In this issue of Be Cyber Safe

Happy Valentine’s Day to you and yours! Here is what’s in this week’s Be Cyber Safe! 

• City Councilman Helps Launch Massive Cyber Attack by Reusing Passwords
• The Cyber Alert Level – GUARDED
• iOS 18.3.1 patches an ‘extremely sophisticated attack’ – and more
• Microsoft shares workaround for Windows security update issues
• In Cyber Security Humor – Have a Cyber Safe Valentine’s Day!
• Commonwealth Sentinel expands our social media presence

In the next few weeks, we will unveil an exciting opportunity to empower your organization to improve cyber security through training. Look for more information shortly!

Have a great weekend, and #BeCyberSafe! 

---

City Councilman Helps Launch Massive Cyber Attack by Reusing Passwords

Here’s Why We Keep Saying “Do NOT reuse Passwords!”
 
Paul Shaffer looks like that smiling older neighbor who gives good advice about the best time to prune the shrubs and who to call for plumbing emergencies. He is also the city councilor for Ward 7 in Corvallis, Oregon. He recently won reelection on the admirable goals of increasing affordable housing and improving infrastructure. He was even chosen to be Council President in 2024.
 
Councilman Shaffer has a flaw, though, and it led to the hacking of his official city email account on January 8, 2025. Scammers sent an email from this account to 3,408 addresses, every email address to which Paul had ever sent correspondence AND every email address from which he had received correspondence. Citizens of Corvallis were not the only potential victims. Emails went out to Texas, Illinois, Ohio, and beyond.

---

On February 5, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to vulnerabilities in SimpleHelp and Google products. On January 30, the MS-ISAC released an advisory for multiple vulnerabilities in SimepleHelp RMM, the most severe of which could allow for arbitrary code execution.

---

Cyber Security News Worth Reading!

FROM ZD NET

iOS 18.3.1 patches an ‘extremely sophisticated attack’ – and more

Yesterday, iOS 18.3.1 for iPhone dropped, and while the last few updates have been packed with new features — many related to Apple Intelligence — this one seems to be primarily a security update.
 
Pretty serious, but niche
 
However, a little digging into Apple’s security documents sheds more light on the update. It addresses a bug that makes use of “an extremely sophisticated attack” to “disable USB Restricted Mode on a locked device.” This is clearly a physical attack, requiring hands-on access to the iPhone, so it’s unlikely to impact the majority of users.
 
According to Apple, there’s evidence that this issue may have been exploited “against specific targeted individuals.”
 
So, while it’s pretty serious, it’s also very niche.

---

FROM BLEEPING COMPUTER

Microsoft shares workaround for Windows security update issues

Microsoft has shared a workaround for users affected by a known issue that blocks Windows security updates from deploying on some Windows 11 24H2 systems.
 
As the company explained when it acknowledged the bug in December, it only occurs when installing Windows 11 from CDs and USB flash drives that also install the October 2024 or November 2024 cumulative updates.
 
“When using media to install Windows 11, version 24H2, the device might remain in a state where it cannot accept further Windows security updates,” Microsoft says.

---

 Cyber Security Humor