Last week was vacation, but I’m back and as before devoted to learning as much about cybersecurity as possible.

Webinars

• PCI DSS v4.0 – Navigating the Seven Cs – Verizon – Sam Junkin, Matt Arntsen, Ciske van Oosten & Peggy Nolan – Join us for the third installment of our webinar series, as we help companies act with confidence in light of significant updates to the flagship Payment Card Industry Data Security Standard (PCI DSS v4.0). Earlier in the series, we discussed the impact of PCI DSS v4.0, how to interpret key components and how to develop a plan to meet complex requirements. Now, we chart our course to conquer the “seven Cs” — the top constraints that most businesses face as they move forward in their transition. One of the most important things businesses must do to be successful is to take action now — and our panel is ready to show you how.

Articles

• Tesla says data breach impacting 75,000 employees was an insider job – in a data breach notice filed with Maine’s attorney general that an investigation had found that two former employees leaked more than 75,000 individuals’ personal information to a foreign media outlet.
• FBI: Lazarus hackers readying to cash out $41 million in stolen crypto – The FBI warned that North Koreans are likely readying to cash out tens of millions worth of stolen cryptocurrency out of hundreds of millions stolen in the last year alone.
• Scraped data of 2.6 million Duolingo users released on hacking forum – The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.
• U of M investigating claimed data breach – A university spokesperson said the alleged breach dates back to 2021 and earlier, and that all those potentially impacted are being contacted.
• Akira ransomware targets Cisco VPNs to breach organizations – There’s mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data.
• Kali Linux 2023.3 released with 9 new tools, internal changes – Kali Linux 2023.3, the third version of 2023, is now available for download, with nine new tools and internal optimizations.
• Bitwarden releases free and open-source E2EE Secrets Manager – Bitwarden, the maker of the popular open-source password manager tool, has released ‘Secrets Manager,’ an end-to-end encrypted secrets manager for IT professionals, software development teams, and the DevOps industry.
• Major U.S. energy org targeted in QR code phishing attack – A phishing campaign was observed predominantly targeting a notable energy company in the US, employing QR codes to slip malicious emails into inboxes and bypass security.
• Lapsus$ teen hackers convicted of high-profile cyberattacks – A London jury has found that an 18-year-old member of the Lapsus$ data extortion gang helped hack multiple high-profile companies, stole data from them, and demanded a ransom threatening to leak the information.
• What’s New in the NIST Cybersecurity Framework 2.0 – The new version 2.0 of the popular NIST Cybersecurity Framework has expanded beyond the original framework’s five functions of an effective cybersecurity program — identify, protect, detect, respond, and recover — and added a sixth, govern.
• Ford says cars with WiFi vulnerability still safe to drive – Ford is warning of a buffer overflow vulnerability in its SYNC3 infotainment system used in many Ford and Lincoln vehicles, which could allow remote code execution, but says that vehicle driving safety isn’t impacted.

Podcasts

• Smashing Security 336: Pizza pests, and securing your wearables

Projects

• TryHackMe – SOC Level 1 (62% Complete) – Introduction to SIEM- Complete