- Simply Cyber Newsletter
- Posts
- Simply Cyber Newsletter #88
Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your end users, peers, and executives. Support weekly security awareness with Simply Cyber Newsletter!
Rather listen to this newsletter then read it? I got you!
Listen here
FOR END USERS
20 million trusted domains now vulnerable to exploit. Three novel attack techniques exploit vulnerabilities in email-hosting platforms to spoof emails from over 20 million trusted domains. These flaws bypass SPF, DKIM, and DMARC protocols, posing significant risks, especially to Fortune 500 companies and government agencies.
What you need to know: This is a great opportunity to educate your end users about the latest email spoofing techniques that can bypass traditional security measures like SPF, DKIM, and DMARC. Emphasize verifying sender information, being skeptical of unexpected emails, and reporting anything suspicious. Encourage end users to avoid clicking on links or downloading attachments from unknown sources. Regular training on phishing techniques and ongoing cyber threats will keep awareness high. These measures will empower your users to recognize and respond to sophisticated email spoofing attempts.
FOR PEERS
Over 3,000 GitHub accounts used by malware distribution service. Threat actors 'Stargazer Goblin' created a malware Distribution-as-a-Service (DaaS) using over 3,000 fake GitHub accounts. Named 'Stargazers Ghost Network,' it leverages GitHub and compromised WordPress sites to distribute password-protected malware archives. Despite GitHub's efforts, over 200 active repositories remain, highlighting the scheme's operational resilience.
What you need to know: Share this with your peers and IT department, highlighting the use of infostealers in this scheme. Infostealers capture sensitive information like passwords, financial data, and personal details. Stress the importance of due diligence around code found in open repositories like GitHub, which is typically trusted. The Stargazers Ghost Network uses over 3,000 fake accounts to distribute password-protected malware archives, making vigilance essential. Encourage everyone to scrutinize repositories for signs of malicious activity, especially those involving password-protected archives that can evade antivirus scans.
FOR EXECUTIVES
KnowBe4 hires fake North Korean IT worker. Florida security firm KnowBe4 discovered that a newly hired software engineer, a North Korean operative posing as an AI deepfake, attempted to plant malware using a Raspberry Pi. The threat was quickly detected and contained, preventing compromise to their systems.
What you need to know: Bring this to the attention of your senior leaders and executives. Kudos to KnowBe4 for bringing this story to light and educating about this risk. They recently discovered a North Korean operative posing as a (newly hired) software engineer who attempted to plant malware on their systems. This incident highlights the critical importance of due diligence in hiring practices for all businesses, not just those in tech. Implementing thorough background checks and vigilant monitoring of new employees is essential to prevent insider threats. Sophisticated attackers can infiltrate any organization, so maintaining rigorous hiring protocols and ongoing employee scrutiny is vital to safeguarding your company’s assets and reputation. Ensure your teams are aware and prepared to mitigate these risks.
SIMPLY CYBER FIRESIDES
Join us on August 1st for an engaging fireside chat on Offensive Security with the exceptional Jason Downey, Pentester and Security Consultant at Red Siege Information Security.
Jason Downey brings over a decade of IT and information security expertise, having navigated roles from network security specialist to systems administrator to Pentester. Not just a behind-the-scenes expert, Jason captivates audiences from youth programs to major security conferences with his insightful talks.
Known for his prowess in ethical hacking, his arsenal includes techniques ranging from traditional network breaches to sophisticated vishing and social engineering methods. Prepare to be informed and inspired by Jason’s wealth of knowledge. Do not miss the opportunity to ask him a question in real time.
SIMPLY CYBER @ BLACK HAT USA 2024
Got Blackhat plans Wednesday 8/?: I'll be at an EPIC party in Las Vegas, EXPOSED, hosted by XM Cyber and Carahsoft, starting at 6pm PT, immediately when the Business Hall closes on 8/7 at BlackHat.
Join the party, get high fives, and connect with #teamSC folks for comfort food, cocktails and beers at Mandalay Bay hotspot, Libertine Social. There will be a lockpicking village too.
I hear that the first 100 guests will receive a souvenir.
When: 8/7 6PM-9PM || Where: Libertine Social (Mandalay Bay)
RSVP here and invite your friends
(Event is FREE!, an uber convenient party)
Register Now: https://bit.ly/XMCyberParty
Find me at the party and get some sweet SC stickers!
Stay current on trending topics, tips, and resources in cybersecurity, connect with me on socials for new content, every day.
As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel so I can find it.
Thank you so much and see you next Monday!
Have a great week everybody!
Gerry
MORE FROM SIMPLY CYBER
Catch the most popular weekday cyber threat news analysis live stream around. Meet the most supportive community ever.
Join us on the Daily Cyber Threat Brief, available on YouTube, LinkedIn, Twitch, and your favorite podcast platform:
SIMPLY CYBER ACADEMY
Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.
Visit academy.simplycyber.io to learn more. The popular GRC Analyst Master Class and Cyber 101 courses are below.
