Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Common Linux Privesc – In Progress
• Udemy – Splunk for Beginners

Videos

Top 5 Most Dangerous Cyber Threats in 2024 – SANS Institute experts weigh in on the top threat vectors faced by enterprises and the public at large.

Articles

• FBCS Collection Agency Data Breach Impacts 2.7 Million – Financial Business and Consumer Solutions (FBCS) says the personal information of 2.7 million was impacted in the recent data breach.
• Europol confirms web portal breach, says no operational data stolen – Europol, the European Union’s law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data.
• ‘Got that boomer!’: How cyber-criminals steal one-time passcodes for SIM swap attacks and raiding bank accounts
• Christie’s £670m art auctions hit by cyber attack – Auction house Christie’s attempts to sell art and other high-value items worth an estimated $840m (£670m) are being hampered by a cyber attack.
• Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines – Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient data and even install ransomware under certain circumstances.
• Personal Information Stolen in City of Wichita Ransomware Attack – The City of Wichita says files containing personal information were exfiltrated in a recent ransomware attack.
• BreachForums Shut Down in Apparent Law Enforcement Operation – The hacking forum BreachForums is displaying a notice claiming that the website is under the control of the FBI.
• Nissan North America data breach impacts over 53,000 employees – Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company’s external VPN and shut down systems to receive a ransom.
• Brothers arrested for $25 million theft in Ethereum blockchain attack – The U.S. Department of Justice has indicted two brothers for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency within approximately 12 seconds in a “first-of-its-kind” scheme.
• D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day – A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.
• Unwanted Tracking Alerts Rolling Out to iOS, Android – Apple and Google have rolled out a new mobile feature that warns users of unwanted trackers moving with them.
• VMware makes Workstation Pro and Fusion Pro free for personal use – VMWare has made Workstation Pro and Fusion Pro free for personal use, allowing home users and students to set up their own virtualized test labs and play with another operating system at little to no cost.
• There Is No Cyber Labor Shortage – There are plenty of valuable candidates on the market. Hiring managers are simply looking in the wrong places.
• Hacker Conversations: Ron Reiter, and the Making of a Professional Hacker – Ron Reiter was a childhood hacker in Israel. He was recruited into the IDF’s elite Unit 8200 for his military service. Now he is CTO and co-founder of cybersecurity firm Sentra.
• MITRE EMB3D Threat Model Officially Released – MITRE announced the public availability of the EMB3D threat model for embedded devices used in critical infrastructure.
• 900k Impacted by Data Breach at Mississippi Healthcare Provider – Singing River Health System says the personal information of roughly 900,000 individuals was stolen in an August 2023 ransomware attack.

Podcasts

• Smashing Security 371: Unmasking LockBitsupp, company extortion, and a Tinder fraudster