Hey Cyber friends,
Start your work week off at full speed with actionable intel on the top 3 cybersecurity news stories from last week for each audience you need to engage (end users, peers, executives).
If you like what you see and think others might get value, forward this email to them. ​
FOR YOUR END-USERS
iPhone users urged to update to patch 2 zero-days
Apple is urging macOS, iPhone and iPad users to immediately install updates this week that includes fixes for two zero-days under active attack.
HOW YOU CAN USE THIS!
The goal is to leverage this opportunity to remind end users of cyber hygiene best practices. You don't need to explain zero-days, threat actors, or cyber attacks. Just tell them "Apple iPhones are actively under attack, take 2 minutes and patch your iPhones and iPads ASAP, and to keep devices up to date as patches roll out."
For bonus points (I do this), share they should let their friends and love ones know they should update their devices too to avoid being victimized too. End users become security champions and adjust behavior to patching with regularity.
FOR YOUR PEERS
Hackers are using this sneaky exploit to bypass Microsoft’s multi-factor authentication
Cyber criminals are exploiting dormant Microsoft accounts to bypass multi-factor authentication (MFA) and gain access to cloud services and networks, researchers have warned.
HOW YOU CAN USE THIS!
Engage HR to validate and update employee out processing processes, both voluntary and involuntary termination to ensure USER ACCOUNTS are disabled.
Perform regular (suggested monthly) ACTIVE user account reviews sorted by 'last login' to identify dormant accounts and investigate their validity, disable if not needed.
FOR YOUR EXECUTIVES
Hackers use Binance exec deepfake in crypto exchange scam A group of hackers have managed to use an AI hologram to impersonate Binance chief communications officer (CCO) Patrick Hillmann. Using the deepfake over Zoom calls, the hackers fooled several cryptocurrency project representatives into thinking Hillmann was helping them get listed on the Binance crypto exchange.
​ HOW YOU CAN USE THIS!
Share with your executives, this could be them next. Send an email with the story, and say "There has been an uptick in activity of executives being impersonated in Teams and Zoom calls using deepfake technology. Here's the most recent example. I wanted you to know of this threat and request we review money authorization processes to avoid a Business Email Compromise attack"
Then actually work with them to review the processes and reinforce tone at the top. This will resonate with executives because of the relatability with the victim.
Thanks to the CISO Series podcast and you can subscribe to Cyber Security Headlines here: https://cisoseries.com/category/podcast/cyber-security-headlines/​
Let’s make this utility valuable to our entire community!
I've got nearly 2 decades of industry experience and how I would operationalize this news,
I'm sharing it as my thoughts the same I would over a coffee.
If you want to dive deep into the top cyber news stories of the day, join 200+ of us LIVE every weekday morning here.
Thank you so much and see you next Monday!
Gerry