Bite Sized Cyber Crime

Decentralized finance, when not done correctly, often lends itself to massive crypto heists that result in millions being stolen and the story of the Drift protocol which operates on the Solana blockchain is no different. Attackers didn't actually need a vulnerability in code to pull off this heist, however, just two separate people who signed off on a malicious transaction. Sources: https://pastebin.com/Q5BYYapY

FireFox has been a favorite browser among nerds for a while, especially for its privacy capabilities and it seems to be leaning into it even more by implementing a free browser based VPN for testing in its latest update with a 50GB a month data limit. Sources: https://pastebin.com/QNN9Hc7B

Stryker is a med tech giant, but they have fallen rather hard after a politically motivated ransomware attack wiped thousands of devices after stealing over 50 terabytes of data. Sources: https://pastebin.com/xJEhrhvS

Wikipedia is often used as a starting point for research, and recently it was seemingly under attack. Vandalism is common, but what is uncommon is the activation of malicious code that sat waiting on their systems for years before it was set off by an admin reviewing code. Sources: https://pastebin.com/QRYXC05C

I've noticed a concerning trend and legislation coming up in some countries that will require government ID to access certain social media websites. The issue stems from child safety, which is a worthy cause, but it will end up not only putting children at risk, but everyone else as well.

Usually data breaches happen from an attacker breaking in, but sometimes an organization inadvertently leaks their own data, PayPal did just this with the most sensitive data about small business owners and it sat on the internet for 6 months. Sources: https://pastebin.com/hxqJeJey

Outlook add ins can really improve the user experience of the application, allowing for extended capabilities. However if a developer abandons an add in project and leaves it without updates without properly removing it or discontinuing support it could lead to threat actors hijacking a trusted add in and using it to steal information. Sources: https://pastebin.com/7Kny6W8M

The Shiny Hunters failed to extort Panera in a data theft attack and leaked the data found. Thankfully the damage seems rather minimal as the information is, for the most part, not all that sensitive. Sources: https://pastebin.com/EXKcrrDL

They say never to pay a ransomware, but this one you should especially never pay because you will definitely not get anything back if you do. As it turns out vibe coding can lead to mistakes that end up with threat actors losing the keys to their own ransomware. Sources: https://pastebin.com/VuSZpJKQ

Bug bounty programs are a good way to practice your hacking skills while contributing to the greater good, but unfortunately some people want the rewards without having the skills, which have resulted in cURL being overwhelmed by completely nonsensical AI slop bug reports. Sources: https://pastebin.com/ZBdpci1U

Bluetooth is the standard these days for listening to audio but it presents some issues that wired doesn't, and I don't mean sound quality. Implementations of Bluetooth protocols can have vulnerabilities and when those hit it could mean you're being listened to. Sources: https://pastebin.com/Kq9TieQC

Instagram users saw a barrage of password reset attempts on their accounts and it seems to be related to a dataset that was just leaked to BreachForums of scraped user data. Sources: https://pastebin.com/AfMVFBDm

The holiday season is a rather expensive time of year, not just with gift buying but with scams that take advantage of the season. One thing rather unexpected however, was a Christmas Eve update that drained the wallets of some TrustWallet users. Sources: https://pastebin.com/NHqAjqzM

Most threat actors come and go with the times, not lasting more than a couple years. Prince of Persia was assumed to be one such group, but it turns out they not only returned but never left in the first place. Sources: https://pastebin.com/9yJ1fxP3

Usually ransomware targets large entities, but as always no one is truly safe online. This specific malware targets individual android users sideloading apps from illegitimate sources. Sources: https://pastebin.com/3J3uAVHt

CIS recently released an advisory warning of a stealthy backdoor that has been targeting VMWare shots and stealing data from snapshots of virtual machines. These are the details of that backdoor Sources: https://pastebin.com/ppt9V3b1

In the security world it is becoming more and more necessarily to invest in controls around AI and the web browser. This attack targets both and often leaves absolutely no trace on your end, as the attack never leaves the browser. Sources: https://pastebin.com/rz744p1b

Cloudflare had a massive outage on Tuesday morning that many suspected was some kind of big attack by nation state hackers, however it turns out to have been a lot more simple than that. A little internal error caused a domino effect that took out much of the web for several hours. Sources: https://pastebin.com/ftmYtFv7

We have our fears of AI taking over the world and killing all the humans, which we are still rather far from, however a more urgent worry is the use of AI automomous agents taking the place of hackers themselves. Once such group managed to offload 80% of the technical hacking work to Claude Code. Sources: https://pastebin.com/PzTM7dZT

Last week we discussed a weird email sent to students, staff, alumni, or basically anyone associated with the University of Pennsylvania. This week some new developments in the case occurred that could leave data at risk, but the attacker's motivations and actions seem odd. Sources: https://pastebin.com/GDKhPmrE

I learned how to generate censorship bleeps! But also a strange and vulgar email was sent out to alumni, donors, clients, staff, and current students from the University of Pennsylvania warning that a data leak was inevitable. But is there any substance? Sources: https://pastebin.com/MbJwdrYA

We've talked about North Korean threat actors being hired for jobs in order to steal data, but what about North Korean threat actors hiring people to steal data? Seems backwards, but it's been going on for years and recently teh defense sector has become a target of these attacks. Sources: https://pastebin.com/yrWK4K20

Discord is a popular chat app used by gamers, technologists, and even local communities. Recently however, it potentially had a very serious data breach involving the government identification of its users. Sources: https://pastebin.com/1QJdNW5b

In many doomsday scenarios AI become sentient and try to kill mankind, but has this already started to happen? Many sensational headlines would lead you to believe so, but the answer is a little more complicated than that... Sources: https://pastebin.com/sgjfdr8j

3 notorious hacking groups have teamed up to form one huge site threatening to extort 39 major organizations out of their Salesforce data, which was acquired through a series of phishing attacks. Though Salesforce was not actually a target themselves, they also face extortion and some reputational damage. Sources: https://pastebin.com/jNr9Qsrr

Oh how the mighty have fallen. It takes a lot for a business to survive even 5 years after an attack, let alone 158. So what could kill such a strong business that clearly has it figured out? It turns out the Achilles heel is often just a single bad password. Sources: https://pastebin.com/7M6vKycy

Spear phishing can potentially get even more realistic with the use of generative AI. Recently North Korean threat actors leveraged prompt injection to create surprisingly realistic South Korean military documents Sources: https://pastebin.com/H4qH2YuK

Supply chain attacks are one of the most devastating if done right, and one of the biggest in the history of NPM just occurred. However it was probably less fruitful than the attackers were hoping... Sources: https://pastebin.com/GfquiVgZ

Tech giants have been collecting a lot of data on us for years with the use of cookies, and though efforts have been made to reduce this they have been futile. France recently fined Google hundreds of millions for cookie consent violations, but it may only be a minor cost of business to them. Sources: https://pastebin.com/GkPf9W1c

Usually in phishing cases, you are emailed by the attackers first, but can attackers lie in wait for you to email them first? Surprisingly, yes. How is this even possible? Find out today! Sources: https://pastebin.com/4b2vsrwH

Everyone may get elaborate revenge fantasies but few follow through due to the bad outweighing the satisfaction. One man, sensing he was to be terminated soon, however, decided if he were to go he would try to take the whole company down with him. Last week he was sentenced to 4 years in prison. Sources: https://pastebin.com/Pi0YSFUt

Water and energy are both critical resources to society. In a display of fear, pro-Russia hacktivists compromised a dam in Norway remotely, demonstrating that cyberattacks can have very physical implications. Sources: https://pastebin.com/mwwrPwtR

The UK recently proposed the banning of public sector organizations from paying ransomware ransoms, in an effort to discourage cybercriminals from targeting them. How may this end up working out though? Sources: https://pastebin.com/37jGGd9X

CISA has developed many interesting and powerful tools over the year for cybersecurity, but recently they made one of malware analysis and automation open source and available for the public to use. Thorium. Let's talk about what this tool can do. Sources: https://pastebin.com/zhmAvguE

An Arizona woman was arrested for running a North Korean IT worker laptop farm out of her home, and this gave us a little look into the strange world of how these threat actors are able to infiltrate US organizations. Sources: https://pastebin.com/qvrWirYa

FIDO is the passwordless authentication set of protocols of the future, however that doesn't mean it's perfect and as cyber defenders attack, so do attackers. This novel exploit isn't a flaw within FIDO exploit but does threaten improperly implemented versions of it. Sources: https://pastebin.com/fmUZEBAM

With cars becoming just another type of computer, and having rather complicated implementations, vulnerabilities in one system are major. A recent series of vulnerabilities discovered in OpenSynergy's BlueSDK could prove dangerous. Sources: https://pastebin.com/5JHAyuAV

Ransomware negotiators may be called in to save some financial burden on organizations suffering from one of the worst cyberattacks they can. However, they seem like the natural people for ransomware groups to corrupt, and allegedly one such group did corrupt one such person. Sources: https://pastebin.com/fANnhtTj

Printers are the bane of many's existence, but they may have just gotten worse for security professionals. Rapid7 discovered 8 new vulnerabilities mostly impacting Brother branded printers, one of which cannot be patched by the vendor and leaks the admin password of the device. Sources: https://pastebin.com/vNDbrwsU

News has hit the mainstream media that all your passwords have been leaked yet again, in a massive password leak including Google, Meta, and Apple. But how much of that sensationalized story is true? Sources: https://pastebin.com/Xi1MPpFg

And it could happen to you too. On this week's episode of Bite Size Cyber Crime I detail an actual scam I fell for and emphasize that anyone can be a victim of a scam anywhere on the internet.

Malware is everywhere, even inside of other malware. One tool advertising itself as an advanced remote access trojan ended up being much more, a backdoor infecting novice hackers. This was not just a one off, however, and lead to the discovery of a massive backdoored malware campaign infecting other hackers and gaming cheaters. Sources: https://pastebin.com/C4DG6LTw