Every week I download what I learn here on this site. I am teaching myself cybersecurity. On these updates, I share what I’m reading and doing to increase my cybersecurity skills.

Articles

• Hackers Steal $20 Million by Exploiting Flaw in Revolut’s Payment Systems – Malicious actors exploited an unknown flaw in Revolut’s payment systems to steal more than $20 million of the company’s funds in early 2022.
• Razer investigates data breach claims, resets user sessions – Gaming gear company Razer reacted to recent rumors of a massive data breach with a short statement on Twitter, letting users know that they started an investigation into the matter.
• Banking Firms Under Attack by Sophisticated ‘Toitoin’ Campaign – An attack involves a multi-stage infection chain with custom malware hosted on Amazon EC2 that ultimately steals critical system and browser data; so far, targets have been located in Latin America.
• Beware of Big Head Ransomware: Spreading Through Fake Windows Updates – A developing piece of ransomware called Big Head is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers.
• Microsoft: Chinese hackers breached US govt Exchange email – A Chinese hacking group has breached the email accounts of more than two dozen organizations worldwide, including U.S. and Western European government agencies, according to Microsoft.
• TeamTNT’s Silentbob Botnet Infecting 196 Hosts in Cloud Attack Campaign – As many as 196 hosts have been infected as part of an aggressive cloud campaign mounted by the TeamTNT group called Silentbob.
• USB drive malware attacks spiking again in first half of 2023 – What’s old is new again, with researchers seeing a threefold increase in malware distributed through USB drives in the first half of 2023.
• AIOS WordPress Plugin Faces Backlash for Storing User Passwords in Plain Text – All-In-One Security (AIOS), a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users’ passwords being added to the database in plaintext format.
• Colorado State University says data breach impacts students, staff – Colorado State University (CSU) has confirmed that the Clop ransomware operation stole sensitive personal information of current and former students and employees during the recent MOVEit Transfer data-theft attacks.

Podcasts

• Smashing Security 330: Deepfake Martin Lewis, and a deadly jog in the park

Projects

Try Hack Me – SOC Level 1

• Wireshark: Traffic Analysis