Every week I publish interesting articles and ways to improve your understanding of cybersecurity.
Projects
- TryHackMe – John The Ripper – In Progress
Videos
Articles
- Hacker claims to have 30 million customer records from Australian ticket seller giant TEG – A hacker is advertising customer data allegedly stolen from the Australia-based live events and ticketing company TEG on a well-known hacking forum.
- TikTok confirms it offered US government a ‘kill switch’ – TikTok says it offered the US government the power to shut the platform down in an attempt to address lawmakers’ data protection and national security concerns.
- LockBit lied: Stolen data is from a bank, not US Federal Reserve – Recently-disrupted LockBit ransomware group, in a desperate attempt to make a comeback, claimed this week that it had hit the Federal Reserve, the central bank of the United States.
- Lockbit group falsely claimed the hack of the federal reserve – The LockBit ransomware group seems to have lied when they announced the hack of the US Federal Reserve. The real victim is the Evolve Bank.
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool – Cybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution.
- Four FIN9 hackers indicted for cyberattacks causing $71M in losses – Four Vietnamese nationals linked to the international cybercrime group FIN9 have been indicted for their involvement in a series of computer intrusions that caused over $71 million in losses to companies in the U.S.
- CoinStats says North Korean hackers breached 1,590 crypto wallets – CoinStats suffered a massive security breach that compromised 1,590 cryptocurrency wallets, with the attack suspected to have been carried out by North Korean threat actors.
- Push Notification Fatigue Leads to LA County Health Department Data Breach – The Los Angeles County Department of Health Services discloses a data breach caused by push notification spamming attack.
- Turkey’s biggest crypto exchange BtcTurk hacked – Turkey’s biggest cryptocurrency market BtcTurk said in an announcement on Saturday that their exchange had been hacked, while a popular Bitcoin analyst claimed that the amount of money stolen amounted to nearly 51 million euros.
- CDK Global says software outage will take several days to resolve – Retail software provider CDK Global says it will likely take several days for its software to be back online and operational, as the company grapples with a system outage that has paralyzed nearly 15,000 car dealerships across North America since Wednesday.
- Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping – Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro.
- WikiLeaks Founder Julian Assange Returns to Australia a Free Man After US Legal Battle Ends – WikiLeaks founder Julian Assange returned to Australia, hours after pleading guilty to obtaining and publishing U.S. military secrets.
- Neiman Marcus Customers Impacted by Snowflake Data Breach – The high-end retailer is the latest company to confirm it was affected by the wide-ranging Snowflake data breach, which impacted more than 165 organizations.
- Diverse Cybersecurity Workforce Act Offers More Than Diversity Benefits – Our adversaries certainly have diversity — so cybersecurity teams need it, too.
- Los Angeles Unified confirms student data stolen in Snowflake account hack – The Los Angeles Unified School District has confirmed a data breach after threat actors stole student and employee data by breaching the company’s Snowflake account.
- Toys “R” Us riles critics with “first-ever” AI-generated commercial using Sora – AI-generated commercials are here, and critics are displeased—but human work is still key.
- Dangerous AI Workaround: ‘Skeleton Key’ Unlocks Malicious Content – Microsoft, OpenAI, Google, and Meta GenAI models could be convinced to ditch their guardrails, opening the door to chatbots giving unfettered answers on building bombs, creating malware, and much more.
- Hundreds of Thousands Impacted in Children’s Hospital Cyberattack – Though the Chicago-area hospital did not pay a ransom, a host of sensitive medical information is now at risk.
- Ticketmaster sends notifications about recent massive data breach – Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company’s Snowflake database, containing the data of millions of people.
Podcasts
- The AI Fix – 1: AI doesn’t exist.
- Compromising Positions – 2: Christian Hunt
- Security Now 980 THE MIXED BLESSING OF LOUSY PRNG