![[Take5] Russia-Aligned Threats Target Signal, SANS Launches Hackathon](https://media.licdn.com/dms/image/v2/D4E12AQFzJMTF3Jxw5g/article-cover_image-shrink_720_1280/B4EZUrjk5NG0AI-/0/1740192501899?e=2147483647&v=beta&t=jeVHxz5cZLRsZVfRLZ2ANk_yEX4xle6BsboqVKONjYw)
[Take5] Russia-Aligned Threats Target Signal, SANS Launches Hackathon
Take five, and browse through five of the latest security and compliance headlines brought to you by CISOs from BARR Advisory’s?cybersecurity consulting?team.?
Plus, scroll to see our CISO Pick of the Month for top security and compliance resources. ??
Russia-Aligned Threat Actors Target Signal
Google’s Threat Analysis Group (TAG) reports that Russia-aligned threat actors are actively targeting Signal Messenger users—not by breaking Signal’s encryption, but by hacking the people using it. Attackers are deploying phishing, credential theft, and device compromise to gain access to accounts. In other words, your messages are safe, but your endpoint might not be.
Encryption isn’t enough if attackers can just steal your credentials or compromise your device. Phishing remains the easiest way in, and adversaries know it.
?? Read more
Chase to Block Zelle Payments Over Social Media
Fraud rates are skyrocketing, and banks are finally taking drastic action. Chase and Zelle are blocking money transfers that originate from social media platforms like Facebook and Instagram, a move aimed at disrupting scammers who use fake listings, romance fraud, and investment scams to siphon cash from unsuspecting users.
If major banks are willing to lose transactions over fraud concerns, that means the fraud problem is worse than we think. This isn’t just a consumer issue—businesses are prime targets too.
?? Read more
Report: DeepSeek iOS App Sends Unencrypted Data to ByteDance-Controlled Servers
A security researcher found that DeepSeek, an iOS app tied to ByteDance (TikTok’s parent company), was transmitting user data in plaintext to overseas servers. This kind of sloppy security means anyone monitoring network traffic could intercept sensitive user information.
If an app in Apple’s walled garden is sending unencrypted data, what’s happening with apps you’re not even paying attention to? The reality is that App Store approval doesn’t guarantee security.
?? Read more
SANS Launches AI Cybersecurity Hackathon
The SANS Institute is hosting a global AI security hackathon, inviting security professionals to tackle threats like model poisoning, adversarial attacks, and prompt injection exploits. AI-powered threats are evolving faster than traditional defenses—so security teams need hands-on experience now.
AI security isn’t just about preventing hallucinations—it’s about stopping attackers from manipulating models, bypassing safeguards, and poisoning AI-powered decisions. If your company is using AI but not securing it, you’re already behind.
?? Read more
Breaking Down Social Engineering Attacks
If hacking were a video game, social engineering would be the ultimate cheat code. The latest breakdown from Wiz highlights just how alarmingly effective psychological manipulation is in cybersecurity. Attackers don’t need zero-days or fancy exploits when they can trick people into handing over access.
?Security tools can only do so much if employees are unknowingly holding the door open for attackers. Social engineering is the common denominator in everything from BEC scams to executive deepfake fraud.
?? Read more
CISO Pick of the Month:
The Ins and Outs of CMMC: An Essential Security Framework for Defense Contractors
You don’t need a government contract in-hand to get started with CMMC. Beginning the CMMC readiness process now—including conducting a gap assessment and understanding how your environment aligns with the Defense Department’s requirements—can help you secure future opportunities.
A recent blog post from my team shares everything you need to know about CMMC. Give it a read here.
Get Started with BARR
At BARR, we empower innovative technology and cloud service providers to anticipate, navigate, and respond to issues related to risk, cybersecurity, and compliance. Businesses looking for the accessibility of a boutique firm with the tools and expertise of a global consulting firm will find a partner in us.