Projects

• EdX – EC-Council | Ethical Hacking Essentials- In Progress
• TryHackMe | Nmap Room – Complete

Videos

Articles

• A Cyber Attack Hit The Beirut International Airport – A cyber attack hit the Beirut International Airport, Rafic Hariri (Lebanon), threat actors breached the Flight Information Display System (FIDS).
• Netgear, Hyundai latest X accounts hacked to push crypto drainers – The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware.
• US, Israel Used Dutch Spy to Launch Stuxnet Malware Against Iran – Report says US and Israel spent $1 billion to develop the infamous Stuxnet virus, built to sabotage Iran’s nuclear program in 2008.
• Turkish Hackers Target Microsoft SQL Servers in Americas, Europe – Researchers at Securonix warn that Turkish threat actors are targeting organizations in the Americas and Europe with ransomware campaigns.
• Beware Weaponized YouTube Channels Spreading Lumma Stealer – Videos promoting how to crack popular software circumvent Web filters by using GitHub and MediaFire to propagate the malware.
• ‘Swatting’ Becomes Latest Extortion Tactic in Ransomware Attacks – Threat actors leave medical centers with the difficult choice of paying the ransom or witnessing patients suffer the consequences.
• LoanDepot Takes Systems Offline Following Ransomware Attack – Mortgage lending firm LoanDepot has disclosed a cyberattack resulting in data encryption and system disruptions.
• Anonymous Sudan Launches Cyberattack on Chad Telco – Hacktivists attack infrastructure, including routers, network administration systems, and devices.
• China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments – Chinese APT Volt Typhoon appears engaged in new attacks against government entities in the US, UK, and Australia.
• Mandiant Details How Its X Account Was Hacked – Mandiant’s X account was hacked as a result of a brute force attack as part of a cryptocurrency scheme that earned at least $900k.
• Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days – Ivanti confirms active zero-day exploits, ships pre-patch mitigations, but says comprehensive fixes won’t be available until January 22.
• French Computer Hacker Jailed in US – A computer hacker who was part of a criminal gang that stole data from hundreds of millions of people and sold it on the dark web was jailed in the United States on Tuesday.
• Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report – An engineer recruited by intelligence services used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.
• China claims it cracked Apple’s AirDrop to find numbers, email addresses – A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple’s AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content.
• Framework discloses data breach after accountant gets phished – Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack.
• Fidelity National Financial says hackers stole data on 1.3 million customers – Real estate services giant Fidelity National Financial has confirmed hackers stole data on 1.3 million of its customers during a November cyberattack that knocked the company offline for a week.

Podcasts

• Cyberwire | Ep 1981 | 1.11.24 | Unveiling the Shadow Strike: A zero-day assault on Ivanti VPN users.

I took a week off for vacation, but I’m back with the goods this week.

Projects

EdX – EC-Council | Digital Forensic Essentials – Complete

Videos

Articles

• Europe’s Largest Parking App Provider Informs Customers of Data Breach – EasyPark says hackers stole European customer information, including partial IBAN or payment card numbers.
• 4-year campaign backdoored iPhones using possibly the most advanced exploit ever – “Triangulation” infected dozens of iPhones belonging to employees of Moscow-based Kaspersky.
• Qatar to Add Cybersecurity Curricula in Private Schools – The goal is to raise cybersecurity awareness for all students in the country.
• Nearly 11 million SSH servers vulnerable to new Terrapin attacks – Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections.
• Zeppelin ransomware source code sold for $500 on hacking forum – A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500.
• Mandiant’s Twitter Account Restored After Six-Hour Crypto Scam Hack – American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam.
• Cybercriminals Share Millions of Stolen Records During Holiday Break – The “Leaksmus” event on the Dark Web exposed some 50 million records containing sensitive information from people all around the world.
• Cyberattackers Target Nuclear Waste Company via LinkedIn – The hackers were unsuccessful in their attempt, but this is not the first time the company has experienced this kind of attack.
• Victoria court recordings exposed in reported ransomware attack – Australia’s Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack.
• The biggest cybersecurity and cyberattack stories of 2023 – 2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.

Projects

TryHackMe – Advent of Cyber

EdX – EC-Council | Network Defense Essentials – Complete

EdX – EC-Council | Digital Forensic Essentials – In Progress

Videos

Articles

• MongoDB says customer data was exposed in a cyberattack – MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week.
• Former IT manager pleads guilty to attacking high school network – Conor LaHiff, a former IT manager for a New Jersey public high school, has admitted to committing a cyberattack against his former employer following the termination of his employment in June 2023.
• Vans and North Face owner VF Corp hit by ransomware attack – American global apparel and footwear giant VF Corporation, the owner of brands like Supreme, Vans, Timberland, and The North Face, has disclosed a security incident that caused operational disruptions.
• FBI disrupts Blackcat ransomware operation, creates decryption tool – The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation’s servers to monitor their activities and obtain decryption keys.
• Mr. Cooper Data Breach Impacts 14.7 Million Individuals – Mr. Cooper has confirmed that personal and bank account information was compromised in a recent cyberattack.
• 1.5 Billion Records Leaked in Real Estate Wealth Network Data Breach – Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that held 1.5 billion records containing real estate ownership data of millions of people, including celebrities, politicians, and even my own personal information. The database belonged to New York-based Real Estate Wealth Network.
• Xfinity Data Breach Impacts 36 Million Individuals – The recently disclosed Xfinity data breach, which involved exploitation of the CitrixBleed vulnerability, impacts 36 million individuals
• Top 15 SANS Summit Talks of 2023 – This year, SANS hosted 16 Summits with 209 talks. Here were the top-rated talks of the year.
• Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware – A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language.
• UK Teen Gets Indefinite Hospital Order For ‘Grand Theft Auto’ Hack – Arion Kurtaj was found responsible by a British court of carrying out one of the biggest breaches in the history of the video game industry
• BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets – The BlackCat/Alphv ransomware group is dealing with the government operation that resulted in website seizures and a decryption tool.
• Interpol operation arrests 3,500 cybercriminals, seizes $300 million – An international law enforcement operation codenamed ‘Operation HAECHI IV’ has led to the arrest of 3,500 suspects of various lower-tier cybercrimes and seized $300 million in illicit proceeds.

Podcasts

• Cyberwire – Ep 1969 | 12.18.23 – 14 million customers and stolen data.

Projects

TryHackMe – Advent of Cyber

UDemy – Python for Cybersecurity – Gitlab – COMPLETE

EdX – EC-Council | Network Defense Essentials – In Progress

Videos

• Top Five Cybersecurity Predictions for 2024 – The cybersecurity industry continues to face many challenges, including shortages of skilled security personnel, record-level ransomware attacks, and increased risks associated with modern attack surfaces. However, investments in security products and services continue to remain strong, including AI-fueled threat prevention, zero trust security, managed detection and response (MDR), and more. So, what does next year have in store for the cybersecurity industry? Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he shares his top five cybersecurity predictions for 2024.

Articles

• New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices – Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim.
• HACKTIVISTS HACKED AN IRISH WATER UTILITY AND INTERRUPTED THE WATER SUPPLY – Threat actors launched a cyberattack on an Irish water utility causing the interruption of the power supply for two days.
• Kelvin Security hacking group leader arrested in Spain – The Spanish police have arrested one of the alleged leaders of the ‘Kelvin Security’ hacking group, which is believed to be responsible for 300 cyberattacks against organizations in 90 countries since 2020.
• Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches – Data breaches are rapidly accelerating, according to a number-crunching report from Apple this week — heightening the need to finally implement end-to-end data encryption.
• Counter-Strike 2 HTML injection bug exposes players’ IP addresses – Valve has reportedly fixed an HTML injection flaw in CS2 that was heavily abused today to inject images into games and obtain other players’ IP addresses.
• Multiple Ohio schools receive threats, believed to be Russian hackers, saying bombs are in schools – Schools in Ohio have received threats of multiple explosives inside American schools. via DataBreaches.net
• Over 1,450 pfSense servers exposed to RCE attacks via bug chain – Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance.
• Cloud engineer gets 2 years for wiping ex-employer’s code repos – Miklos Daniel Brody, a cloud engineer, was sentenced to two years in prison and a restitution of $529,000 for wiping the code repositories of his former employer in retaliation for being fired by the company.
• Cyberattack Cripples Ukraine’s Largest Telecom Operator – Kyivstar, the largest mobile network operator in Ukraine, was hit by a massive cyberattack on Tuesday, disrupting mobile and internet communications for millions of citizens.
• Ukrainian military says it hacked Russia’s federal tax agency – The Ukrainian government’s military intelligence service says it hacked the Russian Federal Taxation Service (FNS), wiping the agency’s database and backup copies.
• UBIQUITI USERS CLAIM TO HAVE ACCESS TO OTHER PEOPLE’S DEVICES – Users of Ubiquiti WiFi products started reporting that they are accessing other people’s devices when logging into their accounts.
• New Security Vulnerabilities Uncovered in pfSense Firewall Software – Patch Now – Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances.
• Food Giant Kraft Heinz Targeted by Ransomware Group – A ransomware group claims to have breached the systems of Kraft Heinz, but the food giant says it’s unable to verify the claims.
• Ex-Amazon engineer pleads guilty to hacking crypto exchanges – Former Amazon security engineer Shakeeb Ahmed pleaded guilty this week to hacking and stealing over $12.3 million from two cryptocurrency exchanges in July 2022.

Podcasts

• Cyberwire – Ep 1964 | 12.11.23 – China sets sights on US critical infrastructure.

Projects

LinkedIn Learning – CompTIA Security+ Module 10: Operations and Incident Response | In Progress

TryHackMe – Incident Response Framework – Identification and Scoping, Advent of Cyber (I’m posting these daily throughout December.)

UDemy – Python for Cybersecurity – Gitlab

EdX – EC-Council | Network Defense Essentials – In Progress

Videos

• Generative AI: Top Use Cases for Security Practitioners – With generative AI now ever-present in most organizations, the next frontier for security practitioners is understanding where AI capabilities like machine learning, deep learning and natural language processing can best increase cybersecurity efficiency and effectiveness in their organizations. How can generative AI help your team respond to incidents, discover and patch vulnerabilities, or assist with programming? Or all the above? And what do teams need to consider in order to identify, review, assess risk and develop the use cases before putting them into production?

Articles

• Hackers Hijack Industrial Control System at US Water Utility – Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or water supply.
• Slovenia’s largest power provider HSE hit by ransomware attack – Slovenian power company Holding Slovenske Elektrarne (HSE) has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production.
• Fidelity National Financial Takes Down Systems Following Cyberattack – Fidelity National Financial is experiencing service disruptions after systems were taken down to contain a cyberattack.
• General Electric investigates claims of cyber attack, data theft – General Electric is investigating claims that a threat actor breached the company’s development environment in a cyberattack and leaked allegedly stolen data.
• A Hacker Faked His Own Death–Then Claimed To Have Sold Marriott Customer Data To Russians, FBI Says – A hacker told the FBI earlier this year that he sold access to the personal data of Marriott hotel customers on a Russian forum, according to a search warrant obtained by Forbes.
• Yamaha Motor Confirms Data Breach Following Ransomware Attack – Yamaha Motor discloses ransomware attack impacting the personal information of its Philippines subsidiary’s employees.
• ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation – Easy-to-exploit flaw gives hackers passwords and cryptographic keys to vulnerable servers.
• Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds – Joe Sullivan, spared prison time, weighs in on the lessons learned from the 2016 Uber breach and the import of the SolarWinds CISO case.
• Five Cybersecurity Predictions for 2024 – Cybersecurity predictions for 2024 to help security professionals in prioritizing efforts to navigate the ever-changing threat landscape.
• Dollar Tree hit by third-party data breach impacting 2 million people – Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people after the hack of service provider Zeroed-In Technologies.
• Okta admits hackers accessed data on all customers during recent breach – Okta chief security officer David Bradbury said the company has since determined that all of its customers are affected by the breach.
• Staples confirms cyberattack behind service outages, delivery issues – American office supply retailer Staples took down some of its systems earlier this week after a cyberattack to contain the breach’s impact and protect customer data.
• LogoFAIL bugs in UEFI code allow planting bootkits via images – Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver bootkits.

Podcasts

• Smashing Security 349: Ransomware gang reports its own crime, and what happened at OpenAI?

Projects

LinkedIn Learning – CompTIA Security+ Module 9: Operations and Incident Response | Complete!

TryHackMe – SOC Level 1(100 % Complete): Phishing Analysis Fundamentals, Phishing Emails in Action, Phishing Analysis Tools, Phishing Prevention, The Greenholt Phish

UDemy – Python for Cybersecurity – Gitlab

Videos

Articles

• AutoZone Files MOVEit Data Breach Notice With State of Maine – The company temporarily disabled the application and patched the vulnerability, though affected individuals should still remain vigilant.
• Hacktivists breach U.S. nuclear research lab, steal employee data – The Idaho National Laboratory (INL) confirms they suffered a cyberattack after ‘SiegedSec’ hacktivists leaked stolen human resources data online.
• Inside Job: Cyber Exec Admits to Hospital Hacks – Healthcare cyber services executive Vikas Singla admits to hobbling hospital operations, then using the incidents to try and gin up extra business.
• AI Helps Uncover Russian State-Sponsored Disinformation in Hungary – Researchers used machine learning to analyze Hungarian media reports and found Russian narratives soured the nation’s perspective on EU sanctions and arms deliveries months before the Ukraine invasion.
• Canadian Military, Police Impacted by Data Breach at Moving Companies – Data breach at moving companies impacts Canadian government employees, and military and police personnel.
• Tor Network Removes Risky Relays Associated With Cryptocurrency Scheme – The Tor network has removed many relays associated with a cryptocurrency scheme, citing risk to integrity and users.
• Windows Hello auth bypassed on Microsoft, Dell, Lenovo laptops – Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors.