CTRL + ALT + SEC

Tag: cybercrime

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/9/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: 40,000 Security Cameras Exposed to Remote Hacking

Cybersecurity firm Bitsight has unveiled a significant vulnerability in the digital landscape, identifying over 40,000 security cameras globally that are susceptible to remote hacking. These cameras, operating primarily over HTTP and RTSP protocols, inadvertently expose live video feeds directly to the internet, making them prime targets for malicious activities ranging from espionage to botnet recruitment. HTTP-based cameras, commonly found in homes and small offices, often allow direct access to administrative interfaces or expose screenshots via simple URI manipulations. RTSP cameras, used in professional surveillance, are harder to fingerprint but can still be exploited to return live footage. This widespread exposure highlights a critical security flaw, transforming devices intended for protection into potential tools for privacy invasion and cyberattacks.

The geographical distribution of these exposed cameras reveals a concerning concentration, with the United States accounting for over 14,000 devices, followed by Japan with approximately 7,000. Other countries like Austria, Czechia, South Korea, Germany, Italy, and Russia also host thousands of vulnerable cameras. Within the US, California and Texas show the highest numbers, with other states like Georgia, New York, and Missouri also significantly impacted. Industry-wise, the telecommunications sector bears the brunt of the exposure, representing a staggering 79% of vulnerable devices, largely due to residential network connections. When excluding this sector, technology, media/entertainment, utilities, business services, and education emerge as the most affected industries, underscoring the broad scope of this security challenge across various critical sectors.

The implications of such widespread exposure are severe, extending beyond mere privacy breaches. Bitsight warns that these cameras are actively sought by threat actors on dark web forums, posing risks such as ensnarement in botnets or serving as pivot points for deeper network intrusions. The presence of these vulnerable devices in diverse locations like offices, factories, restaurants, and hotels amplifies the potential for corporate espionage and data theft. To counter these threats, Bitsight advises users and organizations to adopt crucial security measures: securing internet connections, replacing default credentials, disabling unnecessary remote access, keeping device firmware updated, and consistently monitoring for unusual login attempts. Adhering to these precautions is paramount to safeguard privacy and prevent these surveillance tools from becoming unintended liabilities.

Projects
- TryHackMe – Hashing Basics – In Progress
Articles
- Former Black Basta Members Resurface with New Tactics – Ex-Black Basta ransomware affiliates are now using new phishing and remote access techniques as part of the CACTUS ransomware operation.
- Rust-based “Myth Stealer” Malware Targets Gamers – A new Rust-based infostealer called Myth Stealer is spreading via fake gaming sites and malicious documents, targeting browser and crypto data.
- Massive Data Leak in China Exposes Billions of Records – Over 4 billion personal records were exposed from an unsecured Chinese database, marking one of the largest leaks in the country’s history.
- Google Warns of Salesforce Phishing and Data Extortion Campaign – Google flagged a campaign where attackers use vishing and fake tools to steal Salesforce data and extort organizations.
- Iranian APT “BladedFeline” Hides in Telecom Network for 8 Years – The Iranian group BladedFeline covertly accessed a Middle Eastern telecom for eight years using legitimate admin tools.
- New Zero-Click AI Vulnerability in Microsoft 365 Copilot – Researchers found “EchoLeak,” a zero-click vulnerability that could let attackers steal sensitive data from Microsoft 365 Copilot.
- WestJet Cyberattack Disrupts Airline Operations – A cyberattack on WestJet caused disruptions to the airline’s internal systems and operations.
- Trend Micro and Palo Alto Networks Patch Critical Flaws – Both cybersecurity vendors released patches for multiple critical vulnerabilities affecting their products.
- Hackers Abuse TeamFiltration to Target Microsoft Entra ID Accounts – Attackers leveraged the TeamFiltration pentesting tool to compromise over 80,000 Microsoft Entra ID accounts globally.
- 40,000 Security Cameras Exposed to Remote Hacking – Bitsight has identified over 40,000 security cameras that can be easily hacked for spying or other types of malicious activity.
Podcasts
June 16, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/2/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Largest ever data leak exposes over 4 billion user records

The recent exposure of over 4 billion user records in China represents an unprecedented cybersecurity catastrophe, highlighting the extreme vulnerability of personal data in the digital age. This colossal leak, comprising 631 gigabytes of unsecure data, contained a vast array of sensitive information, including financial details, WeChat and Alipay records, residential addresses, and potentially even communication logs. The sheer scale and diversity of the exposed data — ranging from over 800 million WeChat IDs to 630 million bank records and 610 million “three-factor checks” with IDs and phone numbers — strongly suggest a centralized aggregation point, possibly for surveillance, profiling, or data enrichment purposes. This incident underscores a critical failure in data security, leaving hundreds of millions of individuals susceptible to a wide range of malicious activities.

With access to correlated data points on residential information, spending habits, financial details, and personal identifiers, threat actors could orchestrate large-scale phishing scams, blackmail schemes, and sophisticated fraud. The inclusion of Alipay card and token information further raises the risk of unauthorized payments and account takeovers, potentially leading to significant financial losses for users. Beyond individual exploitation, the possibility of state-sponsored intelligence gathering and disinformation campaigns cannot be overlooked, given the perceived nature of the data collection as a comprehensive profile of Chinese citizens. The swift removal of the database after discovery, coupled with the anonymity of its owners, further complicates efforts to understand the breach’s origins and implement protective measures for impacted individuals.

The inability to identify the database’s owners or provide direct recourse for affected users exemplifies the precarious position individuals find themselves in when their data is compromised on such a grand scale. While China has experienced significant data breaches in the past, this incident stands as the largest ever recorded, dwarfing previous exposures.

Projects
- TryHackMe – Hashing Basics – In Progress
Papers
- Research on insider threat detection based on personalized federated learning and behavior log analysis
Articles
- ‘Russian Market’ emerges as a go-to shop for stolen credentials – The “Russian Market” cybercrime marketplace has emerged as one of the most popular platforms for buying and selling credentials stolen by information stealer malware.
- Cartier discloses data breach amid fashion brand cyberattacks – Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers’ personal information after its systems were compromised.
- Meta stopped covert operations from Iran, China, and Romania spreading propaganda – Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread propaganda on social media platforms.
- Victoria’s Secret hit by outages as it battles security incident – Fashion retail giant Victoria’s Secret said it is addressing a “security incident,” as its website and online orders face ongoing disruption.
- Crooks fleece The North Face accounts with recycled logins – Outdoorsy brand blames credential stuffing
- Coinbase breach tied to bribed TaskUs support agents in India – A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange.
- Scattered Spider: Three things the news doesn’t tell you – With the recent attacks on UK retailers Marks & Spencer and Co-op, so-called Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption — currently looking like hundreds of millions in lost profits for M&S alone.
- Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs – Hackers leak data of 88 million AT&T customers with decrypted SSNs; latest breach raises questions about links to earlier Snowflake-related attack.
- FBI: Play ransomware breached 900 victims, including critical orgs – In an update to a joint advisory with CISA and the Australian Cyber Security Centre, the FBI said that the Play ransomware gang had breached roughly 900 organizations as of May 2025, three times the number of victims reported in October 2023.
- Largest ever data leak exposes over 4 billion user records – In what’s likely the biggest data leak to ever hit China, billions of documents with financial data, WeChat and Alipay details, as well as other sensitive personal data, were exposed to the public. Worryingly, there’s little that impacted users can do to protect themselves.
Podcasts
- Smashing Security 419: Star Wars, the CIA, and a WhatsApp malware mirage
June 9, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 4/21/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Former Disney employee who hacked Disney World restaurant menus in revenge sentenced to 3 years in federal prison

This case highlights a serious insider threat incident with significant potential consequences. Michael Scheuer, a former Disney World employee, conducted a series of cyberattacks against his former employer, demonstrating a disturbing level of knowledge about the company’s systems. His actions went beyond mere vandalism, as he manipulated allergen information on restaurant menus, creating a dangerous situation that could have resulted in severe harm or even death for customers with allergies. This element of the attack underscores the malicious intent and the potential for real-world harm that can arise from disgruntled employees with system access.

The incident also reveals the complexity and scope of modern cyberattacks. Scheuer’s actions included manipulating menu information, altering wine region details to reference mass shooting locations, and launching denial-of-service attacks. This multi-faceted approach demonstrates the potential for a single individual to disrupt operations, spread misinformation, and target individuals within an organization. The FBI’s involvement and the subsequent prosecution emphasize the severity of these crimes and the importance of robust cybersecurity measures to protect against both external and internal threats.

Ultimately, this case serves as a stark reminder of the importance of robust cybersecurity practices, including access control, monitoring, and incident response. The fact that Scheuer had the knowledge and access to carry out these attacks highlights the need for organizations to carefully manage employee access to sensitive systems, especially during and after termination. The potential for significant financial damage (as indicated by the restitution order) and the severe criminal penalties underscore the legal and financial ramifications of such cybercrimes.

Projects
- TryHackMe – Networking Secure Protocols – Complete
- TryHackMe – Tcpdump: The Basics – In Progress
Whitepapers
- 2025 Verizon DBIR – Read my breakdown here.
- The Sophos Annual Threat Report: Cybercrime on Main Street 2025
Videos

Articles
- China Names and Shames US Hackers, Calls Out 3 Alleged NSA Agents – Police in the Chinese city of Harbin say three NSA operatives disrupted the 2025 Asian Winter Games and hacked Huawei.
- Crosswalks hacked to play fake audio of Musk, Zuck, and Jeff Bezos – “Stop, look, and listen” is the standard advice we should allow follow when crossing the road – but pedestrians in some parts are finding that they cannot believe their ears – after a hacker compromised crosswalks to play deepfake audio mocking tech bosses Elon Musk, Mark Zuckerberg, and Jeff Bezos.
- DeepSeek Breach Opens Floodgates to Dark Web – The incident should serve as a critical wake-up call. The stakes are simply too high to treat AI security as an afterthought — especially when the Dark Web stands ready to capitalize on every vulnerability.
- Blue Shield of California leaked health data of 4.7 million members to Google – Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google’s analytics and advertisement platforms.
- FBI: US lost record $16.6 billion to cybercrime in 2024 – The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year.
- Cyberattack Knocks Texas City’s Systems Offline – The city of Abilene, Texas, is scrambling to restore systems that have been taken offline in response to a cyberattack.
- SK Telecom reveals cyberattack, customer USIM data stolen could be used in attacks – Scope and scale of SK Telecom attack still being investigated
- Verizon discovers spike in ransomware and exploited vulnerabilities – Verizon’s 2025 Data Breach Investigations Report noted a 37% increase in ransomware attacks and a 34% increase in exploited vulnerabilities.
- Former Disney employee who hacked Disney World restaurant menus in revenge sentenced to 3 years in federal prison – When a former Disney World employee was accused of changing the menus at Disney World restaurants, it made headlines. And in January, when he admitted to changing the menus — including information about allergy information that could have created serious health risks for diners — that also made headlines. Now Michael Scheuer, who faced 10 years in prison for fraud and an additional subsequent two years in prison for aggravated identity theft, has been sentenced.
Podcasts
April 28, 2025
AI’s Dark Side: The Emergence of “Zero-Knowledge” Cybercriminals
Ever feel like the cyber threats out there are like something out of a spy movie? Think shadowy figures with glowing screens and lines of complicated code? Well, while those folks do exist, there’s a new player on the scene, and they might surprise you. Imagine someone with pretty basic tech skills suddenly being able to pull off sophisticated cyberattacks. Sounds like sci-fi? Nope, it’s the reality of AI-powered cybercrime, and it’s creating a wave of what we’re calling “zero-knowledge” threat actors.

So, how does AI turn your average internet user into a potential cyber-naughty-doer? Think of it like this:
- Phishing on Steroids: Remember those dodgy emails with weird grammar? AI can now whip up super-believable fake emails, texts, and even voice calls that sound exactly like they’re from someone you trust. It’s like having a professional con artist in your pocket, but powered by a computer brain.
- Malware Made Easy: Creating nasty software used to be a job for hardcore coders. Now, AI is helping to automate parts of this process, and there might even be “Malware-as-a-Service” platforms popping up that are surprisingly user-friendly. Scary thought, right?
- Spying Made Simple: Gathering info on potential targets used to take serious detective work. AI can now scan the internet like a super-sleuth, finding out all sorts of things about individuals and companies, making targeted attacks way easier for even a newbie.
- Attack Automation – The Robot Army: Forget manually clicking and typing a million things. AI can automate entire attack sequences. Imagine a bad guy just hitting “go” on a program, and AI does all the heavy lifting. Creepy!
- User-Friendly Crime? The trend seems to be towards making these AI-powered tools as easy to use as your favorite social media app. That means you don’t need a computer science degree to potentially cause some digital mayhem.
What could this look like in the real world?
- Deepfake Deception: Your grandma might get a video call that looks and sounds exactly like you, asking for money. Except, it’s a fake created by AI!
- Ransomware for Dummies: Someone with minimal tech skills could use an AI-powered platform to lock your computer files and demand payment – think of it as ransomware with training wheels.
- Social Media Shenanigans: Fake profiles and convincing posts generated by AI could trick you into clicking on dangerous links or giving away personal info.
So, why should you care about this rise of the “zero-knowledge” cybercriminal?
- More Attacks, More Often: With more people able to launch attacks, we’re likely to see a whole lot more of them hitting our inboxes and devices.
- Smarter Attacks, Simpler Execution: Even if the person behind the attack isn’t a tech wizard, the AI they’re using can make their attacks surprisingly sophisticated.
- Our Defenses Need an Upgrade: The security tools we rely on might need to get smarter to keep up with these AI-powered threats.
Don’t panic! Here’s what you can do to stay safer:
- Become a Skeptic Superstar: Be super suspicious of anything online that asks for your info or seems too good to be true.
- Two is Always Better Than One (MFA!): Turn on Multi-Factor Authentication (MFA) wherever you can. It’s like having a second lock on your digital doors.
- Keep Your Digital House Clean: Update your software and apps regularly. These updates often include security patches.
- Think Before You Click: Seriously, take a breath before clicking on any links or downloading attachments, especially from people you don’t know.
- Spread the Word: Talk to your friends and family about these new threats. Awareness is key!
The cyber landscape is always changing, and AI is definitely shaking things up. The rise of “zero-knowledge” threat actors might sound a bit scary, but by staying informed and practicing good digital habits, we can all make it harder for these AI-assisted baddies to succeed. Stay safe out there, and keep learning!
April 9, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/24/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Mike Waltz takes ‘full responsibility’ for Signal group chat leak

The accidental inclusion of a journalist in a high-level Signal group chat discussing military strikes in Yemen has exposed significant vulnerabilities in the US National Security apparatus. While Signal offers strong encryption, this incident underscores that human error remains a critical weak point, as evidenced by the unexplained addition of the reporter. The debate over classified information sharing and the alleged use of auto-delete features raise serious questions about adherence to security protocols and federal record-keeping laws. This event highlights the inherent risks of using civilian communication apps for sensitive government matters, even with robust encryption, and emphasizes the critical need for stringent access controls, comprehensive training, and the consistent use of secure, government-approved platforms.

This “glitch,” as downplayed by some, serves as a stark reminder for cybersecurity professionals that technology alone cannot guarantee security. Robust operational security practices, including strict verification procedures and adherence to data retention policies, are paramount. The incident underscores the necessity of cultivating a security-conscious culture within government and prioritizing the use of dedicated, secure communication channels over potentially vulnerable civilian alternatives. The political fallout and calls for investigation further emphasize the gravity of this lapse and its potential implications for national security and trust.

Projects
- TryHackMe – Networking Essentials – Complete
- TryHackMe – Networking Core Protocols – In Progress
Articles
- Former Michigan assistant coach Matt Weiss charged with hacking college athletes’ computer accounts for intimate photos – Former NFL and University of Michigan assistant football coach Matt Weiss hacked into the computer accounts of thousands of college athletes seeking intimate photos and videos, according to an indictment filed Thursday.
- [Paywall] The Trump Administration Accidentally Texted Me Its War Plans – U.S. national-security leaders included me in a group chat about upcoming military strikes in Yemen. I didn’t think it could be real. Then the bombs started falling.
- Chinese Weaver Ant hackers spied on telco network for 4 years – A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers
- Police arrests 300 suspects linked to African cybercrime rings – African law enforcement authorities have arrested 306 suspects as part of ‘Operation Red Card,’ an INTERPOL-led international crackdown targeting cross-border cybercriminal networks
- Infosys to Pay $17.5 Million in Settlement Over 2023 Data Breach – Infosys McCamish System has agreed to pay $17.5 million to settle six class action lawsuits filed over a 2023 data breach
- New Atlantis AIO platform automates credential stuffing on 140 services – A new cybercrime platform named ‘Atlantis AIO’ provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs.
- After DDOS attacks, Blizzard rolls back Hardcore WoW deaths for the first time – New policy comes as OnlyFangs streaming guild planned to quit over DDOS disruptions.
Podcasts
March 31, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/17/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Projects
- TryHackMe – Networking Essentials – In Progress
Videos

Articles
- ClickFix Attack Compromises 100+ Car Dealership Sites – The ClickFix attack tactic seems to be gaining traction among threat actors.
- Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
- Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying – An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there’s no sign of a fix from Microsoft, which apparently considers this a low priority.
- 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft – ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands.
- Capital One hacker Paige Thompson got too light a sentence, appeals court rules – Two of the three judges said five years’ probation and time served didn’t match the severity of the crime, among other reasons for overturning the sentence.
- Pennsylvania State Education Association data breach impacts 500,000 individuals – A data breach at the Pennsylvania State Education Association exposed the personal information of over 500,000 individuals.
- Dept of Defense engineer took home top-secret docs, booked a fishing trip to Mexico – then the FBI showed up
Podcasts
- Smashing Security 408: A gag order backfires, and a snail mail ransom demand – ‘Only’ a local access bug but important part of N Korea, Russia, and China attack picture
March 24, 2025