Malware is everywhere, even inside of other malware. One tool advertising itself as an advanced remote access trojan ended up being much more, a backdoor infecting novice hackers. This was not just a one off, however, and lead to the discovery of a massive backdoored malware campaign infecting other hackers and gaming cheaters. Sources: https://pas…

Using an MSP can be handy for getting your IT set up or managing technical support without hiring a lot of full time staff, but there are risks that can come with outsourcing your IT to a third party. One MSP was compromised, leading to many customers having ransomware headaches. Sources: https://pastebin.com/hLKSqRaS…

Piracy and accidentally getting malware go hand in hand for many, and though the days of Limewire viruses on your Linkin Park albums are mostly over, modern problems require modern solutions so attackers have moved to modern platforms to spread malware to those not interested in paying for software. Sources: https://pastebin.com/i7yriZXy…

Coinbase is one of the largest crypto exchanges, but when corrupt employees are compromised into handing over data to scammers, a series of social engineering attacks took place. The scammers demanded a ransom, but Coinbase fired back. Sources: https://pastebin.com/dTZR6hKwBy Chloe Thonus

Pearson is an education giant, providing learning tools and standardized assessments across many fields, schools, and organizations. Recently they were breached by what was likely a series of relatively minor mistakes. Sources: https://pastebin.com/YemUE0XiBy Chloe Thonus

This is one of the craziest stories I've ever covered in my 3 years of this podcast, and hearing both sides somehow makes the situation even less clear. Cybersecurity firm CEO Jeff Bowie accessed hospital computers and wrote malicious scripts on them intended to steal data. But why? Sources: https://pastebin.com/qqLMem11…

NFC has allowed for payments to be easier than ever, but it was only a matter of time before this method was exploited by threat actors. A bold, new real time malware that leverages NFC has been making rounds. Sources: https://pastebin.com/QgquMLj8By Chloe Thonus

The CVE program is essential for tracking vulnerabilities all across the technology industry, but what happens when funding is cut? Let's talk about what's been going on with the CVE program. Sources: https://pastebin.com/QPVXe6kDBy Chloe Thonus

You're always told to never plug in a random flash drive because it may have malware on it, but is that really a thing? The answer is yes, and it can potentially compromise a military mission. Sources: https://pastebin.com/LURNpcH5By Chloe Thonus

Tax season is a stressful time for many in the US, and this creates the perfect opportunity for a number of scams against virtually anyone living in the US. Be aware of fake documents, fake filing services, and unusual emails. Sources: https://pastebin.com/zJQGMndkBy Chloe Thonus

A hacker claimed to have stolen 6 million lines of data from Oracle, which Oracle swiftly denied. However when security firms received data samples and showed them to customers, the data was confirmed to be real. Sources: https://pastebin.com/6WnaeYZsBy Chloe Thonus

Google, though a tech giant, has lagged behind Amazon and Microsoft when it comes to cloud computing, but this bold new acquisition could bridge that gap... or introduce legal troubles. Sources: https://pastebin.com/004Wu6hvBy Chloe Thonus

Elon Musk has become a controversial political figure, leaving little surprise that one of his projects, the X platform, became a target for a hacktivist group, leaving the major social media platform down from a DDoS attack. Sources: https://pastebin.com/Pa6b0nrmBy Chloe Thonus

Ransomware groups sometimes run into issues, like being blocked by security tools, and often have to pivot. Some techniques are less conventional than others, but are just as destructive. Here's how a webcam led to ransomware being deployed org wide. Sources: https://pastebin.com/FHxVYgBgBy Chloe Thonus

Building access management is an important part of physical security that has only become more intelligent. However, with all the data on these systems that exist on employees it is important that they are properly secured. Recently, 49,000 systems were found unsecured on the open internet with data viewable, and sometimes modifiable. Sources: http…

Government contractors are expected to follow certain compliance policies, so what happens when a company lies about compliance? Hefty fines tend to follow. Sources: https://pastebin.com/vJPEikD9By Chloe Thonus

SWATting is a dangerous crime that involves making extreme police reports against people to illicit a response from the SWAT team. This has resulted in innocent people being killed or injured. One teen turned making these reports into a business and was recently sentenced to 4 years in prison for it. Learn about his crimes and methodology today. So…

Recently a new crypto stealing malware was found in apps on both the Google Play, and the famously restrictive Apple App Store, but it seems not to be its own app, but rather something inserted into existing apps at a later time to steal passphrases for crypto wallets from images on devices. Sources: https://pastebin.com/fHgDP4fg…

Recently a brand new generative AI model came out of nowhere and blew up overnight. There are a lot of controversies and concerns surrounding this model, providing more efficient AI but also bringing a lot of data sensitivity risks and topics of government censorship to the forefront. Sources: https://pastebin.com/WRGERYCE…

Pwn2Own by TrendMicro's Zero Day Initiative is a hacking contest where people try to hack "up to date" products to discover zero day vulnerabilities in them and win cash prizes for doing so. The automotive version of this contest not only involved cars themselves, but chargers for electric vehicles. Sources: https://pastebin.com/4siwYEYK…

Job offer scams are sadly rather common, but most of the time it's a waste of time or an identity theft scam rather than a scam that installs unauthorized crypto miners on your devices. A new scam email impersonating Crowdstrike that is targeting developers does just that. Sources: https://pastebin.com/Lpg673yh…

The US Department of Treasury was targeted in a suspected state-sponsored hack. No ransomware was deployed, though the threat actors compromised machines remotely, linked to a BeyondTrust data breach and accessed many unclassified documents. Sources: https://pastebin.com/rUi3WdxgBy Chloe Thonus

Deepfakes and AI image and video generation have become nearly indistinguishable from real people to the naked eye. This creates a problem when it comes to identity verification that involves previously very difficult to fake Face ID systems. Recently a deep web identity fraud database was being build was scraped data and images with the intention …

The healthcare industry remains one of the top targeted by hackers, and even the biggest healthcare organizations are not safe. Sources: https://pastebin.com/UgauFXsLBy Chloe Thonus

In 1999 one of the most infamous viruses was released on the world, slowing down email systems and causing chaos in the corporate world and among personal computer users. Sources: https://pastebin.com/FgE9ETKkBy Chloe Thonus

Telecom providers across many countries have been compromised by an APT, which means your text messages may be vulnerable if you text people with different phones, due to insecurities in text message protocols. Fortunately there's some solutions. Sources: https://pastebin.com/pMnEP6LjBy Chloe Thonus

Game engines are used to help developers create games we love, but where code can be written, malware can be written, and one group has figured out a way to exploit the Godot game engine to discreetly package malware that often goes undetected. Sources: https://pastebin.com/5b3LcJpWBy Chloe Thonus

A hacking group boasted about breaching car manufacturer Ford's network and stealing data on 44,000 customers, selling it for 2 dollars on hacking forums for everyone to enjoy. The only problem? That data isn't exactly what they claimed. Sources: https://pastebin.com/d7r88Q7mBy Chloe Thonus

Simple misconfiguration can often lead to disaster, and sometimes that disaster is a threat actor sneakily taking over your trusted website and using it to host malware, send phishing emails, or control botnets. Here's a surprisingly easily exploited DNS oversight that has allowed threat actors to take over 70,000 websites. Sources: https://pastebi…

Ransomware groups typically request payments in the form of crypto, but newcomers Hellcat wanted to get this bread in a more literal sense. So why bread? There may be a more realistic reason than you'd think... Sources: https://pastebin.com/kAkdLJD5By Chloe Thonus

There's all sorts of online shopping scams, but one of the newest ones discovered exploits legitimate eshops by creating fake product listings on other people's websites and redirecting shoppers to an attacker-controlled page that will steal credit card data. Sources: https://pastebin.com/VS9XFHRFBy Chloe Thonus

The Flipper Zero is a notorious hacking tool used to wreak havoc on traffic lights, banks, locks, and cars. Or is it? What can the Flipper actually do, and is it really as dangerous as it seems on Tik Tok? Sources: https://pastebin.com/cnJyQkXCBy Chloe Thonus

A couple months ago security education company KnowBe4 accidentally hired a North Korean threat actor who tried to install malware on their machine. Turns out this may not be as uncommon as you'd think. Recently a network of North Korean threat actors applying for jobs, and US citizens helping them, has been uncovered. Sources: https://pastebin.com…

The Internet Archive is a website vital in the preservation of digital information, and recently it was attacked on two separate occasions. Here's what went down. Sources: https://pastebin.com/nbhNFAv5By Chloe Thonus

Ever receive a weird wrong number text or match with someone on a dating site who starts talking about crypto? It may be part of a long term scam meant to drain you of as much money as you're willing to part with to make a big investment. Once it seems too good to be true and you go to withdraw your earnings, suddenly you realize you've lost it all…

Cars are just big computers now, and that means they are vulnerable to exploits that could allow a concerning amount of control over them. Security researchers discovered a vulnerability in the Kia dealer portal that could allow a hacker remote control over millions of cars made after 2013. Sources: https://pastebin.com/tsJGg8jq…

The Tor network allows for anonymous connections to unindexed search engines, including to online criminal services. Recently though, German authorities claimed to have de-anonymized a user using Tor and made an arrest. Has Tor finally been cracked, or is this a scare tactic to instill fear in threat actors? Sources: https://pastebin.com/Hfrrbdag…

YubiKeys are physical authentication devices that have a lot of flexibility and are compatible with just about every service, but as it turns out if you know a lot about math and electronics you can uncover the private keys and clone the device! Sources: https://pastebin.com/WacbUmA1By Chloe Thonus

The city of Columbus, Ohio had a data breach occur in July. According to the mayor, the information leaked was nothing important to hackers. A security researcher proved that this was not the case, that the data was incredibly sensitive. In response, the city sued him. Sources: https://pastebin.com/C632hthD…

Using native Windows tools rather than custom malware is becoming a better technique of pulling off attacks while remaining under the radar. Qilin was caught doing just this to steal credentials right from the Chrome web browser. Sources: https://pastebin.com/Ccvhs7PdBy Chloe Thonus

Antimalware solutions like EDR are meant to keep a careful watch on our systems to ensure they are protected from even sneaky threats. But what happens when malware can take out an EDR solution before it is spotted? Sources: https://pastebin.com/6uRVy4YdBy Chloe Thonus

Often times we can reduce our risk to cyber crime by being careful about the websites we sign up for, but what if someone has our data that we never consented to giving them and ends up being breached? Just that happened, with a company you've probably never heard of. Sources: https://pastebin.com/Yms285F5…

Ransomware threat actors are one of the biggest modern threats, and things will only ramp up when threat actors see just how much an organization is willing to pay to have their data back. Recently it was uncovered that a covert ransomware group quietly received the largest payout ever recorded in ransomware history. Sources: https://pastebin.com/u…

KnowBe4 has employed hacker Kevin Mitnick as a spokesperson in their security training materials. But what happens when you employ a hacker by accident and they immediately try loading malware on the company provided laptop? Sources: https://pastebin.com/XrMa4bsSBy Chloe Thonus

The biggest IT outage across the world just happened. Planes were grounded, hospitals and 911 dispatch centers were down, people couldn't turn their computers on, all on a massive global scale never seen before. So what is CrowdStrike, and how did this happen? Sources: https://pastebin.com/vxfyMcd4By Chloe Thonus

Ticketmaster, AT&T, Neiman Marcus, Advanced Auto Parts. These organizations may not seem like they have anything in common, but they all were customers of Snowflake that had a data breach within the past couple months. With conflicting reports from Snowflake, the victims, the threat actors, and different security firms, who is really at fault here?…

Authy is an app that allows for multifactor authentication, recently the phone numbers of 33 million Authy customers were leaked due to an unsecured API, which could lead to attacks on those users. Sources: https://pastebin.com/qLsuL1QbBy Chloe Thonus

After Lockbit was taken down in a multinational effort, they appear to still be a major threat after hacking the US Federal Reserve. Or did they? And why lie about such a major attack? Sources: https://pastebin.com/y8aYFSZvBy Chloe Thonus

Geopolitical tensions are a major factor in cyber crime as our lives become more and more online, due to concerns about Kaspersky antivirus being based in Russia, the US government has banned sales of the product, any new business agreements with Kaspersky and US orgs, and has barred them from sending software updates to Kaspersky AV users. But why…

Have you ever wondered what the first malware ever was? It was more like an experiment rather than a malicious tool of destruction that malware has become today. Although Creeper didn't do much damage it's interesting to reflect on how far malware has come. Sources: https://pastebin.com/68f9yTu1By Chloe Thonus