CTRL + ALT + SEC

Tag: ByteMe

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/9/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: 40,000 Security Cameras Exposed to Remote Hacking

Cybersecurity firm Bitsight has unveiled a significant vulnerability in the digital landscape, identifying over 40,000 security cameras globally that are susceptible to remote hacking. These cameras, operating primarily over HTTP and RTSP protocols, inadvertently expose live video feeds directly to the internet, making them prime targets for malicious activities ranging from espionage to botnet recruitment. HTTP-based cameras, commonly found in homes and small offices, often allow direct access to administrative interfaces or expose screenshots via simple URI manipulations. RTSP cameras, used in professional surveillance, are harder to fingerprint but can still be exploited to return live footage. This widespread exposure highlights a critical security flaw, transforming devices intended for protection into potential tools for privacy invasion and cyberattacks.

The geographical distribution of these exposed cameras reveals a concerning concentration, with the United States accounting for over 14,000 devices, followed by Japan with approximately 7,000. Other countries like Austria, Czechia, South Korea, Germany, Italy, and Russia also host thousands of vulnerable cameras. Within the US, California and Texas show the highest numbers, with other states like Georgia, New York, and Missouri also significantly impacted. Industry-wise, the telecommunications sector bears the brunt of the exposure, representing a staggering 79% of vulnerable devices, largely due to residential network connections. When excluding this sector, technology, media/entertainment, utilities, business services, and education emerge as the most affected industries, underscoring the broad scope of this security challenge across various critical sectors.

The implications of such widespread exposure are severe, extending beyond mere privacy breaches. Bitsight warns that these cameras are actively sought by threat actors on dark web forums, posing risks such as ensnarement in botnets or serving as pivot points for deeper network intrusions. The presence of these vulnerable devices in diverse locations like offices, factories, restaurants, and hotels amplifies the potential for corporate espionage and data theft. To counter these threats, Bitsight advises users and organizations to adopt crucial security measures: securing internet connections, replacing default credentials, disabling unnecessary remote access, keeping device firmware updated, and consistently monitoring for unusual login attempts. Adhering to these precautions is paramount to safeguard privacy and prevent these surveillance tools from becoming unintended liabilities.

Projects
- TryHackMe – Hashing Basics – In Progress
Articles
- Former Black Basta Members Resurface with New Tactics – Ex-Black Basta ransomware affiliates are now using new phishing and remote access techniques as part of the CACTUS ransomware operation.
- Rust-based “Myth Stealer” Malware Targets Gamers – A new Rust-based infostealer called Myth Stealer is spreading via fake gaming sites and malicious documents, targeting browser and crypto data.
- Massive Data Leak in China Exposes Billions of Records – Over 4 billion personal records were exposed from an unsecured Chinese database, marking one of the largest leaks in the country’s history.
- Google Warns of Salesforce Phishing and Data Extortion Campaign – Google flagged a campaign where attackers use vishing and fake tools to steal Salesforce data and extort organizations.
- Iranian APT “BladedFeline” Hides in Telecom Network for 8 Years – The Iranian group BladedFeline covertly accessed a Middle Eastern telecom for eight years using legitimate admin tools.
- New Zero-Click AI Vulnerability in Microsoft 365 Copilot – Researchers found “EchoLeak,” a zero-click vulnerability that could let attackers steal sensitive data from Microsoft 365 Copilot.
- WestJet Cyberattack Disrupts Airline Operations – A cyberattack on WestJet caused disruptions to the airline’s internal systems and operations.
- Trend Micro and Palo Alto Networks Patch Critical Flaws – Both cybersecurity vendors released patches for multiple critical vulnerabilities affecting their products.
- Hackers Abuse TeamFiltration to Target Microsoft Entra ID Accounts – Attackers leveraged the TeamFiltration pentesting tool to compromise over 80,000 Microsoft Entra ID accounts globally.
- 40,000 Security Cameras Exposed to Remote Hacking – Bitsight has identified over 40,000 security cameras that can be easily hacked for spying or other types of malicious activity.
Podcasts
June 16, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/5/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Unsophisticated cyber actors are targeting the U.S. Energy sector

The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, EPA, and DoE, have issued a joint alert warning U.S. critical infrastructure, particularly the energy and transportation sectors, about ongoing cyberattacks targeting their Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. These attacks are being carried out by unsophisticated cyber actors who are exploiting weaknesses in cyber hygiene and exposed assets. Despite the use of basic intrusion techniques, the potential consequences are significant, including defacement, configuration changes, operational disruptions, and even physical damage in severe cases.

The alert emphasizes that these “basic and elementary intrusion techniques” can be highly effective when organizations fail to implement fundamental cybersecurity best practices. Poor cyber hygiene and the presence of internet-exposed OT assets create vulnerabilities that these less skilled attackers can readily exploit. The agencies strongly urge Critical Infrastructure Asset Owners and Operators to proactively review and implement the recommendations outlined in the fact sheet titled “Primary Mitigations to Reduce Cyber Threats to Operational Technology” to bolster their defenses against these threats.

The recommended mitigations focus on foundational security measures that can significantly reduce the attack surface and limit the impact of successful intrusions. These include removing OT connections from the public internet, immediately changing default passwords to strong, unique credentials, securing remote access to OT networks using VPNs and phishing-resistant multi-factor authentication (MFA), segmenting IT and OT networks to prevent lateral movement, and ensuring the capability to operate OT systems manually in the event of a cyber incident. Additionally, the agencies highlight the risk of misconfigurations introduced during standard operations or by third-party vendors and advise working collaboratively to address these potential vulnerabilities.

Projects
- TryHackMe – Tcpdump: The Basics – Complete
- TryHackMe – Cryptography Basics – In Progress
Videos

Articles
- White House Proposal Slashes Half-Billion from CISA Budget – The proposed $491 million cut is being positioned as a “refocusing”of CISA on its core mission “while eliminating weaponization and waste.”
- Unofficial Signal app used by Trump officials investigates hack – TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some U.S. government officials, has suspended all services after reportedly being hacked.
- Darcula PhaaS steals 884,000 credit cards via phishing texts – The Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards from 13 million clicks on malicious links sent via text messages to targets worldwide.
- iHeartMedia suffers breach that exposed personal data – iHeartMedia, America’s largest owner of radio stations, suffered a breach in December that exposed personal data, including Social Security and passport numbers.
- TeleMessage, the Signal clone used by US government officials, suffers hack – TeleMessage, an encrypted messaging app based upon Signal, has been temporarily suspended out of “an abundance of caution” after a hacker reportedly gained access to US government communications.
- Unsophisticated cyber actors are targeting the U.S. Energy sector – CISA, FBI, EPA, and DoE warn of cyberattacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems.
- Man Sentenced to Over 30 Years in Prison for Crypto-Terror Financing Scheme – Defendant Collected and Sent More Than $185,000 to ISIS
Podcasts+
May 12, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 4/14/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: CVE, global source of cybersecurity info, was hours from being cut by DHS

This near-miss scenario involving the potential defunding of the CVE program by the DHS serves as a stark reminder of the precarious nature of critical cybersecurity infrastructure. The article highlights the indispensable role the CVE repository plays as the bedrock of vulnerability management. The cascading effects described by Brian Martin – the fragmentation of vulnerability data, the rise of incomplete databases, and the increased exposure of organizations – underscore the global reliance on this standardized system for identifying, tracking, and addressing security flaws. The fact that even this foundational element was at risk of disruption due to governmental budgetary shifts and political headwinds should galvanize the community to recognize the need for more resilient and independent stewardship of such vital resources.

The swift action by CVE board members to establish the CVE Foundation as a nonprofit represents a proactive and commendable step towards ensuring the long-term stability of the program. This move acknowledges the inherent vulnerabilities of relying solely on government funding and demonstrates a commitment to the cybersecurity ecosystem’s well-being. The involvement of major tech players and international organizations as CNAs further emphasizes the collaborative and global nature of vulnerability disclosure and management that the CVE program facilitates.

Projects
- TryHackMe – Networking Secure Protocols – In Progress
Videos

Articles
- Don’t delete that mystery empty folder. Windows put it there as a security fix – Copilot vibe coding for OS development? Why not
- Hertz confirms customer info, drivers’ licenses stolen in data breach – Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks.
- China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure – China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports.
- 1.6 Million People Impacted by Data Breach at Laboratory Services Cooperative – Laboratory Services Cooperative says the personal and medical information of 1.6 million was stolen in an October 2024 data breach.
- National Social Security Fund of Morocco Suffers Data Breach – Threat actor ‘Jabaroot’ claims breach of National Social Security Fund of Morocco, aiming to steal large volumes of sensitive citizen data.
- AI hallucinations lead to a new cyber threat: Slopsquatting – Attackers can weaponize and distribute a large number of packages recommended by AI models that don’t really exist.
- Notorious image board 4chan hacked and internal data leaked – Notorious internet forum 4chan was hacked on Tuesday.
- CVE, global source of cybersecurity info, was hours from being cut by DHS – The Common Vulnerability and Exposures, or CVE, repository holds the answers to some of information security’s most vital questions. Namely, which security issue are we talking about, exactly, and how does it work?
- Cisco Webex bug lets hackers gain code execution via meeting links – Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links.
- The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools – With unapproved AI tools entrenched in daily workflows, experts say it’s time to shift from monitoring to managing Shadow AI use across the enterprise.
- Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States – Cybersecurity researchers are warning of a “widespread and ongoing” SMS phishing campaign that’s been targeting toll road users in the United States for financial theft since mid-October 2024.
Podcasts
April 21, 2025