In the past month, the Internet Archive has faced significant cybersecurity challenges, including a major attack on October 9, 2024, that involved a DDoS assault, a data breach affecting 31 million user accounts, and website defacement. This prompted a temporary shutdown of the site for security enhancements. However, on October 20, hackers exploited unrotated API tokens to access its support platform, risking sensitive user data. These incidents have raised concerns about the Archive’s ability to safeguard user information and highlighted the increasing cybersecurity threats to digital libraries worldwide.

Projects

• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress
• TryHackMe – Steel Mountain – Complete
• TryHackMe – Splunk: Exploring SPL – In Progress

Videos

Articles

• Pokémon Developer Game Freak Reportedly Hacked, Stolen Data on Unannounced Games as Well as Nintendo Switch 2 Codename Leaked Online – The company said its server was illegally accessed, with 2,606 cases of current, former, and contract employee names and email addresses accessed.
• Hackers took over robovacs to chase pets and yell slurs – Ecovacs blamed a “credential stuffing event” for Deebot X2 Omni robot vacuums that were commandeered to spew hateful words.
• FBI created a cryptocurrency so it could watch it being abused – It worked – alleged pump and dump schemers arrested in UK, US and Portugal this week
• EU Adopts Cyber Resilience Act for Connected Devices – The European Union Council has officially adopted the Cyber Resilience Act (CRA) which will introduce EU-wide cybersecurity requirements for products with digital elements.
• OpenAI confirms threat actors use ChatGPT to write malware – OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks.
• Five Tips For Preventing Insider Threats In Your Business – Insider threats represent one of the most significant security challenges for businesses today.
• Casio confirms customer data compromised in ransomware attack – Casio first confirmed on October 7 it had been hit by a cyberattack, but at the time did not reveal the nature of the incident that caused unspecified “system disruption” across the company. In an updated statement on Friday, the Tokyo-based electronics giant confirmed that it had been the victim of ransomware.
• Medical data of almost 400,000 Americans stolen – A supply-chain attack struck Gryphon Healthcare and an unnamed partner
• Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World – A federal grand jury indictment unsealed today charges two Sudanese nationals with operating and controlling Anonymous Sudan, an online cybercriminal group responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks against critical infrastructure, corporate networks, and government agencies in the United States and around the world.
• Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign – Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems.
• Hackers steal information from 31 million Internet Archive users – A hack this month on the world’s largest archive of the internet — whose mission is to provide “universal access to all knowledge” — has compromised millions of users’ information and forced a temporary shutdown of its services.

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress
• TryHackMe – Steel Mountain

Videos

Articles

• About a quarter million Comcast subscribers had their data stolen from debt collector – Cable giant says ransomware involved, FBCS keeps schtum
• To catch a predator admin: the power of OSINT – This #OpChildSafety investigation began on March 12th, 2024, when one of my threat researchers from W1nterStorm, whom I shall refer to by the alias CR-2 (Confidential Researcher), discovered a Facebook group called ‘Modeling 4 Kidz’ that was not what it appeared to be. This was the same Facebook group where CR-2 initially uncovered the CSAM (Child Sexual Abuse Material) network we named Hydra.
• China-linked Group Salt Typhoon Hacked Us Broadband Providers and Breached Wiretap Systems – China-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data.
• Critical Infrastructure: The latest target for cybercriminals? – How to protect critical infrastructure from cyber threats
• American Water, the largest water utility in US, is targeted by a cyberattack – The largest regulated water and wastewater utility company in the United States announced Monday that it was the victim of a cyberattack, prompting the firm to pause billing to customers.
• The FBIs favorite pants-maker exposes users’ payment cards – Popular US tactical equipment brand and retailer 5.11 Tactical has suffered a data breach impacting tens of thousands of its customers.
• Huge hack shuts down Russian online state media on Putin’s birthday – A Ukrainian official said the cyberattack was waged to congratulate Vladimir Putin who turned 72 on Monday
• Marriott agrees to pay $52 million settlement after multiple data breaches – The hotel chain and its Starwood subsidiary were hacked three times between 2014 and 2020.
• The Internet Archive slammed by DDoS attack and data breach – The Internet Archive, the nonprofit organization that digitizes and archives materials like web pages, came under attack Wednesday
• Fidelity Data Breach Exposed Customer Information – Fidelity Investments is notifying 77,000 individuals that their personal information was compromised in a data breach.

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Kenobi – Complete
• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress

Videos

Articles

• Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps – During a distributed denial-of-service campaign targeting organizations in the financial services, internet, and telecommunications sectors, volumetric attacks peaked at 3.8 terabits per second, the largest publicly recorded to date.
• T-Mobile pays $31.5 million FCC settlement over 4 data breaches – The Federal Communications Commission (FCC) announced a $31.5 million settlement with T-Mobile over multiple data breaches that compromised the personal information of millions of U.S. consumers.
• Rackspace internal monitoring web servers hit by zero-day – Intruders accessed machines via tool bundled with ScienceLogic, ‘limited’ info taken, customers told not to worry
• College students used Meta’s smart glasses to dox people in real time – The demo highlights the dark side of AR glasses.
• Hacking Kia: Remotely Controlling Cars With Just a License Plate – On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate.
• U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown – Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country.
• Transport for London Cyber Attack – A cyber attack on Transport for London (TfL) has disrupted pay-as-you-go ticket services and other systems. A 17-year-old from England has been arrested in connection with the incident.
• LockBit Ransomware Group Crackdown – Europol’s latest operation against the LockBit ransomware group resulted in four arrests, server seizures, and financial sanctions across 12 countries

Each week I publish interesting articles and ways to improve your understanding of cybersecurity. This week Cybernews says that one-third of the US population’s background info is now public!

Projects

• TryHackMe – Basic Pentesting – Complete
• TryHackMe – Kenobi – In Progress
• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress

Videos

Articles

• German authorities dismantled Boystown, a notorious Dark Web platform for CSAM, by deanonymizing Tor users in 2021. This breakthrough raises concerns over Tor’s privacy as law enforcement targets criminal activities on the Dark Web.
• Dell investigates data breach claims after hacker leaks employee info – Dell has confirmed to BleepingComputer that they are investigating recent claims that it suffered a data breach after a threat actor leaked the data for over 10,000 employees.
• Kansas water plant cyberattack forces switch to manual operations – Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning.
• One-third of the US population’s background info is now public – Cybernews exclusive research has revealed that a massive data leak at MC2 Data, a background check firm, affects a staggering amount of US citizens.
• Kaspersky deletes itself, installs UltraAV antivirus without warning – UltraAV force-installed on Kaspersky users’ PCs

Podcasts

Each week I publish interesting articles and ways to improve your understanding of cybersecurity. How much does a data breach cost? It could cost you 13 million as AT&T found out this week.

Projects

• TryHackMe – Vulnversity – Complete
• TryHackMe – Basic Pentesting – In Progress
• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress

Videos

Articles

• What Giant Data Breaches Mean for You – The security expert who created Have I Been Pwned? shares advice for protecting sensitive data
• Fortinet confirms data breach after hacker claims to steal 440GB of files – Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company’s Microsoft Sharepoint server.
• 23andMe to pay $30 million in genetics data breach settlement – DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023
• Ex-CIA officer jailed for 10 years as spy for China – A former CIA officer has been sentenced to 10 years in prison for spying for the Chinese government.
• A disgruntled employee at a US industrial firm deleted backups and locked IT admins out of workstations in a failed data extortion attempt – Daniel Rhyne tried to extort his former employee for $750,000 before being tracked down by law enforcement
• What we know about the Hezbollah pager explosions – Thousands of people have been injured in Lebanon, after pagers used by the armed group Hezbollah to communicate dramatically exploded almost simultaneously across the country on Tuesday.
  • The Mystery of Hezbollah’s Deadly Exploding Pagers – At least 11 people have been killed and nearly 2,800 people have been injured in Lebanon by exploding pagers. Experts say the blasts point toward a supply chain compromise, not a cyberattack.
• Ticketmaster boss who repeatedly hacked rival firm sentenced – A former boss of Ticketmaster has been sentenced after pleading guilty to illegally accessing computer servers of a rival company and stealing sensitive business information.
• Chinese Man Charged for Spear-phishing Against Nasa and Us Government – US DoJ charged a Chinese national who used spear-phishing emails to obtain sensitive info from NASA, the U.S. Air Force, Navy, Army, and the FAA.
• AT&T to Pay $13 Million in Settlement Over 2023 Data Breach – AT&T has agreed to pay $13 million in a settlement with the FCC over a 2023 data breach at a third-party vendor’s cloud environment.
• Cops across the world arrest 51 in orchestrated takedown of Ghost crime platform – Italian mafia mobsters and Irish crime families scuppered by international cops
• Ivanti’s Cloud Service Appliance Attacked via Second Vuln – The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).
• Disney ditching Slack after massive July data breach – The Walt Disney Company is reportedly ditching Slack after a July data breach exposed over 1TB of confidential messages and files posted to the company’s internal communication channels.

Podcasts

• No Such Podcast – How We Found Bin Laden: The Basics of Foreign Signals Intelligence

Every week I publish interesting articles and ways to improve your understanding of cybersecurity. This week Transport for London (TfL) disclosed that they were hacked.

Projects

• TryHackMe – Linux PrivEsc – Complete
• TryHackMe – Vulnversity – In Progress
• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress

Videos

• https://youtu.be/5GLNKHJCSkg?si=Zd4IaGBeG_ZhlWvB (Embed disabled)

Articles

• New RAMBO attack steals data using RAM in air-gapped computers – A novel side-channel attack dubbed “RAMBO” (Radiation of Air-gapped Memory Bus for Offense) generates electromagnetic radiation from a device’s RAM to send data from air-gapped computers.
• Lowe’s employees phished via Google ads – In mid-August, we identified a malvertising campaign targeting Lowes employees via Google ads. Like many large corporations, Lowe’s has their own employe portal called MyLowesLife, for all matters related to schedule, pay stubs, or benefits.
• Car Rental Company Avis Discloses a Data Breach – Car rental giant Avis disclosed a data breach that impacted one of its business applications in August compromising customers’ personal information.
• Russia’s top-secret military unit reportedly plots undersea cable ‘sabotage’ – US alarmed by heightened Kremlin naval activity worldwide
• Cyber crooks shut down UK, US schools, thousands of kids affected – No class: Black Suit ransomware gang boasts of 200GB haul from one raid
• Transport for London confirms customer data stolen in cyberattack – Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses.

Podcasts

Every week I publish interesting articles and ways to improve your understanding of cybersecurity. This week learn about a former aide to New York Gov. Kathy Hochul and former Gov. Andrew Cuomo was charged with acting as an agent for the Chinese government.

Projects

• TryHackMe – Linux PrivEsc – In Progress
• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress
• Insider Threat Hunting: Detecting and Responding to Internal Security Risks – Complete

Videos

Articles

• Green Berets storm building after compromising its Wi-Fi – US Army Special Forces, aka the Green Berets, have been demonstrating their ability to use offensive cyber-security tools in the recent Swift Response 24 military exercises in May, the military has now confirmed.
• New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access – Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system’s permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework.
• NGate Android malware relays NFC traffic to steal cash – Android malware discovered by ESET Research relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.
• City of Columbus sues man after he discloses severity of ransomware attack – Mayor said data was unusable to criminals; researcher proved otherwise.
• WiFi Signals Used To “See” People Inside Rooms – WiFi sensing could provide a low cost way to monitor vulnerable people at home with greater privacy than cameras. But the technique raises its own set of privacy issues.
• Former aide to New York governors charged with acting as an agent of the Chinese government – A former aide to New York Gov. Kathy Hochul and former Gov. Andrew Cuomo was charged with acting as an agent for the Chinese government, US Attorney Breon Peace announced Tuesday.
• YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel – Sophisticated attack breaks security assurances of the most popular FIDO key.
• DICK’S shuts down email, locks employee accounts after cyberattack – email systems had been shut down, likely to isolate the attack, and all employees had been locked out of their accounts. IT staff is now manually validating employees’ identities on camera before they can regain access to internal systems.
• Crypto scammers who hacked McDonald’s Instagram account say they stole $700,000 – Hackers who seized control of the official Instagram account of McDonald’s claim that they managed to steal US $700,000 from unsuspecting investors by promoting a fake cryptocurrency.
• Employee arrested for locking Windows admins out of 254 servers in extortion plot – A former core infrastructure engineer at an industrial company headquartered in Somerset County, New Jersey, was arrested after locking Windows admins out of 254 servers in a failed extortion plot targeting his employer.
• Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team – Unit 29155 of Russia’s GRU military intelligence agency—a team responsible for coup attempts, assassinations, and bombings—has branched out into brazen hacking operations with targets across the world.
• Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data – 16 comment bubble on white 93GB of info feared pilfered in Montana by heartless crooks
• Leaked Disney Data Reveals Financial and Strategy Secrets – Data trove sheds light on operations, exposes personal data of some staff and customers

Podcasts

• Cyberwire Daily – Ep 2143 | 9.4.24 From secure to clone-tastic.
• Smashing Security 383: The Godfather club, and AirTags to the rescue

Every week I publish interesting articles and ways to improve your understanding of cybersecurity. This week learn about Chinese hackers penetrating US internet providers and OpenAI hiring insider threat positions to watch their own employees.

Projects

• TryHackMe – Linux PrivEsc – In Progress
• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress

Videos

Articles

• Halliburton shuts down systems after cyberattack – Oil drilling and fracking giant Halliburton said it has shut down some of its internal systems following a cyberattack earlier this week.
• Slack AI can be tricked into leaking data from private channels via prompt injection – Whack yakety-yak app chaps rapped for security crack
• Audit finds notable security gaps in FBI’s storage media management – An audit from the Department of Justice’s Office of the Inspector General (OIG) identified “significant weaknesses” in FBI’s inventory management and disposal of electronic storage media containing sensitive and classified information.
• France Police Arrested Telegram Ceo Pavel Durov – French police arrested Pavel Durov, founder and chief executive of Telegram, due to the lack of content moderation that advantaged criminal activity.
• A Cyberattack Impacted Operations at the Port of Seattle and Sea-tac Airport – A cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport, websites and phone systems were impacted.
• Chinese government hackers penetrate U.S. internet providers to spy – Beijing’s hacking effort has “dramatically stepped up from where it used to be,” says former top U.S cybersecurity official.
• OpenAI is hiring someone to investigate its own employees – At OpenAI, the security threat may be coming from inside the house. The company recently posted a job listing for a technical insider risk investigator to “fortify our organization against internal security threats.”
• DICK’s Sporting Goods says confidential data exposed in cyberattack – DICK’S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that confidential information was exposed in a cyberattack detected last Wednesday.
• Remote Work: A Ticking Time Bomb Waiting to be Exploited – Remote work allows unvetted software outside the security boundaries of your firewall and poses additional risk as users are more likely to fall for tricks and scams when outside the office.
• Hacker Tried to Dodge Child Support by Breaking Into Registry to Fake His Death, Prosecutors Say – Kentucky man attempted to fake his death to avoid paying child support obligations by hacking into state registries and falsifying official records.
• Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks – Suspected Russian hackers have compromised a series of websites to utilize sophisticated spyware exploits that are eerily similar to those created by NSO Group and Intellexa.
• Phishing in Style: Microsoft Sway Abused to Deliver Quishing Attacks – In July 2024, Netskope Threat Labs tracked a 2,000-fold increase in traffic to phishing pages delivered through Microsoft Sway
• The Emerging Dynamics of Deepfake Scam Campaigns on the Web – Our researchers discovered dozens of scam campaigns using deepfake videos featuring the likeness of various public figures, including CEOs, news anchors and top government officials.
• New Malware Employs Crazy Obfuscation Techniques to Evade Anti-Virus Detection – Security researchers have recently identified a new malware strain that employs advanced obfuscation techniques to evade detection by antivirus software.
• Park’N Fly notifies 1 million customers of data breach – Park’N Fly is warning that a data breach exposed the personal and account information of 1 million customers in Canada after hackers breached its network.
• Bypassing airport security via SQL injection – we tried a single quote in the username as a SQL injection test, and immediately received a MySQL error
• Unpatchable 0-day in surveillance cam is being exploited to install Mirai – Vulnerability is easy to exploit and allows attackers to remotely execute commands.

Podcasts

Every week I publish interesting articles and ways to improve your understanding of cybersecurity. This week learn about National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online.

Projects

• TryHackMe – Metasploit: Meterpreter – Complete
• TryHackMe – Blue – Complete
• TryHackMe – Linux PrivEsc – In Progress
• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress

Videos

https://youtu.be/GsjHMzGl-VY?si=Gr7IdUUPVobcBfVp

Whitepapers

• NOIR: A White Paper, Part 1 & 2— Proposing a New Policy for Improving National Security by Fixing the Problem of Insider Spies by Dr. David L. Charney, Psychiatrist
• Case Study: Pinterest – Pinning Its Past, Present, and Future on Cloud Native

Articles

• Iranian group used ChatGPT to try to influence US election, OpenAI says – AI company bans accounts and says operation did not appear to have meaningful audience engagement
• Russian spy agency hackers breach human rights groups, victims say – Traditional phishing attacks aimed to break into organizations advocating for Russian dissidents, among others.
• Malicious Links, AI-Enabled Tools and Attacks on SMBs Among Top Cybersecurity Threats in H1 Mimecast Global Threat Intelligence Report – Mimecast, a leading global Human Risk Management platform, today published its Global Threat Intelligence Report 2024 H1, revealing malicious links and AI-driven bots in call centers to be among the greatest threats to cybersecurity defenses, with small businesses bearing the brunt of attacks.
• Toyota Customer, Employee Data Leaked in Confirmed Data Breach – The company has released little information on the breach, but claims it’s been in contact with the individuals affected.
• Major Backdoor in Millions of RFID Cards Allows Instant Cloning – Backdoor in millions of contactless cards made by Shanghai Fudan Microelectronics allows instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world.
• Chinese Wi-Fi Router Vendor Draws US Congressional Ire – Two congressmen want the US Commerce Department to examine the company’s goods and decide if they pose a threat
• Oregon Zoo warns visitors their credit card details were stolen – Oregon Zoo is informing that visitors who purchased tickets online between December and June had their payment card information compromised.
• National Public Data Published Its Own Passwords – National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.

Podcasts