CTRL + ALT + SEC

Tag: DDoS attack

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 11/17/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Be careful responding to unexpected job interviews

This article from Malwarebytes Labs deconstructs a sophisticated social engineering scam that leverages the allure of an unexpected job opportunity to trick victims into installing malicious software. The attack begins with a message on LinkedIn or a similar platform, followed by a professional-sounding email that invites the target to a virtual interview for a position like “Senior Construction Manager.” While the attackers meticulously impersonate a real employee of a legitimate company, initial red flags were evident: the contact email originated from a generic Gmail address instead of a corporate domain, and the specified job opening did not exist on the company’s official careers page. This initial phase is designed purely to establish trust and lure the victim into the next, more dangerous stage of the attack.

The core technical threat emerges when the target, having expressed interest, receives a follow-up “meeting invitation” email. This email contains a highly suspicious, shortened link that redirects the user to a malicious domain, such as meetingzs.com. The purpose of this site is to prompt the user with a deceptive message, claiming they must install a software update for their meeting application (like Zoom or Teams) to participate in the interview. In the observed case, this download was identified as an executable file associated with a legitimate Remote Monitoring and Management (RMM) tool like LogMeIn Resolve. Crucially, while the tool itself is not malware, granting a cybercriminal access to install and use an RMM tool provides them with a direct and persistent backdoor onto the victim’s device, allowing them to execute ransomware payloads or conduct further network reconnaissance.

Ultimately, this incident serves as a crucial warning about the increasing reliance on social engineering as the primary means for attackers to gain initial access to corporate or personal systems. The article emphasizes that recognizing these carefully crafted scams is the best defense. Users must adopt a high degree of skepticism toward all unsolicited communications, especially those demanding immediate action like clicking a link or installing software. The recommended safety measures are straightforward but vital: independently verify the sender and context of unexpected invitations, avoid clicking links or downloading attachments from unverified sources, and maintain rigorous cyber hygiene by keeping operating systems, software, and real-time anti-malware solutions fully updated to patch vulnerabilities.

Projects
- TryHackMe – CAPA: The Basics – In Progress
Videos

Articles
- Be careful responding to unexpected job interviews – a phishing scam where fake recruiters send job interview invitations with malicious links that prompt victims to install software containing malware or remote access tools.
- Microsoft: Azure hit by 15 Tbps DDoS attack using 500,000 IP addresses – Microsoft said today that the Aisuru botnet hit its Azure network with a 15.72 terabits per second (Tbps) DDoS attack, launched from over 500,000 IP addresses.
- Dutch police seizes 250 servers used by “bulletproof hosting” service – The police in the Netherlands have seized around 250 physical servers powering a bulletproof hosting service in the country used exclusively by cybercriminals for providing complete anonymity.
- California man admits to laundering crypto stolen in $230M heist – A 45-year-old from Irvine, California, has pleaded guilty to laundering at least $25 million stolen in a massive $230 million cryptocurrency heist.
- CrowdStrike catches insider feeding information to hackers – American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with unnamed threat actors.
November 24, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/16/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: 16 Billion Apple, Facebook, Google And Other Passwords Leaked

The confirmed leak of an estimated 16 billion login credentials, including passwords, making it potentially the largest breach in history. Unlike previous reports of individual company breaches, this “mother of all leaks” is attributed to multiple infostealers, aggregating data from a vast array of online services, including major platforms like Apple, Facebook, and Google, as well as VPNs and developer portals. Crucially, cybersecurity researcher Bob Diachenko clarified that this isn’t a direct breach of these large companies’ databases but rather a collection of credentials found in infostealer logs, often linked to reused passwords. This makes the leak a severe threat, serving as a “blueprint for mass exploitation” through phishing and account takeovers, emphasizing the urgent need for robust password hygiene.

The incident reignites the debate surrounding cybersecurity responsibility. While many experts, like Javvad Malik, advocate for a “shared responsibility” model, where both organizations protect users and individuals remain vigilant, others like Paul Walsh of MetaCert disagree. Walsh argues that expecting users to become security experts when even security providers struggle against sophisticated phishing attacks is unreasonable. This highlights a fundamental tension: while users are urged to adopt stronger password practices and multi-factor authentication, the industry also faces pressure to develop more inherently secure authentication methods that mitigate the risk posed by compromised databases, irrespective of password complexity.

In response to such massive leaks, the article strongly advocates for a pivotal shift from traditional passwords to more secure passkey technology. Experts like Rew Islam from Dashlane, co-chair of the FIDO Alliance, emphasize that passkeys are no longer a “nice-to-have” but an “essential” security measure, especially with major players like Facebook recently adopting them. Passkeys leverage factors users already employ, like facial or fingerprint recognition, offering a more convenient and significantly more secure authentication experience. The expectation is that widespread adoption by more companies, from banks to social media, will build user confidence and eventually lead to passkeys becoming the dominant authentication method for the majority of internet users within the next three years.

Projects
- TryHackMe – Hashing Basics – In Progress
Articles
- Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web – Resecurity researchers found 7.4 million records containing personally identifiable information (PII) of Paraguay citizens on the dark web.
- 16 Billion Apple, Facebook, Google And Other Passwords Leaked – If you thought that my May 23 report, confirming the leak of login data totaling an astonishing 184 million compromised credentials, was frightening, I hope you are sitting down now. Researchers have just confirmed what could be the largest leak ever, with an almost incredulous 16 billion login credentials, including passwords, exposed.
- Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider – Cloudflare on Thursday said it autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps).
- Iran’s government says it shut down internet to protect against cyberattacks – Earlier this week, virtually everyone in Iran lost access to the internet in what was called a “near-total national internet blackout.”
- Russian hackers bypass Gmail MFA using stolen app passwords – Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials.
Podcasts
June 23, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/19/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs

This article from BleepingComputer details a significant and concerning campaign involving over 100 malicious Google Chrome extensions designed to steal user data and execute remote scripts. These extensions cleverly impersonate legitimate and popular tools such as VPNs, AI assistants, crypto utilities, and even specific brands like Fortinet and YouTube. By offering some of the promised functionality while simultaneously operating covertly in the background, these extensions deceive users into granting them broad permissions. This allows the threat actors to pilfer browser cookies, including sensitive session tokens, perform DOM-based phishing attacks, inject malicious JavaScript, and even modify network traffic for purposes like ad delivery, redirection, or proxying user activity through their own servers.

The discovery by DomainTools highlights the scale of this operation, with over 100 fake domains created to promote these malicious extensions, likely through malvertising campaigns. These websites feature seemingly legitimate “Add to Chrome” buttons that directly link to the malicious listings on the Chrome Web Store, lending a false sense of security and authenticity. The article provides a list of several of these deceptive domains, showcasing the wide range of impersonated services and brands. While Google has reportedly removed many of the identified extensions, the fact that some still persist underscores the challenges in rapidly detecting and eliminating such threats, as well as the actors’ determination to remain active.

The potential consequences for users who install these malicious extensions are severe, ranging from account hijacking and personal data theft to comprehensive monitoring of their browsing activities. The article emphasizes that these extensions essentially create a backdoor within the infected browser, granting attackers extensive control and the potential for further exploitation. Alarmingly, the stolen session cookies could even be used to compromise legitimate VPN devices or accounts, providing a pathway to infiltrate corporate networks and launch more damaging attacks. The article concludes with crucial advice for users: exercise caution by only trusting reputable publishers, carefully reviewing user reviews for any suspicious signs, and remaining vigilant about the permissions requested by browser extensions.

Projects
- TryHackMe – Public Key Cryptography Basics – In Progress
Videos

Articles
- The Kids Online Safety Act is back, with the potential to change the internet – The Kids Online Safety Act (KOSA) has been reintroduced into Congress. If passed into law, this bill could impose some of the most significant legislative changes that the internet has seen in the U.S. since the Children’s Online Privacy Protection Act (COPPA) of 1998.
- Have I Been Pwned 2.0 is Now Live! – This has been a very long time coming, but finally, after a marathon effort, the brand new Have I Been Pwned website is now live!
- KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data).
- PowerSchool hacker pleads guilty to student data extortion scheme – A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers.
- Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs – A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly.
Podcasts
May 28, 2025