CTRL + ALT + SEC

Tag: Critical Infrastructure

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 11/10/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Australia’s spy boss says authoritarian nations ready to commit ‘high-impact sabotage’

This is a critically important warning for every organization dependent on modern infrastructure, from financial services to manufacturing. The Director-General of Australia’s Security Intelligence Organisation (ASIO), Mike Burgess, has explicitly stated that authoritarian nations are preparing to commit “high-impact sabotage” against critical infrastructure, specifically targeting energy supplies and telecommunications networks. Burgess moved these threats out of the realm of hypothetical concern, noting that “elite teams” working for foreign governments are actively investigating these possibilities right now. Citing groups like the China-backed Volt Typhoon, whose intent was disruptive penetration of American critical infrastructure, the intelligence chief underscored that once network access is achieved, the ensuing destruction or disruption is merely a matter of intent, not capability.

The most jarring aspect of the warning for corporate boards and leadership teams is the critique of enterprise complacency and governance. Burgess delivered his remarks to the nation’s financial regulators and pointed out that most security incidents involve “a known problem with a known fix.” He argues that organizational surprise and struggle in the face of outages stem from a combination of poor governance and a lack of preparation for foreseeable threats. The challenge, according to ASIO, is that many leaders treat security as a “PowerPoint risk” something to be passively managed via presentations rather than an existential business continuity issue requiring proactive, connected, and coherent risk management across the entire enterprise.

For LinkedIn professionals especially CISOs, CIOs, and Board members this analysis demands a strategic pivot from mere espionage defense to resilience against sabotage. It is a clear call to action to move beyond siloed security excellence (like isolated advanced detection systems) and focus on a “connected web” of defense that protects the most critical data and services. The core takeaway is that complexity is not an excuse for inaction. Organizations must immediately identify their essential operational technology (OT) and core systems, determine their vulnerabilities, and implement “all reasonable steps” to manage those risks, recognizing that failure to do so for foreseeable and knowable threats is inexcusable governance failure.

Projects
- TryHackMe – CAPA: The Basics – In Progress
Articles
- New Browser Security Report Reveals Emerging Threats for Enterprises – According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too low.
- 5 reasons why attackers are phishing over LinkedIn – Phishing attacks are no longer confined to the email inbox, with 34% of phishing attacks now taking place over non-email channels like social media, search engines, and messaging apps.
- “Bitcoin Queen” gets 11 years in prison for $7.3 billion Bitcoin scam – A Chinese woman known as the “Bitcoin Queen” was sentenced in London to 11 years and eight months in jail for laundering Bitcoin from a £5.5 billion ($7.3 billion) cryptocurrency investment scheme.
- Australia’s spy boss says authoritarian nations ready to commit ‘high-impact sabotage’ – ‘Elite teams’ are pondering cyber-attacks to turn off energy supply or telecoms networks
- Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site – The Cl0p website lists major organizations such as Logitech, The Washington Post, Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland.
- DoorDash hit by new data breach in October exposing user information – DoorDash has disclosed a data breach that hit the food delivery platform this October.
- Chinese Hackers Use Anthropic’s AI to Launch Automated Cyber Espionage Campaign – State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a “highly sophisticated espionage campaign” in mid-September 2025.
- Checkout.com snubs hackers after data breach, to donate ransom instead – UK financial technology company Checkout announced that the ShinyHunters threat group has breached one of its legacy cloud storage systems and is now extorting the company for a ransom.
Podcasts
November 17, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 10/27/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: You have one week to opt out or become fodder for LinkedIn AI training

LinkedIn’s updated data use policy, effective November 3, 2025, marks a significant expansion in its program of scraping user data for AI model training. Crucially, this policy change eliminates previous geographic exemptions, extending the practice to members in the UK, the European Union (EU), the European Economic Area (EEA), Switzerland, Canada, and Hong Kong. For professionals in these regions, virtually all publicly available data—including profile details and posts—is now fair game for harvesting. This move places LinkedIn squarely within a major global trend where tech giants are re-engineering terms of service to fuel their generative AI ventures, often raising the ire of members who explicitly provided their professional data for networking, not for mass training of commercial machine learning tools.

Beyond personal privacy, this policy shift introduces complex challenges for corporate governance, compliance, and legal teams. By sharing scraped data with affiliates, specifically Microsoft, LinkedIn is blurring the lines between its professional network data and the broader commercial interests of its parent company. The article notes that this data will be used to show more personalized ads, which may include sensitive insights gleaned from professional activity. Furthermore, the mandatory “opt-out” mechanism—instead of an “opt-in” model—is likely to face intense scrutiny in regions with stringent privacy legislation like the GDPR. The default setting of allowing data use creates a regulatory risk, potentially positioning LinkedIn for future legal challenges regarding the lack of explicit, freely given consent.

The analysis serves as a clear call to action, emphasizing that professionals in the newly included regions have a narrow window to safeguard their data. The process is a two-step affair: first, opting out of AI training under the Settings > Data Privacy menu, and second, adjusting the relevant preferences under the Advertising Data category to prevent data sharing with Microsoft affiliates for ad purposes. For a LinkedIn audience—whose primary asset is their meticulously curated professional identity—understanding and executing these opt-out steps is an urgent necessity. Failure to act defaults their professional biographies and content into the engine that powers the next generation of AI tools, permanently changing the intended use and ownership of their digital profile.

Projects
- TryHackMe – CyberChef: The Basics – In Progress
Videos

Articles
- Toys “R” Us Canada warns customers’ info leaked in data breach – Toys “R” Us Canada has sent notices of a data breach to customers informing them of a security incident where threat actors leaked customer records they had previously stolen from its systems.
- NSO permanently barred from targeting WhatsApp users with Pegasus spyware – Ruling holds that defeating end-to-end encryption in WhatsApp harms Meta’s business.
- Hackers Target Swedish Power Grid Operator The hackers stole information from a file transfer solution and the country’s power supply was not affected.
- Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark Forums The email addresses were pulled from various sources and 16.4 million of them were not present in previous data breaches.
- New Herodotus Android malware fakes human typing to avoid detection – A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software.
- You have one week to opt out or become fodder for LinkedIn AI training – Nations previously exempt from scraping now in the firing line
- Canada says hacktivists breached water and energy facilities – The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that could have led to dangerous conditions.
- Former US Defense Contractor Executive Admits to Selling Exploits to Russia – Peter Williams stole trade secrets from his US employer and sold them to a Russian cybersecurity tools broker.
- Major US Telecom Backbone Firm Hacked by Nation-State Actors – Ribbon Communications provides technology for communications networks and its customers include the US government and major telecom firms.
- Massive China-Linked Smishing Campaign Leveraged 194,000 Domains – The malicious Smishing Triad domains were used to collect sensitive information, including Social Security numbers.
November 3, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 10/13/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Satellites found exposing unencrypted data, including phone calls and some military comms

This article reveals a startling lapse in global data security, reporting that researchers from UC San Diego and the University of Maryland easily intercepted vast amounts of unencrypted sensitive data from as many as half of all geostationary satellites. Using only an $800 off-the-shelf satellite receiver over three years, they were able to eavesdrop on a broad spectrum of communications. The exposed information includes personal consumer data such as private voice calls, text messages, and internet traffic from commercial services like in-flight Wi-Fi, demonstrating that data considered private is often wide open to unauthorized interception with minimal effort.

The scope of the security failure extends far beyond consumer privacy, encompassing communications critical to national security and vital economic operations. Critically, the researchers found the unencrypted streams included data exchanged between critical infrastructure systems, such as energy and water suppliers, offshore oil and gas platforms, and even some military communications. The effortless exposure of these transmissions poses a profound security risk, creating a significant vulnerability for coordinated attacks or industrial espionage against foundational public and private utilities.

Following the discovery, the research team spent a year alerting affected organizations. This effort led to some immediate remediation, with companies like T-Mobile and AT&T’s network in Mexico quickly encrypting their data to mitigate the risk. However, the most alarming takeaway is the warning that the exposure is far from over. Many organizations, especially certain critical infrastructure providers, have not yet fixed their systems, meaning that large volumes of sensitive satellite data will continue to be vulnerable to eavesdropping for years to come, leaving essential systems exposed to this easily exploited security hole.

Projects
- TryHackMe – Vulnerability Scanner Overview – In Progress
Videos

Articles
- Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack – Hackers have posted over 1 Tb of information allegedly stolen from Harvard on the Cl0p data leak website.
- Satellites found exposing unencrypted data, including phone calls and some military comms – Security researchers have discovered that as many as half of all geostationary satellites in Earth’s orbit are carrying unencrypted sensitive consumer, corporate, and military information, making this data wide open to eavesdropping.
- Fake LastPass, Bitwarden breach alerts lead to PC hijacks – An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager.
- F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion – U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP’s source code and information related to undisclosed vulnerabilities in the product.
- Experian fined $3.2 million for mass-collecting personal data – Experian Netherlands has been fined EUR 2.7 million ($3.2 million) for multiple violations of the General Data Protection Regulation (GDPR)
- China Accuses US of Cyberattack on National Time Center – The Ministry of State Security alleged that the NSA exploited vulnerabilities in the messaging services of a foreign mobile phone brand to steal sensitive information.
Podcasts
October 20, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/21/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Woman gets 8 years for aiding North Koreans infiltrate 300 US firms

This article details the sentencing of Christina Marie Chapman to 102 months in prison for her pivotal role in a sophisticated scheme that allowed North Korean IT workers to infiltrate over 300 U.S. companies. Chapman facilitated this by operating a “laptop farm” in her Arizona home, creating the illusion that the workers were based in the United States. Her co-conspirator, Ukrainian citizen Oleksandr Didenko, ran an online platform, UpWorkSell, which provided false identities for the North Koreans seeking remote IT positions. This elaborate operation enabled the North Korean workers to illicitly collect over $17 million, a portion of which was funneled through Chapman’s financial accounts.

The scope of this infiltration was extensive, with North Korean individuals securing remote software and application development roles in a wide array of high-profile U.S. entities, including Fortune 500 companies, an aerospace and defense firm, a major television network, and a Silicon Valley technology company. This access not only generated significant illicit revenue for the North Korean regime but also posed substantial national security risks by potentially exposing sensitive information and intellectual property within critical U.S. industries. The scheme highlights the persistent and evolving methods used by foreign adversaries to exploit vulnerabilities in remote work environments.

In response to this and similar incidents, U.S. authorities have intensified their efforts to counter North Korean IT worker schemes. The Department of Justice has been actively disrupting extensive networks involved in these operations, leading to charges against individuals like Chapman and Didenko, as well as other foreign nationals. Concurrently, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against North Korean front companies and associated individuals. These actions, coupled with updated FBI guidance for U.S. businesses and joint advisories with international partners, underscore a concerted strategy to mitigate the threat posed by North Korea’s illicit revenue generation and espionage activities.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks – Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances.
- CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks – The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
- Ukraine arrests suspected admin of XSS Russian hacking forum – The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor’s office.
- ExpressVPN bug leaked user IPs in Remote Desktop sessions – ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users’ real IP addresses.
- Nuclear Weapons Agency Breached in Microsoft SharePoint Hack – The US agency responsible for maintaining and designing the nation’s cache of nuclear weapons was among those breached by a hack of Microsoft Corp.’s SharePoint document management software, according to a person with knowledge of the matter.
- Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure – The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America.
- UK Student Sentenced to Prison for Selling Phishing Kits – Ollie Holman was sentenced to prison for selling over 1,000 phishing kits that caused estimated losses of over $134 million.
- Woman gets 8 years for aiding North Koreans infiltrate 300 US firms – Christina Marie Chapman, a 50-year-old woman from Arizona, was sentenced to 102 months in prison after pleading guilty to her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 U.S. companies.
Podcasts
July 28, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/7/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Elmo’s X account was hacked and shared antisemitic and racist posts

The recent hacking of Elmo’s X (formerly Twitter) account represents a concerning incident that transcends a simple social media breach, highlighting broader vulnerabilities and the potential for weaponized online platforms. The unauthorized posts, which included antisemitic, racist, and politically charged content, not only severely damaged the innocent and wholesome brand associated with Elmo and Sesame Street but also demonstrated how easily prominent accounts can be leveraged to disseminate harmful narratives. The fact that such hateful messages were visible to nearly 650,000 followers, even for a brief period, underscores the immediate and widespread impact that compromised accounts can have on public discourse and perception. This event serves as a stark reminder of the constant threat of cyberattacks and the imperative for robust security measures across all major online platforms.

This incident also brings into focus the ongoing challenges faced by X, particularly in light of previous controversies surrounding its AI chatbot Grok and the proliferation of extremist views on the platform. The “disgusting” nature of the hacked posts, as described by Sesame Workshop, echoes similar issues where X has struggled to contain inflammatory content, including antisemitic remarks. The repeated instances of problematic content, whether through compromised accounts or algorithmic failures, raise serious questions about X’s content moderation strategies and its ability to safeguard users from harmful material. While XAI has acknowledged and attempted to address issues with Grok, the Elmo hack suggests that the platform’s vulnerabilities extend beyond AI-generated content to fundamental account security.

Ultimately, the Elmo account hack is more than just an isolated security breach; it’s a symptom of a larger, more complex problem concerning online safety, platform responsibility, and the weaponization of social media. For a character universally associated with childhood innocence and positive values to be used as a conduit for hate speech is deeply disturbing and illustrates the insidious nature of online extremism. This event should prompt renewed scrutiny of social media companies’ commitment to preventing abuse, ensuring account integrity, and protecting their users from the dissemination of harmful ideologies. The incident reinforces the critical need for continuous vigilance, technological advancements in security, and a proactive approach to combating the misuse of online platforms.

Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- FBI warns travelers of ‘Scattered Spider’ group targeting airlines – SFGATE contributor Jim Glab rounds up air travel and airport news for our weekly column Routes
- Qantas is being extorted in recent data-theft cyberattack – Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers.
- Columbia data stolen in cyberattack that caused dayslong IT outage, University says – Bloomberg News reported that the alleged hacker stole the personal information of Columbia applicants.
- AT&T Reaches $177M Deal Over 2019 and 2024 Data Breaches – AT&T’s $177M data breach settlement. Check eligibility for payouts from 2019 and 2024 incidents.
- Alleged Chinese State Hacker Wanted by US Arrested in Italy – Xu Zewei has been arrested on charges that he is a member of the Chinese state-sponsored hacking group Hafnium (Silk Typhoon).
- Canadian Electric Utility Says Power Meters Disrupted by Cyberattack – Nova Scotia Power is notifying individuals affected by the recent data breach, including in the United States.
- U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme – The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme.
- Russian pro basketball player arrested for alleged role in ransomware attacks – Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang.
- Elmo’s X account hacked to publish racist and antisemetic posts – In case it wasn’t obvious, no, that’s not the real Elmo that posted racist and antisemetic posts on Elon Musk’s X. Someone had hacked into the Sesame Street character’s X account.
Podcasts
July 14, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/5/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Unsophisticated cyber actors are targeting the U.S. Energy sector

The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, EPA, and DoE, have issued a joint alert warning U.S. critical infrastructure, particularly the energy and transportation sectors, about ongoing cyberattacks targeting their Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. These attacks are being carried out by unsophisticated cyber actors who are exploiting weaknesses in cyber hygiene and exposed assets. Despite the use of basic intrusion techniques, the potential consequences are significant, including defacement, configuration changes, operational disruptions, and even physical damage in severe cases.

The alert emphasizes that these “basic and elementary intrusion techniques” can be highly effective when organizations fail to implement fundamental cybersecurity best practices. Poor cyber hygiene and the presence of internet-exposed OT assets create vulnerabilities that these less skilled attackers can readily exploit. The agencies strongly urge Critical Infrastructure Asset Owners and Operators to proactively review and implement the recommendations outlined in the fact sheet titled “Primary Mitigations to Reduce Cyber Threats to Operational Technology” to bolster their defenses against these threats.

The recommended mitigations focus on foundational security measures that can significantly reduce the attack surface and limit the impact of successful intrusions. These include removing OT connections from the public internet, immediately changing default passwords to strong, unique credentials, securing remote access to OT networks using VPNs and phishing-resistant multi-factor authentication (MFA), segmenting IT and OT networks to prevent lateral movement, and ensuring the capability to operate OT systems manually in the event of a cyber incident. Additionally, the agencies highlight the risk of misconfigurations introduced during standard operations or by third-party vendors and advise working collaboratively to address these potential vulnerabilities.

Projects
- TryHackMe – Tcpdump: The Basics – Complete
- TryHackMe – Cryptography Basics – In Progress
Videos

Articles
- White House Proposal Slashes Half-Billion from CISA Budget – The proposed $491 million cut is being positioned as a “refocusing”of CISA on its core mission “while eliminating weaponization and waste.”
- Unofficial Signal app used by Trump officials investigates hack – TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some U.S. government officials, has suspended all services after reportedly being hacked.
- Darcula PhaaS steals 884,000 credit cards via phishing texts – The Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards from 13 million clicks on malicious links sent via text messages to targets worldwide.
- iHeartMedia suffers breach that exposed personal data – iHeartMedia, America’s largest owner of radio stations, suffered a breach in December that exposed personal data, including Social Security and passport numbers.
- TeleMessage, the Signal clone used by US government officials, suffers hack – TeleMessage, an encrypted messaging app based upon Signal, has been temporarily suspended out of “an abundance of caution” after a hacker reportedly gained access to US government communications.
- Unsophisticated cyber actors are targeting the U.S. Energy sector – CISA, FBI, EPA, and DoE warn of cyberattacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems.
- Man Sentenced to Over 30 Years in Prison for Crypto-Terror Financing Scheme – Defendant Collected and Sent More Than $185,000 to ISIS
Podcasts+
May 12, 2025