Projects

• TryHackMe (Top 3% of users!) – OWASP Juice Shop – Complete
• TryHackMe – Hashing – Crypto 101 – In Progress

Webinar

• The Rising Cyber Risks Of Social Engineering & Personal Devices – Michela Menting, Jennifer Varner and Nasrin Rezai – A steady rise in social engineering attacks highlights the risks associated with the human element, with employees inadvertently providing entry points into enterprise networks through acts as simple as providing personal information gained from a LinkedIn account to an urgent text message that leads to a click on malware. These risks can be heightened even further when employees use their personal devices, which can lack the proper security software required to thwart potential attacks.

Articles

• FCC Employees Targeted in Sophisticated Phishing Attacks – Advanced phishing kit employs novel tactics in attack targeting cryptocurrency platforms and FCC employees.
• Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure – U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware.
• GitHub besieged by millions of malicious repositories in ongoing attack – GitHub keeps removing malware-laced repositories, but thousands remain.
• A leaky database spilled 2FA codes for the world’s tech giants – A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users’ access to their Facebook, Google and TikTok accounts.
• Report Uncovers Massive Sale of Compromised ChatGPT Credentials – Group-IB Report Warns of Evolving Cyber Threats Including AI and macOS Vulnerabilities and Ransomware Attacks.
• American Express credit cards exposed in third-party data breach – American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked.
• MiTM phishing attack can let attackers unlock and steal a Tesla – Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.
• Google Engineer Steals AI Trade Secrets for Chinese Companies – Chinese national Linwei Ding is accused of pilfering more than 500 files containing Google IP while affiliating with two China-based startups at the same time.
• Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails – Microsoft says the Midnight Blizzard APT group may still be poking around its internal network after stealing source code, spying on emails.
• FBI: Cybercrime Losses Exceeded $12.5 Billion in 2023 – FBI’s IC3 publishes its 2023 Internet Crime Report, which reveals a 10% increase in the number of cybercrime complaints compared to 2022.

Podcasts

• Cyberwire – Ep 2020 | 3.8.24 – From breach to battle: The escalating threat of Midnight Blizzard.