everywhere. Any process where bids, approvals, invoicing, or scheduling occur over shared platforms can be hijacked through account compromise. Tighten identity controls, enforce MFA, restrict RMM usage, and monitor for credential abuse across third-party portals. Treat unusual access behavior as a precursor to fraud or physical loss. It is important for end users to understand that they are truly the last line of defense in some situations.

FOR EXECUTIVES

Operational Technology Security Poses Inherent Risks for Manufacturers. Manufacturing faces growing OT security risks from aging systems, access sprawl, and supply chain complexity, placing production, safety, and revenue at risk without executive oversight.

What you need to know: If you are in manufacturing, have a conversation with senior leaders about the real business impact of OT security gaps across the factory floor. Legacy equipment, unclear access controls, and vendor sprawl create blind spots that directly threaten uptime, revenue, and workforce safety. Production cannot stop for patching, which means risks accumulate silently. Ask teams to show where identity, access, and asset visibility intersect and where they do not. If the conversation turns to this topic, be prepared to ask who owns OT risk decisions and how those choices protect core operations.

Outside of manufacturing and OT environments, executives should treat this as a reminder that any area with legacy systems or vendor-driven connectivity can introduce similar blind spots. Apply the same discipline around visibility, access, and ownership wherever your business relies on critical technology that cannot simply be shut down for maintenance.

Realtime User Onboarding, Zero Engineering

Quarterzip delivers realtime, AI-led onboarding for every user with zero engineering effort.

✨ Dynamic Voice guides users in the moment
✨ Picture-in-Picture stay visible across your site and others
✨ Guardrails keep things accurate with smooth handoffs if needed

No code. No engineering. Just onboarding that adapts as you grow.

See how it works

SIMPLY CYBER MEDIA GROUP PODCAST HIGHLIGHT

Tuesday at 9:30 AM ET on Simply Cyber Media Group

OT and ICS Pentesting and Security with Mike Holcomb

In this upcoming episode of Simply Offensive, Phillip Wylie interviews Mike Holcomb, an expert in Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity.

Mike discusses the importance of OT security, the types of attacks that have targeted critical infrastructure, and the evolving landscape of cybersecurity threats. He shares insights on the significance of safety in OT environments, the challenges of pentesting in these settings, and the tools and techniques used for effective security assessments.

We also touch on the role of AI in enhancing OT security and the resources available for those looking to enter the field.

👉 Set a reminder: https://youtu.be/cSPo61vvKyc

Visit https://www.youtube.com/@SimplyCyber/podcasts to catch up on all of the podcasts available on Simply Cyber Media Group!

JOIN US EVERY WEEKDAY DAILY CYBER THREAT BRIEF

Gerald Auger, Ph.D. livestreams the Daily Cyber Threat Brief on Simply Cyber on weekdays at 8:00 AM EST. It’s a party full of cybersecurity enthusiasts and professionals of all levels who enjoy learning about the latest in cybersecurity news and staying connected.

Meet #TeamSC in live chat and join the community! https://simplycyber.io/streams 

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

Join us for learning and networking: simplycyber.io/learn & simplycyber.io/discord

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry