Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Projects

• TryHackMe – Networking Essentials – In Progress

Videos

Articles

• ClickFix Attack Compromises 100+ Car Dealership Sites – The ClickFix attack tactic seems to be gaining traction among threat actors.
• Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
• Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying – An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there’s no sign of a fix from Microsoft, which apparently considers this a low priority.
• 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft – ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands.
• Capital One hacker Paige Thompson got too light a sentence, appeals court rules – Two of the three judges said five years’ probation and time served didn’t match the severity of the crime, among other reasons for overturning the sentence.
• Pennsylvania State Education Association data breach impacts 500,000 individuals – A data breach at the Pennsylvania State Education Association exposed the personal information of over 500,000 individuals.
• Dept of Defense engineer took home top-secret docs, booked a fishing trip to Mexico – then the FBI showed up

Podcasts

• Smashing Security 408: A gag order backfires, and a snail mail ransom demand – ‘Only’ a local access bug but important part of N Korea, Russia, and China attack picture