Simply Cyber Newsletter #91

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your end users, peers, and executives. Support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

2.7 Billion National Public Data records leaked. A recent data breach exposed 2.7 billion records, including social security numbers, on a dark web forum. Reportedly stolen from National Public Data, the breach exposes both outdated and legitimate information, raising significant privacy concerns and highlighting the need for stronger regulations.

What you need to know: Below is a sample email template admins may send to end users around these recent data leaks:

[Subject] Protect Yourself from Recent Data Breach Risks

[Recipient Name],

With recent data breaches making headlines, staying vigilant and proactive is more important than ever. Here’s how you can protect yourself:

Key Risks:

• Identity Theft: Exposure of personal data can lead to identity theft.

• Phishing Attacks: Compromised details might result in targeted phishing attempts.

• Fraudulent Activities: Criminals could misuse your information for fraudulent purposes.

What You Should Do:

Stay Alert to Phishing:

• Avoid clicking on suspicious links or opening unknown attachments. Always verify the identity of email senders before sharing any personal information.

Monitor Your Accounts:

• Regularly review your financial statements for unauthorized transactions. Consider freezing your credit reports as an extra precaution.

Secure Your Information:

• Share sensitive data only when absolutely necessary; Update passwords regularly and enable multi-factor authentication (MFA) wherever possible.

Be Informed:

• Follow breach alerts closely and take recommended actions without delay; Participate in any offered security awareness training to stay updated.

These steps will help you mitigate the risks associated with data breaches and safeguard your personal information.

Stay safe,

[Your Signature Block]

FOR PEERS

GitHub vulnerability warning regarding ArtiPacked. A newly discovered GitHub Actions vulnerability, "ArtiPACKED," exposes artifacts that can leak sensitive tokens, allowing attackers to compromise repositories and cloud environments. This flaw affects various open-source repositories, highlighting the need for better artifact security in CI/CD workflows.

What you need to know: If you use GitHub repositories, there is a newly identified "ArtiPACKED" vulnerability in GitHub Actions artifacts. This threat can expose sensitive tokens, allowing attackers to compromise your repositories and cloud environments. To protect your work, ensure artifacts in CI/CD pipelines are not publicly accessible and review permissions regularly. Avoid storing sensitive data, like tokens, in artifacts; instead, use secure secrets management practices. Stay vigilant by monitoring artifact access and promptly addressing any workflow misconfigurations. These proactive steps will help safeguard your code and project integrity.

FOR EXECUTIVES

Orion loses $60 million in BEC scam. Orion lost $60 million in a business email compromise scam after an employee was deceived into making fraudulent wire transfers. The Luxembourg-based company is seeking to recover the funds through legal and insurance channels.

What you need to know: Business email compromise (BEC) is a serious threat that can result in substantial financial losses, as demonstrated by the recent $60 million scam against Orion. I encourage you to initiate conversations with your business leaders to ensure the company's cyber insurance policy is thoroughly understood—especially in terms of what would happen if a similar incident occurred. More importantly, reviewing and tightening the protocols and procedures for making financial transactions is essential to protect against this type of threat. While implementing additional security measures in the accounts payable process may seem inconvenient, the cost of overlooking these safeguards could be far greater. Strengthening these practices is a necessary step in protecting your organization's financial security.

SIMPLY CYBER FIRESIDES

Hack Your Way Into Penetration Testing with Robbe on August 22nd 

Robbe Van Roey, also known as PinkDraconian on his popular YouTube channel, is a seasoned ethical #hacker and Hacker Manager at Intigriti. With 33 CVEs, he is dedicated to uncovering security flaws and helping organizations protect their valuable data.

In this episode, Robbe will share his journey into the world of ethical hacking, discuss common security mistakes, and provide insights into the latest trends in cybersecurity. He's also a CTF champion, so bring your questions for this #infosec pro!

Subscribe and hit the notification bell so you don't miss out on this insightful conversation!

🔔 Subscribe and hit the notification bell to stay updated on all our latest episodes! Join us at 4:30 PM EDT this Thursday!

New! Personal Branding Cyber Careers Course LIVE

This week, I am excited for the live training happening this week for my all-new course, Personal Branding Cyber Careers with Gerald Auger, Ph.D.

A select group of students registered for the opportunity to be the first in line to check out this new course and apply the learnings themselves. This pilot for live training will determine if more will come.

Be sure to follow up on Simply Cyber Academy to learn more about the course offerings and new releases.

Stay tuned to our socials for updates on this week on the live training!

Stay current on trending topics, tips, and resources in cybersecurity, connect with me on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel so I can find it.

Thank you so much and see you next Monday!

Have a great week everybody!

Gerry

MORE FROM SIMPLY CYBER

Catch the most popular weekday cyber threat news analysis live stream around. Meet the most supportive community ever.

Join us on the Daily Cyber Threat Brief, available on YouTube, LinkedIn, Twitch, and your favorite podcast platform:

SIMPLY CYBER ACADEMY

Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

Visit academy.simplycyber.io to learn more. The popular GRC Analyst Master Class and Cyber 101 courses are below. We even have new courses coming to the academy. Check it out!