Every week I publish a post containing the progress and learning that I did in the past week. I was sick this week, but still made some good progress.
- Hackers use fake ‘Windows Update’ guides to target Ukrainian govt – CERT-UA believes that the Russian state-sponsored hacking group APT28 (aka Fancy Bear) sent these emails and impersonated system administrators of the targeted government entities to make it easier to trick their targets.
- Hackers leak images to taunt Western Digital’s cyberattack response – BlackCat, has published screenshots of internal emails and video conferences stolen from Western Digital, indicating they likely had continued access to the company’s systems even as the company responded to the breach.
- Vietnamese Threat Actor Infects 500,000 Devices Using ‘Malverposting’ Tactics – A Vietnamese threat actor has been attributed as behind a “malverposting” campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as S1deload Stealer and SYS01stealer.
- Cold storage giant Americold outage caused by network breach – Americold, a leading cold storage and logistics company, has been facing IT issues since its network was breached on Tuesday night.
- ViperSoftX info-stealing malware now targets password managers – A new version of the ViperSoftX information-stealing malware has been discovered with a broader range of targets, including targeting the KeePass and 1Password password managers.
- T-Mobile discloses second data breach since the start of 2023 – T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds of customers for more than a month, starting late February 2023.
- FBI Focuses on Cybersecurity With $90M Budget Request – Never before has cyber been higher on the FBI’s list of priorities. Will more money allow the Feds to make a greater impact?
- International police just made a huge dark web bust – Operation SpecTor spanned nine countries and brought down the illegal dark web marketplace Monopoly Market.
- FBI seizes 9 crypto exchanges used to launder ransomware payments – The FBI and Ukrainian police have seized nine cryptocurrency exchange websites that facilitated money laundering for scammers and cybercriminals, including ransomware actors.
- CFPB says employee breached data of 250,000 consumers in ‘major incident’ – CFPB spokesperson Sam Gilford said the bureau has referred the matter to the inspector general and is “taking appropriate action to address this incident.”
- City of Dallas hit by ransomware attack impacting IT services – The City of Dallas, Texas, has suffered a ransomware attack, causing it to shut down some of its IT systems to prevent the attack’s spread.
- Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts – Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI’s ChatGPT as a lure to propagate about 10 malware families since March 2023.
- Russian hackers use WinRAR to wipe Ukraine state agency’s data – when WinRar is executed, the threat actors use the “-df” command-line option, which automatically deletes files as they are archived. The archives themselves were then deleted, effectively deleting the data on the device.
- Judge Spares Former Uber CISO Jail Time Over 2016 Data Breach Charges – Tell other CISO’s “you got a break,” judge says in handing down a three-year probation sentence to Joseph Sullivan.
- No time for podcasts this week.
- New Term: Malverposting refers to the use of promoted social media posts on services like Facebook and Twitter to mass propagate malicious software and other security threats. The idea is to reach a broader audience by paying for ads to “amplify” their posts.
- Splunk Training: Completed “Working with Time”
- Installed Splunk on Ubuntu VM and uploaded data to Splunk
- LinkedIn – Learning VirtualBox