Welcome to another cybersecurity wrap-up! This week I caught a great webinar by Rachel Tobac, that she presented to my company (sorry, no link to share for this one).
Webinars
- Inside the Mind of a Hacker – Rachel Tobac
Articles
- Over 400,000 corporate credentials stolen by info-stealing malware – The analysis of nearly 20 million information-stealing malware logs sold on the dark web and Telegram channels revealed that they had achieved significant infiltration into business environments.
- 8 million people hit by data breach at US govt contractor Maximus – U.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks.
- New SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within 4 Days – The U.S. Securities and Exchange Commission (SEC) on Wednesday approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a “material” impact on their finances, marking a major shift in how computer breaches are disclosed.
- Massive macOS Campaign Targets Crypto Wallets, Data – Threat actors are distributing new “Realst” infostealer via fake blockchain games, researchers warn.
- KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related – KnowBe4 releases Q2 2023 global phishing report and finds HR related email subjects utilized as a phishing strategy and make up 50% of top email subjects.
- ‘FraudGPT’ Malicious Chatbot Now for Sale on Dark Web – The subscription-based, generative AI-driven offering joins a growing trend toward “generative AI jailbreaking” to create ChatGPT copycat tools for cyberattacks.
- Hackers Abusing Windows Search Feature to Install Remote Access Trojans – A legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.
- Hawai’i Community College pays ransomware gang to prevent data leak – The Hawaiʻi Community College has admitted that it paid a ransom to ransomware actors to prevent the leaking of stolen data of approximately 28,000 people.
- BreachForums database and private chats for sale in hacker data breach – While consumers are usually the ones worried about their information being exposed in data breaches, it’s now the hacker’s turn, as the notorious Breached cybercrime forum’s database is up for sale and member data shared with Have I Been Pwned.
Podcasts
- Smashing Security 332: Nudes leak at the plastic surgery, Mali mail mix-up, and WormGPT
Projects
- TryHackMe – SOC Level 1 (49% Complete)
- sysinternals – Complete