Every week I publish interesting articles and ways to improve your understanding of cybersecurity. This week learn about a former aide to New York Gov. Kathy Hochul and former Gov. Andrew Cuomo was charged with acting as an agent for the Chinese government.
Projects
- TryHackMe – Linux PrivEsc – In Progress
- Linux Foundation – Introduction to Kubernetes (LF158) – In Progress
- Insider Threat Hunting: Detecting and Responding to Internal Security Risks – Complete
Videos
Articles
- Green Berets storm building after compromising its Wi-Fi – US Army Special Forces, aka the Green Berets, have been demonstrating their ability to use offensive cyber-security tools in the recent Swift Response 24 military exercises in May, the military has now confirmed.
- New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access – Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system’s permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework.
- NGate Android malware relays NFC traffic to steal cash – Android malware discovered by ESET Research relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.
- City of Columbus sues man after he discloses severity of ransomware attack – Mayor said data was unusable to criminals; researcher proved otherwise.
- WiFi Signals Used To “See” People Inside Rooms – WiFi sensing could provide a low cost way to monitor vulnerable people at home with greater privacy than cameras. But the technique raises its own set of privacy issues.
- Former aide to New York governors charged with acting as an agent of the Chinese government – A former aide to New York Gov. Kathy Hochul and former Gov. Andrew Cuomo was charged with acting as an agent for the Chinese government, US Attorney Breon Peace announced Tuesday.
- YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel – Sophisticated attack breaks security assurances of the most popular FIDO key.
- DICK’S shuts down email, locks employee accounts after cyberattack – email systems had been shut down, likely to isolate the attack, and all employees had been locked out of their accounts. IT staff is now manually validating employees’ identities on camera before they can regain access to internal systems.
- Crypto scammers who hacked McDonald’s Instagram account say they stole $700,000 – Hackers who seized control of the official Instagram account of McDonald’s claim that they managed to steal US $700,000 from unsuspecting investors by promoting a fake cryptocurrency.
- Employee arrested for locking Windows admins out of 254 servers in extortion plot – A former core infrastructure engineer at an industrial company headquartered in Somerset County, New Jersey, was arrested after locking Windows admins out of 254 servers in a failed extortion plot targeting his employer.
- Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team – Unit 29155 of Russia’s GRU military intelligence agency—a team responsible for coup attempts, assassinations, and bombings—has branched out into brazen hacking operations with targets across the world.
- Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data – 16 comment bubble on white 93GB of info feared pilfered in Montana by heartless crooks
- Leaked Disney Data Reveals Financial and Strategy Secrets – Data trove sheds light on operations, exposes personal data of some staff and customers
Podcasts
- Cyberwire Daily – Ep 2143 | 9.4.24 From secure to clone-tastic.
- Smashing Security 383: The Godfather club, and AirTags to the rescue