Boeing Hacked by Lockbit Gang

Boeing, a leading aerospace company, recently encountered a significant cybersecurity incident. Lockbit, a notorious cybercrime gang, claimed responsibility for this attack, highlighting the growing threat of digital crime in today's world.

In October, Lockbit announced that they had accessed a substantial amount of Boeing's sensitive data. They threatened to release this information online unless Boeing paid a ransom by November 2nd. Unfortunately, on the morning of November 10th, Lockbit published the alleged Boeing data online, which mainly included files from late October.

Boeing confirmed the cybersecurity breach in their parts and distribution sector. While they are investigating the matter alongside law enforcement and regulatory authorities, Boeing reassured that the incident does not threaten aircraft or flight safety. However, the company did not comment on whether the data included defense or other sensitive information.

This series of events highlights the importance of strong cybersecurity measures in protecting sensitive data and critical infrastructure. It also highlights the evolving tactics of cybercriminal groups and the need for constant vigilance in the digital realm.

ICBC hit by Cyberattack

Recently, the Industrial and Commercial Bank of China (ICBC), the world's largest bank by assets, faced a significant cyberattack. Ransomware is a malicious software that hackers use to block access to a computer system until a sum of money is paid. This particular attack disrupted some of the bank’s systems, affecting the trade of U.S. Treasuries.

ICBC quickly responded by isolating the impacted systems to contain the breach. Despite the disruption, ICBC managed to clear U.S. Treasury and repo financing trades shortly after the attack. They are also cooperating with law enforcement in their investigation.

Experts identified the ransomware as LockBit 3.0, a sophisticated malware difficult to analyze and trace. LockBit is a well-known ransomware group that operates on a ransomware-as-a-service model, selling its software to other hackers.

The ICBC cyberattack serves as a stark reminder of the vulnerability of major financial institutions to cyber threats. It underscores the need for robust cybersecurity measures to protect against such attacks in the future. As we move more into the digital age, the importance of cyber security cannot be overstated, especially for institutions integral to the global economy.

Dual Ransomware Attacks

The digital world is buzzing with a new kind of threat that's hitting companies hard: dual ransomware attacks. The FBI has sounded the alarm on this worrying trend, where cybercriminals use not one, but two different ransomware strains to attack businesses. This has been happening since at least July 2023, and the threat is growing.

Cybercriminals are also upping their game by using custom tools to steal data and destroy it, pushing companies even harder to pay the ransom. This double trouble of ransomware can mean more than just locked files; it can lead to stolen data and serious financial hits for businesses.

Why the increase in these attacks? Hackers are finding new ways in through unpatched security holes and are getting help from other criminals who sell them access to companies' systems.

So, what can businesses do? It's crucial to beef up security measures. This means keeping backups of data offline, watching who's connecting to the company's network from the outside, using strong multi-factor authentication, checking on user accounts regularly, and making sure the company's network is divided into separate segments to stop ransomware from spreading.

Okta Faces Security Concerns After Recent Hack

Okta, a major cybersecurity company, has been in the news for the wrong reasons. Unfortunately, hackers managed to get into their system on a Friday, and this news made the company lose more than $2 billion in value. After the news came out, Okta’s stock price fell a lot. On that Friday, it went down by 11%. And on the next Monday, it fell by another 8.1%.

Even if you haven't heard of Okta, it's a big deal in the tech world. Major companies use Okta to help their employees log in to different online tools. For example, Zoom uses Okta so that its workers can easily get into various programs, like Google Workspace and VMware, using just one password.

This isn’t the first time Okta has had problems. In the past, two big casinos, Caesars and MGM, were hacked. They both use Okta. This breach costed them over $100 million. The hackers tricked the IT help desks to get into their systems.

The story is still developing while this post is being written but as of right now, we’re waiting to hear more from Okta about this situation. The company hasn't make a statement to the media about it yet.

Week 9: Beware of Phishing Attacks

You might be thinking, "Why would hackers be interested in someone like me?" Well, according to Max Shier, who's a big deal in the cybersecurity world, hackers are more interested in the bigger picture. They're not really after your personal stuff. They're after the bigger fish, like the organizations or companies you might work for.

The scary thing? With social media nowadays, hackers can figure out who's unhappy at work. If they see someone ranting about their job on Facebook or LinkedIn, they might think, "Aha! Here's someone we can target." So, it's super important to be careful about what we share online.

Now, for some good news! There are tools out there that use Artificial Intelligence (AI) to spot these phishing emails. But even with these fancy tools, we still need to be on our toes. If something looks off or too good to be true, it probably is.

Always be careful with what you click on and what you share online. And if you ever get an email that seems fishy, it's better to double-check before taking any action.

23andMe Users' Genetic Data Potentially Hacked

Popular DNA testing company 23andMe is investigating a potential data breach after a hacker claimed to have obtained data from at least 7 million users.

The hacker shared a link to a download for the stolen data on a hacking forum, but 23andMe denies that a breach has occurred. The company believes the hacker may have acquired login credentials from previous data breaches and used them to access 23andMe accounts.

Another threat actor is offering genetic data for sale, purportedly belonging to 23andMe users, with a price tag of $100,000 for 100,000 profiles.

This is not the first time a DNA service has made headlines due to a data breach. In June 2018, the DNA testing website MyHeritage was hacked, resulting in the leak of personal details from 92 million users.

Currently, 23andMe is treating this matter with utmost seriousness and continuing its investigation. In the meantime, users are encouraged to consider updating their passwords and enabling two-factor authentication to safeguard their accounts against potential unauthorized access.

Cybersecurity spending sank by 65% during 2022-23

In recent times, the world has seen a shift in how businesses and individuals prioritize their spending. According to a report from IANS Research and Artico Search, there was a significant drop in the growth of cybersecurity spending during the 2022-23 budget cycle.

To put things into perspective, cybersecurity spending in the U.S. and Canada grew by only 6% in 2022-23. This is a big drop from the 17% growth seen in the previous year. Economic challenges have caused many companies to cut or freeze their budgets. In fact, 37% of Chief Information Security Officers (CISOs) said they had to deal with flat or reduced budgets this year. That's a lot more than the 21% who said the same thing last year.

For smaller businesses, the challenge is even bigger. They might not have a big team of IT experts, but they still face threats from professional hackers. To protect themselves, they might need to get help from outside service providers.

Even with these budget cuts, cybersecurity remains a top priority. Why? Because cyber threats are real and can harm businesses big and small. High-profile breaches, where hackers break into systems and steal valuable data, have led to a 27% increase in security spending. This shows that when companies see the dangers of cyber attacks, they understand the need to protect themselves.

All of Sony possibly hacked by Ransomed.vc

A new ransomware group called Ransomed.vc has claimed to have hacked Sony. The group is threatening to sell stolen data if Sony does not pay a ransom.

The group has posted some proof-of-hack data, including screenshots of an internal log-in page, an internal PowerPoint presentation outlining testbench details, and a number of Java files. The group has also posted a file tree of the entire leak, which appears to have less than 6,000 files.

The group has also listed a "post date" of September 28, 2023. If no one purchases the data by this date, Ransomed.vc has threatened to publish it wholesale. Sony has not yet made any comment on the possible hack.

Businesses need to take steps to protect themselves from ransomware attacks, such as implementing strong security measures, backing up data regularly, and educating employees about cybersecurity best practices. Ransomware attacks are a serious threat to businesses of all sizes and as we can see, Sony is no exception.

Week 5 - Microsoft Leaked 38TB of Sensitive Data

Microsoft accidentally shared 38 TB of private information on GitHub. This information included personal information about Microsoft employees, like their passwords and private messages. The Microsoft leak gives us a glimpse into the company's plans for the future of gaming. It is clear that Microsoft is committed to cloud gaming and subscription services. The company is also working on new hardware to keep up with the competition.

Microsoft said that no customer information was shared and that they have fixed the problem. But this incident shows that SAS tokens can be dangerous if they are not used carefully.

SAS tokens are like special keys that give people access to Microsoft's cloud storage. The SAS token in this incident was configured to give people access to everything in the storage account, instead of just the specific information that was meant to be shared.

Microsoft stated that they are working on ways to make SAS tokens more secure.

Week 4 - Google Patches Critical Chrome Zero-Day Exploit

Google has released a security patch for a critical zero-day vulnerability in its Chrome web browser that has been exploited in the wild. The flaw, tracked as CVE-2023-4863, is a heap buffer overflow in the WebP image format that could allow an attacker to execute code on the victim's device.

Google has not released any additional details about the nature of the attacks, but it has urged users to update to Chrome version 116.0.5845.187/.188 for Windows and 116.0.5845.187 for macOS and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

It is important to note that zero day vulnerabilies are especially dangerous because there is no patch available to protect users until the software vendor releases one. This is why it is critical to keep your software up to date.

Meta's Billion Dollar Fine

Facebook's parent company, Meta, just got slapped with a jaw-dropping fine of $1.3 billion by the European Union (EU) data protection regulators. Why, you ask? Well, it's all about the way they handle your precious personal data.

The European Data Protection Board (EDPB) came down hard on Meta for transferring user data from the EU to the U.S. They've ordered Meta to get its act together, align its data transfers with the General Data Protection Regulation, and wipe out any unlawfully stored data within six months. The General Data Protection Regulation is all about giving users the right to access their data, to have it deleted, and to object to its processing. It requires companies to obtain explicit consent from users before transferring their data outside of the European Union.

If you are a user of Facebook or any other U.S. tech companies, this ruling should make you think about your privacy. It is important to be aware of how your data is being collected and used, and to take steps to protect your privacy.

You can do this by:

Reading the privacy policies of the companies you use.

Opting out of tracking and targeted advertising.

Being careful about what information you share online.

Week 2 - Deepfake Scams

Deepfakes are a type of artificial intelligence (AI) that can be used to create realistic audio or video content of someone saying or doing something they never actually said or did. Now, bad actors using this technology for malicious purposes, such as social engineering.

One of the most common ways that deepfakes are being used for fraud is in phone scams. In these scams, the scammer will call the victim and pretend to be someone they know, such as a friend, family member, or financial advisor. The scammer will then use a deepfake to make their voice sound like the real person they are pretending to be. This can make it very difficult for the victim to tell that they are actually talking to a scammer.

In this week's case, a Florida investor named Clive Kabatznik received a phone call from someone who claimed to be his bank representative. The caller used a deepfake to make their voice sound like Kabatznik's real bank representative. The caller then tried to convince Kabatznik to transfer money out of his account. Kabatznik was suspicious of the call and hung up. He then called his bank directly to verify that the call was legitimate. The bank confirmed that the call was a scam.

Deepfakes are a serious and growing threat to cybersecurity. You can help to keep your private information safe by being aware of the risk and taking precautions.

Week 1 - Archive.is

Archive.is is a website that allows users to create snapshots of web pages. This can be helpful in case a website is hacked or taken offline. By having a backup of the website, users can restore it to its previous state.

Something I find really cool is that this website can also be used to track changes to websites. This can be helpful for detecting malicious activity, such as the removal of important information. By comparing the archived version of a website to the current version, users can identify any changes that have been made.

In addition, archive.is can be used to preserve evidence of cyber attacks. This can be helpful for law enforcement investigations or for civil lawsuits. By archiving a website at the time of an attack, users can create a record of the attack that can be used to hold attackers accountable. Archive.is plays a pivotal role in maintaining digital integrity and accountability. Its practical applications, from website backup to cybersecurity support, highlight its significance in today's interconnected world.