Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.
Featured Analysis
Featured article analysis: Satellites found exposing unencrypted data, including phone calls and some military comms
This article reveals a startling lapse in global data security, reporting that researchers from UC San Diego and the University of Maryland easily intercepted vast amounts of unencrypted sensitive data from as many as half of all geostationary satellites. Using only an $800 off-the-shelf satellite receiver over three years, they were able to eavesdrop on a broad spectrum of communications. The exposed information includes personal consumer data such as private voice calls, text messages, and internet traffic from commercial services like in-flight Wi-Fi, demonstrating that data considered private is often wide open to unauthorized interception with minimal effort.
The scope of the security failure extends far beyond consumer privacy, encompassing communications critical to national security and vital economic operations. Critically, the researchers found the unencrypted streams included data exchanged between critical infrastructure systems, such as energy and water suppliers, offshore oil and gas platforms, and even some military communications. The effortless exposure of these transmissions poses a profound security risk, creating a significant vulnerability for coordinated attacks or industrial espionage against foundational public and private utilities.
Following the discovery, the research team spent a year alerting affected organizations. This effort led to some immediate remediation, with companies like T-Mobile and AT&T’s network in Mexico quickly encrypting their data to mitigate the risk. However, the most alarming takeaway is the warning that the exposure is far from over. Many organizations, especially certain critical infrastructure providers, have not yet fixed their systems, meaning that large volumes of sensitive satellite data will continue to be vulnerable to eavesdropping for years to come, leaving essential systems exposed to this easily exploited security hole.
Projects
- TryHackMe – Vulnerability Scanner Overview – In Progress
Videos
Articles
- Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack – Hackers have posted over 1 Tb of information allegedly stolen from Harvard on the Cl0p data leak website.
- Satellites found exposing unencrypted data, including phone calls and some military comms – Security researchers have discovered that as many as half of all geostationary satellites in Earth’s orbit are carrying unencrypted sensitive consumer, corporate, and military information, making this data wide open to eavesdropping.
- Fake LastPass, Bitwarden breach alerts lead to PC hijacks – An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager.
- F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion – U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP’s source code and information related to undisclosed vulnerabilities in the product.
- Experian fined $3.2 million for mass-collecting personal data – Experian Netherlands has been fined EUR 2.7 million ($3.2 million) for multiple violations of the General Data Protection Regulation (GDPR)
- China Accuses US of Cyberattack on National Time Center – The Ministry of State Security alleged that the NSA exploited vulnerabilities in the messaging services of a foreign mobile phone brand to steal sensitive information.