After infiltrating a prolific ransomware gang, the FBI seized their website and decrypted data for hundreds of companies for free! But instead of going out peacefully, ALPHV may be out with a vengeance. Sources: https://pastebin.com/VgL3MRii

Typically the cybercrime gangs we see launch major ransomware attacks, holding even the biggest companies hostage. However, there are also groups that provide fake accounts and services to those attackers to make their attacks quicker and easier. One of them, Storm-1152 was shut down by Microsoft and Arkose labs. Listen all about it today! Sources: https://pastebin.com/BeJEAybk

Bluetooth is a wireless protocol we all know and love that has freed us from headphone wires getting caught on anything. But recently an old flaw in Bluetooth was discovered that allows hackers to trick your phone into thinking a Bluetooth keyboard is connected, allowing a lot of access.   Sources: https://pastebin.com/z9pZxPVd

Smart devices are making their ways into homes without people understanding how to properly secure them. This it self is dangerous, but smart devices also exist in critical infrastructure, and may be similarly poorly secured. A compromise of these systems could be deadly, it is fortunate this one was not. Sources: https://pastebin.com/r3YqNc7x

Buying electronics is something we may not give a second thought about, especially with companies like Amazon making it convenient. Buying used electronics to get a good deal is also not unusual for some. But sometimes you end up unlucky and have a keyboard that tries to steal your own password from under your fingertips.

Ransomware is already a major threat for many organizations without bringing regulators into it. The ALPHV ransomware group reported its own victims to the SEC for failure to disclose a data breach that they caused, sending a rather unusual warning for the future. Sources: https://pastebin.com/53izNKFg

Plastic surgery is already a taboo subject, so hackers targeted Hankins and Sohn with hopes that the leverage of personal medical information would lead to a major payout. The hackers did not get what they had hoped for, and moved on to extorting victims. When that ended up fruitless, sensitive images and information were posted online and sent to friends and neighbors. Sources: https://pastebin.com/5wHSuFhn

Victims of cyberattacks are sometimes sued by customers when there is a breach of personal data, but very few have the United States government as a customer and very few data breaches involve Russian espionage. SolarWinds allegedly misled customers about security practices, and may be paying a hefty price for it.   Sources: https://pastebin.com/E57vhzMx

One of the earliest examples of malware was an experiment that simply got way too out of control and ended up leading to the first conviction under the Computer Fraud and Abuse Act. This is the history of the Morris Worm.   Sources: https://pastebin.com/CE04Zqqu

Ransomware gangs are a major threat to all organizations big or small, and rarely do we see them lose due to the situations they put people in. Last week, however, a major emerging threat was satisfyingly stomped out by a hacktivist group.   Sources: https://pastebin.com/TtpWPZ8w

When developers of curl announced a cycle cut short to fix a high severity vulnerability, administrators panicked. Although still bad, the vulnerability ended up only executable under pretty specific circumstances.   Sources: https://pastebin.com/90uQ94Xd

Ransomware can be handled in two different ways: Paying, or not paying. It's controversial which option is best. Two casinos had a ransomware incident and once paid while the other did not, let's compare. Sources: https://pastebin.com/t5uRyMWb

What was thought to be a Chrome bug turned out to be a much larger and much more serious vulnerability in a library used to render webp images that could allow code to be remotely executed on target systems.   Sources: https://pastebin.com/wD1tNxYH

Hackers are constantly innovating and trying new things to break into systems, last week a new attacker was discovered that is writing malware in a rarely seen programming language using an even stranger compiler. Sources: https://pastebin.com/XNFmxJmS

The MGM hack has been all over the news, but how did hackers compromise gambling machines, room keys, and even parking gates? It may have taken just one call. Sources: https://pastebin.com/AegCRD3z

You may have heard of a government email compromise suspected to be from China-based threat actors, but this week a series of unfortunate events revealed exactly how this attack unfolded. Sources: https://pastebin.com/Bxn7iQ5W

Forever 21 is a popular clothing brand for young adults, but recently it was also a popular target for a hacking group that infiltrated at least twice and stole sensitive data on employees.   Sources: https://pastebin.com/W8C2R3hF

Canva is a graphic design app that makes it easy to make your own logos, including my podcast logo! However, they've also been the topic of a large data breach in 2019. Here's what happened.   Sources: https://pastebin.com/XFNEqE7B

LinkedIn is a professional networking and job hunting website used by professionals in all fields, with verification including corporate email information it's hard to impersonate people in a way that is realistic. That is why hacking existing accounts has become so lucrative, and a huge campaign in going on involving just that. Sources: https://pastebin.com/eYeahiEX

CPUs have been getting faster and more powerful with every generation, but some shortcuts that improve speed have also proven to be security flaws. Three new CPU attacks were recently discovered, although they're tough to pull off.   Sources: https://pastebin.com/jbcZKGnG

Shellshock was a software bug in 2014 that affected Bash, a command shell and language used on nearly all Linux and Unix systems, and allowed for the complete takeover of thousands of machines. Sources: https://pastebin.com/WeTxTcHT

Ransomware is a growing problem that puts many organizations in a tough position, opinions vary on whether a ransom should be paid or not. This is the story of one school that paid to up prevent a huge data leak. Sources: https://pastebin.com/WFgbZbp1

The most famous hacker in the world, Kevin Mitnick, passed away last week, July 16th 2023. This is a brief retelling of why he was just so infamous.   Sources: https://pastebin.com/jq75Wrsk

AO3 was recently DDoSed and taken offline by a hacktivist extremist Sudanese group... or at least it seems by the name, but further investigation suggests a different origin.   Sources: https://pastebin.com/QqLpKF6j

Mastodon is a decentralized social media platform that allows users to join servers suited to their interests and desires. However, in a recent pen test multiple vulnerabilities were revealed that could be detrimental to unpatched instances. Sources: https://pastebin.com/JwGYH4Xs