CTRL + ALT + SEC

Tag: Network Security

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/7/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Elmo’s X account was hacked and shared antisemitic and racist posts

The recent hacking of Elmo’s X (formerly Twitter) account represents a concerning incident that transcends a simple social media breach, highlighting broader vulnerabilities and the potential for weaponized online platforms. The unauthorized posts, which included antisemitic, racist, and politically charged content, not only severely damaged the innocent and wholesome brand associated with Elmo and Sesame Street but also demonstrated how easily prominent accounts can be leveraged to disseminate harmful narratives. The fact that such hateful messages were visible to nearly 650,000 followers, even for a brief period, underscores the immediate and widespread impact that compromised accounts can have on public discourse and perception. This event serves as a stark reminder of the constant threat of cyberattacks and the imperative for robust security measures across all major online platforms.

This incident also brings into focus the ongoing challenges faced by X, particularly in light of previous controversies surrounding its AI chatbot Grok and the proliferation of extremist views on the platform. The “disgusting” nature of the hacked posts, as described by Sesame Workshop, echoes similar issues where X has struggled to contain inflammatory content, including antisemitic remarks. The repeated instances of problematic content, whether through compromised accounts or algorithmic failures, raise serious questions about X’s content moderation strategies and its ability to safeguard users from harmful material. While XAI has acknowledged and attempted to address issues with Grok, the Elmo hack suggests that the platform’s vulnerabilities extend beyond AI-generated content to fundamental account security.

Ultimately, the Elmo account hack is more than just an isolated security breach; it’s a symptom of a larger, more complex problem concerning online safety, platform responsibility, and the weaponization of social media. For a character universally associated with childhood innocence and positive values to be used as a conduit for hate speech is deeply disturbing and illustrates the insidious nature of online extremism. This event should prompt renewed scrutiny of social media companies’ commitment to preventing abuse, ensuring account integrity, and protecting their users from the dissemination of harmful ideologies. The incident reinforces the critical need for continuous vigilance, technological advancements in security, and a proactive approach to combating the misuse of online platforms.

Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- FBI warns travelers of ‘Scattered Spider’ group targeting airlines – SFGATE contributor Jim Glab rounds up air travel and airport news for our weekly column Routes
- Qantas is being extorted in recent data-theft cyberattack – Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers.
- Columbia data stolen in cyberattack that caused dayslong IT outage, University says – Bloomberg News reported that the alleged hacker stole the personal information of Columbia applicants.
- AT&T Reaches $177M Deal Over 2019 and 2024 Data Breaches – AT&T’s $177M data breach settlement. Check eligibility for payouts from 2019 and 2024 incidents.
- Alleged Chinese State Hacker Wanted by US Arrested in Italy – Xu Zewei has been arrested on charges that he is a member of the Chinese state-sponsored hacking group Hafnium (Silk Typhoon).
- Canadian Electric Utility Says Power Meters Disrupted by Cyberattack – Nova Scotia Power is notifying individuals affected by the recent data breach, including in the United States.
- U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme – The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme.
- Russian pro basketball player arrested for alleged role in ransomware attacks – Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang.
- Elmo’s X account hacked to publish racist and antisemetic posts – In case it wasn’t obvious, no, that’s not the real Elmo that posted racist and antisemetic posts on Elon Musk’s X. Someone had hacked into the Sesame Street character’s X account.
Podcasts
July 14, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/23/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Millions of Brother Printers Hit by Critical, Unpatchable Bug

The article highlights a severe security crisis affecting millions of Brother printers and other devices, stemming primarily from a critical, unpatchable vulnerability (CVE-2024-51978) with a CVSS score of 9.8. This flaw allows an unauthenticated attacker to generate the default administrator password by knowing the device’s serial number, which can be leaked through other vulnerabilities or simple queries. The sheer scale of the problem is alarming, with 695 Brother models and millions of individual devices globally impacted. Crucially, this particular bug cannot be fixed via firmware updates, necessitating a change in Brother’s manufacturing process, underscoring the deep-seated nature of the security oversight.

Beyond the unpatchable flaw, the research by Rapid7 uncovered seven additional vulnerabilities, ranging from data leaks and stack buffer overflows to server-side request forgery (SSRF) and denial-of-service (DoS) issues. These vulnerabilities, while individually less critical (CVSS scores from 5.3 to 7.5), pose significant risks as they can be chained together with CVE-2024-51978 to achieve more severe outcomes, such as unauthenticated remote code execution or the disclosure of plaintext credentials for external services like LDAP or FTP. The ease of exploiting some of these flaws, coupled with the known existence of an underground market for printer exploits, raises concerns about potential widespread exploitation in corporate networks.

Fortunately, for seven of the eight vulnerabilities, Brother has released firmware updates, and other affected vendors like Fujifilm and Ricoh have also issued advisories. For the critical CVE-2024-51978, the primary mitigation relies on user action: changing the default administrator password. This simple step is crucial, as the vulnerability is only exploitable if the default password remains unchanged. The article also commends the collaborative and lengthy disclosure process involving Rapid7, Brother, and the Japanese cyber agency JPCERT/CC, highlighting it as a successful example of coordinated efforts to address widespread security flaws.

Projects
- TryHackMe – Hashing Basics – Complete
- TryHackMe – Web Application Basics – In Progress
Videos

Articles
- Canada says telcos were breached in China-linked espionage hacks – The Canadian government and the FBI say they are aware of malicious activity targeting telecommunication companies across Canada, attributing the intrusions to the China-backed hacking group Salt Typhoon.
- Cybercriminals breach Aflac as part of hacking spree against US insurance industry – Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry.
- Millions of Brother Printers Hit by Critical, Unpatchable Bug – A slew of vulnerabilities, including a critical CVSS 9.8 that enables an attacker to generate the default admin password, affect hundreds of printer, scanner, and label-maker models made by manufacturer Brother.
- Justice Department Announces Coordinated, Nationwide Actions to Combat North Korean Remote Information Technology Workers’ Illicit Revenue Generation Schemes
Podcasts
July 2, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/9/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: 40,000 Security Cameras Exposed to Remote Hacking

Cybersecurity firm Bitsight has unveiled a significant vulnerability in the digital landscape, identifying over 40,000 security cameras globally that are susceptible to remote hacking. These cameras, operating primarily over HTTP and RTSP protocols, inadvertently expose live video feeds directly to the internet, making them prime targets for malicious activities ranging from espionage to botnet recruitment. HTTP-based cameras, commonly found in homes and small offices, often allow direct access to administrative interfaces or expose screenshots via simple URI manipulations. RTSP cameras, used in professional surveillance, are harder to fingerprint but can still be exploited to return live footage. This widespread exposure highlights a critical security flaw, transforming devices intended for protection into potential tools for privacy invasion and cyberattacks.

The geographical distribution of these exposed cameras reveals a concerning concentration, with the United States accounting for over 14,000 devices, followed by Japan with approximately 7,000. Other countries like Austria, Czechia, South Korea, Germany, Italy, and Russia also host thousands of vulnerable cameras. Within the US, California and Texas show the highest numbers, with other states like Georgia, New York, and Missouri also significantly impacted. Industry-wise, the telecommunications sector bears the brunt of the exposure, representing a staggering 79% of vulnerable devices, largely due to residential network connections. When excluding this sector, technology, media/entertainment, utilities, business services, and education emerge as the most affected industries, underscoring the broad scope of this security challenge across various critical sectors.

The implications of such widespread exposure are severe, extending beyond mere privacy breaches. Bitsight warns that these cameras are actively sought by threat actors on dark web forums, posing risks such as ensnarement in botnets or serving as pivot points for deeper network intrusions. The presence of these vulnerable devices in diverse locations like offices, factories, restaurants, and hotels amplifies the potential for corporate espionage and data theft. To counter these threats, Bitsight advises users and organizations to adopt crucial security measures: securing internet connections, replacing default credentials, disabling unnecessary remote access, keeping device firmware updated, and consistently monitoring for unusual login attempts. Adhering to these precautions is paramount to safeguard privacy and prevent these surveillance tools from becoming unintended liabilities.

Projects
- TryHackMe – Hashing Basics – In Progress
Articles
- Former Black Basta Members Resurface with New Tactics – Ex-Black Basta ransomware affiliates are now using new phishing and remote access techniques as part of the CACTUS ransomware operation.
- Rust-based “Myth Stealer” Malware Targets Gamers – A new Rust-based infostealer called Myth Stealer is spreading via fake gaming sites and malicious documents, targeting browser and crypto data.
- Massive Data Leak in China Exposes Billions of Records – Over 4 billion personal records were exposed from an unsecured Chinese database, marking one of the largest leaks in the country’s history.
- Google Warns of Salesforce Phishing and Data Extortion Campaign – Google flagged a campaign where attackers use vishing and fake tools to steal Salesforce data and extort organizations.
- Iranian APT “BladedFeline” Hides in Telecom Network for 8 Years – The Iranian group BladedFeline covertly accessed a Middle Eastern telecom for eight years using legitimate admin tools.
- New Zero-Click AI Vulnerability in Microsoft 365 Copilot – Researchers found “EchoLeak,” a zero-click vulnerability that could let attackers steal sensitive data from Microsoft 365 Copilot.
- WestJet Cyberattack Disrupts Airline Operations – A cyberattack on WestJet caused disruptions to the airline’s internal systems and operations.
- Trend Micro and Palo Alto Networks Patch Critical Flaws – Both cybersecurity vendors released patches for multiple critical vulnerabilities affecting their products.
- Hackers Abuse TeamFiltration to Target Microsoft Entra ID Accounts – Attackers leveraged the TeamFiltration pentesting tool to compromise over 80,000 Microsoft Entra ID accounts globally.
- 40,000 Security Cameras Exposed to Remote Hacking – Bitsight has identified over 40,000 security cameras that can be easily hacked for spying or other types of malicious activity.
Podcasts
June 16, 2025
TryHackMe – Networking Secure Protocols

In today’s TryHackMe write-up, we’ll be diving into the crucial realm of Networking Secure Protocols. This module comprises 8 comprehensive tasks, offering a fantastic hands-on exploration of various methods used to secure network traffic. In an era where data breaches are commonplace, understanding how to protect our communications is paramount. This room on TryHackMe provides a fantastic hands-on exploration of various methods used to secure network traffic. We’ll unravel the mysteries behind SSL/TLS, the backbone of secure web browsing, and then explore practical ways to fortify existing plaintext protocols like HTTP, SMTP, POP3, and IMAP. Furthermore, we’ll examine how SSH emerged as the secure successor to the insecure TELNET and finally, demystify how a VPN can establish a secure network tunnel across an otherwise untrusted infrastructure. So, buckle up as we embark on this journey to fortify our network knowledge!
(more…)

May 1, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/24/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Mike Waltz takes ‘full responsibility’ for Signal group chat leak

The accidental inclusion of a journalist in a high-level Signal group chat discussing military strikes in Yemen has exposed significant vulnerabilities in the US National Security apparatus. While Signal offers strong encryption, this incident underscores that human error remains a critical weak point, as evidenced by the unexplained addition of the reporter. The debate over classified information sharing and the alleged use of auto-delete features raise serious questions about adherence to security protocols and federal record-keeping laws. This event highlights the inherent risks of using civilian communication apps for sensitive government matters, even with robust encryption, and emphasizes the critical need for stringent access controls, comprehensive training, and the consistent use of secure, government-approved platforms.

This “glitch,” as downplayed by some, serves as a stark reminder for cybersecurity professionals that technology alone cannot guarantee security. Robust operational security practices, including strict verification procedures and adherence to data retention policies, are paramount. The incident underscores the necessity of cultivating a security-conscious culture within government and prioritizing the use of dedicated, secure communication channels over potentially vulnerable civilian alternatives. The political fallout and calls for investigation further emphasize the gravity of this lapse and its potential implications for national security and trust.

Projects
- TryHackMe – Networking Essentials – Complete
- TryHackMe – Networking Core Protocols – In Progress
Articles
- Former Michigan assistant coach Matt Weiss charged with hacking college athletes’ computer accounts for intimate photos – Former NFL and University of Michigan assistant football coach Matt Weiss hacked into the computer accounts of thousands of college athletes seeking intimate photos and videos, according to an indictment filed Thursday.
- [Paywall] The Trump Administration Accidentally Texted Me Its War Plans – U.S. national-security leaders included me in a group chat about upcoming military strikes in Yemen. I didn’t think it could be real. Then the bombs started falling.
- Chinese Weaver Ant hackers spied on telco network for 4 years – A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers
- Police arrests 300 suspects linked to African cybercrime rings – African law enforcement authorities have arrested 306 suspects as part of ‘Operation Red Card,’ an INTERPOL-led international crackdown targeting cross-border cybercriminal networks
- Infosys to Pay $17.5 Million in Settlement Over 2023 Data Breach – Infosys McCamish System has agreed to pay $17.5 million to settle six class action lawsuits filed over a 2023 data breach
- New Atlantis AIO platform automates credential stuffing on 140 services – A new cybercrime platform named ‘Atlantis AIO’ provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs.
- After DDOS attacks, Blizzard rolls back Hardcore WoW deaths for the first time – New policy comes as OnlyFangs streaming guild planned to quit over DDOS disruptions.
Podcasts
March 31, 2025