Actionable Cyber Intel #112
Simply Cyber
Make and take your cybersecurity career further, faster. Visit simplycyber.io/streams for daily cyber news and streams!
Crush Your Week Like a Cyber Pro with Simply Cyber!
Crush Your Week Like a Cyber Pro with Simply Cyber!
Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with Simply Cyber Newsletter!
?
FOR END USERS
FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices. FireScam malware uses a realistic phishing website mimicking RuStore, complete with a professional layout, ratings, and app details, to deceive users. End users often think spotting fake websites is easy, but convincing designs prove otherwise. Always verify app sources and avoid third-party links to stay safe.
What you need to know:?Educate your end users about the dangers of trusting websites at face value. The FireScam malware uses a phishing site that mimics the legitimate RuStore app store with an impressively realistic design. The site features details like app ratings, download buttons, and branding that look authentic but are cleverly crafted to deceive. Cybercriminals understand that users expect obvious signs of fake sites, so they create phishing sites that appear professional and trustworthy. Share the screenshot in the story for a visual impact.
To protect yourself, remember that even highly convincing websites can be malicious. Avoid downloading apps through links from emails, messages, or popups, even if they seem trustworthy. Instead, navigate directly to official app stores like Google Play or Apple’s App Store. If something feels off, such as ratings that are just shy of perfect or minor inconsistencies in app details, trust your instincts and double-check. Awareness of these tactics helps you avoid falling for these sophisticated scams.
?
FOR?PEERS
Ivanti warns of new Connect Secure flaw used in zero-day attacks. Ivanti disclosed CVE-2025-0282, a zero-day vulnerability allowing remote code execution, exploited in Connect Secure appliances. While patches are available for Connect Secure, fixes for Policy Secure and ZTA Gateways are pending. Ivanti recommends scans, factory resets, and firmware updates. Organizations must act swiftly to mitigate exploitation risks.
What you need to know:?Have conversations with your security team about addressing Ivanti’s CVE-2025-0282, a critical zero-day vulnerability exploited in Connect Secure appliances for malware installation. This flaw allows unauthenticated remote code execution, making prompt action essential. Use Ivanti’s Integrity Checker Tool to perform scans, and if compromised, conduct a factory reset before upgrading to version 22.7R2.5. Even if no compromise is detected, factory resets are recommended to ensure system integrity.
For Policy Secure and ZTA Gateways, follow Ivanti’s guidance to avoid internet-facing configurations and prepare to apply patches when they become available on January 21, 2025. Reinforce security practices such as limiting exposed devices and maintaining regular vulnerability management processes.
Bring this news story up to your peers, as they may also rely on Ivanti products in their environments. Sharing insights and recommended actions can help others reduce their risk and stay ahead of potential threats.
?
FOR?EXECUTIVES
Casio warns employees, customers about data leak from October ransomware attack. Casio’s ransomware attack exposed sensitive employee, customer, and partner data, including internal documents and contracts. Phishing emails enabled the breach, disrupting operations. Broader cyber campaigns, linked to the MirrorFace group, threaten Japanese businesses and national security, emphasizing the importance of proactive cybersecurity measures and robust phishing defenses.
What you need to know:?Speak to your business leaders about the importance of continuing to build a resilient cybersecurity strategy that prepares for phishing-driven ransomware attacks. Highlight how the Casio incident demonstrates that phishing remains a highly effective method for gaining unauthorized access to sensitive data, disrupting operations, and exposing personal and corporate information.
Discuss implementing advanced email filtering systems, employee awareness training, and strong incident response plans. Proactive steps to mitigate phishing risks can save the business from operational delays, reputational harm, and regulatory consequences.
Casio’s situation also underscores the rising threat of nation-state actors, such as the MirrorFace group, targeting industries tied to national security and advanced technology. Advocate for regular threat intelligence sharing, scenario-based tabletop exercises, and investments in advanced threat detection to stay ahead of evolving attacks and ensure long-term business resilience.
?
LET’S CONNECT
Stay current on trending topics, tips, events and resources in cybersecurity,?connect with Simply Cyber on socials?for new content, every day.
As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X?with #actionableintel in the subject so I can find it.
Find more about what’s happening this week in the Simply Cyber community, below.
Thank you and see you again next time! Have a great week, #TeamSC!
Gerry
?
SIMPLY CYBER DAILY CYBER THREAT BRIEF
Catch the most popular weekday cyber threat news analysis livestream around and meet the most supportive community ever, #TeamSC!
Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM EST via YouTube and?LinkedIn - podcast also available on?Spotify, Apple Podcasts, or your favorite podcast platform. You can also check it out on our podcast webpage.
?
SC MEDIA GROUP?WELCOME TO SEASON 2
When: Monday, January 13 at 9:30 AM ET | Presented by: Simply Cyber Media Group
Cyber Adventures with Dan Rearden: Memes, Blogging, and Community Insights. Join hosts Josh Mason and Wade Wells in this episode of Simply Defensive as they welcome cybersecurity meme-maker and SOC analyst, Dan Rearden, also known as The HaircutFish.
Discover Dan's unconventional journey into cybersecurity, from creating influential memes about prominent figures like Jon Hammond and John Strand to writing insightful blogs on Medium. Dan shares his experiences at Wild West Hackin’ Fest, overcoming personal challenges, and the importance of networking within the cybersecurity community.
Learn about the reality of working as a SOC analyst, the tools of the trade such as Vim, VS Code, and Wireshark, and the rewarding nature of thwarting cyber attacks. This episode emphasizes the power of community, the significance of balancing work with family life, and the benefits of giving back through knowledge sharing. Don't miss these valuable insights, and expect more exciting discussions in future episodes! Join us!
?
SC MEDIA GROUP?SO YOU WANT TO BE A CISO?
When: Thursday, January 16 at 9:30 AM ET | Presented by: Simply Cyber Media Group
This episode features insights from two esteemed CISOs, Frank DePaola and Andrew Wilder, sharing their journeys into cybersecurity, the importance of mentorship, and essential leadership traits.
Frank and Andrew discuss the evolving role of a CISO, the need for business acumen, and the vital balance required between technical prowess and organizational needs.
Click to set your notifications?and join us in chat!
?
SC FIRESIDES?FIRESIDE WITH CYBERSECURITY GIRL
When: Thursday, January 16 @ 4:30 PM ET | Presented by: Simply Cyber Media Group
Ready for a fireside chat with Cybersecurity Girl? That's right, Cailin Sarian is with us in the upcoming episode of Simply Cyber Firesides, with your host, Gerald Auger, Ph.D.
Who is Cybersecurity Girl? Caitlin is a top cyber influencer on social media with over a million followers combined. She recently won the SANS Cyber Community of the Year Winner and Cybersecurity Woman of the Year award. As a former TikTok Global Cyber Advocacy expert, Caitlin spent a decade in cyber consulting, focusing on data protection, GDPR, and Data Privacy, and privacy consulting. She also speaks at industry conferences globally, including RSAC.
Join us to discover how Caitlin empowers cybersecurity for everyone and helps others to stay protected online. She is a diversity champion, educates others on careers in cyber, and shares cybersecurity related topics to the masses via social media.
We hope to see you in live chat!
?
SC MEDIA GROUP?WEEKLY STREAM SCHEDULE
?
SC ACADEMY?THE PLACE FOR GRC CAREERS
At Simply Cyber Academy, we specialize in making GRC Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.
The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have NEW COURSES available to help you advance in your GRC Cyber career. Check them out!
Visit?academy.simplycyber.io?to learn more now.
Subscribe here to get weekly newsletter!
Repost to share with your community!
Thanks
Gerry ??