Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Linux Shells – Complete

Videos

Articles

• Critical PostgreSQL bug tied to zero-day attack on US Treasury – High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further
• Hackers broke into Watergate Hotel’s network, stole personal data from hotel computers – There has been another Watergate break-in.
• Elon Musk’s DOGE website has been defaced because anyone can edit it – Instead of using government servers, the DOGE website appears to pull from an insecure database.
• Meta to link world with longest subsea cable – Meta, the parent company of Facebook and Instagram, confirmed plans Monday to build the world’s longest subsea cable that will circle the Earth and connect five continents.
• Hundreds of Dutch medical records bought for pocket change at flea market – 15GB of sensitive files traced back to former software biz
• How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying – Mandiant warns that multiple Russian APTs are abusing a nifty Signal Messenger feature to surreptitiously spy on encrypted conversations
• CISA and FBI: Ghost ransomware breached orgs in 70 countries – CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations.
• US Army soldier pleads guilty to AT&T and Verizon hacks – Cameron John Wagenius pleaded guilty to hacking AT&T and Verizon and stealing a massive trove of phone records from the companies, according to court records filed on Wednesday.
• Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks – Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies.
• Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3 – The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand’s legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale.
• How China Pinned University Cyberattacks on NSA Hackers – A researcher dives into Chinese reports attributing cyberattacks on Northwestern Polytechnical University to the NSA’s TAO division.
• Thailand ready to welcome 7,000 trafficked scam call center victims back from Myanmar – It comes amid a major crackdown on the abusive industry that started during COVID

Podcasts

• Smashing Security 405: A crypto con exchange, and soaring ticket scams

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Windows Powershell – Complete
• TryHackMe – Linux Shells – In Progress

Videos

Articles

• A US Treasury Threat Intelligence Analysis Designates DOGE Staff as ‘Insider Threat’ – An internal email reviewed by WIRED calls DOGE staff’s access to federal payments systems “the single greatest insider threat risk the Bureau of the Fiscal Service has ever faced.”
• Hacker pleads guilty to SIM swap attack on US SEC X account – Today, an Alabama man pleaded guilty to hijacking the U.S. Securities and Exchange Commission (SEC) account on X in a January 2024 SIM swapping attack.
• Toll booth bandits continue to scam via SMS messages – North American drivers are continuing to be barraged by waves of scam text messages, telling them that they owe money on unpaid tolls.
• Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence – A U.S. citizen pleaded guilty, Tuesday to playing a role in a wide-ranging scheme that allowed multiple North Korean nationals to collect paychecks from more than 300 U.S. companies.
• Data Leaks Happen Most Often in These States — Here’s Why – State-led data privacy laws and commitment to enforcement play a major factor in shoring up business data security, an analysis shows.
• Indiana Man Sentenced to 20 Years in Prison for Hacking, $37 Million Crypto Theft – Evan Light was sentenced to 20 years in federal prison for hacking an investment holdings company and stealing $37 million in cryptocurrency.
• Scammers clone Italian defence minister’s voice with AI in ransom scheme – Entrepreneurs in Italy were targeted by scammers posing as Defence Minister Guido Crosetto, asking for money to free kidnapped journalists.
• Astaroth Phishing Kit Bypasses 2FA to Hijack Gmail and Microsoft Accounts – New Astaroth Phishing Kit bypasses 2FA (two-factor authentication) to steal Gmail, Yahoo and Microsoft login credentials using a reverse proxy, real-time credential capture, and session hijacking.
• Scarlett Johansson warns of “1000-foot AI wave” following viral deepfake – Scarlett Johansson has had enough of non-consensual videos and images created using artificial intelligence (AI) and is urging legislators to clamp down on unauthorized AI usage.
• RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally – The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network’s domain controller as part of their post-compromise strategy.

Podcasts

• Smashing Security 404: Podcast not found

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Windows Powershell – In Progress
• Cryptohack – A free, fun platform for learning modern cryptography.

Videos

• The Lazarus Heist – YouTube Playlist

Articles

• US Justice Department sues to block HPE’s $14B acquisition of Juniper Networks – The U.S. Department of Justice has sued to block enterprise tech giant HPE from acquiring Juniper Networks, the networking firm, citing antitrust concerns.
• Grubhub confirms data breach affecting customers and drivers – U.S. food delivery giant Grubhub says hackers accessed the personal details of customers and drivers after breaching its internal systems.
• Chinese and Iranian Hackers Are Using U.S. AI Products to Bolster Cyberattacks – Hackers linked to China, Iran and other foreign governments are using new AI technology to bolster their cyberattacks against U.S. and global targets, according to U.S. officials and new security research.
• Apple ordered to open encrypted user accounts globally to UK spying – The secret order would give the UK access to encrypted backups belonging to any user — not just Brits.
• DeepSeek App Transmits Sensitive User and Device Data Without Encryption – A new audit of DeepSeek’s mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks.
• Apple missed screenshot-snooping malware in code that made it into the App Store, Kaspersky claims – OCR plugin great for extracting crypto-wallet secrets from galleries
• Agencies Sound Alarm on Patient Monitors With Hardcoded Backdoor – CISA and the FDA are warning that Contec CMS8000 and Epsimed MN-120 patient monitors are open to meddling and data theft; Claroty Team82 flagged the vulnerability as an avoidable insecure design issue.
• Netgear warns users to patch critical WiFi router vulnerabilities – Netgear has fixed two critical vulnerabilities affecting multiple WiFi router models and urged customers to update their devices to the latest firmware as soon as possible.

Podcasts

• Smashing Security 402: Hackers get hacked, the British Museum IT shutdown, and social media kidnaps
• Smashing Security 403: Coinbase crypto heists, QR codes, and ransomware in the classroom
• Darknet Diaries EP 154: Hijacked Line

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Windows Command Line – Complete
• TryHackMe – Windows Powershell – In Progress

Videos

Articles

• UnitedHealth confirms 190 million Americans affected by Change Healthcare data breach – UnitedHealth has confirmed the ransomware attack on its Change Healthcare unit last February affected around 190 million people in America — nearly double previous estimates.
• Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor – Salt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has breached at least nine U.S.-based telecommunications companies with the intent to target high profile government and political figures. Tenable Research examines the tactics, techniques and procedures of this threat actor.
• Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors – Volt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has consistently targeted U.S. critical infrastructure with the intent to maintain persistent access. Tenable Research examines the tactics, techniques and procedures of this threat actor.
• Millions of Subarus could be remotely unlocked, tracked due to security flaws – Flaws also allowed access to one year of location history.
• British Museum says ex-contractor ‘shut down’ IT systems, wreaked havoc – Former freelancer cuffed a week after being dismissed by UK’s top visitor attraction
• Apple chips can be hacked to leak secrets from Gmail, iCloud, and more – Side channel gives unauthenticated remote attackers access they should never have.
• Mastercard’s multi-year DNS cut-and-paste nightmare – What is frightening about this mistake is not how much damage cyberthieves could have done, but how easy it is to make and how difficult it is to discover.
• MGM agrees to pay $45 million to victims of 2019 data breach and 2023 ransomware attack – MGM Resorts International agreed to pay $45 million to settle multiple class action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023.

Podcasts

• Darknet Dairies – 153: Bike Index

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Windows Command Line – Complete
• TryHackMe – Windows PowerShell – In Progress

Videos

Articles

• Caught secretly selling car owners’ driving data, General Motors slapped with a hefty ban by Lina Khan’s FTC – General Motors reached a settlement with the U.S. Federal Trade Commission that will prohibit it from selling information on its customers’ driving habits without their knowledge and explicit consent for the next 20 years.
• Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties – According to court filings, Rahman is alleged to have retained without authorization two documents classified as Top Secret on or about October 17, 2024, and delivered it to multiple individuals who were not entitled to receive it.
• FBI Warned Agents It Believes Phone Logs Hacked Last Year [Paywall] – FBI leaders have warned that they believe hackers who broke into AT&T Inc.’s system last year stole months of their agents’ call and text logs, setting off a race within the bureau to protect the identities of confidential informants, a document reviewed by Bloomberg News shows.
• Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network – The Treasury Department announced sanctions in connection with a massive Chinese hack of American telecommunications companies and a breach of its own computer network.
• Bitbucket services “hard down” due to major worldwide outage – Bitbucket is investigating a massive outage affecting Atlassian Bitbucket Cloud customers worldwide, with the company saying its cloud services are “hard down.”
• FortiGate config leaks: Victims’ email addresses published online – Experts warn not to take leaks lightly as years-long compromises could remain undetected
• Cloudflare Blocked a Record-breaking 5.6 Tbps Ddos Attack – Cloudflare announced that it has blocked a record-breaking 5.6 terabit-per-second (Tbps) distributed denial-of-service (DDoS) attack.

Podcasts

• Smashing Security 401: Hacks on the high seas, and how your home can be stolen under your nose

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

I took a few weeks off, but I’m back now and there is a lot of news happening. I hope you enjoy this weeks round up.

Projects

• TryHackMe – Splunk: Setting up a SOC Lab – Complete
• TryHackMe – Search Skills – In Prgoress

Videos

Articles

• Chinese hackers also breached Charter and Windstream networks – More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon.
• Green Bay Packers’ online store hacked to steal credit cards – The Green Bay Packers American football team is notifying fans that a threat actor hacked its official online retail store in October and injected a card skimmer script to steal customers’ personal and payment information
• Washington Attorney General Sues T-Mobile Over 2021 Data Breach – Washington State Attorney General Bob Ferguson has filed a lawsuit against T-Mobile over a 2021 data breach that impacted over 76 million consumers.
• Apple offers $95 million in Siri privacy violation settlement – Apple has agreed to pay $95 million to settle a class action lawsuit in the U.S. alleging that its Siri assistant recorded private conversations and shared them with third parties.
• A Us Soldier Was Arrested for Leaking Presidential Call Logs – US authorities have arrested soldier Cameron John Wagenius for his alleged involvement in leaking presidential phone records.
• Volkswagen Breach Exposes Data of 800K EV Customers – Ethical hacking group Chaos Computer Club uncovered exposed data of electrical vehicle owners across the company’s VW, Audi, Seat, and Skoda brands.
• Telegram hands over data on thousands of users to US law enforcement – Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement.
• Suspected Chinese underwater spy drone found by fishermen in waters off the Philippines – A submarine drone suspected to be from China was recovered in waters off the central Philippines, police said on Thursday, warning of “potential national security implications.”
• Google: Chinese hackers likely behind Ivanti VPN zero-day attacks – Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called ‘Dryhook’ and ‘Phasejam’ that is not currently associated with any threat group.
• Fed ‘Cyber Trust’ Label: Good Intentions That Fall Short – The voluntary program is intended to boost consumer confidence in vulnerable IoT devices, but experts want to see vendors held to a higher standard.
• Over 4,000 backdoors hijacked by registering expired domains – Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them.
• Top 5 Malware Threats to Prepare Against in 2025 – 2024 had its fair share of high-profile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises
• A Day in the Life of a Prolific Voice Phishing Crew – Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way.

Podcasts

• Only Malware in the Building – Malware metamorphosis: 2024 reflections and 2025 predictions
• Smashing Security 399: Honey in hot water, and reset your devices