Simply Cyber Newsletter #94

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your end users, peers, and executives. Support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Voldemort malware implants itself on Google Sheets. A new malware that's being called "Voldemort" uses phishing emails posing as tax authorities to deliver a backdoor that leverages Google Sheets for command-and-control (C2) and stolen data storage. It targets sectors like insurance and aerospace, making detection difficult by abusing a trusted service (Google Sheets).

What you need to know: The "Voldemort" malware is a prime example of how threat actors leverage trusted platforms like Google Sheets for malicious activity. This malware spreads through phishing emails, disguising itself as messages from tax authorities, making it easy for end users to fall for it. As a security professional, it's important to educate your end users on the risks associated with unexpected emails and attachments.

Use the visual examples from the link to this article to help your end users see what this process looks like, as they most likely will report suspicious emails and never see what's behind the curtain. This will help them better understand the consequences of interacting with suspicious content and improve their ability to recognize it before they engage. It's also important for them to understand that malware like this may even bypass traditional security filters because it uses a legitimate platform like Google Sheets. Always reinforce the importance of reporting anything unusual immediately, and ensure your organization understands how seemingly legitimate services (like Google Sheets) can be misused by threat actors.

FOR PEERS

GitHub comments push malware masked as fixes. Threat actors are abusing GitHub to distribute the Lumma Stealer malware through fake fixes posted in project comments. These comments link to malicious files that steal credentials, browser data, and cryptocurrency information. GitHub is actively removing these comments, but users have already fallen victim.

What you need to know: In a recent threat targeting developers, attackers are posting fake "fixes" on GitHub comments that push Lumma Stealer malware. This malware, disguised as helpful solutions, aims to steal credentials, cookies, and cryptocurrency wallets. With IT and engineering teams often focused on quickly resolving issues, there's a risk of inadvertently clicking on these malicious links. Encourage your peers to slow down and verify sources before downloading any suggested fixes. Remind them that downloading files from unknown sources, especially via shortcuts like MediaFire or Bit.ly, can lead to serious security breaches.

FOR EXECUTIVES

White House publishes plan to protect a key component of the internet. The White House released a roadmap to strengthen Border Gateway Protocol (BGP) security, a vulnerable internet component targeted by hackers. The plan urges adopting Resource Public Key Infrastructure (RPKI) and calls on network operators and government agencies to enhance routing security protections.

What you need to know: The White House's roadmap highlights critical vulnerabilities in Border Gateway Protocol (BGP) that could disrupt business operations if exploited. While global adoption will take time, the U.S. government urges businesses to adopt enhanced routing security measures, such as Resource Public Key Infrastructure (RPKI). To stay ahead of regulatory shifts and potential disruptions, consider engaging leadership to prioritize exploring BGP security within your risk management and cybersecurity strategies. No immediate action is needed, but assessing readiness now positions your organization to make informed decisions and investments in the future.

Stay current on trending topics, tips, and resources in cybersecurity, connect with me on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Thank you so much and see you again next Monday!

Have a great week, #TeamSC!

Gerry

SIMPLY CYBER FIRESIDES

When & Where: Thursday, September 12 at 4:30 PM Eastern on YT & LI.

Get Ready for your host, Gerald Auger, Ph.D., and special guest, and serial entrepreneur, Kelly Ryan Bailey!

Whether you're an entrepreneur, a leader, or someone passionate about innovation, this livestream is for you. Set your notification and see you there!

2 CYBER CHICKS SEASON 5 EPISODE 2

When & Where: Wednesday, September 11 at 9:30 AM Eastern on YouTube

The 2 Cyber Chicks, Erika McDuffie and Jax Scott, are back for S5 E2 on Simply Cyber Podcast Network. This week’s guest, Qasim “Q” Ijaz, sits down with Jax and Erika to chat about all things Offensive Security - from education, to building consultancy into engagements, how organizations should prioritize pen tester partners, and how to level up in this space! Join us! 

SIMPLY CYBER CON

Simply Cyber Con is Coming This November!

When & Where: Friday, November 1 - Charleston, SC

Simply Cyber Con is now a hybrid event, available to attend IN-PERSON in Charleston, South Carolina, or VIRTUAL.

Speakers are presenting in-person on location in Charleston, SC, and will be streamed for virtual attendees. Register to attend in-person or remote now at simplycybercon.org.

DAILY CYBER THREAT BRIEF SIMPLY CYBER

Catch the most popular weekday cyber threat news analysis live stream around and meet the most supportive community ever. #TeamSC

Join us on the Daily Cyber Threat Brief, available on YouTube, LinkedIn, and your favorite podcast platform. Click the links below to favorite on your devices.

CAREER TRAINING FROM SIMPLY CYBER ACADEMY

Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class and Cyber 101 courses are below. Plus, a new course was just released, check it out! Visit academy.simplycyber.io to learn more.