Tag: supply chain

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 11/3/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Hackers use RMM tools to breach freighters and steal cargo shipments

This sophisticated cybercrime campaign highlights a dangerous evolution in cargo theft, where digital compromise leads directly to the theft of physical goods. Threat actors are targeting the weakest links in the supply chain—specifically freight brokers and trucking carriers by deploying legitimate Remote Monitoring and Management (RMM) tools like ScreenConnect and SimpleHelp. The attack typically begins with social engineering, often involving the use of compromised accounts on online load boards to post fraudulent shipments. When a legitimate carrier responds, they are tricked into clicking a malicious link (often delivered via a hijacked email thread), which installs the RMM tool. This technique is highly effective because it leverages trusted software, allowing the attacker to establish a persistent, low-profile foothold on the victim’s network without immediately triggering suspicion or anti-virus alerts.

Once the RMM tool is installed, the cybercriminals gain complete remote control over the victim’s system. They use this access to conduct network reconnaissance and deploy credential harvesting tools, enabling them to steal logins for essential freight management systems. With this insider access, the hackers can modify or delete existing booking emails, block dispatcher notifications, and effectively impersonate the carrier. This allows them to successfully bid on real, high-value cargo loads (such as electronics or food and beverage items) and coordinate the theft, rerouting the physical shipment for illicit resale. The successful execution of this scheme suggests a strong collaboration between technical cybercrime groups and traditional organized crime that handles the physical interception and distribution of the stolen goods.

To defend against this potent threat, organizations in the logistics and transportation sectors must tighten controls over widely used software. A key preventative measure is to restrict the installation of all unapproved RMM tools, ensuring only IT-vetted and confirmed applications are allowed on company endpoints. Furthermore, technical defenses should include robust network monitoring to detect unexpected connections to RMM servers and the implementation of email gateway rules to block common malicious file types, such as .EXE and .MSI executables, from unsolicited external senders. Finally, security awareness training is crucial, as the initial point of compromise relies heavily on social engineering and exploiting the trust inherent in urgent freight negotiations.

Projects
- TryHackMe – CyberChef: The Basics – Complete
- TryHackMe – CAPA: The Basics – In Progress
Videos

Articles
- Hackers use RMM tools to breach freighters and steal cargo shipments – Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal physical goods.
- ‘We got hacked’ emails threaten to leak University of Pennsylvania data – The University of Pennsylvania suffered a cybersecurity incident on Friday, where students and alumni received a series of offensive emails from various University email addresses, claiming that data was stolen in a breach.
- EY exposes 4TB+ SQL database to open internet for who knows how long – The Big Four biz’s big fat fail exposed a boatload of secrets online
- A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces – The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025.
- U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud – The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea’s global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud.
- Amazon Equips Next Underwater Cable With ‘Robust Armoring’ to Prevent Cuts – The AWS ‘Fastnet’ cable will run from Maryland to Ireland, transporting over 320Tbps. Amid growing cable sabotage, however, ‘we’re burying this cable as deeply as possible,’ Amazon says.
- SonicWall says state-sponsored hackers behind security breach in September – SonicWall’s investigation into the September security breach that exposed customers’ firewall configuration backup files concludes that state-sponsored hackers were behind the attack.
- Hyundai AutoEver America data breach exposes SSNs, drivers licenses – Hyundai AutoEver America is notifying individuals that hackers breached the company’s IT environment and gained access to personal information.
- How a ransomware gang encrypted Nevada government’s systems – The State of Nevada has published an after-action report detailing how hackers breached its systems to deploy ransomware in August, and the actions taken to recover from the attack.
- 18 Arrested in Crackdown on Credit Card Fraud Rings – Between 2016 and 2021, the suspects defrauded 4.3 million cardholders in 193 countries of €300 million (~$346 million).
- ClickFix Attacks Against macOS Users Evolving – ClickFix prompts typically contain instructions for Windows users, but now they are tailored for macOS and they are getting increasingly convincing.
- Norway transport firm steps up controls after tests show Chinese-made buses can be halted remotely – A leading Norwegian public transport operator has said it will introduce stricter security requirements and step up anti-hacking measures after a test on new Chinese-made electric buses showed the manufacturer could remotely turn them off.
- U.S. Congressional Budget Office hit by suspected foreign cyberattack – The U.S. Congressional Budget Office (CBO) confirms it suffered a cybersecurity incident after a suspected foreign hacker breached its network, potentially exposing sensitive data.
- Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp – A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.
Podcasts
November 10, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/12/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Broadcom employee data stolen by ransomware crooks following hit on payroll provider

This serves as a reminder of the risks inherent in supply chains, particularly concerning sensitive data like payroll information. The fact that a ransomware attack on Business Systems House (BSH), a Middle Eastern partner of ADP, led to the theft of Broadcom employee data highlights the vulnerabilities that can exist even when an organization outsources critical functions. The timeline is particularly noteworthy: the initial ransomware attack occurred in September 2024, BSH/ADP became aware of data exfiltration in December 2024, yet Broadcom wasn’t informed until May 2025. This significant delay underscores the challenges in incident detection, investigation, and notification across multiple entities, leaving affected individuals in the dark for an extended period and hindering their ability to take timely protective measures. The article also subtly emphasizes the importance of vendor security assessments and the need for robust contractual agreements outlining breach notification timelines and responsibilities.

The attribution of the attack to the El Dorado ransomware group, with potential links to the BlackLock group, adds another layer of complexity and intrigue for threat intelligence followers. The rapid emergence and rebranding (or suspected rebranding) of ransomware groups are common tactics to evade law enforcement and maintain operational continuity. The report of infostealer data compromising employee accounts and potentially leading to wider third-party breaches through stolen credentials further illustrates the multi-faceted nature of modern ransomware attacks. The mention of Hudson Rock’s findings regarding compromised accounts and the potential impact on 35 additional companies underscores the lateral movement capabilities that attackers often exploit after initial access. This emphasizes the need for organizations to not only secure their own perimeters but also to implement strong internal segmentation and monitoring to limit the blast radius of any potential compromise originating from a third-party incident.

Finally, the types of data potentially stolen – including national IDs, financial account numbers, salary details, and home addresses – represent a high-value target for cybercriminals and pose significant risks to the affected Broadcom employees. The advice given by Broadcom to enable multi-factor authentication and monitor financial records is standard but crucial in the aftermath of such a breach. ADP’s attempt to distance itself by emphasizing that their own systems were not compromised and that only a “small subset” of clients were affected highlights the reputational damage and legal liabilities that can arise from third-party breaches. The case also underscores the complexities of the double extortion model, where data is both encrypted and exfiltrated, leaving victims with little incentive to pay a ransom if the attackers have already demonstrated a willingness to publish stolen information. For cybersecurity professionals, this incident serves as a valuable case study in understanding supply chain risks, incident response challenges, and the evolving tactics of ransomware actors.

Projects
- TryHackMe – Cryptography Basics – In Progress
Articles
- Google will pay a $1.375 billion settlement to Texas over privacy violations – Texas had filed two lawsuits against Google for how it handled users’ geolocation, incognito search, and biometric data.
- FBI warns that end of life devices are being actively targeted by threat actors – Cybercriminals install malware on compromised devices, set up a botnet, and sell proxy services or launch coordinated attacks.
- Education giant Pearson hit by cyberattack exposing customer data – Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned.
- Ukraine arrests two over alleged Hungarian spy plot – Ukraine says it has uncovered a spy network being run by the Hungarian state to obtain intelligence about its defences near their shared border.
- Russian spy ring leader jailed in UK for nearly 11 years – One of their operations was a plan to intercept mobile phone signals at Patch barracks, a U.S. base near Stuttgart where Ukrainian troops were believed to be training to use surface-to-air Patriot missiles
- Government webmail hacked via XSS bugs in global spy campaign – Hackers are running a worldwide cyberespionage campaign dubbed ‘RoundPress,’ leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations.
- FBI: US officials targeted in voice deepfake attacks since April – The FBI warned that cybercriminals using AI-generated audio deepfakes to target U.S. officials in voice phishing attacks that started in April.
- Cybersecurity firm Proofpoint to buy European rival for over $1 billion as it eyes IPO – Cybersecurity firm Proofpoint is acquiring European rival Hornetsecurity for north of $1 billion to strengthen its European presence as it explores a return to public markets.
- Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data – Coinbase said a group of rogue contractors were bribed to pull customer data from internal systems, leading to a $20 million ransom demand.
- Details on 89M Steam Accounts Leaked, Valve Says Systems Not Breached – Valve says the leak features phone numbers that previously received a one-time passcode, but they’re not associated with a Steam account, password, or other personal data.
- Broadcom employee data stolen by ransomware crooks following hit on payroll provider – Tech giant was in process of dropping payroll biz as it learned of breach
Podcasts
May 19, 2025

Tag: supply chain

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 11/3/25

Featured Analysis

Projects

Videos

Articles

Podcasts

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/12/25

Featured Analysis

Projects

Articles

Podcasts