Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – What is Shell? – In Progress

Videos

Articles

• A Brief History of Cybercrime – The history of how cybercrime has evolved into a $1.5 trillion industry over the past decade.
• MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days – MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability.
• Nespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugar – An open direct vulnerability in the Nespresso Web domain lets attackers bypass detection as they attempt to steal victims’ Microsoft credentials.
• Multiple LastPass Users Lose Master Passwords to Ultra-Convincing Scam – CryptoChameleon attackers trade quantity for quality, dedicating time and resources to trick even the most diligent user into handing over their high-value credentials.
• UnitedHealth confirms it paid ransomware gang to stop data leak – The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February.

Podcasts

• Smashing Security – 368: Gary Barlow, and a scam turns deadly

Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – What is Shell? – In Progress

Videos

• BrightTalks – Your Digital Identity: How Cybercriminals Can Get Around Authentication Methods

Articles

• Roku says 576,000 user accounts hacked after second security incident – the company said about 576,000 user accounts were accessed using a technique known as credential stuffing, where malicious hackers use usernames and passwords stolen from other data breaches and reuse the logins on other sites.
• Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts – A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million.
• Destructive ICS Malware ‘Fuxnet’ Used by Ukraine Against Russian Infrastructure – ICS malware Fuxnet allegedly used by Ukrainian Blackjack group to disrupt industrial sensors and other systems belonging to a Moscow infrastructure firm.
• T-Mobile employees report being lured into scamming customers (Update: T-Mobile statement) – Scammers are asking T-Mobile employees to perform SIM swaps for them.
• T-Mobile, Verizon workers get texts offering $300 for SIM swaps – Criminals are now texting T-Mobile and Verizon employees on their personal and work phones, trying to tempt them with cash to perform SIM swaps.
• NSA Publishes Guidance for Strengthening AI System Security – “Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems.”
• Omni Hotels says customers’ personal data stolen in ransomware attack – Hotel chain giant Omni Hotels & Resorts has confirmed cybercriminals stole the personal information of its customers in an apparent ransomware attack last month.
• Frontier Communications Shuts Down Systems Following Cyberattack – Telecom giant Frontier shuts down systems to contain a cyberattack that led to personal information compromise.
• Cisco Warns of Massive Surge in Password-Spraying Attacks on VPNs – Attackers are indiscriminately targeting VPNs from Cisco and several other vendors in what may be a reconnaissance effort, the vendor says.
• GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories – Existing AI technology can allow hackers to automate exploits for public vulnerabilities in minutes flat. Very soon, diligent patching will no longer be optional.
• Ivanti Releases Fixes for More Than 2 Dozen Vulnerabilities – Users will need to download the latest version of Ivanti’s Avalanche to apply fixes for all of the bugs.
• UnitedHealth: Change Healthcare cyberattack caused $872 million loss – UnitedHealth Group reported an $872 million impact on its Q1 earnings due to the ransomware attack disrupting the U.S. healthcare system since February.

Podcasts

• Darkside Dairies 144: Rachel

Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – What is Shell? – In Progress

Videos

Articles

• Missouri county declares state of emergency amid suspected ransomware attack – Outage occurs on same day as special election, but election offices remain open.
• Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access – Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.
• DOJ-Collected Information Exposed in Data Breach Affecting 340,000 – Economic analysis and litigation support firm GMA says personal and medical information was stolen in a May 2023 data breach.
• Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks – Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices.
• Targus discloses cyberattack after hackers detected on file servers – Laptop and tablet accessories maker Targus disclosed that it suffered a cyberattack disrupting operations after a threat actor gained access to the company’s file servers.
• Home Depot Hammered by Supply Chain Data Breach – SaaS vendor to blame for exposing employee data that was ultimately leaked on Dark Web forum, according to the home improvement retailer.
• Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability – Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution.
• AT&T now says data breach impacted 51 million customers – AT&T is notifying 51 million former and current customers, warning them of a data breach that exposed their personal information on a hacking forum. However, the company has still not disclosed how the data was obtained.
• 96% of US hospital websites share visitor info with Meta, Google, data brokers – Could have been worse – last time researchers checked it was 98.6%
• Thousands of LG TVs are vulnerable to takeover—here’s how to ensure yours isn’t one – LG patches four vulnerabilities that allow malicious hackers to commandeer TVs.
• Why CISA is Warning CISOs About a Breach at Sisense – The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard.
• Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack – Palo Alto Networks is warning that a critical flaw impacting PAN-OS software used in its GlobalProtect gateways is being actively exploited in the wild.
• FBI warns of massive wave of road toll SMS phishing attacks – On Friday, the Federal Bureau of Investigation warned of a massive ongoing wave of SMS phishing attacks targeting Americans with lures regarding unpaid road toll fees.
• Roku warns 576,000 accounts hacked in new credential stuffing attacks – Roku warns that 576,000 accounts were hacked in new credential stuffing attacks after disclosing another incident that compromised 15,000 accounts in early March.
• US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft – The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts “presents a grave and unacceptable risk to federal agencies.”

Podcasts

• Smashing Security 367: WhatsApp at Westminster, unhealthy AI, and Drew Barrymore

Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Active Directory Basics – Complete
• TryHackMe – What is Shell? – In Progress

Videos

Articles

• AT&T Says Data on 73 Million Customers Leaked on Dark Web – AT&T used the Easter holiday weekend to quietly share details on data that surfaced on the dark web roughly two weeks ago.
• AT&T faces lawsuits over data breach affecting 73 million customers – AT&T is facing multiple class-action lawsuits following the company’s admission to a massive data breach that exposed the sensitive data of 73 million current and former customers.
• US State Department investigates alleged theft of government data – The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor.
• U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers – The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year.
• Number of Chinese Devices in US Networks Growing Despite Bans – An analysis by Forescout shows 300,000 Chinese devices in the US, up 40% compared to the previous year, despite bans.
• Why Cybersecurity Is a Whole-of-Society Issue – Working together and integrating cybersecurity as part of our corporate and individual thinking can make life harder for hackers and safer for ourselves.
• ‘Unfaking’ News: How to Counter Disinformation Campaigns in Global Elections – What cybersecurity professionals around the world can do to defend against the scourge of online disinformation in this year’s election cycle.
• NIST Wants Help Digging Out of Its NVD Backlog – The National Vulnerability Database can’t keep up, and the agency is calling for a public-private partnership to manage it going forward.
• Prudential Financial Data Breach Impacts 36,000 – Prudential Financial says the names, addresses, and ID numbers of over 36,000 were stolen in a February data breach.
• XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack – Had a Microsoft developer not spotted the malware when he did, the outcome could have been much worse.
• FTC: Americans lost $1.1 billion to impersonation scams in 2023 – Impersonation scams in the U.S. exceeded $1.1 billion in losses last year, according to statistics collected by the Federal Trade Commission (FTC), a figure that is three times higher than in 2020.
• Indian Government Rescues 250 Citizens Forced into Cybercrime in Cambodia – The Indian government said it has rescued and repatriated about 250 citizens in Cambodia who were held captive and coerced into running cyber scams.
• Oil & Gas Sector Falls for Fake Car Accident Phishing Emails – Effective Rhadamanthys phishing campaign spoofs nonexistent “Federal Bureau of Transportation” to compromise recipients, analysts discover.
• SurveyLama Alarmed Over Data Breach of 4.4 Million Users – Monetized survey completion platform SurveyLama, has reportedly been alerted by data breach alerting service Have I Been Pwned (HIBP) after it found that a hacking incident has exposed the sensitive data of 4.4 million SurveyLama users, first reported by Bleeping Computer.
• Poland launches inquiry into previous government’s spyware use – Poland has launched an investigation into its previous government’s use of the controversial spyware Pegasus, with a parliamentary inquiry under way and the possibility of criminal charges being brought against former government officials in future.
• Highly Sensitive Files Mysteriously Disappeared From Europol Headquarters – A batch of highly sensitive files containing the personal information of top Europol executives mysteriously disappeared last summer

Okay, you’re a pro now. You’ve installed multiple Linux VM’s using VirtualBox or some similar tool. But now you need to remember to update it. This is important because like any other operating system Linux does have vulnerabilities.

• Red Hat warns of backdoor in XZ tools used by most Linux distros (Bleeping Computer)
• Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords (Bleeping Computer)

And those two articles are just from one source and just this week. Okay so how do you update? Use the below commands:

sudo apt update        # Fetches the list of available updates
sudo apt upgrade       # Installs some updates; does not remove packages
sudo apt full-upgrade  # Installs updates; may also remove some packages, if needed
sudo apt autoremove    # Removes any old packages that are no longer needed

Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Project

TryHackMe – Upload Vulnerabilities

Webinar

• Bright Talk – Verizon Threat Research Advisory Center MIB

Articles

• New ‘Loop DoS’ attack may impact up to 300,000 online systems – A new denial-of-service attack dubbed ‘Loop DoS’ targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic.
• Saflok Lock Vulnerability Can Be Exploited to Open Millions of Doors – Vulnerability in Dormakaba’s Saflok electronic locks allow hackers to forge keycards and open millions of doors.
• U.S. Justice Department Sues Apple Over Monopoly and Messaging Security – The U.S. Department of Justice (DoJ), along with 16 other state and district attorneys general, on Thursday accused Apple of illegally maintaining a monopoly over smartphones, thereby undermining, among other things, the security and privacy of users when messaging non-iPhone users.
• KDE advises extreme caution after theme wipes Linux user’s files – On Wednesday, the KDE team warned Linux users to exercise “extreme caution” when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop’s appearance.
• New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts – Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named ‘Tycoon 2FA’ to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection.
• Unmasking the Online Persona: A Guide to Username Investigation – Shows other professional investigators the parts of a username, some special username subtypes, how to investigate them, and ways to improve personal operational security.
• TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service – A new variant of “TheMoon” malware botnet has been spotted infecting thousands of outdated small office and home office (SOHO) routers and IoT devices in 88 countries.
• US fines man $9.9 million for thousands of disturbing robocalls – A U.S. federal court has issued a $9,918,000 penalty and an injunction against an individual named Scott Rhodes for making thousands of “spoofed” robocalls to consumers across the country.
• Apple Security Bug Opens iPhone, iPad to RCE – CVE-2024-1580 allows remote attackers to execute arbitrary code on affected devices.
• Corporations With Cyber Governance Create Almost 4X More Value – Those with special committees that include a cyber expert rather than relying on the full board are more likely to improve security and financial performance.
• Retail chain Hot Topic hit by new credential stuffing attacks – American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers’ personal information and partial payment data.
• Cisco warns of password-spraying attacks targeting VPN services – Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.
• Splunk Patches Vulnerabilities in Enterprise Product – Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue.

Podcasts

• Smashing Security – 365: Hacking hotels, Google’s AI goof, and cyberflashing.

Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Hashing – Crypto 101 – Complete

Videos

• https://krebsonsecurity.com/

Articles

• StopCrypt: Most widely distributed ransomware evolves to evade detection – A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools.
• Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle – The rapid evolution of AI and analytics engines will put campaign-year disinformation into hyperspeed in terms of false content creation, dissemination and impact.
• E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials – A 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice (DoJ) announced.
• Fujitsu Data Breach Impacts Personal, Customer Information – Fujitsu says hackers infected internal systems with malware, stole personal and customer information.
• Cisco Completes $28 Billion Acquisition of Splunk – The networking giant paid $157 per share in cash for Splunk, a powerhouse in data analysis, security and observability tools, in a deal first announced in September 2023.
• IMF Emails Hacked – The International Monetary Fund (IMF) detects a cybersecurity incident that involved nearly a dozen email accounts getting hacked.
• AT&T says leaked data of 70 million people is not from its systems – BleepingComputer has reviewed the data, and while we cannot confirm that all 73 million lines are accurate, we verified some of the data contains correct information, including social security numbers, addresses, dates of birth, and phone numbers.
• Misconfigured Firebase instances leaked 19 million plaintext passwords – Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development.

Podcasts

• Cyberwire – Ep 2026 | 3.18.24 – The hot pursuit of Volt Typhoon.

Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Hashing – Crypto 101 – In Progress

Videos

Articles

• Security Bite: Hackers breach CISA, forcing the agency to take some systems offline – CISA says two systems were hacked in February through vulnerabilities in Ivanti products. In response, the agency had to shut down both systems, which reportedly had critical ties to U.S. infrastructure.
• Roku hackers breach 15,000 accounts and are selling them online – After gaining access to customer accounts, hackers attempted to purchase streaming subscriptions within Roku.
• Stanford: Data of 27,000 people stolen in September ransomware attack – Stanford University says the personal information of 27,000 individuals was stolen in a ransomware attack impacting its Department of Public Safety (SUDPS) network.
• Biden’s budget proposal boosts CISA funding to $3B – US President Joe Biden has asked Congress to approve an extra $103 million in funding for the Cybersecurity and Infrastructure Security Agency, bringing CISA’s total budget to $3 billion.
• LockBit ransomware affiliate gets four years in jail, to pay $860k – Russian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation.
• ChatGPT Plugin Vulnerabilities Exposed Data, Accounts – Three types of vulnerabilities related to ChatGPT plugins could have led to data exposure and account takeovers.
• US Seizes $1.4 Million in Cryptocurrency From Tech Scammers – The US seized approximately $1.4 million worth of Tether tokens suspected of being fraud proceeds from tech scams.
• Acer confirms Philippines employee data leaked on hacking forum – Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company’s employee attendance data after a threat actor leaked the data on a hacking forum.
• Nissan to let 100,000 Aussies and Kiwis know their data was stolen in cyberattack – Akira ransomware crooks brag of swiping thousands of ID documents during break-in
• SIM swappers hijacking phone numbers in eSIM attacks – SIM swappers have adapted their attacks to steal a target’s phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.
• Former telecom manager admits to doing SIM swaps for $1,000 – A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts.
• Alabama Under DDoS Cyberattack by Russian-Backed Hacktivists – The hacktivist group Anonymous Sudan claims credit for a cyberattack that disrupted Alabama state government earlier this week.
• French unemployment agency data breach impacts 43 million people – France Travail, formerly known as Pôle Emploi, is warning that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals.
• Gone in (less than) 60 Seconds: How My Mercedes was Hacked and Stolen While My Family Slept – A month ago, my car was hacked and stolen in the middle of the night. So, for the first (and hopefully last) time, I’m the subject of my own article.
• Leak of Acer Philippines employee database appears on hacking forum – An attacker called “ph1ns” posted a link on a hacking forum to a stolen database containing employee attendance data from Acer Philippines. The database reportedly included workers’ names, usernames, passwords, roles, departments, employer’s name, birthdates, mobile numbers, and email addresses.
• International Monetary Fund email accounts hacked in cyberattack – The International Monetary Fund (IMF) disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year.

Podcasts

Smashing Security – 363: Stuck streaming sticks, TikTok conspiracies, and spying cars