Every week I publish interesting articles and ways to improve your understanding of cybersecurity.
Projects
- TryHackMe – Common Linux Privesc – In Progress
- Udemy – Splunk for Beginners
Papers
Rapid 7 – 2024 Attack Intelligence Report
Videos
Articles
- Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail – A “multi-faceted campaign” has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro.
- “Unprecedented” Google Cloud event wipes out customer account and its backups – UniSuper, a $135 billion pension account, details its cloud compute nightmare.
- Chinese hackers hide on military and govt networks for 6 years – A previously unknown threat actor dubbed “Unfading Sea Haze” has been targeting military and government entities in the South China Sea region since 2018, remaining undetected all this time.
- Northern Ireland police faces £750k fine after exposing staff info – The United Kingdom’s Information Commissioner Office (ICO) intends to impose a fine of £750,000 ($954,000) on the Police Service of Northern Ireland (PSNI) for exposing the entire workforce’s personal details by mistakenly publishing a spreadsheet online.
- A Leak of Biometric Police Data Is a Sign of Things to Come – Thousands of fingerprints and facial images linked to police in India have been exposed online. Researchers say it’s a warning of what will happen as the collection of biometric data increases.
- Fake Antivirus Websites Deliver Malware to Android and Windows Devices – Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices.
- Courtroom Recording Platform JAVS Hijacked in Supply Chain Attack – With more than 10,000 installations across prisons, courts, and governments, impacted Justice AV Solutions users are urged to re-image affected endpoints and reset credentials.
- MIT Brothers Charged With Exploiting Ethereum to Steal $25 Million – The two MIT graduates discovered a flaw in a common trading tool for the Ethereum blockchain. Does it presage problems ahead for cryptocurrency?
- A root-server at the Internet’s core lost touch with its peers. We still don’t know why. – For 4 days, the c-root server maintained by Cogent lost touch with its 12 peers.
Podcasts
- Smashing Security 372: The fake deepfake, and Estate insecurity
- CyberWire Ep 2073 | 5.22.24 – Privacy nightmare or useful tool?