If you thought “One Phish, Two Phish” was a Dr. Seuss classic, think again—this cybercrime edition comes with a twist of ransomware, app-specific passwords, and a side of website hijacking. This week, we explore what happens when software vendors forget to patch, hackers start crafting emails better than your favorite copywriter, and your website becomes a party zone for malware. It’s an episode full of lessons, laughs, and mild panic—just the way we like it.
In this episode:
One Phish, Two Phish, MFA Bypass Twist – Ep 516
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
Great idea! Share Help Me With HIPAA with one person this week!
Learn about offerings from the Kardon Club
and HIPAA for MSPs!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
When you see a couple of numbers on the left side of the text below click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
One Phish, Two Phish, MFA Bypass Twist
We have several topics to keep you up to date on this week.
[01:36]Excuse me, are you from the past
CISA Reveals ‘Pattern’ of Ransomware Attacks Against SimpleHelp RMM
Why must patching be done in a reasonable amount of time? Note, a fix announced in Jan should have been applied long ago at this point. Especially one that allows remote access to systems. CISA Releases Cybersecurity Advisory on SimpleHelp RMM Vulnerability
HealthISAC posted about it in Jan Threat Bulletin: SimpleHelp RMM Software Leveraged in Exploitation Attempt to Breach Networks – Health-ISAC
The flaws were publicly disclosed after the patches were released on January 13, 2025.
The vulnerabilities identified in SimpleHelp RMM could allow attackers to manipulate files and escalate privileges to administrative. A threat actor could chain these vulnerabilities in an attack to gain administrative access to the vulnerable server and then use that access to compromise the device running vulnerable SimpleHelp client software.
[11:29]Be afraid but remain calm
No, the 16 billion credentials leak is not a new data breach
“News broke today about “one of the largest data breaches in history,” sparking wide media coverage filled with warnings and fear-mongering. However, it appears to just be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks.
To be clear, this is not a new data breach, or a breach at all, and the websites involved were not recently compromised to steal these credentials.
Instead, these stolen credentials were likely circulating for some time, if not for years. It was then collected by a cybersecurity firm, researchers, or threat actors and repackaged into a database that was exposed on the Internet.”
[19:54]They have time to wait for you to fail
Russian hackers bypass Gmail MFA using stolen app passwords
The long game being played here let’s review how they lure the user in with multiple rounds of phishing not just one.
[32:15]Who is watching your website security?
WordPress Motors theme flaw mass-exploited to hijack admin accounts
Reminder why you need to know who is protecting your website before it becomes a malware distribution site or worse.
If this episode taught us anything, it’s that cyber villains don’t sleep, patches don’t install themselves, and your website can turn into a digital haunted house if left unattended. Whether you’re dodging phishy emails or trying to remember the 43rd variation of your password, just know—staying ahead means staying alert. And hey, if someone emails you from the “State Department” asking for special access, maybe don’t roll out the red carpet quite yet.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
