Bite Sized Cyber Crime

Using an MSP can be handy for getting your IT set up or managing technical support without hiring a lot of full time staff, but there are risks that can come with outsourcing your IT to a third party. One MSP was compromised, leading to many customers having ransomware headaches. Sources: https://pastebin.com/hLKSqRaS

Piracy and accidentally getting malware go hand in hand for many, and though the days of Limewire viruses on your Linkin Park albums are mostly over, modern problems require modern solutions so attackers have moved to modern platforms to spread malware to those not interested in paying for software. Sources: https://pastebin.com/i7yriZXy

Coinbase is one of the largest crypto exchanges, but when corrupt employees are compromised into handing over data to scammers, a series of social engineering attacks took place. The scammers demanded a ransom, but Coinbase fired back. Sources: https://pastebin.com/dTZR6hKw

Pearson is an education giant, providing learning tools and standardized assessments across many fields, schools, and organizations. Recently they were breached by what was likely a series of relatively minor mistakes. Sources: https://pastebin.com/YemUE0Xi

This is one of the craziest stories I've ever covered in my 3 years of this podcast, and hearing both sides somehow makes the situation even less clear. Cybersecurity firm CEO Jeff Bowie accessed hospital computers and wrote malicious scripts on them intended to steal data. But why? Sources: https://pastebin.com/qqLMem11

NFC has allowed for payments to be easier than ever, but it was only a matter of time before this method was exploited by threat actors. A bold, new real time malware that leverages NFC has been making rounds. Sources: https://pastebin.com/QgquMLj8

The CVE program is essential for tracking vulnerabilities all across the technology industry, but what happens when funding is cut? Let's talk about what's been going on with the CVE program. Sources: https://pastebin.com/QPVXe6kD

You're always told to never plug in a random flash drive because it may have malware on it, but is that really a thing? The answer is yes, and it can potentially compromise a military mission. Sources: https://pastebin.com/LURNpcH5

Tax season is a stressful time for many in the US, and this creates the perfect opportunity for a number of scams against virtually anyone living in the US. Be aware of fake documents, fake filing services, and unusual emails. Sources: https://pastebin.com/zJQGMndk

A hacker claimed to have stolen 6 million lines of data from Oracle, which Oracle swiftly denied. However when security firms received data samples and showed them to customers, the data was confirmed to be real. Sources: https://pastebin.com/6WnaeYZs

Google, though a tech giant, has lagged behind Amazon and Microsoft when it comes to cloud computing, but this bold new acquisition could bridge that gap... or introduce legal troubles. Sources: https://pastebin.com/004Wu6hv

Elon Musk has become a controversial political figure, leaving little surprise that one of his projects, the X platform, became a target for a hacktivist group, leaving the major social media platform down from a DDoS attack. Sources: https://pastebin.com/Pa6b0nrm

Ransomware groups sometimes run into issues, like being blocked by security tools, and often have to pivot. Some techniques are less conventional than others, but are just as destructive. Here's how a webcam led to ransomware being deployed org wide. Sources: https://pastebin.com/FHxVYgBg

Building access management is an important part of physical security that has only become more intelligent. However, with all the data on these systems that exist on employees it is important that they are properly secured. Recently, 49,000 systems were found unsecured on the open internet with data viewable, and sometimes modifiable. Sources: https://pastebin.com/8feGBvEu

Government contractors are expected to follow certain compliance policies, so what happens when a company lies about compliance? Hefty fines tend to follow. Sources: https://pastebin.com/vJPEikD9

SWATting is a dangerous crime that involves making extreme police reports against people to illicit a response from the SWAT team. This has resulted in innocent people being killed or injured. One teen turned making these reports into a business and was recently sentenced to 4 years in prison for it. Learn about his crimes and methodology today. Sources: https://pastebin.com/ET9xMi85

Recently a new crypto stealing malware was found in apps on both the Google Play, and the famously restrictive Apple App Store, but it seems not to be its own app, but rather something inserted into existing apps at a later time to steal passphrases for crypto wallets from images on devices. Sources: https://pastebin.com/fHgDP4fg

Recently a brand new generative AI model came out of nowhere and blew up overnight. There are a lot of controversies and concerns surrounding this model, providing more efficient AI but also bringing a lot of data sensitivity risks and topics of government censorship to the forefront. Sources: https://pastebin.com/WRGERYCE

Pwn2Own by TrendMicro's Zero Day Initiative is a hacking contest where people try to hack "up to date" products to discover zero day vulnerabilities in them and win cash prizes for doing so. The automotive version of this contest not only involved cars themselves, but chargers for electric vehicles. Sources: https://pastebin.com/4siwYEYK

Job offer scams are sadly rather common, but most of the time it's a waste of time or an identity theft scam rather than a scam that installs unauthorized crypto miners on your devices. A new scam email impersonating Crowdstrike that is targeting developers does just that. Sources: https://pastebin.com/Lpg673yh

The US Department of Treasury was targeted in a suspected state-sponsored hack. No ransomware was deployed, though the threat actors compromised machines remotely, linked to a BeyondTrust data breach and accessed many unclassified documents. Sources: https://pastebin.com/rUi3Wdxg

Deepfakes and AI image and video generation have become nearly indistinguishable from real people to the naked eye. This creates a problem when it comes to identity verification that involves previously very difficult to fake Face ID systems. Recently a deep web identity fraud database was being build was scraped data and images with the intention to target financial accounts. Sources: https://pastebin.com/X7acHzs9

The healthcare industry remains one of the top targeted by hackers, and even the biggest healthcare organizations are not safe. Sources: https://pastebin.com/UgauFXsL

In 1999 one of the most infamous viruses was released on the world, slowing down email systems and causing chaos in the corporate world and among personal computer users. Sources: https://pastebin.com/FgE9ETKk

Telecom providers across many countries have been compromised by an APT, which means your text messages may be vulnerable if you text people with different phones, due to insecurities in text message protocols. Fortunately there's some solutions. Sources: https://pastebin.com/pMnEP6Lj

Game engines are used to help developers create games we love, but where code can be written, malware can be written, and one group has figured out a way to exploit the Godot game engine to discreetly package malware that often goes undetected. Sources: https://pastebin.com/5b3LcJpW

A hacking group boasted about breaching car manufacturer Ford's network and stealing data on 44,000 customers, selling it for 2 dollars on hacking forums for everyone to enjoy. The only problem? That data isn't exactly what they claimed. Sources: https://pastebin.com/d7r88Q7m

Simple misconfiguration can often lead to disaster, and sometimes that disaster is a threat actor sneakily taking over your trusted website and using it to host malware, send phishing emails, or control botnets. Here's a surprisingly easily exploited DNS oversight that has allowed threat actors to take over 70,000 websites. Sources: https://pastebin.com/DqXL1BRb

Ransomware groups typically request payments in the form of crypto, but newcomers Hellcat wanted to get this bread in a more literal sense. So why bread? There may be a more realistic reason than you'd think... Sources: https://pastebin.com/kAkdLJD5

There's all sorts of online shopping scams, but one of the newest ones discovered exploits legitimate eshops by creating fake product listings on other people's websites and redirecting shoppers to an attacker-controlled page that will steal credit card data. Sources: https://pastebin.com/VS9XFHRF

The Flipper Zero is a notorious hacking tool used to wreak havoc on traffic lights, banks, locks, and cars. Or is it? What can the Flipper actually do, and is it really as dangerous as it seems on Tik Tok? Sources: https://pastebin.com/cnJyQkXC

A couple months ago security education company KnowBe4 accidentally hired a North Korean threat actor who tried to install malware on their machine. Turns out this may not be as uncommon as you'd think. Recently a network of North Korean threat actors applying for jobs, and US citizens helping them, has been uncovered. Sources: https://pastebin.com/1npHD8cA

The Internet Archive is a website vital in the preservation of digital information, and recently it was attacked on two separate occasions. Here's what went down. Sources: https://pastebin.com/nbhNFAv5

Ever receive a weird wrong number text or match with someone on a dating site who starts talking about crypto? It may be part of a long term scam meant to drain you of as much money as you're willing to part with to make a big investment. Once it seems too good to be true and you go to withdraw your earnings, suddenly you realize you've lost it all.

Cars are just big computers now, and that means they are vulnerable to exploits that could allow a concerning amount of control over them. Security researchers discovered a vulnerability in the Kia dealer portal that could allow a hacker remote control over millions of cars made after 2013. Sources: https://pastebin.com/tsJGg8jq

The Tor network allows for anonymous connections to unindexed search engines, including to online criminal services. Recently though, German authorities claimed to have de-anonymized a user using Tor and made an arrest. Has Tor finally been cracked, or is this a scare tactic to instill fear in threat actors? Sources: https://pastebin.com/Hfrrbdag

YubiKeys are physical authentication devices that have a lot of flexibility and are compatible with just about every service, but as it turns out if you know a lot about math and electronics you can uncover the private keys and clone the device! Sources: https://pastebin.com/WacbUmA1

The city of Columbus, Ohio had a data breach occur in July. According to the mayor, the information leaked was nothing important to hackers. A security researcher proved that this was not the case, that the data was incredibly sensitive. In response, the city sued him. Sources: https://pastebin.com/C632hthD

Using native Windows tools rather than custom malware is becoming a better technique of pulling off attacks while remaining under the radar. Qilin was caught doing just this to steal credentials right from the Chrome web browser. Sources: https://pastebin.com/Ccvhs7Pd

Antimalware solutions like EDR are meant to keep a careful watch on our systems to ensure they are protected from even sneaky threats. But what happens when malware can take out an EDR solution before it is spotted? Sources: https://pastebin.com/6uRVy4Yd

Often times we can reduce our risk to cyber crime by being careful about the websites we sign up for, but what if someone has our data that we never consented to giving them and ends up being breached? Just that happened, with a company you've probably never heard of. Sources: https://pastebin.com/Yms285F5

Ransomware threat actors are one of the biggest modern threats, and things will only ramp up when threat actors see just how much an organization is willing to pay to have their data back. Recently it was uncovered that a covert ransomware group quietly received the largest payout ever recorded in ransomware history. Sources: https://pastebin.com/uLQ9sFh0

KnowBe4 has employed hacker Kevin Mitnick as a spokesperson in their security training materials. But what happens when you employ a hacker by accident and they immediately try loading malware on the company provided laptop? Sources: https://pastebin.com/XrMa4bsS

The biggest IT outage across the world just happened. Planes were grounded, hospitals and 911 dispatch centers were down, people couldn't turn their computers on, all on a massive global scale never seen before. So what is CrowdStrike, and how did this happen? Sources: https://pastebin.com/vxfyMcd4

Ticketmaster, AT&T, Neiman Marcus, Advanced Auto Parts. These organizations may not seem like they have anything in common, but they all were customers of Snowflake that had a data breach within the past couple months. With conflicting reports from Snowflake, the victims, the threat actors, and different security firms, who is really at fault here? Sources: https://pastebin.com/E1H5rgkd

Authy is an app that allows for multifactor authentication, recently the phone numbers of 33 million Authy customers were leaked due to an unsecured API, which could lead to attacks on those users. Sources: https://pastebin.com/qLsuL1Qb

After Lockbit was taken down in a multinational effort, they appear to still be a major threat after hacking the US Federal Reserve. Or did they? And why lie about such a major attack? Sources: https://pastebin.com/y8aYFSZv

Geopolitical tensions are a major factor in cyber crime as our lives become more and more online, due to concerns about Kaspersky antivirus being based in Russia, the US government has banned sales of the product, any new business agreements with Kaspersky and US orgs, and has barred them from sending software updates to Kaspersky AV users. But why ban an antivirus product at all? Sources: https://pastebin.com/DHzqYVhB

Have you ever wondered what the first malware ever was? It was more like an experiment rather than a malicious tool of destruction that malware has become today. Although Creeper didn't do much damage it's interesting to reflect on how far malware has come. Sources: https://pastebin.com/68f9yTu1

Microsoft introduced an upcoming AI tool that is able to remember everything you did on your PC and fetch results if you need to go back in time and remember. However with this tool came a mountain of distrust and security concerns. These are the concerns and how Microsoft addressed them. Sources: https://pastebin.com/QGdtx4Np