CTRL + ALT + SEC

Tag: podcasts

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/26/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Suspected InfoStealer Malware Data Breach Exposed 184 Million Logins and Passwords

This article details a significant data breach involving a publicly exposed database containing an astonishing 184 million unique logins and passwords, totaling 47.42 GB of unencrypted credential data. The researcher who discovered the breach found a wide array of sensitive information, including emails, usernames, passwords, and associated URLs for numerous online services, financial institutions, healthcare platforms, and government portals across various countries. The lack of password protection or encryption on the database dramatically increased the potential for malicious actors to access and exploit this highly sensitive information, posing substantial risks to individuals whose credentials were exposed. The researcher responsibly disclosed the finding to the hosting provider, which subsequently restricted public access to the database.

The analysis of the exposed data strongly suggests that it was harvested by infostealer malware, a type of malicious software designed to extract sensitive information from infected systems, particularly credentials stored in browsers and applications. While the exact method of data collection remains unknown, the article outlines common tactics used by cybercriminals to deploy such malware, including phishing emails, malicious websites, and compromised software. The potential consequences of this type of data exposure are severe, ranging from credential stuffing attacks and account takeovers to corporate espionage and targeted phishing campaigns. The sheer volume and variety of compromised accounts, including those associated with financial and governmental institutions, underscore the gravity of the situation and the potential for widespread harm.

In response to this alarming discovery, the article provides crucial recommendations for users to enhance their online security. These include the fundamental practices of regularly changing passwords, using unique and complex passwords for each account, and enabling two-factor authentication wherever possible. Additionally, the article advises users to check if their credentials have been exposed in known breaches, monitor their accounts for suspicious activity, and consider the use of password managers with caution. The researcher emphasizes the importance of proactive measures and responsible data handling, particularly concerning sensitive information stored in email accounts. The incident serves as a stark reminder of the persistent threats posed by infostealer malware and the critical need for individuals and organizations to prioritize robust cybersecurity practices.

Projects
- TryHackMe – Public Key Cryptography Basics – Complete
- TryHackMe – Hashing Basics – In Progress
Videos

Articles
- Adidas confirms criminals stole data from customer service provider – Hackers take personal data bytes from the brand with three stripes
- Dutch Intelligence Agencies Say Russian Hackers Stole Police Data in Cyberattack – The agencies said that the group, which they called Laundry Bear, is actively trying to steal sensitive data from EU and NATO countries and is “extremely likely Russian state supported.”
- Iranian pleads guilty to RobbinHood ransomware attacks, faces 30 years – An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span.
- Russian IT pro sentenced to 14 years forced labor for sharing medical data with Ukraine – The latest in a long line of techies to face Putin’s wrath
- Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor – Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys.
- 184,162,718 Passwords And Logins Leaked — Apple, Facebook, Snapchat
- Threat actors abuse Google Apps Script in evasive phishing attacks – Threat actors are abusing the ‘Google Apps Script’ development platform to host phishing pages that appear legitimate and steal login credentials.
- Pakistanis Urged To Immediately Change All Passwords After Massive Global Data Breach – Pakistan’s National Cyber Emergency Response Team (NCERT) has issued a critical warning urging citizens to change their passwords following a massive global data breach exposing 184 million unique account credentials.
June 2, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/19/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs

This article from BleepingComputer details a significant and concerning campaign involving over 100 malicious Google Chrome extensions designed to steal user data and execute remote scripts. These extensions cleverly impersonate legitimate and popular tools such as VPNs, AI assistants, crypto utilities, and even specific brands like Fortinet and YouTube. By offering some of the promised functionality while simultaneously operating covertly in the background, these extensions deceive users into granting them broad permissions. This allows the threat actors to pilfer browser cookies, including sensitive session tokens, perform DOM-based phishing attacks, inject malicious JavaScript, and even modify network traffic for purposes like ad delivery, redirection, or proxying user activity through their own servers.

The discovery by DomainTools highlights the scale of this operation, with over 100 fake domains created to promote these malicious extensions, likely through malvertising campaigns. These websites feature seemingly legitimate “Add to Chrome” buttons that directly link to the malicious listings on the Chrome Web Store, lending a false sense of security and authenticity. The article provides a list of several of these deceptive domains, showcasing the wide range of impersonated services and brands. While Google has reportedly removed many of the identified extensions, the fact that some still persist underscores the challenges in rapidly detecting and eliminating such threats, as well as the actors’ determination to remain active.

The potential consequences for users who install these malicious extensions are severe, ranging from account hijacking and personal data theft to comprehensive monitoring of their browsing activities. The article emphasizes that these extensions essentially create a backdoor within the infected browser, granting attackers extensive control and the potential for further exploitation. Alarmingly, the stolen session cookies could even be used to compromise legitimate VPN devices or accounts, providing a pathway to infiltrate corporate networks and launch more damaging attacks. The article concludes with crucial advice for users: exercise caution by only trusting reputable publishers, carefully reviewing user reviews for any suspicious signs, and remaining vigilant about the permissions requested by browser extensions.

Projects
- TryHackMe – Public Key Cryptography Basics – In Progress
Videos

Articles
- The Kids Online Safety Act is back, with the potential to change the internet – The Kids Online Safety Act (KOSA) has been reintroduced into Congress. If passed into law, this bill could impose some of the most significant legislative changes that the internet has seen in the U.S. since the Children’s Online Privacy Protection Act (COPPA) of 1998.
- Have I Been Pwned 2.0 is Now Live! – This has been a very long time coming, but finally, after a marathon effort, the brand new Have I Been Pwned website is now live!
- KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data).
- PowerSchool hacker pleads guilty to student data extortion scheme – A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers.
- Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs – A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly.
Podcasts
May 28, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/12/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Broadcom employee data stolen by ransomware crooks following hit on payroll provider

This serves as a reminder of the risks inherent in supply chains, particularly concerning sensitive data like payroll information. The fact that a ransomware attack on Business Systems House (BSH), a Middle Eastern partner of ADP, led to the theft of Broadcom employee data highlights the vulnerabilities that can exist even when an organization outsources critical functions. The timeline is particularly noteworthy: the initial ransomware attack occurred in September 2024, BSH/ADP became aware of data exfiltration in December 2024, yet Broadcom wasn’t informed until May 2025. This significant delay underscores the challenges in incident detection, investigation, and notification across multiple entities, leaving affected individuals in the dark for an extended period and hindering their ability to take timely protective measures. The article also subtly emphasizes the importance of vendor security assessments and the need for robust contractual agreements outlining breach notification timelines and responsibilities.

The attribution of the attack to the El Dorado ransomware group, with potential links to the BlackLock group, adds another layer of complexity and intrigue for threat intelligence followers. The rapid emergence and rebranding (or suspected rebranding) of ransomware groups are common tactics to evade law enforcement and maintain operational continuity. The report of infostealer data compromising employee accounts and potentially leading to wider third-party breaches through stolen credentials further illustrates the multi-faceted nature of modern ransomware attacks. The mention of Hudson Rock’s findings regarding compromised accounts and the potential impact on 35 additional companies underscores the lateral movement capabilities that attackers often exploit after initial access. This emphasizes the need for organizations to not only secure their own perimeters but also to implement strong internal segmentation and monitoring to limit the blast radius of any potential compromise originating from a third-party incident.

Finally, the types of data potentially stolen – including national IDs, financial account numbers, salary details, and home addresses – represent a high-value target for cybercriminals and pose significant risks to the affected Broadcom employees. The advice given by Broadcom to enable multi-factor authentication and monitor financial records is standard but crucial in the aftermath of such a breach. ADP’s attempt to distance itself by emphasizing that their own systems were not compromised and that only a “small subset” of clients were affected highlights the reputational damage and legal liabilities that can arise from third-party breaches. The case also underscores the complexities of the double extortion model, where data is both encrypted and exfiltrated, leaving victims with little incentive to pay a ransom if the attackers have already demonstrated a willingness to publish stolen information. For cybersecurity professionals, this incident serves as a valuable case study in understanding supply chain risks, incident response challenges, and the evolving tactics of ransomware actors.

Projects
- TryHackMe – Cryptography Basics – In Progress
Articles
- Google will pay a $1.375 billion settlement to Texas over privacy violations – Texas had filed two lawsuits against Google for how it handled users’ geolocation, incognito search, and biometric data.
- FBI warns that end of life devices are being actively targeted by threat actors – Cybercriminals install malware on compromised devices, set up a botnet, and sell proxy services or launch coordinated attacks.
- Education giant Pearson hit by cyberattack exposing customer data – Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned.
- Ukraine arrests two over alleged Hungarian spy plot – Ukraine says it has uncovered a spy network being run by the Hungarian state to obtain intelligence about its defences near their shared border.
- Russian spy ring leader jailed in UK for nearly 11 years – One of their operations was a plan to intercept mobile phone signals at Patch barracks, a U.S. base near Stuttgart where Ukrainian troops were believed to be training to use surface-to-air Patriot missiles
- Government webmail hacked via XSS bugs in global spy campaign – Hackers are running a worldwide cyberespionage campaign dubbed ‘RoundPress,’ leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations.
- FBI: US officials targeted in voice deepfake attacks since April – The FBI warned that cybercriminals using AI-generated audio deepfakes to target U.S. officials in voice phishing attacks that started in April.
- Cybersecurity firm Proofpoint to buy European rival for over $1 billion as it eyes IPO – Cybersecurity firm Proofpoint is acquiring European rival Hornetsecurity for north of $1 billion to strengthen its European presence as it explores a return to public markets.
- Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data – Coinbase said a group of rogue contractors were bribed to pull customer data from internal systems, leading to a $20 million ransom demand.
- Details on 89M Steam Accounts Leaked, Valve Says Systems Not Breached – Valve says the leak features phone numbers that previously received a one-time passcode, but they’re not associated with a Steam account, password, or other personal data.
- Broadcom employee data stolen by ransomware crooks following hit on payroll provider – Tech giant was in process of dropping payroll biz as it learned of breach
Podcasts
May 19, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 4/21/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Former Disney employee who hacked Disney World restaurant menus in revenge sentenced to 3 years in federal prison

This case highlights a serious insider threat incident with significant potential consequences. Michael Scheuer, a former Disney World employee, conducted a series of cyberattacks against his former employer, demonstrating a disturbing level of knowledge about the company’s systems. His actions went beyond mere vandalism, as he manipulated allergen information on restaurant menus, creating a dangerous situation that could have resulted in severe harm or even death for customers with allergies. This element of the attack underscores the malicious intent and the potential for real-world harm that can arise from disgruntled employees with system access.

The incident also reveals the complexity and scope of modern cyberattacks. Scheuer’s actions included manipulating menu information, altering wine region details to reference mass shooting locations, and launching denial-of-service attacks. This multi-faceted approach demonstrates the potential for a single individual to disrupt operations, spread misinformation, and target individuals within an organization. The FBI’s involvement and the subsequent prosecution emphasize the severity of these crimes and the importance of robust cybersecurity measures to protect against both external and internal threats.

Ultimately, this case serves as a stark reminder of the importance of robust cybersecurity practices, including access control, monitoring, and incident response. The fact that Scheuer had the knowledge and access to carry out these attacks highlights the need for organizations to carefully manage employee access to sensitive systems, especially during and after termination. The potential for significant financial damage (as indicated by the restitution order) and the severe criminal penalties underscore the legal and financial ramifications of such cybercrimes.

Projects
- TryHackMe – Networking Secure Protocols – Complete
- TryHackMe – Tcpdump: The Basics – In Progress
Whitepapers
- 2025 Verizon DBIR – Read my breakdown here.
- The Sophos Annual Threat Report: Cybercrime on Main Street 2025
Videos

Articles
- China Names and Shames US Hackers, Calls Out 3 Alleged NSA Agents – Police in the Chinese city of Harbin say three NSA operatives disrupted the 2025 Asian Winter Games and hacked Huawei.
- Crosswalks hacked to play fake audio of Musk, Zuck, and Jeff Bezos – “Stop, look, and listen” is the standard advice we should allow follow when crossing the road – but pedestrians in some parts are finding that they cannot believe their ears – after a hacker compromised crosswalks to play deepfake audio mocking tech bosses Elon Musk, Mark Zuckerberg, and Jeff Bezos.
- DeepSeek Breach Opens Floodgates to Dark Web – The incident should serve as a critical wake-up call. The stakes are simply too high to treat AI security as an afterthought — especially when the Dark Web stands ready to capitalize on every vulnerability.
- Blue Shield of California leaked health data of 4.7 million members to Google – Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google’s analytics and advertisement platforms.
- FBI: US lost record $16.6 billion to cybercrime in 2024 – The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year.
- Cyberattack Knocks Texas City’s Systems Offline – The city of Abilene, Texas, is scrambling to restore systems that have been taken offline in response to a cyberattack.
- SK Telecom reveals cyberattack, customer USIM data stolen could be used in attacks – Scope and scale of SK Telecom attack still being investigated
- Verizon discovers spike in ransomware and exploited vulnerabilities – Verizon’s 2025 Data Breach Investigations Report noted a 37% increase in ransomware attacks and a 34% increase in exploited vulnerabilities.
- Former Disney employee who hacked Disney World restaurant menus in revenge sentenced to 3 years in federal prison – When a former Disney World employee was accused of changing the menus at Disney World restaurants, it made headlines. And in January, when he admitted to changing the menus — including information about allergy information that could have created serious health risks for diners — that also made headlines. Now Michael Scheuer, who faced 10 years in prison for fraud and an additional subsequent two years in prison for aggravated identity theft, has been sentenced.
Podcasts
April 28, 2025