Every week I publish a post containing the progress and learning that I did in the past week. Still no podcasts this week. I really have to find some time to fit those in! I miss them!

Webinars

• SANS – 2023 Report: Digital Forensics – 5/10/23 – This webcast aims to dissect some of these disciplines and get a feel from the experts why they chose their specific field and what it takes to thrive as a practitioner in niche forensic fields.

Articles

• MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web – The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company’s private code signing keys on their dark website.
• QR codes used in fake parking tickets, surveys to steal your money – A woman in Singapore reportedly lost $20,000 after using a QR code to fill out a “survey” at a bubble tea shop, whereas cases of fake car parking citations with QR codes targeting drivers have been observed in the U.S. and the U.K.
• Uber’s ex-CSO avoids prison after data breach cover up – After covering up a data breach that impacted the personal records of 57 million Uber passengers and drivers, the company’s former Chief Security Officer has been found guilty and sentenced by a US federal judge.
• 1M NextGen Patient Records Compromised in Data Breach – BlackCat ransomware operators reportedly stole the sensitive data
• FBI seizes 13 more domains linked to DDoS-for-hire services – The U.S. Justice Department announced today the seizure of 13 more domains linked to DDoS-for-hire platforms, also known as ‘booter’ or ‘stressor’ services.
• U.S. Government Neutralizes Russia’s Most Sophisticated Snake Cyber Espionage Tool – The U.S. government on Tuesday announced the court-authorized disruption of a global network compromised by an advanced malware strain known as Snake wielded by Russia’s Federal Security Service (FSB).
• Top 5 Password Cracking Techniques Used by Hackers – An overview of password cracking, discuss the importance of strong passwords, and detail the top 5 password cracking techniques hackers use.
• Hacker ‘PlugwalkJoe’ pleads guilty to 2020 Twitter breach – Joseph James O’Connor, aka ‘PlugwalkJoke,’ has pleaded guilty to multiple cybercrime offenses, including SIM swapping attacks, cyberstalking, computer hacking, and hijacking high-profile accounts on Twitter and TikTok.
• Food distribution giant Sysco warns of data breach after cyberattack – On March 5, 2023, Sysco became aware of a cybersecurity event perpetrated by a threat actor believed to have begun on January 14, 2023, in which the threat actor gained access to our systems without authorization and claimed to have acquired certain data
• Spanish Police Takes Down Massive Cybercrime Ring, 40 Arrested – The National Police of Spain said it arrested 40 individuals for their alleged involvement in an organized crime gang called Trinitarians.
• Google brings dark web monitoring to all U.S. Gmail users – Google announced today that all Gmail users in the United States will soon be able to use the dark web report security feature to discover if their email address has been found on the dark web.
• North Korean hackers breached major hospital in Seoul to steal data – The Korean National Police Agency (KNPA) warned that North Korean hackers had breached the network of one of the country’s largest hospitals, Seoul National University Hospital (SNUH), to steal sensitive medical information and personal details.
• Billy Corgan Paid Off Hacker Who Threatened to Leak New Smashing Pumpkins Songs – Corgan got FBI involved to track down the cybercriminal, who had stolen from other artists as well, he said.
• Toyota: Car location data of 2 million customers exposed for ten years – Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023.
• Six years prison for ex-Ubiquiti staffer who stole data and attempted to extort millions of dollars – A former software engineer at Ubiquit Networks has been sent to prison for six years after stealing gigabytes of data from the firm, attempting to extort millions of dollars, and harming the company’s reputation in the media.

Podcasts

• No podcasts this week.

Projects

TryHackMe – Completed the first Snort room in the SOC Analyst training path.