Projects

• TryHackMe – Network Services 2 Room – Complete

Videos

Current Events

• Russian hackers stole Microsoft corporate emails in month-long breach – Microsoft warned Friday night that some of its corporate email accounts were breached and data stolen by a Russian state-sponsored hacking group known as Midnight Blizzard.
• 52% of Serious Vulnerabilities We Find are Related to Windows 10 – The dataset we analyze here is representative of a subset of clients that subscribe to our vulnerability scanning services. Assets scanned include those reachable across the Internet, as well as those present on internal networks.
• FTC Bans InMarket for Selling Precise User Location Without Consent – The U.S. Federal Trade Commission (FTC) is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data.
• Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years – An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021.
• CISA emergency directive: Mitigate Ivanti zero-days immediately – CISA issued this year’s first emergency directive ordering Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate two Ivanti Connect Secure and Ivanti Policy Secure zero-day flaws in response to widespread and active exploitation by multiple threat actors.
• SEC confirms X account was hacked in SIM swapping attack – The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account.
• Massive 26 Billion Record Leak: Dropbox, LinkedIn, Twitter All Named – Security researchers have warned that a database containing no less than 26 billion leaked data records has been discovered. The supermassive data leak, or mother of all breaches as the researchers refer to it, is likely the biggest found to date.
• BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time – Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums.
• COVID Test Data Breach: 1.3 Million Patient Records Exposed Online – Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained nearly 1.3 million records, which included COVID-19 testing information and personally identifiable information such as the patient’s name, date of birth, and passport number.
• Subway Sandwich Chain Investigating Ransomware Group’s Claims – The LockBit ransomware group claims to have stolen hundreds of gigabytes of data from US sandwich chain Subway.
• Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now – Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild.
• CISA Director Jen Easterly Targeted in Swatting Incident – A phone call to authorities claimed that a shooting had taken place on Easterly’s block.
• Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024 – Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.
• Water services giant Veolia North America hit by ransomware attack – Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems.
• Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users – Amazon-owned Ring will stop allowing police to request doorbell camera footage from users following criticism from privacy advocates.
• HP Enterprise discloses hack by suspected state-backed Russian hackers – Hewlett Packard Enterprise disclosed Wednesday that suspected state-backed Russian hackers broke into its cloud-based email system and stole data from cybersecurity and other employees.

Podcasts

• Cyberwire – Ep 1990 | 1.25.24 – Another day, another Blizzard attack.

Projects

• TryHackMe – Network Services Room – Complete
• EdX – EC-Council | Ethical Hacking Essentials – Complete

Videos

Articles

• How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin’s Anonymity – Once, drug dealers and money launderers saw cryptocurrency as perfectly untraceable. Then a grad student named Sarah Meiklejohn proved them all wrong—and set the stage for a decade-long crackdown.
• Hyundai Motor India fixes bug that exposed customers’ personal data – Hyundai’s India subsidiary has fixed a bug that exposed its customers’ personal information in the South Asian market.
• Hackers can hijack your Bosch Thermostat and Install Malware – Firmware Vulnerability Found in Bosch Thermostat Model BCC100: Patch Now or Freeze.
• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services – A 29-year-old Ukrainian national has been arrested in connection with running a “sophisticated cryptojacking scheme,” netting them over $2 million (€1.8 million) in illicit profits.
• Jira down: Atlassian outage affecting multiple cloud services – Multiple Atlassian Jira products are experiencing an ongoing outage as of this morning.
• New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic – Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy.
• Bigpanzi botnet infects 170,000 Android TV boxes with malware – A previously unknown cybercrime syndicate named ‘Bigpanzi’ has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015.
• School software breach reveals private data on millions of users – Four million student, parents, and staff records exposed
• Have I Been Pwned adds 71 million emails from Naz.API stolen account list – Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service.
• Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software – Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines.
• 35.5 million customers of major apparel brands have their data breached after ransomware attack – Bought some Timberland shoes? Wear a North Face jacket? You, and millions of purchasers of other popular high-street brands, could have had their data stolen by the ALPHV ransomware group.
• US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities – CISA, FBI and EPA document aims to help water and wastewater organizations improve their cyber resilience and incident response.
• Top Official Says Kansas Courts Need at Least $2.6 Million to Recover From Cyberattack – Kansas Courts needs funding to cover the costs of bringing computer systems back online, pay vendors, improve cybersecurity and hire three additional cybersecurity officials.
• Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks – Lax email security practices are prompting cyber leaders to take drastic action against staff who are duped by cyber criminals via databreaches.net

Podcasts

• CyberWire | Ep 1985 | 1.18.24 – A credential dump hits the online underground.

Projects

• EdX – EC-Council | Ethical Hacking Essentials- In Progress
• TryHackMe | Nmap Room – Complete

Videos

Articles

• A Cyber Attack Hit The Beirut International Airport – A cyber attack hit the Beirut International Airport, Rafic Hariri (Lebanon), threat actors breached the Flight Information Display System (FIDS).
• Netgear, Hyundai latest X accounts hacked to push crypto drainers – The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware.
• US, Israel Used Dutch Spy to Launch Stuxnet Malware Against Iran – Report says US and Israel spent $1 billion to develop the infamous Stuxnet virus, built to sabotage Iran’s nuclear program in 2008.
• Turkish Hackers Target Microsoft SQL Servers in Americas, Europe – Researchers at Securonix warn that Turkish threat actors are targeting organizations in the Americas and Europe with ransomware campaigns.
• Beware Weaponized YouTube Channels Spreading Lumma Stealer – Videos promoting how to crack popular software circumvent Web filters by using GitHub and MediaFire to propagate the malware.
• ‘Swatting’ Becomes Latest Extortion Tactic in Ransomware Attacks – Threat actors leave medical centers with the difficult choice of paying the ransom or witnessing patients suffer the consequences.
• LoanDepot Takes Systems Offline Following Ransomware Attack – Mortgage lending firm LoanDepot has disclosed a cyberattack resulting in data encryption and system disruptions.
• Anonymous Sudan Launches Cyberattack on Chad Telco – Hacktivists attack infrastructure, including routers, network administration systems, and devices.
• China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments – Chinese APT Volt Typhoon appears engaged in new attacks against government entities in the US, UK, and Australia.
• Mandiant Details How Its X Account Was Hacked – Mandiant’s X account was hacked as a result of a brute force attack as part of a cryptocurrency scheme that earned at least $900k.
• Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days – Ivanti confirms active zero-day exploits, ships pre-patch mitigations, but says comprehensive fixes won’t be available until January 22.
• French Computer Hacker Jailed in US – A computer hacker who was part of a criminal gang that stole data from hundreds of millions of people and sold it on the dark web was jailed in the United States on Tuesday.
• Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report – An engineer recruited by intelligence services used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.
• China claims it cracked Apple’s AirDrop to find numbers, email addresses – A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple’s AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content.
• Framework discloses data breach after accountant gets phished – Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack.
• Fidelity National Financial says hackers stole data on 1.3 million customers – Real estate services giant Fidelity National Financial has confirmed hackers stole data on 1.3 million of its customers during a November cyberattack that knocked the company offline for a week.

Podcasts

• Cyberwire | Ep 1981 | 1.11.24 | Unveiling the Shadow Strike: A zero-day assault on Ivanti VPN users.

I took a week off for vacation, but I’m back with the goods this week.

Projects

EdX – EC-Council | Digital Forensic Essentials – Complete

Videos

Articles

• Europe’s Largest Parking App Provider Informs Customers of Data Breach – EasyPark says hackers stole European customer information, including partial IBAN or payment card numbers.
• 4-year campaign backdoored iPhones using possibly the most advanced exploit ever – “Triangulation” infected dozens of iPhones belonging to employees of Moscow-based Kaspersky.
• Qatar to Add Cybersecurity Curricula in Private Schools – The goal is to raise cybersecurity awareness for all students in the country.
• Nearly 11 million SSH servers vulnerable to new Terrapin attacks – Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections.
• Zeppelin ransomware source code sold for $500 on hacking forum – A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500.
• Mandiant’s Twitter Account Restored After Six-Hour Crypto Scam Hack – American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam.
• Cybercriminals Share Millions of Stolen Records During Holiday Break – The “Leaksmus” event on the Dark Web exposed some 50 million records containing sensitive information from people all around the world.
• Cyberattackers Target Nuclear Waste Company via LinkedIn – The hackers were unsuccessful in their attempt, but this is not the first time the company has experienced this kind of attack.
• Victoria court recordings exposed in reported ransomware attack – Australia’s Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack.
• The biggest cybersecurity and cyberattack stories of 2023 – 2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.

Projects

TryHackMe – Advent of Cyber

EdX – EC-Council | Network Defense Essentials – Complete

EdX – EC-Council | Digital Forensic Essentials – In Progress

Videos

Articles

• MongoDB says customer data was exposed in a cyberattack – MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week.
• Former IT manager pleads guilty to attacking high school network – Conor LaHiff, a former IT manager for a New Jersey public high school, has admitted to committing a cyberattack against his former employer following the termination of his employment in June 2023.
• Vans and North Face owner VF Corp hit by ransomware attack – American global apparel and footwear giant VF Corporation, the owner of brands like Supreme, Vans, Timberland, and The North Face, has disclosed a security incident that caused operational disruptions.
• FBI disrupts Blackcat ransomware operation, creates decryption tool – The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation’s servers to monitor their activities and obtain decryption keys.
• Mr. Cooper Data Breach Impacts 14.7 Million Individuals – Mr. Cooper has confirmed that personal and bank account information was compromised in a recent cyberattack.
• 1.5 Billion Records Leaked in Real Estate Wealth Network Data Breach – Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that held 1.5 billion records containing real estate ownership data of millions of people, including celebrities, politicians, and even my own personal information. The database belonged to New York-based Real Estate Wealth Network.
• Xfinity Data Breach Impacts 36 Million Individuals – The recently disclosed Xfinity data breach, which involved exploitation of the CitrixBleed vulnerability, impacts 36 million individuals
• Top 15 SANS Summit Talks of 2023 – This year, SANS hosted 16 Summits with 209 talks. Here were the top-rated talks of the year.
• Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware – A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language.
• UK Teen Gets Indefinite Hospital Order For ‘Grand Theft Auto’ Hack – Arion Kurtaj was found responsible by a British court of carrying out one of the biggest breaches in the history of the video game industry
• BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets – The BlackCat/Alphv ransomware group is dealing with the government operation that resulted in website seizures and a decryption tool.
• Interpol operation arrests 3,500 cybercriminals, seizes $300 million – An international law enforcement operation codenamed ‘Operation HAECHI IV’ has led to the arrest of 3,500 suspects of various lower-tier cybercrimes and seized $300 million in illicit proceeds.

Podcasts

• Cyberwire – Ep 1969 | 12.18.23 – 14 million customers and stolen data.