Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Time for your Weekly Cyber Snapshot with Adam Pilton, former Cybercrime Investigator, currently Cybersecurity Advisor.
The five major cyber stories this week go from North Korea’s cyber playbook getting leaked to the silent burnout creeping up on MSPs. Let’s go.
North Korean Cyber Ops Get Hacked
Hackers using the names Saber and Cyborg claim to have successfully breached a North Korean cyber operator connected to the infamous Kimsuki Group. Their breach? A goldmine-internal tools, training manuals, credentials, and email addresses.
What’s been exposed paints a detailed picture of espionage tactics and crypto theft campaigns. All of this reportedly came from a single compromised workstation. That’s right—one machine opened the doors to uncovering broader North Korean cyber operations.
How to Stay Safe
• Understand that espionage campaigns rely on human and technical weaknesses.
• Don’t assume your workstation isn’t a target, it can be the gateway.
• Practice strong endpoint security hygiene always.
Fortinet VPNs Under Attack
We’ve seen a spike in brute force attacks on Fortinet SSL VPNs kicking off early this month. And it didn’t stop there. Threat actors are now also probing FortiManager services in a coordinated second wave.
This strategy suggests a clear pattern: breach the edge, then move laterally into your management systems. Remote access threats are on the rise—and VPNs are squarely in the crosshairs.
How to Stay Safe
- Lock down your VPNs immediately.
- Restrict access to FortiManager.
- Enforce multi-factor authentication (MFA).
- Rate-limit login attempts.
- Monitor for unusual traffic toward management ports.
ShinyHunters + Scattered Spider: A Dangerous Duo
Two cybercrime gangs—ShinyHunters and Scattered Spider—are now joining forces. They’re blending social engineering and extortion tactics to devastating effect.
Their toolkit includes:
- Phone-based phishing
- Fake IT support calls
- Phishing emails
- Bogus single sign-on portals
Their goal? Trick users, breach systems, and then pressure organizations by threatening data leaks. And they’re targeting big name retail, aviation, tech, financial services, and more.
How to Stay Safe
- Train staff to spot vishing. Voice phishing is just as dangerous as email.
- Check all suspicious requests out-of-band.
- Just because someone sounds helpful on the phone doesn’t mean they are.
Lenovo Webcams Reprogrammed for Attacks
Researchers have discovered that certain Lenovo webcams can be reflashed to behave like malicious USB devices. We’re talking about turning a webcam into a fake keyboard or network adapter to inject keystrokes or maintain stealthy access.
Even wiping the OS won’t help if the firmware has been compromised. The root cause? Weak or missing firmware verification in specific models.
This isn’t the first time webcams have been abused—and it won’t be the last.
How to Stay Safe
- Update your webcam firmware, don’t wait.
- Audit and limit USB access across systems.
- Disable unnecessary USB device classes to reduce the attack surface.
MSPs Are Drowning in Alerts
A joint survey by Heimdal and FutureSafe reveals a sobering stat: 89% of MSPs are suffering from alert fatigue.
Many are juggling five or more tools that don’t integrate. The result? Analysts are overwhelmed with false positives while real threats slip through the cracks.
As Jason Whitehurst, CEO at FutureSafe, puts it: “Agent fatigue isn’t just a tech issue—it’s a business risk.”
How to Stay Safe
- Stop adding new tools just to tick boxes.
- Consolidate your platforms – less is more.
- Automate triage workflows.
- Tune your alerts so your analysts see only what truly matters.
That’s a wrap for this week’s Cyber Snapshot. Stay sharp. Stay secure. We’ll be back next week with the latest in cyber news.
If you liked this article, follow us on LinkedIn, Reddit, X, Facebook, and Youtube.
