Simply Cyber Newsletter #176

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime. Threat actors are now using vacant homes and mail forwarding services to intercept sensitive mail, enabling identity theft and financial fraud. By combining public data, weak identity checks, and legitimate postal features, attackers can gain ongoing access to personal and financial information without using traditional hacking techniques.

What you need to know: Educate your end users that not all cyber threats happen online. Attackers are now combining digital information with real-world tactics, such as intercepting physical mail, to gain access to accounts and sensitive data. This can include credit cards, verification letters, and financial documents that are used to reset passwords or open new accounts. Encourage users to regularly check their mail, report missing or unexpected deliveries, and monitor accounts for unusual activity. Reinforce that address changes, account updates, or unexpected notifications should always be verified directly through official websites or providers. Protecting personal information is not just about avoiding suspicious links, but also staying aware of how physical and digital access can be combined.

FOR PEERS

Security boffins scoured the web and found hundreds of valid API keys. Researchers found nearly 2,000 valid API keys exposed across 10,000 public webpages, providing direct access to cloud platforms, payment systems, and development environments. Unlike leaked passwords, these credentials enable programmatic access to critical infrastructure and often remain exposed for months or years without detection.

What you need to know: Share this story with your peers and have conversations about what your organization is exposing in production, not just in source code. This research highlights a gap in how credential exposure is typically monitored, where teams focus on repositories while overlooking what is publicly accessible in live environments. It is important for end users to understand that they are truly the last line of defense in some situations, but in this case the exposure exists before any user interaction. The discussion should focus on how API keys and machine identities are managed across applications, how production assets are scanned for embedded secrets, and whether ownership is clearly defined between development, security, and platform teams. Use this as a prompt to evaluate whether your organization can quickly identify, revoke, and rotate exposed credentials, and whether monitoring exists to detect misuse before it leads to downstream compromise.

FOR EXECUTIVES

Almost half a million Lloyds customers had personal data exposed in IT glitch. A software update error at Lloyds Banking Group exposed personal and financial data of nearly 500,000 customers, with some users able to view others’ account details in real time. The incident was not caused by an external attack, but by an internal defect introduced during routine system changes.

What you need to know: Share this story with your executives and use it to shift the conversation away from attacker-centric risk. This incident was not the result of a sophisticated breach, but a failure introduced through normal business operations. As organizations accelerate digital services and updates to remain competitive, the risk of internal defects creating large-scale exposure increases. The discussion should focus on how system changes are governed, tested, and validated before release, and whether visibility exists into unintended data exposure across customer-facing platforms. This is an opportunity to ask whether change management processes are treated as a security control, not just an operational function, and whether leadership has confidence that a routine update could not create a similar level of impact within your own environment.

Go from AI overwhelmed to AI savvy professional

AI will eliminate 300 million jobs in the next 5 years.

Yours doesn't have to be one of them.

Here's how to future-proof your career:

• Join the Superhuman AI newsletter - read by 1M+ professionals

• Learn AI skills in 3 mins a day

• Become the AI expert on your team

Start learning AI now

JOIN US EVERY WEEKDAY DAILY CYBER THREAT BRIEF

Gerald Auger, Ph.D. livestreams the Daily Cyber Threat Brief on Simply Cyber on weekdays at 8:00 AM EDT.

Join the party with cybersecurity enthusiasts and professionals alike who enjoy learning about the latest in cybersecurity news and staying connected.

Meet #TeamSC in live chat and join the community! https://simplycyber.io/streams 

NEW VIDEO: THE SECURITY GAP NOBODY TALKS ABOUT

The Security Gap Nobody Talks About

Your firewall was built for a three-tier architecture. Most modern applications don't look anything like that anymore — and the gap between what your security controls were designed to protect and what you're actually running is where attackers are living.

Cisco brought me in for a two-hour deep dive with one of their senior engineers — live attack simulation, real demo, no slides. In this video I walk you through exactly what they showed me: six attack scenarios against a hyper-distributed finance application running on-prem, in Kubernetes, and with an LLM chatbot bolted on. And six controls that addressed what a traditional firewall couldn't touch.

What we cover:

- Why east-west traffic inside Kubernetes is invisible to your perimeter firewall
- How prompt injection attacks bypass traditional security controls
- Cisco's Hybrid Mesh Firewall architecture and what "distributed enforcement" actually means
- Encrypted Visibility Engine — catching threats in TLS without decrypting everything
- Snort ML zero-day detection
- Policy analysis before enforcement (so you don't break production)

Watch now on Simply Cyber Media Group: https://youtu.be/IBBos1MVSEc

SIMPLY CYBER FIRESIDES: RED TEAM ENGINEERING

Real World Social Engineering: What Actually Works

Thursday, April 9th at 4:30 PM EDT

Social engineering is one of the most effective tactics used by attackers today, yet it is often misunderstood or oversimplified. What actually works in real-world scenarios, and why do people still fall for it?

In this episode of Simply Cyber Firesides, host Gerald Auger, Ph.D. is joined by Alethe Denis to explore how social engineering plays out in practice, beyond theory and textbook examples.

Alethe brings extensive experience in offensive security and social engineering operations, with a focus on understanding human behavior, trust, and how attackers exploit both. Her work has helped organizations better understand their exposure and strengthen defenses against real-world manipulation techniques.

🎯 In this Firesides Chat, you will learn:
• What social engineering looks like in real environments
• Tactics that consistently succeed and why
• Common assumptions that lead to failure in defenses
• How attackers build trust and bypass skepticism
• Practical ways organizations and individuals can reduce risk

This session focuses on the human side of cybersecurity and offers practical insights that apply across roles, from technical teams to business leaders.

Join us this Thursday in live chat - register to attend and get notifications: https://luma.com/etdm149r

2 CYBER CHICKS: RISK, POWER, AND INFLUENCE

Risk, Power, and Influence: What It Really Takes to Lead in Cyber

Wednesday, April 8th at 9:30 AM EDT

In this episode of 2 Cyber Chicks, Jax sits down with Tashya Denose, a senior cybersecurity leader, bestselling author, podcaster, and board member of Black Girls in Cyber.

Tashya has built her career securing some of the most complex environments, from the Pentagon and the U.S. Secret Service to Capital One, Google, and now Meta, where she works at the intersection of risk, governance, and emerging technology.

In this candid conversation, we explore:
- Why compliance doesn’t always equal security
- How leaders should think about risk across government, finance, and Big Tech
- What it takes to influence decisions when security isn’t the loudest voice
- The human cost of burnout—and how to build a sustainable career in cyber
- Why belonging and community directly impact security outcomes

This episode is a must-listen for security leaders, practitioners, and anyone navigating the real-world tension between frameworks, risk, and reality.

Register to attend: https://luma.com/xgwg5w0y 

Or join us directly on YouTube: https://youtu.be/9WwKKcEp36I

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

Join us for learning and networking every day of the work week at simplycyber.io/streams & meet the community at simplycyber.io/discord!

SIMPLY CYBER MONTHLY EVENTS LINEUP

Want to know what’s happening at Simply Cyber at any given time?

Head over to the SC Monthly Events Calendar to register for new and upcoming events for the month - don’t forget to subscribe! lu.ma/simplycyber 

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy!

SIMPLY CYBER ACADEMY BLOG HIGHLIGHT

Check out the blog from last week on Simply Cyber Academy:

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry