Projects

• Took CompTIA practice Exam from LinkedIn and scored 76%. I would like to bring that up to 90%, to make sure I can pass the exam. I need to focus on Architecture and Design and Implementation.
• TryHackMe – OWASP Top 10 – 2021 – In Progress

Videos

Articles

• Thanksgiving 2023 security incident – On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and on Sunday, November 26, we brought in CrowdStrike’s Forensic team to perform their own independent analysis
• Clorox Says Cyberattack Costs Exceed $49 Million – Cleaning products maker Clorox puts the impact of the damaging cyberattack at $49 million so far and expects to incur more costs in 2024.
• AnyDesk says hackers breached its production servers, reset passwords – AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company’s production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack.
• Mastodon Fixed A Flaw That Can Allow The Takeover Of Any Account – A security flaw, tracked as CVE-2024-23832 (CVSS score 9.4), in the decentralized social network Mastodon can be exploited to impersonate and take over any account.
• Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan – The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group’s Pegasus spyware, according to joint findings from Access Now and the Citizen Lab.
• Verizon Employee Data Exposed in Insider Threat Incident – Tens of thousands of workers are effected by a fellow employee dipping into files that include everything from SSNs and names to union status and compensation data.
• Hackers steal data of 2 million in SQL injection, XSS attacks – A threat group named ‘ResumeLooters’ has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site scripting (XSS) attacks.
• No, 3 million electric toothbrushes were not used in a DDoS attack – A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack.
• China-backed Volt Typhoon hackers have lurked inside US critical infrastructure for ‘at least five years’ – China-backed hackers have maintained access to American critical infrastructure for “at least five years” with the long-term goal of launching “destructive” cyberattacks, a coalition of U.S. intelligence agencies warned on Wednesday.
• Cyberattacks on knowledge institutions are increasing: what can be done? – For months, ransomware attacks have debilitated research at the British Library in London and Berlin’s natural history museum. They show how vulnerable scientific and educational institutions are to this kind of crime.
• QR Code ‘Quishing’ Attacks on Execs Surge, Evading Email Security – The use of QR codes to deliver malicious payloads jumped in Q4 2023, especially against executives, who saw 42 times more QR code phishing than the average employee.
• Security flaw in a popular smart helmet allowed silent location tracking – The maker of a popular smart ski and bike helmet has fixed a security flaw that allowed the easy real-time location tracking of anyone wearing its helmets.
• Ransomware Groups Claim Hits on Hyundai Motor Europe and a California Union – The unrelated cyberattacks both occurred in January.
• Canada to ban the Flipper Zero to stop surge in car thefts – The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars.

Podcasts

• Cyberwire – Ep 1997 | 2.5.24 – A serious breach showdown.