Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• Linux Foundation – Introduction to Kubernetes (LF158) – In Progress
• TryHackMe – Splunk: Exploring SPL – In Progress

Articles

• Fired Disney worker accused of hacking into restaurant menus – replacing them with Windings and false peanut allergy information

• US says Chinese hackers breached multiple telecom providers – The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States.
• US Intel Says Insider Threats Are ‘Likely’ During the Election – A government memo viewed by WIRED states that insider threats “could derail or jeopardize a fair and transparent election process.”
• ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis – New jailbreak technique tricked ChatGPT into generating Python exploits and a malicious SQL injection tool.
• Free, France’s second largest ISP, confirms data breach after leak – Free, a major internet service provider (ISP) in France, confirmed over the weekend that hackers breached its systems and stole customer personal information.
• The Strava problem: how the fitness app was used to locate the world’s most powerful people – A French newspaper has revealed the whereabouts of world leaders with the use of the hugely popular running app. So is it time to stop it tracking your location?
• CrowdStrike, Delta sue each other over flight disruptions – CrowdStrike and its customer Delta Air Lines have sued each other over July’s disastrous software update.
• Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations – Microsoft says a new spear-phishing campaign by Russia’s Midnight Blizzard uses RDP files, a new vector for this threat group.
• Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned – Cybersecurity researchers have flagged a “massive” campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code.
• Today’s reminder of the insider threat: LG Electronics USA – A former Payroll Manager at LGEUS was found to have sent unauthorized emails containing personal information of employees and former employees to their personal account while still employed, in violation of company policies and laws.
• EXCLUSIVE: Cyber attack wipes out DHL delivery tracking systems causing issues for Nisa retailers – Nisa retailers are unable to receive updates on deliveries because of the outage
• Tens of thousands of taxpayer accounts hacked as CRA repeatedly paid out millions in bogus refunds – Agency admits it vastly underreported cyberattacks against Canadian taxpayers to Parliament
• Italian Politicians Express Alarm at Latest Data Breach Allegedly Affecting 800,000 Citizens – Prosecutors say the data of at least 800,000 Italians was compromised in breaches dating from 2022 by a private investigative agency.
• An Okta login bug bypassed checking passwords on some long usernames – The vulnerability is fixed now, but Okta said that for three months it could’ve been used to access accounts with usernames stretching at least 52 characters long.

Podcasts

• Smashing Security 390: When security firms get hacked, and your new North Korean remote worker
• No Such Podcast – The Women of NSA: Codemakers and Codebreakers
• Darknet Diaries – EP 150: mobman 2