CTRL + ALT + SEC

Tag: Cybersecurity News

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/29/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: US Auto Insurance Platform ClaimPix Leaked 10.7TB of Records Online

This colossal data exposure involving ClaimPix, an auto insurance claims platform, serves as a stark warning about the pervasive dangers of basic security failures in the digital age. The discovery of an unsecured, unencrypted database containing a staggering 10.7 terabytes and 5.1 million files highlights critical shortcomings in data governance and cloud configuration management. For a platform entrusted with managing sensitive insurance and vehicle information, leaving such a massive repository of customer PII and operational data publicly accessible due to a lack of a simple password is a fundamental breach of trust and duty. This incident underscores that even with advanced security threats dominating the news, the simplest oversight—like misconfiguring storage access—can lead to catastrophic consequences.

The contents of the leak reveal the severe implications for data privacy and corporate legal exposure. Beyond standard PII like names and addresses, the exposure of vehicle records (VINs, license plates) and, most critically, approximately 16,000 Power of Attorney documents elevates the risk far beyond mere inconvenience. This combination of personal identity details and legal authorization is a potent toolkit for sophisticated criminals, enabling everything from identity theft and financial fraud to the highly specialized crime of vehicle cloning. The severity of this specific data mix places ClaimPix under immense scrutiny for compliance violations and potential long-term harm to the affected customers, demanding a comprehensive and transparent response regarding the full duration of exposure and the root cause.

While ClaimPix’s swift action to secure the database upon receiving the responsible disclosure is commendable, the lingering questions concerning the entity responsible for the database—whether ClaimPix directly or a third-party vendor—are paramount for risk analysis. This ambiguity is a key point for every business professional, emphasizing the critical need for rigorous vendor risk management and clear data ownership protocols. The incident provides an urgent case study for organizations to stress-test their security architectures, focusing on mandatory encryption, multi-factor access controls, and regular audits of cloud storage configurations. Ultimately, the ClaimPix leak is a powerful reminder that proactive, fundamental security hygiene is the bedrock of corporate responsibility and essential for maintaining customer trust in a data-driven ecosystem.

Projects
- TryHackMe – Firewall Fundamentals – Complete
- TryHackMe – IDS Fundamentals – In Progress
Articles
- Ransomware gang sought BBC reporter’s help in hacking media giant – Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a significant amount of money.
- Japan’s largest brewer suspends operations due to cyberattack – Asahi Group Holdings, Ltd (Asahi), the brewer of Japan’s top-selling beer, has disclosed a cyberattack that disrupted several of its operations.
- UK convicts “Bitcoin Queen” in world’s largest cryptocurrency seizure – The Metropolitan Police has secured a conviction in what is believed to be the world’s largest cryptocurrency seizure, valued at more than £5.5 billion ($7.3 billion).
- Google Ads Used to Spread Trojan Disguised as TradingView Premium – Bitdefender warns that the TradingView Premium ad scam now targets Google ads and YouTube, hijacking verified channels to spread spyware.
- Dutch teens arrested for trying to spy on Europol for Russia – Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on Monday.
- US Auto Insurance Platform ClaimPix Leaked 10.7TB of Records Online – Cybersecurity researcher Jeremiah Fowler discovered a massive 10.7TB ClaimPix leak exposing 5.1M customer files, vehicle data, and Power of Attorney documents. Read the full details.
- Medusa Ransomware Claims Comcast Data Breach, Demands $1.2M – Medusa ransomware group claims 834 GB data theft from Comcast, demanding $1.2M ransom while sharing screenshots and file listings.
- Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws – Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers.
- Allianz Life says July data breach impacts 1.5 million people – Allianz Life has completed the investigation into the cyberattack it suffered in July and determined that nearly 1.5 million individuals are impacted.
- That annoying SMS phish you just got may have come from a box like this – Scammers have been abusing unsecured cellular routers used in industrial settings to blast SMS-based phishing messages in campaigns that have been ongoing since 2023, researchers said.
Podcasts
October 6, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/18/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: HR giant Workday discloses data breach after Salesforce attack

Workday, a major human resources software provider, has disclosed a data breach stemming from a social engineering attack that compromised a third-party customer relationship management (CRM) platform. While Workday explicitly stated that its core customer tenants and their sensitive data were not affected, the breach exposed business contact information, including names, email addresses, and phone numbers of customers. This type of information, though not directly sensitive, is crucial for threat actors to execute more sophisticated social engineering or phishing campaigns against Workday’s extensive client base, which includes over 60% of Fortune 500 companies.

Further investigation revealed that the Workday incident is part of a broader series of attacks orchestrated by the notorious ShinyHunters extortion group. These attacks specifically target Salesforce CRM instances through social engineering and voice phishing, tricking employees into linking malicious OAuth applications. Once linked, the attackers gain access to and steal company databases, using the stolen data for extortion. This widespread campaign has impacted numerous other high-profile companies, including Adidas, Google, Louis Vuitton, and Chanel, highlighting a significant and ongoing threat to organizations relying on third-party CRM platforms.

The Workday breach underscores the pervasive and evolving nature of social engineering threats, particularly when they target critical third-party vendors in an organization’s supply chain. Even with robust internal security, a single vulnerability in a partner’s system can expose valuable data that fuels subsequent, more damaging attacks. The involvement of a sophisticated group like ShinyHunters, known for large-scale data theft and extortion, emphasizes the need for continuous employee training on social engineering tactics, multi-factor authentication, and stringent oversight of third-party access to corporate data.

Projects
- TryHackMe – JavaScript Essentials – Complete
- TryHackMe – SQL Fundamentals – In Progress
Videos

Articles
- HR giant Workday discloses data breach after Salesforce attack – Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack.
- UK telecom firm Colt suffers massive ransomware attack – UK telecoms and network services company Colt suffered a cyberattack, claimed by the Warlock ransomware gang.
- Hotels in Italy suffer a potentially massive breach – Tens of thousands of allegedly stolen documents include high-resolution scans of passports and ID cards used by customers during check-in, according to Italian authorities.
- DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks – A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot.
- Security researcher driven by free nuggets unearths McDonald’s security flaw — changing ‘login’ to ‘register’ in URL prompted site to issue plain text password for a new account
- Scattered Spider hacker gets sentenced to 10 years in prison – Noah Michael Urban, a key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in prison on Wednesday after pleading guilty to charges of wire fraud and conspiracy in April.
- Dev gets 4 years for creating kill switch on ex-employer’s systems – A software developer has been sentenced to four years in prison for sabotaging his ex-employer’s Windows network with custom malware and a kill switch that locked out employees when his account was disabled.
- U.S. Navy Sailor Convicted of Spying for China – Wei was an active-duty U.S. Navy sailor stationed at Naval Base San Diego when he agreed to sell Navy secrets to a Chinese intelligence officer for $12,000.
Podcasts
August 25, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/31/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured article analysis

This weeks feature article analysis is from: https://www.bleepingcomputer.com/news/security/toll-payment-text-scam-returns-in-massive-phishing-wave/

This recent E-ZPass smishing campaign highlights several evolving tactics cybercriminals are employing to bypass security measures and exploit user trust. The attackers leverage high-volume, automated messaging systems originating from seemingly random email addresses, a method designed to circumvent standard carrier-based SMS spam filters that primarily target phone numbers. By impersonating official bodies like E-ZPass or the DMV and instilling a false sense of urgency with threats of fines or license suspension, they effectively employ social engineering. A particularly noteworthy technique involves instructing users to reply to the message, cleverly bypassing Apple iMessage’s built-in protection that disables links from unknown senders. This user interaction effectively marks the malicious sender as “known,” activating the phishing link and demonstrating how attackers exploit platform features and user behavior in tandem.

The sophistication extends beyond the delivery mechanism, with the phishing landing pages themselves designed to appear legitimate and, significantly, often configured to load only on mobile devices, evading desktop-based security analysis. The sheer scale suggests the involvement of organized operations, potentially utilizing Phishing-as-a-Service (PaaS) platforms like the mentioned Lucid or Darcula. These services specialize in abusing modern messaging protocols like iMessage and RCS, which offer end-to-end encryption and different delivery paths, making detection harder and campaign execution cheaper than traditional SMS. This underscores the ongoing challenge for defenders: attacks are becoming more targeted, evasive, and leverage platform-specific features, necessitating continuous user education (don’t click, don’t reply, verify independently) alongside technical defenses and prompt reporting to platforms and authorities like the FBI’s IC3.

Projects
- TryHackMe – Networking Core Protocols – Complete
- TryHackMe – Networking Secure Protocols – In Progress
Videos

Articles
- Twitter (X) Hit by 2.8 Billion Profile Data Leak in Alleged Insider Job – Massive Twitter (X) profile data leak exposes details of 2.8 billion users; alleged insider leak surfaces with no official response from the company.
- Fake Snow White Movie Torrent Infects Devices with Malware – Disney’s latest Snow White movie, with a 1.6/10 IMDb rating, isn’t just the biggest flop the company has ever released. It’s such an embarrassment that the movie isn’t even available on Disney’s own streaming platform, Disney+.
- T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit – T-Mobile paid $33 million in a private arbitration process over a SIM swap attack leading to cryptocurrency theft.
- FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme – The U.S. DOJ seized over $8.2 million in USDT stolen through ‘romance baiting’ scams, where victims are tricked into fake investments promising high returns.
- OpenAI just made its first cybersecurity investment – Generative AI has vastly expanded the toolkit available to hackers and other bad actors. It’s now possible to do everything from deepfaking a CEO to creating fake receipts.
- UK’s attempt to keep details of Apple ‘backdoor’ case secret… denied – Last month’s secret hearing comes to light
- Food giant WK Kellogg discloses data breach linked to Clop ransomware – US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks.
- Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows – Experimental Sec-Gemini v1 touts a combination of Google’s Gemini LLM capabilities with real-time security data and tooling from Mandiant.
- A member of the Scattered Spider cybercrime group pleads guilty – A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California.
- Oracle privately notifies Cloud data breach to customers – Oracle confirms a cloud data breach, quietly informing customers while downplaying the impact of the security breach.
- Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC – A researcher used ChatGPT-4o to create a replica of his passport in just five minutes, realistic enough to deceive most automated KYC systems.
- 39 Million Secrets Leaked on GitHub in 2024 – GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected.
- North Korea’s IT Operatives Are Exploiting Remote Work Globally – The global rise of North Korean IT worker infiltration poses a serious cybersecurity risk—using fake identities, remote access, and extortion to compromise organizations.
- One of the last of Bletchley Park’s quiet heroes, Betty Webb, dies at 101 – Tip-lipped for 30 years before becoming an ‘unrivaled advocate’ for the site
April 7, 2025