Senior Cyber Safety Briefing – October 17, 2025
🔥 PRIVACY & BIG TECH – TikTok algorithm licensing deal raises national security concerns
👉 Why it matters — Even though TikTok might change its U.S. ownership structure, retaining ties to its original algorithm (from ByteDance) is a risk. The algorithm decides what content people see, and control over it can influence your experience and data. Reuters+1
📣 Call to Action — If you use TikTok, review your privacy settings. Don’t allow unnecessary permissions (camera, microphone, location) unless required.
🚨ALERT – F5 supply‑chain compromise poses “imminent threat” to critical networks
👉Why it matters – Attackers stole source code, internal vulnerability data, and development resources from F5’s BIG‑IP systems, increasing risk that future patches or devices could be backdoored or exploited. Claims Journal+4TechRadar+4WIRED+4
📣Call to Action – Check whether your service providers, hosting, or network gear use F5 components. Ensure any such systems are patched immediately (or isolated if unpatchable) per relevant advisories.
🚨ALERT – Active zero‑day Windows flaws now being exploited
👉Why it matters – Microsoft’s October 2025 Patch Tuesday addresses 183 vulnerabilities, including two zero‑days already under active exploitation (e.g. Agere modem driver, RasMan) The Hacker News+2Krebs on Security+2
📣Call to Action – If you run Windows, apply the latest security updates right away. Note: October marks the final month Microsoft will issue broad support for Windows 10 (outside extended support). Krebs on Security+1
🔥PRIVACY & BIG TECH – Voice‑cloning scams intensify using AI
👉Why it matters – Scammers are now convincingly imitating family members’ voices using AI to pressure seniors into sending money (e.g. “Your child is in trouble and needs bail”). BECU+3https://www.wilx.com+3American Bar Association+3
📣Call to Action – If someone calls sounding like a loved one asking for money or urgency, hang up and verify via a secondary channel (text or in person). Don’t rely solely on voice.
📈ECONOMY & SECURITY – Revoked certificates disrupt ransomware campaign
👉Why it matters – Microsoft has revoked over 200 digital certificates used by the Rhysida/Vanilla Tempest group to sign malware, crippling one campaign targeting education and healthcare sectors. CISO Series
📣Call to Action – If you work with or have contracts with schools, clinics, or nonprofits, ask whether they were affected and whether their defenses are up to date.
🧠MUST‑READ – Cisco “Zero Disco” exploits old SNMP flaw
👉Why it matters – The Zero Disco campaign targets legacy Cisco IOS / IOS XE systems via a patched SNMP stack overflow (CVE‑2025‑20352). Devices that weren’t updated may have rootkits embedded. CISO Series+1
📣Call to Action – If you (or your service providers) use Cisco gear, verify firmware is updated to mitigate this exploit.
✅Quick Safety Tip of the Day
For any call claiming urgency from someone you “know,” pause and use your own trusted contact method before doing anything requested. Voice alone is no longer trustworthy.
(AI was used to create this article.)
🙋Closing Note
Stay safe, stay secure, stay curious, and remember my friends—you’re never too old to outsmart a scammer👋
.png)
Comments