CTRL + ALT + SEC

Tag: data theft

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/11/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: New York claims Zelle’s shoddy security enabled a billion dollars in scams

The lawsuit claims that Zelle, a payment platform owned by major banks, was launched with significant security flaws that enabled a billion dollars in customer fraud between 2017 and 2023. Attorney General James alleges that the company behind Zelle, Early Warning Services (EWS), was aware of these vulnerabilities from the start but failed to implement basic safeguards. The lawsuit highlights issues such as a flawed registration process that allowed scammers to use misleading email addresses to impersonate legitimate entities, making it easy to trick users into sending them money.

The complaint also accuses EWS of failing to ensure that banks reported customer complaints about fraud in a timely manner. The lawsuit states that Zelle falsely advertised its service as a “safe” money transfer tool and did not promptly remove fraudulent accounts or require banks to reimburse consumers for certain scams. This legal action mirrors a previous lawsuit filed by the Consumer Financial Protection Bureau, which was later dropped.

In response to the lawsuit, Zelle spokesperson Eric Blankenbaker called it a “political stunt” and denied the claims. He stated that Zelle “leads the fight to stop fraud and scams” and argued that the Attorney General’s lawsuit would ultimately put consumers at greater risk by providing criminals with a blueprint for guaranteed payouts. The lawsuit seeks restitution and damages for New Yorkers who have been harmed by Zelle’s alleged security failures.

Projects
- TryHackMe – JavaScript Essentials – In Progress
Webinars
- SANS Security Awareness Virtual Conference
- Proofpoint Power Series – Threat Intel Unfiltered
Videos

Articles
- WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately: Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious archive files.
- Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere – A security researcher said flaws in a carmaker’s online dealership portal exposed the private information and vehicle data of its customers, and could have allowed hackers to remotely break into any of its customers’ vehicles.
- Manpower franchise discloses data theft after RansomHub posts alleged stolen data – And yes, there’s the usual credit monitoring
- Hyundai wants Ioniq 5 owners to pay to fix a keyless entry security hole – Some Ioniq 5 models are vulnerable to thieves using a Game Boy-like handheld device.
- Russian government hackers said to be behind US federal court filing system hack: Report – The Russian government is allegedly behind the data breach affecting the U.S. court filing system known as PACER, according to The New York Times.
- New York claims Zelle’s shoddy security enabled a billion dollars in scams – Attorney General Letitia James claims Zelle launched with serious security flaws that made the platform ‘uniquely susceptible to fraud.
- Plex warns users to patch security vulnerability immediately – Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability.
Podcasts
August 18, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/30/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: US shuts down a string of North Korean IT worker scams

The US Department of Justice has successfully disrupted several sophisticated IT worker scams orchestrated by North Korea, leading to two indictments, one arrest, and the seizure of 137 laptops. These operations involved North Korean IT staff using stolen or fictitious identities to secure remote positions at over 100 US companies. Beyond drawing salaries, these individuals allegedly exfiltrated sensitive data for Pyongyang and engaged in virtual currency theft, with one instance involving a $740,000 cryptocurrency heist. This tactic of deploying remote IT workers, facilitated by the shift to remote work during the COVID-19 pandemic, is a significant evolution from North Korea’s traditional cybercrime activities, which are primarily aimed at circumventing international sanctions and funding their illicit weapons programs.

One key aspect of these scams involved the establishment of “laptop farms” in the US. These farms allowed North Korean coders to remotely control company-issued laptops, making it appear as though the workers were operating within the US, thereby evading detection by employers monitoring IP ranges. Zhenxing “Danny” Wang, one of the indicted individuals, is accused of setting up a fake software development business that funneled approximately $5 million back to North Korea and left US companies with an estimated $3 million in cleanup costs. This complex network highlights the critical role of US-based collaborators in enabling these schemes and the substantial financial gains reaped by both the North Korean regime and its stateside operatives.

The investigations also revealed a more direct form of cryptocurrency theft, as seen in the case of four North Koreans who traveled to the UAE to secure remote programming jobs. These individuals, using stolen identities, were able to gain access to company virtual wallets and subsequently steal significant amounts of cryptocurrency, which was then laundered using sanctioned tools like Tornado Cash. The ongoing nature of these threats underscores the challenges faced by companies hiring remote IT workers and the persistent efforts by North Korea to exploit vulnerabilities for financial gain. The US Department of Justice is actively pursuing these cases, offering substantial bounties for information that helps dismantle North Korea’s illicit financial mechanisms.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- US shuts down a string of North Korean IT worker scams – The US Department of Justice has announced a major disruption of multiple North Korean fake IT worker scams.
- Stablecoin protocol Resupply loses $9.6M to price manipulation exploit – A flaw in ResupplyFi’s contract allowed an attacker to manipulate token prices and drain $9.6 million from its wstUSR market.
- Hacker Conversations: Rachel Tobac and the Art of Social Engineering – Rachel Tobac is a cyber social engineer. She is skilled at persuading people to do what she wants, rather than what they know they ought to do.
- Hackers stole data on 2.2 million people in cyberattack affecting American grocery chains – The Dutch conglomerate behind dozens of major American supermarket brands said more than 2.2 million people had information stolen from its systems during a cyberattack in November that left customers unable to place delivery orders online.
- Aloha, you’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’ – ‘No impact on safety,’ FAA tells The Reg
- The FBI warns that Scattered Spider is now targeting the airline sector – The FBI warns that Scattered Spider is now targeting the airline sector. Feds are working with aviation partners to combat the threat and assist affected victims.
- Ex-student charged over hacking university for cheap parking, data breaches – New South Wales police in Australia have arrested a 27-year-old former Western Sydney University (WSU) student for allegedly hacking into the University’s systems on multiple occasions, starting with a scheme to obtain cheaper parking.
- Qantas Confirms Major Data Breach Linked to Third-Party Vendor – Qantas has confirmed a data breach after attackers gained access through a third-party call centre platform, affecting millions of frequent flyers just as the airline industry heads into its busiest season.
July 7, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/26/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Suspected InfoStealer Malware Data Breach Exposed 184 Million Logins and Passwords

This article details a significant data breach involving a publicly exposed database containing an astonishing 184 million unique logins and passwords, totaling 47.42 GB of unencrypted credential data. The researcher who discovered the breach found a wide array of sensitive information, including emails, usernames, passwords, and associated URLs for numerous online services, financial institutions, healthcare platforms, and government portals across various countries. The lack of password protection or encryption on the database dramatically increased the potential for malicious actors to access and exploit this highly sensitive information, posing substantial risks to individuals whose credentials were exposed. The researcher responsibly disclosed the finding to the hosting provider, which subsequently restricted public access to the database.

The analysis of the exposed data strongly suggests that it was harvested by infostealer malware, a type of malicious software designed to extract sensitive information from infected systems, particularly credentials stored in browsers and applications. While the exact method of data collection remains unknown, the article outlines common tactics used by cybercriminals to deploy such malware, including phishing emails, malicious websites, and compromised software. The potential consequences of this type of data exposure are severe, ranging from credential stuffing attacks and account takeovers to corporate espionage and targeted phishing campaigns. The sheer volume and variety of compromised accounts, including those associated with financial and governmental institutions, underscore the gravity of the situation and the potential for widespread harm.

In response to this alarming discovery, the article provides crucial recommendations for users to enhance their online security. These include the fundamental practices of regularly changing passwords, using unique and complex passwords for each account, and enabling two-factor authentication wherever possible. Additionally, the article advises users to check if their credentials have been exposed in known breaches, monitor their accounts for suspicious activity, and consider the use of password managers with caution. The researcher emphasizes the importance of proactive measures and responsible data handling, particularly concerning sensitive information stored in email accounts. The incident serves as a stark reminder of the persistent threats posed by infostealer malware and the critical need for individuals and organizations to prioritize robust cybersecurity practices.

Projects
- TryHackMe – Public Key Cryptography Basics – Complete
- TryHackMe – Hashing Basics – In Progress
Videos

Articles
- Adidas confirms criminals stole data from customer service provider – Hackers take personal data bytes from the brand with three stripes
- Dutch Intelligence Agencies Say Russian Hackers Stole Police Data in Cyberattack – The agencies said that the group, which they called Laundry Bear, is actively trying to steal sensitive data from EU and NATO countries and is “extremely likely Russian state supported.”
- Iranian pleads guilty to RobbinHood ransomware attacks, faces 30 years – An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span.
- Russian IT pro sentenced to 14 years forced labor for sharing medical data with Ukraine – The latest in a long line of techies to face Putin’s wrath
- Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor – Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys.
- 184,162,718 Passwords And Logins Leaked — Apple, Facebook, Snapchat
- Threat actors abuse Google Apps Script in evasive phishing attacks – Threat actors are abusing the ‘Google Apps Script’ development platform to host phishing pages that appear legitimate and steal login credentials.
- Pakistanis Urged To Immediately Change All Passwords After Massive Global Data Breach – Pakistan’s National Cyber Emergency Response Team (NCERT) has issued a critical warning urging citizens to change their passwords following a massive global data breach exposing 184 million unique account credentials.
June 2, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/19/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs

This article from BleepingComputer details a significant and concerning campaign involving over 100 malicious Google Chrome extensions designed to steal user data and execute remote scripts. These extensions cleverly impersonate legitimate and popular tools such as VPNs, AI assistants, crypto utilities, and even specific brands like Fortinet and YouTube. By offering some of the promised functionality while simultaneously operating covertly in the background, these extensions deceive users into granting them broad permissions. This allows the threat actors to pilfer browser cookies, including sensitive session tokens, perform DOM-based phishing attacks, inject malicious JavaScript, and even modify network traffic for purposes like ad delivery, redirection, or proxying user activity through their own servers.

The discovery by DomainTools highlights the scale of this operation, with over 100 fake domains created to promote these malicious extensions, likely through malvertising campaigns. These websites feature seemingly legitimate “Add to Chrome” buttons that directly link to the malicious listings on the Chrome Web Store, lending a false sense of security and authenticity. The article provides a list of several of these deceptive domains, showcasing the wide range of impersonated services and brands. While Google has reportedly removed many of the identified extensions, the fact that some still persist underscores the challenges in rapidly detecting and eliminating such threats, as well as the actors’ determination to remain active.

The potential consequences for users who install these malicious extensions are severe, ranging from account hijacking and personal data theft to comprehensive monitoring of their browsing activities. The article emphasizes that these extensions essentially create a backdoor within the infected browser, granting attackers extensive control and the potential for further exploitation. Alarmingly, the stolen session cookies could even be used to compromise legitimate VPN devices or accounts, providing a pathway to infiltrate corporate networks and launch more damaging attacks. The article concludes with crucial advice for users: exercise caution by only trusting reputable publishers, carefully reviewing user reviews for any suspicious signs, and remaining vigilant about the permissions requested by browser extensions.

Projects
- TryHackMe – Public Key Cryptography Basics – In Progress
Videos

Articles
- The Kids Online Safety Act is back, with the potential to change the internet – The Kids Online Safety Act (KOSA) has been reintroduced into Congress. If passed into law, this bill could impose some of the most significant legislative changes that the internet has seen in the U.S. since the Children’s Online Privacy Protection Act (COPPA) of 1998.
- Have I Been Pwned 2.0 is Now Live! – This has been a very long time coming, but finally, after a marathon effort, the brand new Have I Been Pwned website is now live!
- KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data).
- PowerSchool hacker pleads guilty to student data extortion scheme – A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers.
- Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs – A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly.
Podcasts
May 28, 2025