I think I must be strange because I ask this question a lot. I have three browsers installed: Brave, Firefox and Opera. I enjoyed this video discussing these.

I haven’t played with Parrot OS and this looks like a fun project to start. I hope to get my hands on another Raspberry Pi soon so I can try this.

I took a week off on holiday with the family. But, now I’m back and the journey continues. If it is your first time here, I am teaching myself cybersecurity. Yes, I know that is a large knowledge base, but you have to start somewhere. On these updates, I share what I’m reading and doing to increase my cybersecurity skills.

Webinars

• None this week.

Articles

• Nickelodeon investigates breach after leak of ‘decades old’ data – Nickelodeon has confirmed that the data leaked from an alleged breach of the company is legitimate but some of it appears to be decades old.
• Over 130,000 solar energy monitoring systems exposed online – Security researchers are warning that tens of thousands of photovoltaic (PV) monitoring and diagnostic systems are reachable over the public web, making them potential targets for hackers.
• OPERA1ER Cybercrime Group’s Leader Arrested by Interpol – The group’s mastermind was nabbed in Côte d’Ivoire for stealing up to $30 million using malware, phishing campaigns, and BEC scams, as part of international law enforcement’s Operation Nervone.
• Japan’s largest port stops operations after ransomware attack – The Port of Nagoya, the largest and busiest port in Japan, has been targeted in a ransomware attack that currently impacts the operation of container terminals.
• Dublin Airport staff pay details stolen by hackers after MOVEit attack at third-party provider – Staff at Dublin Airport have been warned that their personal data has fallen into the hands of hackers, following a data breach at a third-party service provider.
• Trans-Rights Hacktivists Steal City of Ft. Worth’s Data – In a move to embarrass the city, hacking group known as SiegedSec accessed thousands of files with administrator logins, but it’s making no ransom demands.
• Twitter Celeb Account Hacker Heads to Jail for 5 Years – Extradited from Spain, PlugWalkJoe has been sentenced in US court and is now headed to federal prison on a raft of charges related to account hijacking and cyber stalking.
• Mastodon Social Network Patches Critical Flaws Allowing Server Takeover – Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks.
• Move It on Over: Reflecting on the MOVEit Exploitation – In late May 2023, customers running the popular MOVEit file transfer software faced multiple, unexplained intrusions.

Podcasts

• Smashing Security 329 – Pornhub, Barbie dolls, and can you trust a free TV?

Projects

• Try Hack Me – SOC Level 1
  • Brim
  • Wireshark: the Basics
  • Wireshark: Packet Operations

Another week and more learning progress made!

Articles

• Swiss government warns of ongoing DDoS attacks, data leak – The Swiss government has disclosed that a recent ransomware attack on an IT supplier might have impacted its data, while today, it warns that it is now targeted in DDoS attacks.
• Password Reset Hack Exposed in Honda’s E-Commerce Platform, Dealers Data at Risk – Security vulnerabilities discovered in Honda’s e-commerce platform could have been exploited to gain unrestricted access to sensitive dealer information.
• Strava heatmap feature can be abused to find home addresses – Researchers at the North Carolina State University Raleigh have discovered a privacy risk in the Strava app’s heatmap feature that could lead to identifying users’ home addresses.
• Ukrainian hackers take down service provider for Russian banks – A group of Ukrainian hackers known as the Cyber.Anarchy.Squad claimed an attack that took down Russian telecom provider Infotel JSC on Thursday evening.
• RDP honeypot targeted 3.5 million times in brute-force attacks – Remote desktop connections are so powerful a magnet for hackers that an exposed connection can average more than 37,000 times every day from various IP addresses.
• Massive phishing campaign uses 6,000 sites to impersonate 100 brands – A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites.
• Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack – The U.S. Department of Justice (DoJ) has charged two Russian nationals in connection with masterminding the 2014 digital heist of the now-defunct cryptocurrency exchange Mt. Gox.
• Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away – Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs.
• US intelligence confirms it buys Americans’ personal data – A newly declassified report says the controversial practice raises “significant issues” for Americans’ civil liberties
• Spotify has been fined $5.4 million for violating GDPR data rules – A Swedish regulator says the company wasn’t transparent enough about its handling of user data.
• Attackers Create Synthetic Security Researchers to Steal IP – Threat groups created a fake security company, “High Sierra,” with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware.
• Millions of Oregon, Louisiana state IDs stolen in MOVEit breach – Louisiana and Oregon warn that millions of driver’s licenses were exposed in a data breach after a ransomware gang hacked their MOVEit Transfer security file transfer systems to steal stored data.
• 20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona – The U.S. Department of Justice (DoJ) on Thursday unveiled charges against a Russian national for his alleged involvement in deploying LockBit ransomware to targets in the U.S., Asia, Europe, and Africa.
• Rhysida ransomware leaks documents stolen from Chilean Army – Threat actors behind a recently surfaced ransomware operation known as Rhysida have leaked online what they claim to be documents stolen from the network of the Chilean Army (Ejército de Chile).

Projects

• TryHackMe – SOC Level 1 – Zeek Exercises – Completed.

Every week I publish a post containing the progress and learning that I did in the past week. I hope this helps those like me, who are trying to keep up with everything happening in the cybersecurity world. There is a lot!

Webinars

• Dave Hylender, Suzanne Widup – 2023 Data Breach Investigations Report (DBIR) Key Findings– 6/6/23 – 2023 Verizon’s Data Breach Investigations Report is here! Cybercrime can come in any shape or size, and not always in the form you’d expect. Security professionals across the world use the annual DBIR to validate their security program priorities and to communicate with stakeholders and business leaders.
• Proofpoint – Prevent Data Loss by Careless Employees – 6/8/23 – In today’s work from anywhere and everywhere world, you need a modern approach to data loss prevention. Careless knowledge workers pose a significant compliance risk to organizations. They may expose sensitive data in cloud applications. They may download sensitive information onto their personal devices.

Articles

• A Confession Exposes India’s Secret Hacking Industry – “Everyone’s hackable,” one slide promised. The company charged twenty-five hundred dollars for a month of work by a single hacker, and the presentation said that it had taken less than two weeks for Appin to obtain confidential e-mails and photographs confirming a husband’s suspicion that his wife had cheated on him (“even though she was using an updated Norton 360 antivirus”).
• KeePass v2.54 fixes bug that leaked cleartext master password – KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the application’s memory.
• Mass Exploitation of Zero-Day Bug in MOVEit File Transfer Underway – With shades of the GoAnywhere attacks, a cyber threat actor linked to FIN11 is leveraging a bug in the widely used managed file transfer product to steal data from organizations in multiple countries.
• Atomic Wallet hacks lead to over $35 million in crypto stolen – The developers of Atomic Wallet are investigating reports of large-scale theft of cryptocurrency from users’ wallets, with over $35 million in crypto reportedly stolen.
• FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring – The U.S. Federal Trade Commission (FTC) has fined Amazon a cumulative $30.8 million over a series of privacy lapses regarding its Alexa assistant and Ring security cameras.
• Verizon DBIR: Social Engineering Breaches Double, Leading to Spiraling Ransomware Costs – Ransomware continues its runaway growth with median payments reaching $50,000 per incident.
• Outlook.com hit by outages as hacktivists claim DDoS attacks – Outlook.com is suffering a series of outages today after being down multiple times yesterday, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service.
• Microsoft to pay $20 million for XBOX children privacy violations – Microsoft has agreed to pay a $20 million fine and change data privacy procedures for children to settle Federal Trade Commission (FTC) charges over Children’s Online Privacy Protection Act (COPPA) violations.
• Filling the Gaps: How to Secure the Future of Hybrid Work – By enhancing remote management and adopting hardware-enforced security, productivity can continue without inviting extra cyber-risk.
• Honda API flaws exposed customer data, dealer panels, internal docs – Honda’s e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account.
• Microsoft Links MOVEit Attack to Cl0p as British Airways, BBC Fall – Some billion-dollar organizations have already been identified as victims of the prolific ransomware group’s latest exploit, amidst ongoing attacks.
• Microsoft OneDrive down worldwide following claims of DDoS attacks – Microsoft is investigating an ongoing outage that is preventing OneDrive customers from accessing the cloud file hosting service worldwide, just as a threat actor known as ‘Anonymous Sudan’ claims to be DDoSing the service
• Cybercrooks Scrape OpenAI API Keys to Pirate GPT-4 – With more than 50,000 publicly leaked OpenAI keys on GitHub alone, OpenAI developer accounts are the third-most exposed in the world.
• University of Manchester says hackers ‘likely’ stole data in cyberattack – The University of Manchester warns staff and students that they suffered a cyberattack where threat actors likely stole data from the University’s network.
• Microsoft’s Azure portal down following new claims of DDoS attacks – The Microsoft Azure Portal is down on the web as a threat actor known as Anonymous Suda claims to be targeting the site with a DDoS attack.

Projects

TryHackMe – SOC Level 1 – Zeek – Completed.

Great video. Its about an hour long, but so worth it.Have I Been Pwned

It was a short week this week, missing Monday in the US. If you are new here, every week I publish a post containing the progress and learning that I did in the past week. The short week made it more difficult to fit in webinars and podcast, but I have a fun webinar set up for next week!

Articles

• Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers – Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI) said in a report published last week.
• Pentagon Leaks Emphasize the Need for a Trusted Workforce – Tightening access controls and security clearance alone won’t prevent insider threat risks motivated by lack of trust or loyalty.
• Toyota finds more misconfigured servers leaking customer info – Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners’ personal information for over seven years.
• SAS Airlines hit by $3 million ransom demand following DDoS attacks – Scandinavian Airlines (SAS) has received a US $3 million ransom demand following a prolonged campaign of distributed denial-of-service (DDoS) attacks against its online services.
• Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months – Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway (ESG) appliances had been abused by threat actors since October 2022 to backdoor the devices.
• WordPress force installs critical Jetpack patch on 5 million sites – WordPress.com owner Automat has started force installing a security patch on millions of websites today with the help of the WordPress Security Team to address a critical vulnerability in the Jetpack plug-in.
• Harvard Pilgrim Health Care ransomware attack hits 2.5 million people – Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing their sensitive data from compromised systems.
• Russia says US hacked thousands of iPhones in iOS zero-click attacks – Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits.
• Streamers Ditch Netflix for Dark Web After Password Sharing Ban – Disgruntled users are pursuing offers for “full Netflix access” at steeply discounted rates.
• Burton Snowboards discloses data breach after February attack – Leading snowboard maker Burton Snowboards confirmed notified customers of a data breach after some of their sensitive information was “potentially” accessed or stolen during what the company described in February as a “cyber incident.”

Projects

TryHackMe – SOC Level 1 – Network Miner – Completed.

Every week I publish a post containing the progress and learning that I did in the past week. Again, no podcasts or webinars. I have been very busy at work and I have not had the time to fit them into my schedule.

Webinars

• No webinars this week.

Articles

• OpenAI Confirms ChatGPT Data Breach – OpenAI, the creator of ChatGPT, has confirmed that a bug in the AI’s source code resulted in a breach of sensitive data. The vulnerability was in the Redis memory database, which OpenAI uses to store user information. Actors were able to access the open-source library and view users’ chat history.
• U.K. Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes – A U.K. national responsible for his role as the administrator of the now-defunct iSpoof online phone number spoofing service has been sentenced to 13 years and 4 months in prison.
• China Bans U.S. Chip Giant Micron, Citing “Serious Cybersecurity Problems” – China has banned U.S. chip maker Micron from selling its products to Chinese companies working on key infrastructure projects, citing national security risks.
• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations – The technology conglomerate has until later this year to end its transfer of European user’s data across the Atlantic.
• IT employee impersonates ransomware gang to extort employer – A 28-year-old United Kingdom man from Fleetwood, Hertfordshire, has been convicted of unauthorized computer access with criminal intent and blackmailing his employer.
• 130K+ Patients’ Social Security Numbers Leaked in UHS of Delaware Data Breach – Approximately 130,000 patients in Texas — and an untold number of others nationwide — are being notified that their protected health information was compromised when hackers breached the computer system of Universal Health Services of Delaware, Inc. (“UHS”) earlier this year.
• Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints – Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees.
• Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives – Phishing campaigns targeting travelers have evolved from simple, easy-to-spot fraud attempts to highly sophisticated operations.
• Mozilla stops Firefox fullscreen VPN ads after user outrage – Firefox users have been complaining about very intrusive full-screen advertisements promoting Mozilla VPN displayed in the web browser when navigating an unrelated page.

Podcasts

• No podcasts this week.

Projects

• TryHackMe – SOC Level 1 – Snort Challenge – Live Attacks completed!

Every week I publish a post containing the progress and learning that I did in the past week. I’m so far behind on podcasts at this point I’m not sure I’ll ever catch up! Also, I had meetings conflict with the scheduled webinars I wanted to attend so I hope to have time to watch the replays later.

Webinars

• No webinars this week.

Articles

• Discord discloses data breach after support agent got hacked – Discord is notifying users of a data breach that occurred after the account of a third-party support agent was compromised.
• Russian Ransomware Perp Charged After High-Profile Hive, Babuk & LockBit Hits – Russian national Mikahail Pavlovich Matveev has been charged by the US Department of Justice (DoJ) for launching ransomware attacks on critical organizations including law enforcement agencies, healthcare operations, and more.
• This Cybercrime Syndicate Pre-Infected Over 8.9 Million Android Phones Worldwide – A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks.
• 18-year-old charged with hacking 60,000 DraftKings betting accounts – The Department of Justice revealed today that an 18-year-old man named Joseph Garrison from Wisconsin had been charged with hacking into the accounts of around 60,000 users of the DraftKings sports betting website in November 2022.
• Sunday Paper Debacle: Philadelphia Inquirer Scrambles to Respond to Cyberattack – It’s still unclear when systems for Pennsylvania’s largest media outlet will be fully restored, as employees were told to stay at home through Tuesday.
• Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs – The second generation version of Belkin’s Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely.
• U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator – A Russian national has been charged and indicted by the U.S. Department of Justice (DoJ) for launching ransomware attacks against “thousands of victims” in the country and across the world.
• ASUS routers knocked offline worldwide by bad security update – ASUS has apologized to its customers for a server-side security maintenance error that has caused a wide range of impacted router models to lose network connectivity.
• 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns – The top initial vectors cited by Kaspersky match an earlier report by incident-response firm Google Mandiant, which found that the same common vectors made up the top three techniques — exploitation of vulnerabilities (32%), phishing (22%), and stolen credentials (14%) — but that ransomware actors tended to focus on exploitation and stolen credentials, which together accounted for nearly half (48%) of all ransomware cases.
• Luxottica confirms 2021 data breach after info of 70M leaks online – Luxottica has confirmed one of its partners suffered a data breach in 2021 that exposed the personal information of 70 million customers after a database was posted this month for free on hacking forums.
• KeePass Vulnerability Imperils Master Passwords – A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target’s master password — and proof-of-concept code is available.

Podcasts

• No podcasts this week.

Projects

TryHackMe – SOC Level 1 – Snort Challenge – The Basics completed!