Projects

• Metasploit: Introduction – Complete

Tools

• Cover Your Tacks – See how trackers view your browser

White Papers

• SANS 2024 Security Awareness Report

Videos

Articles

• Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails – An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint’s defenses to send millions of messages spoofing various popular companies like Best Buy, IBM, Nike, and Walt Disney, among others.
• Millions of Websites Susceptible to XSS Attack via OAuth Implementation Flaw – Salt Labs, the research arm of API security firm Salt Security, has discovered and published details of a cross-site scripting (XSS) attack that could potentially impact millions of websites around the world.
• CrowdStrike Outage Losses Estimated at a Staggering $5.4B – Researchers track the healthcare sector as experiencing the biggest financial losses, with banking and transportation following close behind.
• HealthEquity says data breach impacts 4.3 million people – HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people.
• Former Avaya employee gets 4 years for $88M license piracy scheme – Three individuals who orchestrated a massive software pirating operation involving the sale of Avaya business telephone system software licenses worth over $88,000,000 have been sentenced to prison.
• Microsoft says massive Azure outage was caused by DDoS attack – Microsoft confirmed today that a nine-hour outage on Tuesday, which took down and disrupted multiple Microsoft 365 and Azure services worldwide, was triggered by a distributed denial-of-service (DDoS) attack.
• New Android malware wipes your device after draining bank accounts – A new Android malware that researchers call ‘BingoMod’ can wipe devices after successfully stealing money from the victims’ bank accounts using the on-device fraud technique.
• Company Paid Record-Breaking $75 Million to Ransomware Group: Report – Zscaler is aware of a company that paid a record-breaking $75 million ransom to the Dark Angels ransomware group.
• Google Chrome warns uBlock Origin may soon be disabled – Google Chrome is now encouraging uBlock Origin users who have updated to the latest version to switch to other ad blockers before Manifest v2 extensions are disabled.
• US sues TikTok for violating children privacy protection laws – The U.S. Department of Justice has filed a lawsuit against popular social media platform TikTok and its parent company, ByteDance, alleging widespread violations of children’s privacy laws.
• CrowdStrike sued by investors over massive global IT outage – Cybersecurity company CrowdStrike has been sued by investors who say it provided false claims about its Falcon platform after a bad security update led to a massive global IT outage causing the stock price to tumble almost 38%.
• U.S. Releases High-Profile Russian Hackers in Diplomatic Prisoner Exchange – In a historic prisoner exchange between Belarus, Germany, Norway, Russia, Slovenia, and the U.S., two Russian nationals serving time for cybercrime activities have been freed and repatriated to their country.
• Over 1 Million Domains at Risk of ‘Sitting Ducks’ Domain Hijacking Technique – Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack.

Podcasts

Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• Metasploit: Introduction – In Progress

Videos

Articles

• Vulnerability in Cisco Smart Software Manager lets attackers change any user password – Yep, passwords for administrators can be changed, too.
• Technical Details: Falcon Content Update for Windows Hosts – On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems.
• CrowdStrike’s faulty update crashed 8.5 million Windows devices, says Microsoft – The global IT outage on Friday resulted from a sensor configuration update to CrowdStrike’s Falcon platform that caused a Windows logic error.
• Suspected Scattered Spider Member Arrested in UK – UK authorities have arrested a 17-year-old suspected of being a member of the Scattered Spider cybercrime gang.
• California Officials Say Largest Trial Court in US Victim of Ransomware Attack – The Superior Court of Los Angeles County, the largest trial court in the US, has been the victim of a ransomware attack.
• Fake CrowdStrike repair manual pushes new infostealer malware – CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu.
• CrowdStrike CEO Called to Testify to Congress Over Cybersecurity Firm’s Role in Global Tech Outage – U.S. House leaders are calling on CrowdStrike CEO George Kurtz to testify on widespread tech outage that services around the world.
• Verizon to pay $16 million in TracFone data breach settlement – Verizon Communications has agreed to pay a $16,000,000 settlement with the Federal Communications Commission (FCC) in the U.S. concerning three data breach incidents at its wholly-owned subsidiary, TracFone Wireless, suffered after its acquisition in 2021.
• Swipe Right for Data Leaks: Dating Apps Expose Location, More – Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is.
• CrowdStrike Explains Why Bad Update Was Not Properly Tested – CrowdStrike has shared a preliminary incident review, explaining why the update that caused global chaos was not caught by testing.
• AT&T failed to test disastrous update that kicked all devices off network – AT&T caused outage that blocked 92 million calls, 25,000 attempts to reach 911.
• Phone Lines Down in Multiple Courts Across California After Ransomware Attack – Phone lines down in multiple courts across California after ransomware attack on state’s largest trial court in Los Angeles County.
• Hackers Exploited a PC Driving Sim to Pull Off Massive Disney Data Breach – Popular for simulating car crashes, BeamNG.drive helped hackers crash the gate to Disney with the help of an unwitting manager.
• KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware – KnowBe4 chief executive Stu Sjouwerman: “We sent them their Mac workstation, and the moment it was received, it immediately started to load malware.”

Podcasts

• Smashing Security 381: Trump assassination conspiracies, Squarespace account hijacks, and the butt stops here
• Smashing Security 382: CrowdStrike, Dark Wire, and the Paris Olympics

Every week I publish interesting articles and ways to improve your understanding of cybersecurity. I’m back and what a week it was for cybersecurity news!

Projects

• TryHackMe – John The Ripper – In Progress
• TryHackMe – Encryption – Crypto 101 – Complete

Videos

Articles

• Alabama State Department of Education Suffered a Data Breach Following a Blocked Attack – Alabama’s education superintendent disclosed a data breach following a hacking attempt on the Alabama State Department of Education.
• Ransomware Gang Leaks Data Allegedly Stolen from Florida Department of Health – The Ransomhub ransomware gang has claimed the theft of 100GB of data from the Florida Department of Health.
• CISA Takedown of Ivanti Systems Is a Wake-up Call – The exploitation of vulnerabilities in Ivanti’s software underscores the need for robust cybersecurity measures and proactive response strategies to mitigate risks and protect critical assets.
• Evolve Bank Data Breach Impacts 7.6 Million People – Evolve Bank says personal information of more than 7.6 million individuals was compromised in a ransomware attack.
• Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events – In an ongoing extortion campaign against Ticketmaster, threat actors have leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters.
• Neiman Marcus data breach: 31 million email addresses found exposed – A May 2024 data breach disclosed by American luxury retailer and department store chain Neiman Marcus last month has exposed more than 31 million customer email addresses, according to Have I Been Pwned founder Troy Hunt, who analyzed the stolen data.
• 10B Passwords Pop Up on Dark Web ‘RockYou2024’ Release – The passwords, dumped on a cyber-underground forum on July 4 by a hacker called “ObamaCare,” were collected from a variety of older and more recent breaches.
• Hacker Busted for ‘Evil Twin’ Wi-Fi That Steals Airline Passenger Data – Australian cops arrest man found with a portable Wi-Fi access device in his carry-on luggage, allegedly used for standing up scam Wi-Fi networks on flights.
• Formula 1 governing body discloses data breach after email hacks – FIA (Fédération Internationale de l’Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack.
• Proton launches free, privacy-focused Google Docs alternative – Proton has launched ‘Docs in Proton Drive,’ a free and open-source end-to-end encrypted web-based document editing and collaboration tool.
• City of Philadelphia says over 35,000 hit in May 2023 breach – The City of Philadelphia revealed that a May 2024 disclosed in October impacted more than 35,000 individuals’ personal and protected health information.
• 5 Tips to Minimize the Costly Effects of Data Exfiltration – The more sensitive data an organization collects, the more at risk it is to a cyberattack. Here’s how to limit the damage.
• Fujitsu says “advanced” malware was to blame for cyberattack, confirms customer data leaked – It wasn’t ransomware, since the malware tried hard to remain hidden
• Advance Auto Parts: 2.3M people’s data accessed when crims broke into our Snowflake account – Letters from CISO Ethan Steiger suggest the data related to job applications
• Massive AT&T data breach exposes call logs of 109 million customers – AT&T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company’s Snowflake account.
• Rite Aid confirms data breach after June ransomware attack – Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation.
• Australian Spycatchers Snatch Pair of Married Russian Operatives – Both are accused of espionage and face a maximum penalty of 15 years imprisonment each for their crimes.

Podcasts

• Smashing Security – 379: Private nights, evil twins, and crypto home invasions

This week I took vacation and celebrated with family as I hope you all did as well. This post will be shorter than usual.

Projects

• TryHackMe – John The Ripper – In Progress

Articles

• Prudential Financial now says 2.5 million impacted by data breach – Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach.
• Australian charged for ‘Evil Twin’ WiFi attack on plane – An Australian man was charged by Australia’s Federal Police (AFP) for allegedly conducting an ‘evil twin’ WiFi attack on various domestic flights and airports in Perth, Melbourne, and Adelaide to steal other people’s email or social media credentials.
• 3 million iOS and macOS apps were exposed to potent supply-chain attacks – Apps that used code libraries hosted on CocoaPods were vulnerable for about 10 years.
• Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers – Twilio has confirmed a data breach after hackers leaked 33 million phone numbers associated with the Authy app.

Podcasts

• Smashing Security 378: Julian Assange, inside a DDoS attack, and deepfake traumas

Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – John The Ripper – In Progress

Videos

Articles

• Hacker claims to have 30 million customer records from Australian ticket seller giant TEG – A hacker is advertising customer data allegedly stolen from the Australia-based live events and ticketing company TEG on a well-known hacking forum.
• TikTok confirms it offered US government a ‘kill switch’ – TikTok says it offered the US government the power to shut the platform down in an attempt to address lawmakers’ data protection and national security concerns.
• LockBit lied: Stolen data is from a bank, not US Federal Reserve – Recently-disrupted LockBit ransomware group, in a desperate attempt to make a comeback, claimed this week that it had hit the Federal Reserve, the central bank of the United States.
• Lockbit group falsely claimed the hack of the federal reserve – The LockBit ransomware group seems to have lied when they announced the hack of the US Federal Reserve. The real victim is the Evolve Bank.
• Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool – Cybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution.
• Four FIN9 hackers indicted for cyberattacks causing $71M in losses – Four Vietnamese nationals linked to the international cybercrime group FIN9 have been indicted for their involvement in a series of computer intrusions that caused over $71 million in losses to companies in the U.S.
• CoinStats says North Korean hackers breached 1,590 crypto wallets – CoinStats suffered a massive security breach that compromised 1,590 cryptocurrency wallets, with the attack suspected to have been carried out by North Korean threat actors.
• Push Notification Fatigue Leads to LA County Health Department Data Breach – The Los Angeles County Department of Health Services discloses a data breach caused by push notification spamming attack.
• Turkey’s biggest crypto exchange BtcTurk hacked – Turkey’s biggest cryptocurrency market BtcTurk said in an announcement on Saturday that their exchange had been hacked, while a popular Bitcoin analyst claimed that the amount of money stolen amounted to nearly 51 million euros.
• CDK Global says software outage will take several days to resolve – Retail software provider CDK Global says it will likely take several days for its software to be back online and operational, as the company grapples with a system outage that has paralyzed nearly 15,000 car dealerships across North America since Wednesday.
• Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping – Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro.
• WikiLeaks Founder Julian Assange Returns to Australia a Free Man After US Legal Battle Ends – WikiLeaks founder Julian Assange returned to Australia, hours after pleading guilty to obtaining and publishing U.S. military secrets.
• Neiman Marcus Customers Impacted by Snowflake Data Breach – The high-end retailer is the latest company to confirm it was affected by the wide-ranging Snowflake data breach, which impacted more than 165 organizations.
• Diverse Cybersecurity Workforce Act Offers More Than Diversity Benefits – Our adversaries certainly have diversity — so cybersecurity teams need it, too.
• Los Angeles Unified confirms student data stolen in Snowflake account hack – The Los Angeles Unified School District has confirmed a data breach after threat actors stole student and employee data by breaching the company’s Snowflake account.
• Toys “R” Us riles critics with “first-ever” AI-generated commercial using Sora – AI-generated commercials are here, and critics are displeased—but human work is still key.
• Dangerous AI Workaround: ‘Skeleton Key’ Unlocks Malicious Content – Microsoft, OpenAI, Google, and Meta GenAI models could be convinced to ditch their guardrails, opening the door to chatbots giving unfettered answers on building bombs, creating malware, and much more.
• Hundreds of Thousands Impacted in Children’s Hospital Cyberattack – Though the Chicago-area hospital did not pay a ransom, a host of sensitive medical information is now at risk.
• Ticketmaster sends notifications about recent massive data breach – Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company’s Snowflake database, containing the data of millions of people.

Podcasts

• The AI Fix – 1: AI doesn’t exist.
• Compromising Positions – 2: Christian Hunt
• Security Now 980 THE MIXED BLESSING OF LOUSY PRNG

Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – John The Ripper – In Progress

Videos

• Verizon Threat Research Advisory Center MIB – June: the Verizon Threat Research Advisory Center – for an exclusive threat intelligence briefing on Insider Threat, featuring a distinguished guest speaker from the CERT Division of the Carnegie Mellon University Software Engineering Institute. This event will provide deep insights into the latest research and effective strategies to mitigate the risks associated with insider threats, utilizing a socio-technical approach to reduce misuse of authorized access to critical assets. Attendees will learn about the latest trends, best practices, and actionable steps to safeguard their organizations from internal threats, ensuring robust defense mechanisms against one of the most significant security challenges today. Don’t miss this opportunity to enhance your cybersecurity posture with expert knowledge from a leading institution in the field.

Articles

• China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices – A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal command-and-control (C&C) for defense evasion purposes.
• Why Humans Pose a Bigger Corporate Risk than AI: Former Spy Shawnee Delaney Reveals Insider Threat Challenges – The application of artificial intelligence (AI) has extended across various sectors. AI has advanced and improved its capabilities in enhancing corporate security and aiding businesses in scaling operations. It is worth noting that AI can be a force for good. There are AI tools, such as data protection and data integrity tools, that can detect and predict changes in behavior that could indicate malicious insider threats.
• UK’s Total Fitness exposed nearly 500K images of members, staff through unprotected database – Health club chain headed for the spa on choose-a-password day
• Life360 confirms a hacker stole Tile tracker IDs and customer info – A hacker gained access to a Life360 internal tool used for responding to law enforcement requests.
• Security bug allows anyone to spoof Microsoft employee emails – A researcher has found a bug that allows anyone to impersonate Microsoft corporate email accounts, making phishing attempts look credible and more likely to trick their targets.
• Los Angeles United becomes latest US school district to ban smartphones – LAUSD Board of Education members voted yes to enact the ban which is expected to take effect at the beginning of 2025.
• Amtrak confirms crooks are breaking into user accounts, derailing email addresses – Rail company goes full steam ahead with notification letters to Rewards customers about spilled card details and more
• CDK Global investigating cyber incident, briefly shut all systems – Retail technology and software provider CDK Global was investigating a cyber incident and had briefly shut down all its systems proactively, it said on Wednesday.
• Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw – Crypto exchange Kraken revealed that an unnamed security researcher exploited an “extremely critical” zero-day flaw in its platform to steal $3 million in digital assets and refused to return them.
• Massachusetts 911 Outage Caused by Errant Firewall – A statewide outage of the Massachusetts 911 system was the result of a firewall that blocked calls from reaching emergency responders.
• New Government Ban on Kaspersky Would Prevent Company from Updating Malware Signatures in U.S. – The U.S. government has expanded its ban on Kaspersky software in a new move aimed at getting consumers and critical infrastructure to stop using the Russian company’s software products, citing national security concerns.
• T-Mobile denies it was hacked, links leaked data to vendor breach – T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company.

Podcasts

• Smashing Security – 377: An unhealthy data dump, railway surveillance, and a cheater sues Apple

Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• Udemy – Cyber Security SOC Phishing analysis from Scratch-2024 – Complete
• TryHackMe – Common Linux Privesc – Complete

Videos

Papers

ISC2 Annual Report

Articles

• Club Penguin fans breached Disney Confluence server, stole 2.5GB of data – Club Penguin fans hacked a Disney Confluence server to steal information about their favorite game but wound up walking away with 2.5 GB of internal corporate data, BleepingComputer has learned.
• Cleveland City Hall Shuts Down After Cyber Incident – As city officials continue to investigate, it’s unclear which systems were affected and whether it was a ransomware attack.
• RansomHub Brings Scattered Spider Into Its RaaS Nest – The threat group behind breaches at Caesars and MGM moves its business over to a different ransomware-as-a-service operation.
• New York Times source code stolen using exposed GitHub token – Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company’s GitHub repositories in January 2024, The Times confirmed to BleepingComputer.
• Apple’s AI promise: “Your data is never stored or made accessible to Apple” – And publicly reviewable server code means experts can “verify this privacy promise.”
• Security firm Cylance says it has been hacked, data put up for sale online – Stolen Cylance data is being sold for $750,000
• Panera Notifies Employees of Compromised Data – Though the company is informing affected individuals of a breach, it’s keeping the nature and scope of the cybersecurity incident that led to it under wraps.
• Former IT employee gets 2.5 years for wiping 180 virtual servers – A former quality assurance employee of National Computer Systems (NCS) was sentenced to two years and eight months in prison for reportedly deleting 180 virtual servers after being fired.
• Scattered Spider hackers switch focus to cloud apps for data theft – The Scattered Spider gang has started to steal data from software-as-a-service (SaaS) applications and establish persistence through creating new virtual machines.
• Widespread Vishing Effort Impersonates CISA Staff – The cybersecurity agency issued a warning not to agree to any payment requests and to alert law enforcement or CISA after being contacted.
• U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain – Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider.

Podcasts

• Cyberwire – Ep 20 | 10.18.20 – Rosa Smothers: Secure the planet. [Intelligence]

Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Common Linux Privesc – In Progress
• LinkedIn Learning – Holding Yourself Accountable – Complete
• Udemy – Teradata SQL for Data Science and Data Analytics – Complete
• Udemy – Cyber Security SOC Phishing analysis from Scratch-2024 – Complete

Videos

• SANS Cybersecurity Leadership Summit You tube Playlist: https://www.youtube.com/playlist?list=PLtgaAEEmVe6Bnuq43jxYufUue0R7jPhFk

White Papers

• Common Sense Guide to Mitigating Insider Threats

Articles

• Live Nation took 11 days to confirm the massive Ticketmaster data breach – Data allegedly belonging to 560 million Ticketmaster customers has been on sale all week, but the company stayed silent until Friday night.
• The NSA advises you to turn your phone off and back on once a week – Powering off your phone regularly, disabling Bluetooth when it’s not needed, and using only trusted accessories are just some of the NSA’s security recommendations.
• Police dismantle pirated TV streaming network that made $5.7 million – Spanish police have dismantled a network of illegal media content distribution that, since the start of its operations in 2015, has made over $5,700,000.
• Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions – Now-patched authorization bypass issues impacting Cox modems could have been abused as a starting point to gain unauthorized access to the devices and run malicious commands.
• ShinyHunters claims Santander breach, selling data for 30M customers – A threat actor known as ShinyHunters is claiming to be selling a massive trove of Santander Bank data, including information for 30 million customers, employees, and bank account data, two weeks after the bank reported a data breach.
• BBC Data Breach Impacts 25,000 Employees – The BBC has disclosed a data breach impacting over 25,000 current and former employees, but the incident did not involve ransomware.
• Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested – The US announced that the 911 S5 (Cloud Router) botnet, likely the world’s largest, has been dismantled and its administrator arrested.
• Cox fixed an API auth bypass exposing millions of modems to attacks – Cox Communications has fixed an authorization bypass vulnerability that enabled remote attackers to abuse exposed backend APIs to reset millions of Cox-supplied modems’ settings and steal customers’ sensitive personal information.
• Major cyberattack sees NHS London hospitals declare critical incident with operations cancelled – Procedures have been cancelled at Guy’s, St Thomas’ and King’s College hospitals after a ransomware attack
• Leaked Google database reveals its secret privacy and security failures – The company confirmed to Engadget the authenticity of the data, acquired by 404 Media.
• Crooks threaten to leak 3B personal records ‘stolen from background check firm’ – Turns out opting out actually works?
• Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs – Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform.
• FBI warns of fake remote work ads used for cryptocurrency fraud – Today, the FBI issued a warning about scammers using fake remote job ads to steal cryptocurrency from job seekers across the United States while posing as recruiters for legitimate companies.
• Ransomware Group Claims Cyberattack on Frontier Communications – The RansomHub ransomware group claims to have stolen the information of over 2 million Frontier Communications customers.

Podcasts

• Smashing Security 374: Microsoft’s Recall controversy, and the North Korean insider threat