Each week I publish interesting articles and ways to improve your understanding of cybersecurity.
I took a few weeks off, but I’m back now and there is a lot of news happening. I hope you enjoy this weeks round up.
Projects
Videos
Articles
- Chinese hackers also breached Charter and Windstream networks – More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon.
- Green Bay Packers’ online store hacked to steal credit cards – The Green Bay Packers American football team is notifying fans that a threat actor hacked its official online retail store in October and injected a card skimmer script to steal customers’ personal and payment information
- Washington Attorney General Sues T-Mobile Over 2021 Data Breach – Washington State Attorney General Bob Ferguson has filed a lawsuit against T-Mobile over a 2021 data breach that impacted over 76 million consumers.
- Apple offers $95 million in Siri privacy violation settlement – Apple has agreed to pay $95 million to settle a class action lawsuit in the U.S. alleging that its Siri assistant recorded private conversations and shared them with third parties.
- A Us Soldier Was Arrested for Leaking Presidential Call Logs – US authorities have arrested soldier Cameron John Wagenius for his alleged involvement in leaking presidential phone records.
- Volkswagen Breach Exposes Data of 800K EV Customers – Ethical hacking group Chaos Computer Club uncovered exposed data of electrical vehicle owners across the company’s VW, Audi, Seat, and Skoda brands.
- Telegram hands over data on thousands of users to US law enforcement – Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement.
- Suspected Chinese underwater spy drone found by fishermen in waters off the Philippines – A submarine drone suspected to be from China was recovered in waters off the central Philippines, police said on Thursday, warning of “potential national security implications.”
- Google: Chinese hackers likely behind Ivanti VPN zero-day attacks – Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called ‘Dryhook’ and ‘Phasejam’ that is not currently associated with any threat group.
- Fed ‘Cyber Trust’ Label: Good Intentions That Fall Short – The voluntary program is intended to boost consumer confidence in vulnerable IoT devices, but experts want to see vendors held to a higher standard.
- Over 4,000 backdoors hijacked by registering expired domains – Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them.
- Top 5 Malware Threats to Prepare Against in 2025 – 2024 had its fair share of high-profile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises
- A Day in the Life of a Prolific Voice Phishing Crew – Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way.
Podcasts
- Only Malware in the Building – Malware metamorphosis: 2024 reflections and 2025 predictions
- Smashing Security 399: Honey in hot water, and reset your devices