Every week I post what I have been working on in my journey to learn more about cybersecurity and hopefully land a job in the field. Right now I’m working on a three part plan:

1. Keep up with current events – This post is a big part of that
2. Gain practical experience – Right now I’m working through TryHackMe learning paths
3. Obtain cybersecurity certificates – I’ve earned the (ISC)2 Certified in Cybersecurity, and I am studying for the CompTIA Security+ currently

Webinars

• SANS DFIR Summit – Day 1: Track 1 | Day 1: Track 2 | Day 2

Articles

• Israeli Oil Refinery Taken Offline by Pro-Iranian Attackers – The apparent pro-Iranian Cyber Avengers posted images of BAZAN Groups’s SCADA systems, diagrams, and programmable logic controller (PLC) code.
• CISA issues new warning on actively exploited Ivanti MobileIron bugs – The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of state hackers exploiting two flaws in Ivanti’s Endpoint Manager Mobile (EPMM), formerly MobileIron Core.
• Threat actors abuse Google AMP for evasive phishing attacks – Security researchers are warning of increased phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures and get to inboxes of enterprise employees.
• ‘DarkBERT’ GPT-Based Malware Trains Up on the Entire Dark Web – The DarkBART and DarkBERT cybercriminal chatbots, based on Google Bard, represent a major leap ahead for adversarial AI, including Google Lens integration for images and instant access to the whole of the cyber-underground knowledge base.
• Retail chain Hot Topic discloses wave of credential-stuffing attacks – American apparel retailer Hot Topic is notifying customers about multiple cyberattacks between February 7 and June 21 that resulted in exposing sensitive information to hackers.
• Why the California Delete Act Matters – Bill 362 is a perfect template for a nationwide win against data brokers and the privacy infringements they cause.
  • The California Delete Act would create an online portal where Californians could opt out of data broker tracking and remove information already collected about them.
• Tesla Jailbreak Unlocks Theft of In-Car Paid Features – Want heated seats for free? Self-driving in Europe despite a regulatory ban? Researchers have discovered the road to free car-modding on the popular Tesla EVs.
• Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi – Nearly 200 models are affected by vulnerability that may give wireless access to unauthorized third parties.
• Monitor Insider Threats but Build Trust First – The issue of how to prevent insider threats without infringing on employee privacy is one that has been a hot topic of debate in recent years.
• Hacktivist Group ‘Mysterious Team Bangladesh’ Goes on DDoS Rampage – The emerging threat has carried out 750 DDoS attacks and 78 website defacements in just one year to support its religious and political motives.
• Mondee security lapse exposed flight itineraries and unencrypted credit card numbers – Travel giant Mondee has secured an exposed database that was spilling sensitive customer information, including detailed flight and hotel itineraries and unencrypted credit card numbers.
• “PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wild – Malicious Emails Sent by Trusted Email Gateways

Podcasts

• Smashing Security 333: Barbie and the stalking spouse

Projects

• TryHackMe – SOC Level 1 (58% Complete)
  • Windows Event Logs – Complete
  • Sysmon – Complete
  • Osquery: The Basics – Complete

Welcome to another cybersecurity wrap-up! This week I caught a great webinar by Rachel Tobac, that she presented to my company (sorry, no link to share for this one).

Webinars

• Inside the Mind of a Hacker – Rachel Tobac

Articles

• Over 400,000 corporate credentials stolen by info-stealing malware – The analysis of nearly 20 million information-stealing malware logs sold on the dark web and Telegram channels revealed that they had achieved significant infiltration into business environments.
• 8 million people hit by data breach at US govt contractor Maximus – U.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks.
• New SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within 4 Days – The U.S. Securities and Exchange Commission (SEC) on Wednesday approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a “material” impact on their finances, marking a major shift in how computer breaches are disclosed.
• Massive macOS Campaign Targets Crypto Wallets, Data – Threat actors are distributing new “Realst” infostealer via fake blockchain games, researchers warn.
• KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related – KnowBe4 releases Q2 2023 global phishing report and finds HR related email subjects utilized as a phishing strategy and make up 50% of top email subjects.
• ‘FraudGPT’ Malicious Chatbot Now for Sale on Dark Web – The subscription-based, generative AI-driven offering joins a growing trend toward “generative AI jailbreaking” to create ChatGPT copycat tools for cyberattacks.
• Hackers Abusing Windows Search Feature to Install Remote Access Trojans – A legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.
• Hawai’i Community College pays ransomware gang to prevent data leak – The Hawaiʻi Community College has admitted that it paid a ransom to ransomware actors to prevent the leaking of stolen data of approximately 28,000 people.
• BreachForums database and private chats for sale in hacker data breach – While consumers are usually the ones worried about their information being exposed in data breaches, it’s now the hacker’s turn, as the notorious Breached cybercrime forum’s database is up for sale and member data shared with Have I Been Pwned.

Podcasts

• Smashing Security 332: Nudes leak at the plastic surgery, Mali mail mix-up, and WormGPT

Projects

• TryHackMe – SOC Level 1 (49% Complete)
  • sysinternals – Complete

Every week I writer here what I learn this week about cybersecurity.

Webinars

• New Phishing Benchmarks Unlocked:Is Your Organization Ahead of the Curve in 2023 – Joanna Huisman, SVP, Strategic Insights and Research,KnowBe4: Cybercriminals continue to rely on proven attack methods while developing new ways to infiltrate digital environments and break through your human defense layer. But how can you reduce your organization’s attack surface? KnowBe4 looked at 12.5 million users across 35,681 organizations to find out.
• 2023 DBIR Presents Episode 1: System Intrusion – The Verizon 2023 Data Breach Investigations Report (DBIR) examines confirmed breaches and sheds light on how the most common forms of cyber attacks affected the security landscape globally. System Intrusion is the number one breach pattern and represents of 37% all breaches. 80% of System Intrusion incidents involved Ransomware as attackers continue to leverage a bevy of different techniques to compromise an organization and monetize their access.
• How to Design a Least Privilege Architecture in AWS – Dave Shackleford, SANS analyst; Sagar Khasnis, Partner Solutions Architect at AWS: Implementing a least privilege architecture can reduce risk and minimize disruptions by allowing only the minimum required authority to perform a duty or task. Adding network micro-segmentation also restricts east-west movement to reduce the number of vulnerable pathways to applications. When combined, these methods create a granular security environment that provides strong attack resistance. In this webinar, SANS and AWS Marketplace will present examples of how to set up a least privilege stack, covering such key issues as where to start and what to prioritize. Additionally, they will present real-world use cases of least privilege stacks and effective micro-segmentation methods that have been deployed in Amazon Web Services (AWS).

Articles

• Police arrests Ukrainian scareware developer after 10-year hunt – The Spanish National Police has apprehended a Ukrainian national wanted internationally for his involvement in a scareware operation spanning from 2006 to 2011.
• IT worker jailed for impersonating ransomware gang to extort employer – 28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack.
• Thousands of images on Docker Hub leak auth secrets, private keys – Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface.
• How Hackers Can Hijack a Satellite – We rely on them for communications, military activity, and everyday tasks. How long before attackers really start to look up at the stars?
• Hacker Infected & Foiled by Own Infostealer – A prolific threat actor has been operating on Russian-language forums since 2020, but then he accidentally infected his own computer and sold off its contents to threat researchers.
• Estée Lauder beauty giant breached by two ransomware gangs – Two ransomware actors, ALPHV/BlackCat and Clop, have listed beauty company Estée Lauder on their data leak sites as a victim of separate attacks.
• OpenAI credentials stolen by the thousands for sale on the dark web – Threat actors are showing an increased interest in generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials for sale on the dark web and access to a malicious alternative for ChatGPT.
• Microsoft: Hackers turn Exchange servers into malware control centers – Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry and Microsoft Exchange servers with a new ‘DeliveryCheck’ malware backdoor.
• Sogu, SnowyDrive Malware Spreads, USB-Based Cyberattacks Surge – Two separate threat actors are using poisoned USB drives to distribute malware in cyber-espionage campaigns targeting organizations across different sectors and geographies.
• Attackers Pummel Millions of Websites via Critical WooCommerce Payments Flaw – A barrage of targeted attacks against vulnerable installations peaked at 1.3 million against 157,000 sites over the weekend, aimed at unauthenticated code execution.
• The Biden administration is tackling smart devices with a new cybersecurity label – The Biden administration is launching a new cybersecurity label for smart devices today.
• Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps – China-linked APT actors could have single-hop access to the gamut of Microsoft cloud services and apps, including SharePoint, Teams, and OneDrive, among many others.
• Pioneering hacker Kevin Mitnick, FBI-wanted felon turned security guru, dead at 59 – Kevin Mitnick, whose pioneering antics tricking employees in the 1980s and 1990s into helping him steal software and services from big phone and tech companies made him the most celebrated U.S. hacker, has died at age 59.
• Amazon agrees to $25 million fine for Alexa children privacy violations – The U.S. Justice Department and the Federal Trade Commission (FTC) announced that Amazon has agreed to pay a $25 million fine to settle alleged children’s privacy laws violations related to the company’s Alexa voice assistant service.

Podcasts

• Smashing Security 331: Boris Johnson’s WhatsApps, and sextorting party girls

Projects

• TryHackMe – SOC Level 1 (48% Complete)
  • Intro to Enpoint Security – Complete
  • Core Windows Processes – Complete

Every week I download what I learn here on this site. I am teaching myself cybersecurity. On these updates, I share what I’m reading and doing to increase my cybersecurity skills.

Articles

• Hackers Steal $20 Million by Exploiting Flaw in Revolut’s Payment Systems – Malicious actors exploited an unknown flaw in Revolut’s payment systems to steal more than $20 million of the company’s funds in early 2022.
• Razer investigates data breach claims, resets user sessions – Gaming gear company Razer reacted to recent rumors of a massive data breach with a short statement on Twitter, letting users know that they started an investigation into the matter.
• Banking Firms Under Attack by Sophisticated ‘Toitoin’ Campaign – An attack involves a multi-stage infection chain with custom malware hosted on Amazon EC2 that ultimately steals critical system and browser data; so far, targets have been located in Latin America.
• Beware of Big Head Ransomware: Spreading Through Fake Windows Updates – A developing piece of ransomware called Big Head is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers.
• Microsoft: Chinese hackers breached US govt Exchange email – A Chinese hacking group has breached the email accounts of more than two dozen organizations worldwide, including U.S. and Western European government agencies, according to Microsoft.
• TeamTNT’s Silentbob Botnet Infecting 196 Hosts in Cloud Attack Campaign – As many as 196 hosts have been infected as part of an aggressive cloud campaign mounted by the TeamTNT group called Silentbob.
• USB drive malware attacks spiking again in first half of 2023 – What’s old is new again, with researchers seeing a threefold increase in malware distributed through USB drives in the first half of 2023.
• AIOS WordPress Plugin Faces Backlash for Storing User Passwords in Plain Text – All-In-One Security (AIOS), a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users’ passwords being added to the database in plaintext format.
• Colorado State University says data breach impacts students, staff – Colorado State University (CSU) has confirmed that the Clop ransomware operation stole sensitive personal information of current and former students and employees during the recent MOVEit Transfer data-theft attacks.

Podcasts

• Smashing Security 330: Deepfake Martin Lewis, and a deadly jog in the park

Projects

Try Hack Me – SOC Level 1

• Wireshark: Traffic Analysis

I think I must be strange because I ask this question a lot. I have three browsers installed: Brave, Firefox and Opera. I enjoyed this video discussing these.

I haven’t played with Parrot OS and this looks like a fun project to start. I hope to get my hands on another Raspberry Pi soon so I can try this.

I took a week off on holiday with the family. But, now I’m back and the journey continues. If it is your first time here, I am teaching myself cybersecurity. Yes, I know that is a large knowledge base, but you have to start somewhere. On these updates, I share what I’m reading and doing to increase my cybersecurity skills.

Webinars

• None this week.

Articles

• Nickelodeon investigates breach after leak of ‘decades old’ data – Nickelodeon has confirmed that the data leaked from an alleged breach of the company is legitimate but some of it appears to be decades old.
• Over 130,000 solar energy monitoring systems exposed online – Security researchers are warning that tens of thousands of photovoltaic (PV) monitoring and diagnostic systems are reachable over the public web, making them potential targets for hackers.
• OPERA1ER Cybercrime Group’s Leader Arrested by Interpol – The group’s mastermind was nabbed in Côte d’Ivoire for stealing up to $30 million using malware, phishing campaigns, and BEC scams, as part of international law enforcement’s Operation Nervone.
• Japan’s largest port stops operations after ransomware attack – The Port of Nagoya, the largest and busiest port in Japan, has been targeted in a ransomware attack that currently impacts the operation of container terminals.
• Dublin Airport staff pay details stolen by hackers after MOVEit attack at third-party provider – Staff at Dublin Airport have been warned that their personal data has fallen into the hands of hackers, following a data breach at a third-party service provider.
• Trans-Rights Hacktivists Steal City of Ft. Worth’s Data – In a move to embarrass the city, hacking group known as SiegedSec accessed thousands of files with administrator logins, but it’s making no ransom demands.
• Twitter Celeb Account Hacker Heads to Jail for 5 Years – Extradited from Spain, PlugWalkJoe has been sentenced in US court and is now headed to federal prison on a raft of charges related to account hijacking and cyber stalking.
• Mastodon Social Network Patches Critical Flaws Allowing Server Takeover – Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks.
• Move It on Over: Reflecting on the MOVEit Exploitation – In late May 2023, customers running the popular MOVEit file transfer software faced multiple, unexplained intrusions.

Podcasts

• Smashing Security 329 – Pornhub, Barbie dolls, and can you trust a free TV?

Projects

• Try Hack Me – SOC Level 1
  • Brim
  • Wireshark: the Basics
  • Wireshark: Packet Operations

Another week and more learning progress made!

Articles

• Swiss government warns of ongoing DDoS attacks, data leak – The Swiss government has disclosed that a recent ransomware attack on an IT supplier might have impacted its data, while today, it warns that it is now targeted in DDoS attacks.
• Password Reset Hack Exposed in Honda’s E-Commerce Platform, Dealers Data at Risk – Security vulnerabilities discovered in Honda’s e-commerce platform could have been exploited to gain unrestricted access to sensitive dealer information.
• Strava heatmap feature can be abused to find home addresses – Researchers at the North Carolina State University Raleigh have discovered a privacy risk in the Strava app’s heatmap feature that could lead to identifying users’ home addresses.
• Ukrainian hackers take down service provider for Russian banks – A group of Ukrainian hackers known as the Cyber.Anarchy.Squad claimed an attack that took down Russian telecom provider Infotel JSC on Thursday evening.
• RDP honeypot targeted 3.5 million times in brute-force attacks – Remote desktop connections are so powerful a magnet for hackers that an exposed connection can average more than 37,000 times every day from various IP addresses.
• Massive phishing campaign uses 6,000 sites to impersonate 100 brands – A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites.
• Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack – The U.S. Department of Justice (DoJ) has charged two Russian nationals in connection with masterminding the 2014 digital heist of the now-defunct cryptocurrency exchange Mt. Gox.
• Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away – Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs.
• US intelligence confirms it buys Americans’ personal data – A newly declassified report says the controversial practice raises “significant issues” for Americans’ civil liberties
• Spotify has been fined $5.4 million for violating GDPR data rules – A Swedish regulator says the company wasn’t transparent enough about its handling of user data.
• Attackers Create Synthetic Security Researchers to Steal IP – Threat groups created a fake security company, “High Sierra,” with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware.
• Millions of Oregon, Louisiana state IDs stolen in MOVEit breach – Louisiana and Oregon warn that millions of driver’s licenses were exposed in a data breach after a ransomware gang hacked their MOVEit Transfer security file transfer systems to steal stored data.
• 20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona – The U.S. Department of Justice (DoJ) on Thursday unveiled charges against a Russian national for his alleged involvement in deploying LockBit ransomware to targets in the U.S., Asia, Europe, and Africa.
• Rhysida ransomware leaks documents stolen from Chilean Army – Threat actors behind a recently surfaced ransomware operation known as Rhysida have leaked online what they claim to be documents stolen from the network of the Chilean Army (Ejército de Chile).

Projects

• TryHackMe – SOC Level 1 – Zeek Exercises – Completed.

Every week I publish a post containing the progress and learning that I did in the past week. I hope this helps those like me, who are trying to keep up with everything happening in the cybersecurity world. There is a lot!

Webinars

• Dave Hylender, Suzanne Widup – 2023 Data Breach Investigations Report (DBIR) Key Findings– 6/6/23 – 2023 Verizon’s Data Breach Investigations Report is here! Cybercrime can come in any shape or size, and not always in the form you’d expect. Security professionals across the world use the annual DBIR to validate their security program priorities and to communicate with stakeholders and business leaders.
• Proofpoint – Prevent Data Loss by Careless Employees – 6/8/23 – In today’s work from anywhere and everywhere world, you need a modern approach to data loss prevention. Careless knowledge workers pose a significant compliance risk to organizations. They may expose sensitive data in cloud applications. They may download sensitive information onto their personal devices.

Articles

• A Confession Exposes India’s Secret Hacking Industry – “Everyone’s hackable,” one slide promised. The company charged twenty-five hundred dollars for a month of work by a single hacker, and the presentation said that it had taken less than two weeks for Appin to obtain confidential e-mails and photographs confirming a husband’s suspicion that his wife had cheated on him (“even though she was using an updated Norton 360 antivirus”).
• KeePass v2.54 fixes bug that leaked cleartext master password – KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the application’s memory.
• Mass Exploitation of Zero-Day Bug in MOVEit File Transfer Underway – With shades of the GoAnywhere attacks, a cyber threat actor linked to FIN11 is leveraging a bug in the widely used managed file transfer product to steal data from organizations in multiple countries.
• Atomic Wallet hacks lead to over $35 million in crypto stolen – The developers of Atomic Wallet are investigating reports of large-scale theft of cryptocurrency from users’ wallets, with over $35 million in crypto reportedly stolen.
• FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring – The U.S. Federal Trade Commission (FTC) has fined Amazon a cumulative $30.8 million over a series of privacy lapses regarding its Alexa assistant and Ring security cameras.
• Verizon DBIR: Social Engineering Breaches Double, Leading to Spiraling Ransomware Costs – Ransomware continues its runaway growth with median payments reaching $50,000 per incident.
• Outlook.com hit by outages as hacktivists claim DDoS attacks – Outlook.com is suffering a series of outages today after being down multiple times yesterday, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service.
• Microsoft to pay $20 million for XBOX children privacy violations – Microsoft has agreed to pay a $20 million fine and change data privacy procedures for children to settle Federal Trade Commission (FTC) charges over Children’s Online Privacy Protection Act (COPPA) violations.
• Filling the Gaps: How to Secure the Future of Hybrid Work – By enhancing remote management and adopting hardware-enforced security, productivity can continue without inviting extra cyber-risk.
• Honda API flaws exposed customer data, dealer panels, internal docs – Honda’s e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account.
• Microsoft Links MOVEit Attack to Cl0p as British Airways, BBC Fall – Some billion-dollar organizations have already been identified as victims of the prolific ransomware group’s latest exploit, amidst ongoing attacks.
• Microsoft OneDrive down worldwide following claims of DDoS attacks – Microsoft is investigating an ongoing outage that is preventing OneDrive customers from accessing the cloud file hosting service worldwide, just as a threat actor known as ‘Anonymous Sudan’ claims to be DDoSing the service
• Cybercrooks Scrape OpenAI API Keys to Pirate GPT-4 – With more than 50,000 publicly leaked OpenAI keys on GitHub alone, OpenAI developer accounts are the third-most exposed in the world.
• University of Manchester says hackers ‘likely’ stole data in cyberattack – The University of Manchester warns staff and students that they suffered a cyberattack where threat actors likely stole data from the University’s network.
• Microsoft’s Azure portal down following new claims of DDoS attacks – The Microsoft Azure Portal is down on the web as a threat actor known as Anonymous Suda claims to be targeting the site with a DDoS attack.

Projects

TryHackMe – SOC Level 1 – Zeek – Completed.

Great video. Its about an hour long, but so worth it.Have I Been Pwned