Projects

• TryHackMe – Network Services 2 Room – Complete

Videos

Current Events

• Russian hackers stole Microsoft corporate emails in month-long breach – Microsoft warned Friday night that some of its corporate email accounts were breached and data stolen by a Russian state-sponsored hacking group known as Midnight Blizzard.
• 52% of Serious Vulnerabilities We Find are Related to Windows 10 – The dataset we analyze here is representative of a subset of clients that subscribe to our vulnerability scanning services. Assets scanned include those reachable across the Internet, as well as those present on internal networks.
• FTC Bans InMarket for Selling Precise User Location Without Consent – The U.S. Federal Trade Commission (FTC) is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data.
• Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years – An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021.
• CISA emergency directive: Mitigate Ivanti zero-days immediately – CISA issued this year’s first emergency directive ordering Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate two Ivanti Connect Secure and Ivanti Policy Secure zero-day flaws in response to widespread and active exploitation by multiple threat actors.
• SEC confirms X account was hacked in SIM swapping attack – The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account.
• Massive 26 Billion Record Leak: Dropbox, LinkedIn, Twitter All Named – Security researchers have warned that a database containing no less than 26 billion leaked data records has been discovered. The supermassive data leak, or mother of all breaches as the researchers refer to it, is likely the biggest found to date.
• BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time – Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums.
• COVID Test Data Breach: 1.3 Million Patient Records Exposed Online – Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained nearly 1.3 million records, which included COVID-19 testing information and personally identifiable information such as the patient’s name, date of birth, and passport number.
• Subway Sandwich Chain Investigating Ransomware Group’s Claims – The LockBit ransomware group claims to have stolen hundreds of gigabytes of data from US sandwich chain Subway.
• Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now – Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild.
• CISA Director Jen Easterly Targeted in Swatting Incident – A phone call to authorities claimed that a shooting had taken place on Easterly’s block.
• Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024 – Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.
• Water services giant Veolia North America hit by ransomware attack – Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems.
• Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users – Amazon-owned Ring will stop allowing police to request doorbell camera footage from users following criticism from privacy advocates.
• HP Enterprise discloses hack by suspected state-backed Russian hackers – Hewlett Packard Enterprise disclosed Wednesday that suspected state-backed Russian hackers broke into its cloud-based email system and stole data from cybersecurity and other employees.

Podcasts

• Cyberwire – Ep 1990 | 1.25.24 – Another day, another Blizzard attack.