Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress
• TryHackMe – Steel Mountain

Videos

Articles

• About a quarter million Comcast subscribers had their data stolen from debt collector – Cable giant says ransomware involved, FBCS keeps schtum
• To catch a predator admin: the power of OSINT – This #OpChildSafety investigation began on March 12th, 2024, when one of my threat researchers from W1nterStorm, whom I shall refer to by the alias CR-2 (Confidential Researcher), discovered a Facebook group called ‘Modeling 4 Kidz’ that was not what it appeared to be. This was the same Facebook group where CR-2 initially uncovered the CSAM (Child Sexual Abuse Material) network we named Hydra.
• China-linked Group Salt Typhoon Hacked Us Broadband Providers and Breached Wiretap Systems – China-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data.
• Critical Infrastructure: The latest target for cybercriminals? – How to protect critical infrastructure from cyber threats
• American Water, the largest water utility in US, is targeted by a cyberattack – The largest regulated water and wastewater utility company in the United States announced Monday that it was the victim of a cyberattack, prompting the firm to pause billing to customers.
• The FBIs favorite pants-maker exposes users’ payment cards – Popular US tactical equipment brand and retailer 5.11 Tactical has suffered a data breach impacting tens of thousands of its customers.
• Huge hack shuts down Russian online state media on Putin’s birthday – A Ukrainian official said the cyberattack was waged to congratulate Vladimir Putin who turned 72 on Monday
• Marriott agrees to pay $52 million settlement after multiple data breaches – The hotel chain and its Starwood subsidiary were hacked three times between 2014 and 2020.
• The Internet Archive slammed by DDoS attack and data breach – The Internet Archive, the nonprofit organization that digitizes and archives materials like web pages, came under attack Wednesday
• Fidelity Data Breach Exposed Customer Information – Fidelity Investments is notifying 77,000 individuals that their personal information was compromised in a data breach.

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Kenobi – Complete
• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress

Videos

Articles

• Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps – During a distributed denial-of-service campaign targeting organizations in the financial services, internet, and telecommunications sectors, volumetric attacks peaked at 3.8 terabits per second, the largest publicly recorded to date.
• T-Mobile pays $31.5 million FCC settlement over 4 data breaches – The Federal Communications Commission (FCC) announced a $31.5 million settlement with T-Mobile over multiple data breaches that compromised the personal information of millions of U.S. consumers.
• Rackspace internal monitoring web servers hit by zero-day – Intruders accessed machines via tool bundled with ScienceLogic, ‘limited’ info taken, customers told not to worry
• College students used Meta’s smart glasses to dox people in real time – The demo highlights the dark side of AR glasses.
• Hacking Kia: Remotely Controlling Cars With Just a License Plate – On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate.
• U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown – Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country.
• Transport for London Cyber Attack – A cyber attack on Transport for London (TfL) has disrupted pay-as-you-go ticket services and other systems. A 17-year-old from England has been arrested in connection with the incident.
• LockBit Ransomware Group Crackdown – Europol’s latest operation against the LockBit ransomware group resulted in four arrests, server seizures, and financial sanctions across 12 countries

Each week I publish interesting articles and ways to improve your understanding of cybersecurity. This week Cybernews says that one-third of the US population’s background info is now public!

Projects

• TryHackMe – Basic Pentesting – Complete
• TryHackMe – Kenobi – In Progress
• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress

Videos

Articles

• German authorities dismantled Boystown, a notorious Dark Web platform for CSAM, by deanonymizing Tor users in 2021. This breakthrough raises concerns over Tor’s privacy as law enforcement targets criminal activities on the Dark Web.
• Dell investigates data breach claims after hacker leaks employee info – Dell has confirmed to BleepingComputer that they are investigating recent claims that it suffered a data breach after a threat actor leaked the data for over 10,000 employees.
• Kansas water plant cyberattack forces switch to manual operations – Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning.
• One-third of the US population’s background info is now public – Cybernews exclusive research has revealed that a massive data leak at MC2 Data, a background check firm, affects a staggering amount of US citizens.
• Kaspersky deletes itself, installs UltraAV antivirus without warning – UltraAV force-installed on Kaspersky users’ PCs

Podcasts

Each week I publish interesting articles and ways to improve your understanding of cybersecurity. How much does a data breach cost? It could cost you 13 million as AT&T found out this week.

Projects

• TryHackMe – Vulnversity – Complete
• TryHackMe – Basic Pentesting – In Progress
• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress

Videos

Articles

• What Giant Data Breaches Mean for You – The security expert who created Have I Been Pwned? shares advice for protecting sensitive data
• Fortinet confirms data breach after hacker claims to steal 440GB of files – Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company’s Microsoft Sharepoint server.
• 23andMe to pay $30 million in genetics data breach settlement – DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023
• Ex-CIA officer jailed for 10 years as spy for China – A former CIA officer has been sentenced to 10 years in prison for spying for the Chinese government.
• A disgruntled employee at a US industrial firm deleted backups and locked IT admins out of workstations in a failed data extortion attempt – Daniel Rhyne tried to extort his former employee for $750,000 before being tracked down by law enforcement
• What we know about the Hezbollah pager explosions – Thousands of people have been injured in Lebanon, after pagers used by the armed group Hezbollah to communicate dramatically exploded almost simultaneously across the country on Tuesday.
  • The Mystery of Hezbollah’s Deadly Exploding Pagers – At least 11 people have been killed and nearly 2,800 people have been injured in Lebanon by exploding pagers. Experts say the blasts point toward a supply chain compromise, not a cyberattack.
• Ticketmaster boss who repeatedly hacked rival firm sentenced – A former boss of Ticketmaster has been sentenced after pleading guilty to illegally accessing computer servers of a rival company and stealing sensitive business information.
• Chinese Man Charged for Spear-phishing Against Nasa and Us Government – US DoJ charged a Chinese national who used spear-phishing emails to obtain sensitive info from NASA, the U.S. Air Force, Navy, Army, and the FAA.
• AT&T to Pay $13 Million in Settlement Over 2023 Data Breach – AT&T has agreed to pay $13 million in a settlement with the FCC over a 2023 data breach at a third-party vendor’s cloud environment.
• Cops across the world arrest 51 in orchestrated takedown of Ghost crime platform – Italian mafia mobsters and Irish crime families scuppered by international cops
• Ivanti’s Cloud Service Appliance Attacked via Second Vuln – The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).
• Disney ditching Slack after massive July data breach – The Walt Disney Company is reportedly ditching Slack after a July data breach exposed over 1TB of confidential messages and files posted to the company’s internal communication channels.

Podcasts

• No Such Podcast – How We Found Bin Laden: The Basics of Foreign Signals Intelligence

Every week I publish interesting articles and ways to improve your understanding of cybersecurity. This week Transport for London (TfL) disclosed that they were hacked.

Projects

• TryHackMe – Linux PrivEsc – Complete
• TryHackMe – Vulnversity – In Progress
• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress

Videos

• https://youtu.be/5GLNKHJCSkg?si=Zd4IaGBeG_ZhlWvB (Embed disabled)

Articles

• New RAMBO attack steals data using RAM in air-gapped computers – A novel side-channel attack dubbed “RAMBO” (Radiation of Air-gapped Memory Bus for Offense) generates electromagnetic radiation from a device’s RAM to send data from air-gapped computers.
• Lowe’s employees phished via Google ads – In mid-August, we identified a malvertising campaign targeting Lowes employees via Google ads. Like many large corporations, Lowe’s has their own employe portal called MyLowesLife, for all matters related to schedule, pay stubs, or benefits.
• Car Rental Company Avis Discloses a Data Breach – Car rental giant Avis disclosed a data breach that impacted one of its business applications in August compromising customers’ personal information.
• Russia’s top-secret military unit reportedly plots undersea cable ‘sabotage’ – US alarmed by heightened Kremlin naval activity worldwide
• Cyber crooks shut down UK, US schools, thousands of kids affected – No class: Black Suit ransomware gang boasts of 200GB haul from one raid
• Transport for London confirms customer data stolen in cyberattack – Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses.

Podcasts

Every week I publish interesting articles and ways to improve your understanding of cybersecurity. This week learn about a former aide to New York Gov. Kathy Hochul and former Gov. Andrew Cuomo was charged with acting as an agent for the Chinese government.

Projects

• TryHackMe – Linux PrivEsc – In Progress
• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress
• Insider Threat Hunting: Detecting and Responding to Internal Security Risks – Complete

Videos

Articles

• Green Berets storm building after compromising its Wi-Fi – US Army Special Forces, aka the Green Berets, have been demonstrating their ability to use offensive cyber-security tools in the recent Swift Response 24 military exercises in May, the military has now confirmed.
• New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access – Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system’s permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework.
• NGate Android malware relays NFC traffic to steal cash – Android malware discovered by ESET Research relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.
• City of Columbus sues man after he discloses severity of ransomware attack – Mayor said data was unusable to criminals; researcher proved otherwise.
• WiFi Signals Used To “See” People Inside Rooms – WiFi sensing could provide a low cost way to monitor vulnerable people at home with greater privacy than cameras. But the technique raises its own set of privacy issues.
• Former aide to New York governors charged with acting as an agent of the Chinese government – A former aide to New York Gov. Kathy Hochul and former Gov. Andrew Cuomo was charged with acting as an agent for the Chinese government, US Attorney Breon Peace announced Tuesday.
• YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel – Sophisticated attack breaks security assurances of the most popular FIDO key.
• DICK’S shuts down email, locks employee accounts after cyberattack – email systems had been shut down, likely to isolate the attack, and all employees had been locked out of their accounts. IT staff is now manually validating employees’ identities on camera before they can regain access to internal systems.
• Crypto scammers who hacked McDonald’s Instagram account say they stole $700,000 – Hackers who seized control of the official Instagram account of McDonald’s claim that they managed to steal US $700,000 from unsuspecting investors by promoting a fake cryptocurrency.
• Employee arrested for locking Windows admins out of 254 servers in extortion plot – A former core infrastructure engineer at an industrial company headquartered in Somerset County, New Jersey, was arrested after locking Windows admins out of 254 servers in a failed extortion plot targeting his employer.
• Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team – Unit 29155 of Russia’s GRU military intelligence agency—a team responsible for coup attempts, assassinations, and bombings—has branched out into brazen hacking operations with targets across the world.
• Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data – 16 comment bubble on white 93GB of info feared pilfered in Montana by heartless crooks
• Leaked Disney Data Reveals Financial and Strategy Secrets – Data trove sheds light on operations, exposes personal data of some staff and customers

Podcasts

• Cyberwire Daily – Ep 2143 | 9.4.24 From secure to clone-tastic.
• Smashing Security 383: The Godfather club, and AirTags to the rescue

Every week I publish interesting articles and ways to improve your understanding of cybersecurity. This week learn about Chinese hackers penetrating US internet providers and OpenAI hiring insider threat positions to watch their own employees.

Projects

• TryHackMe – Linux PrivEsc – In Progress
• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress

Videos

Articles

• Halliburton shuts down systems after cyberattack – Oil drilling and fracking giant Halliburton said it has shut down some of its internal systems following a cyberattack earlier this week.
• Slack AI can be tricked into leaking data from private channels via prompt injection – Whack yakety-yak app chaps rapped for security crack
• Audit finds notable security gaps in FBI’s storage media management – An audit from the Department of Justice’s Office of the Inspector General (OIG) identified “significant weaknesses” in FBI’s inventory management and disposal of electronic storage media containing sensitive and classified information.
• France Police Arrested Telegram Ceo Pavel Durov – French police arrested Pavel Durov, founder and chief executive of Telegram, due to the lack of content moderation that advantaged criminal activity.
• A Cyberattack Impacted Operations at the Port of Seattle and Sea-tac Airport – A cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport, websites and phone systems were impacted.
• Chinese government hackers penetrate U.S. internet providers to spy – Beijing’s hacking effort has “dramatically stepped up from where it used to be,” says former top U.S cybersecurity official.
• OpenAI is hiring someone to investigate its own employees – At OpenAI, the security threat may be coming from inside the house. The company recently posted a job listing for a technical insider risk investigator to “fortify our organization against internal security threats.”
• DICK’s Sporting Goods says confidential data exposed in cyberattack – DICK’S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that confidential information was exposed in a cyberattack detected last Wednesday.
• Remote Work: A Ticking Time Bomb Waiting to be Exploited – Remote work allows unvetted software outside the security boundaries of your firewall and poses additional risk as users are more likely to fall for tricks and scams when outside the office.
• Hacker Tried to Dodge Child Support by Breaking Into Registry to Fake His Death, Prosecutors Say – Kentucky man attempted to fake his death to avoid paying child support obligations by hacking into state registries and falsifying official records.
• Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks – Suspected Russian hackers have compromised a series of websites to utilize sophisticated spyware exploits that are eerily similar to those created by NSO Group and Intellexa.
• Phishing in Style: Microsoft Sway Abused to Deliver Quishing Attacks – In July 2024, Netskope Threat Labs tracked a 2,000-fold increase in traffic to phishing pages delivered through Microsoft Sway
• The Emerging Dynamics of Deepfake Scam Campaigns on the Web – Our researchers discovered dozens of scam campaigns using deepfake videos featuring the likeness of various public figures, including CEOs, news anchors and top government officials.
• New Malware Employs Crazy Obfuscation Techniques to Evade Anti-Virus Detection – Security researchers have recently identified a new malware strain that employs advanced obfuscation techniques to evade detection by antivirus software.
• Park’N Fly notifies 1 million customers of data breach – Park’N Fly is warning that a data breach exposed the personal and account information of 1 million customers in Canada after hackers breached its network.
• Bypassing airport security via SQL injection – we tried a single quote in the username as a SQL injection test, and immediately received a MySQL error
• Unpatchable 0-day in surveillance cam is being exploited to install Mirai – Vulnerability is easy to exploit and allows attackers to remotely execute commands.

Podcasts

Every week I publish interesting articles and ways to improve your understanding of cybersecurity. This week learn about National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online.

Projects

• TryHackMe – Metasploit: Meterpreter – Complete
• TryHackMe – Blue – Complete
• TryHackMe – Linux PrivEsc – In Progress
• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress

Videos

https://youtu.be/GsjHMzGl-VY?si=Gr7IdUUPVobcBfVp

Whitepapers

• NOIR: A White Paper, Part 1 & 2— Proposing a New Policy for Improving National Security by Fixing the Problem of Insider Spies by Dr. David L. Charney, Psychiatrist
• Case Study: Pinterest – Pinning Its Past, Present, and Future on Cloud Native

Articles

• Iranian group used ChatGPT to try to influence US election, OpenAI says – AI company bans accounts and says operation did not appear to have meaningful audience engagement
• Russian spy agency hackers breach human rights groups, victims say – Traditional phishing attacks aimed to break into organizations advocating for Russian dissidents, among others.
• Malicious Links, AI-Enabled Tools and Attacks on SMBs Among Top Cybersecurity Threats in H1 Mimecast Global Threat Intelligence Report – Mimecast, a leading global Human Risk Management platform, today published its Global Threat Intelligence Report 2024 H1, revealing malicious links and AI-driven bots in call centers to be among the greatest threats to cybersecurity defenses, with small businesses bearing the brunt of attacks.
• Toyota Customer, Employee Data Leaked in Confirmed Data Breach – The company has released little information on the breach, but claims it’s been in contact with the individuals affected.
• Major Backdoor in Millions of RFID Cards Allows Instant Cloning – Backdoor in millions of contactless cards made by Shanghai Fudan Microelectronics allows instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world.
• Chinese Wi-Fi Router Vendor Draws US Congressional Ire – Two congressmen want the US Commerce Department to examine the company’s goods and decide if they pose a threat
• Oregon Zoo warns visitors their credit card details were stolen – Oregon Zoo is informing that visitors who purchased tickets online between December and June had their payment card information compromised.
• National Public Data Published Its Own Passwords – National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.

Podcasts

Every week I publish interesting articles and ways to improve your understanding of cybersecurity. This week learn about the 2.7 billion social security numbers that were stolen by hackers.

Projects

• TryHackMe – Metasploit: Meterpreter – In Progress

Whitepapers

• Insider Threat Statistics: (2024’s Most Shocking Trends)

Videos

Articles

• Vulnerability Allowed Eavesdropping via Sonos Smart Speakers – Sonos has patched vulnerabilities in its smart speakers, including a serious flaw that could have been exploited to eavesdrop on users.
• Almost unfixable “Sinkclose” bug affects hundreds of millions of AMD chips – Worse-case scenario: “You basically have to throw your computer away.”
• Hackers leak 2.7 billion data records with Social Security numbers – Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases.
• Inside the “3 Billion People” National Public Data Breach – the data contains first and last names, addresses and SSNs
• We received internal Trump documents from ‘Robert.’ Then the campaign confirmed it was hacked. – The campaign suggested Iran was to blame. POLITICO has not independently verified the identity of the hacker or their motivation.
• The nation’s best hackers found vulnerabilities in voting machines — but no time to fix them – Organizers and participants at the DEF CON Voting Village found cyber vulnerabilities in everything from voting machines to e-poll books, but there is no time before the November elections to fully implement their findings.
• Google Disrupts Iranian Hacking Activity Targeting US Presidential Election – Google says it blocked Iranian APT42 hackers from accessing the personal email accounts of individuals affiliated with the US elections.
• Russian Sentenced to Prison in US for Selling Stolen Information – Georgy Kavzharadze was sentenced to prison in the US for selling stolen financial, login, and personal information on an online cybercriminal marketplace.
• UK Royal Family, Prime Minister Deepfakes Make Rounds on Meta – According to the researchers, roughly 250 fake advertisements appeared on platforms like Facebook and Instagram, and some are reportedly still up and running.
• Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA – SecurityWeek spoke with Mike Britton, CISO at Abnormal Security, to understand what the company has learned about current social engineering and phishing attacks.
• DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals – The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landscape of cyber threats. Here, we share a selection of findings from the full report.
• Elon Musk Says Cyberattack Crashed Site Ahead of Trump Livestream Interview – Elon Musk says a cyberattack impacted a livestream interview with US Presidential candidate Donald Trump on the X social media platform.

Podcasts

Every week I publish interesting articles and ways to improve your understanding of cybersecurity. This week learn about the 38-year-old from Nashville, running a “laptop farm” to help get North Koreans remote jobs with American and British companies.

Projects

• TryHackMe – Metasploit: Exploitation – Complete
• TryHackMe – Metasploit: Meterpreter – In Progress

Whitepapers

• Common Sense Guide to Mitigating Insider Threats, Seventh Edition

Videos

https://youtu.be/1xkFEd-_Ihk?si=SJ34lc3XeziPX_WE

Articles

• DOJ Charges Nashville Man for Helping North Koreans Get U.S. Tech Jobs – The U.S. Department of Justice (DoJ) on Thursday charged a 38-year-old individual from Nashville, Tennessee, for allegedly running a “laptop farm” to help get North Koreans remote jobs with American and British companies.
• INTERPOL Recovers $41 Million in Largest Ever BEC Scam in Singapore – INTERPOL said it devised a “global stop-payment mechanism” that helped facilitate the largest-ever recovery of funds defrauded in a business email compromise (BEC) scam.
• Thousands of Devices Wiped Remotely Following Mobile Guardian Hack – Hackers targeted MDM firm Mobile Guardian and remotely wiped thousands of devices, but there is no evidence of data compromise.
• France’s Grand Palais discloses cyberattack during Olympic games – The Grand Palais Réunion des musées nationaux (Rmn) in France is warning that it suffered a cyberattack on Saturday night, August 3, 2024.
• Suspicious Minds: Insider Threats in The SaaS World – Everyone loves the double-agent plot twist in a spy movie, but it’s a different story when it comes to securing company data. Whether intentional or unintentional, insider threats are a legitimate concern. According to CSA research, 26% of companies who reported a SaaS security incident were struck by an insider.
• ADT confirms data breach after customer info leaked on hacking forum – American building security giant ADT confirmed it suffered a data breach after threat actors leaked allegedly stolen customer data on a popular hacking forum.
• USPS Text Scammers Duped His Wife, So He Hacked Their Operation – The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities.
• Microsoft discloses Office zero-day, still working on a patch – Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch.

Podcasts