• https://www.hackread.com/3tb-clips-hacked-home-security-cameras-leaked/
• https://gizmodo.com/a-security-flaw-could-send-your-dick-to-jail-forever-1845286359

Trickbot Takedown via Private and Public Sector
Both Microsoft and USCybercom both try to disrupt the Trickbot gang using different approaches

• https://krebsonsecurity.com/2020/10/microsoft-uses-copyright-law-to-disrupt-trickbot-botnet/
• https://krebsonsecurity.com/2020/10/report-u-s-cyber-command-behind-trickbot-tricks/

Government Sponsored Cyber Attacks
The UK reveals it carried out cyberattacks against Russia, Iran and Russia found to be interfering with US elections. The NSA releases a list of the 25 most used exploits in attack from China.

• https://www.cnn.com/2020/10/21/politics/fbi-election-security/index.html
• https://www.ibtimes.sg/uk-carried-out-secret-cyberattacks-russia-retaliation-says-former-national-security-adviser-52806
• https://www.zdnet.com/article/nsa-publishes-list-of-top-25-vulnerabilities-currently-targeted-by-chinese-hackers/

Bug Bounty crew spends 3 months hacking Apple
A bug bounty crew cashes in big hacking apple infrastructure.

• https://samcurry.net/hacking-apple/

Ransomware actor gives to charity
Darkside ransomware actors show proof of their philanthropy by press releasing a receipt of their donation.

• https://www.hackread.com/3tb-clips-hacked-home-security-cameras-leaked/

Upcoming Events:

• Blackhat EU 2020 - Nov. 9
• OSDF Con - Nov 18
• Cyber Security & Data Protection Summit - Nov 19

Intro/Outro Music Credits
Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/

The group behind the Emotet malware has popped back up but shortly after that it appears the C2 infrastructure was compromised and started sharing out memes.

• https://www.bleepingcomputer.com/news/security/emotet-malware-operation-hacked-to-show-memes-to-victims/
• https://www.bleepingcomputer.com/news/security/emotet-spam-trojan-surges-back-to-life-after-5-months-of-silence/

Garmin HACKED!!!

Garmin was hacked recently and the intrusion was used to spread ransomware on the network. The attackers also ended up being paid out $10M by Garmin. 

• https://arstechnica.com/information-technology/2020/07/garmans-four-day-service-meltdown-was-caused-by-ransomware/

Twitter Admin Panel Exposed

Recently a teenager was able to get access to a twitter management panel which allowed them to take over high profile accounts to include Barack Obama, Beyonce as well as Elon Musk. The take over was being used a scam to attempt to get bitcoin from people.

• https://www.cnn.com/2020/07/15/tech/twitter-hack-elon-musk-bill-gates/index.html

High Profile Exploits Recently Released

Recently there were several high profile exploits released that were all remote code execution exploits. Vendors such as F5, SAP and Microsoft were all among the vendors affected by these exploits. 

• https://threatpost.com/thousands-f5-big-ip-users-takeover/157543/
• https://threatpost.com/critical-sap-bug-enterprise-system-takeover/157392/
• https://www.bleepingcomputer.com/news/security/critical-sigred-windows-dns-bug-gets-micropatch-after-pocs-released/

Tesla Attempted Hack

A Tesla employee was approached by a supposed Russian sponsored individual in an attempt to compromise the entire organization and spread ransomware. 

• https://www.databreachtoday.com/russian-indicted-in-tesla-ransom-scheme-a-14960

Upcoming Events:

• https://ekoparty.org/en_US/ 
• https://www.bsidesclt.org/ 
• https://shellcon.io/ 

Intro/Outro Music Credits
Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/

Honda was hit by a cyber attack shutting down its manufacturing plant for several days. It appears to be the Ekans variant of ransomware. The company has insisted no data has been breached and added that "at this point, we see minimal business impact".

• https://www.bbc.com/news/technology-52982427

59 Chinese Apps Banned

Apps such as TikTok are starting to be banned within the Indian government. Many other countries and businesses are now also considering banning the applications from there networks. These applications were exposed to collecting too much detailed information about their users. 

• https://twitter.com/ShivAroor/status/1277619905269989378

MongoDB Exposed Millions of Medical Insurance Records

Millions of records containing personal information and medical insurance data were exposed by a database belonging to the insurance marketing website MedicareSupplement.com.

• https://www.cybersecurity-review.com/news-june-2019/mongodb-leak-exposed-millions-of-medical-insurance-records/ 

Upcoming Events:

• https://conference.hitb.org/hitb-lockdown002/
• https://www.opcde.com/

Intro/Outro Music Credits
Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/

In a press conference in May The White House Press Secretary held up the check being donated from the president's salary which held his account number and the routing number of an account within Citibank. This has placed a large target on the bank as they now have ties with the administration and government accounts. Hackers will be targeting them similar to how the REvil group is targeting Trump with the release of information collected during the hack of a law firm said to contain information about the president. 

• https://thehill.com/homenews/administration/499268-trump-routing-number-bank-revealed-coronavirus-response
• https://twitter.com/ransomleaks/status/1261105634159800321

Contact Tracing Apps and Jailbroken Phones

Governments around the world have started encouraging citizens to install tracking application to hopefully get an idea of the spread of the virus. It’s gone as far as Apple and Google baking this into the operating system of the devices. Tracking applications present huge security concerns and risks to everyone. We should all be looking at these to ensure personal safety is being maintained while using them. 

• https://www.unc0ver.dev

Increased Unemployment Fraud

With the world under its current situation, Brian Krebs has been reporting on increased unemployment fraud along with Microsoft report huge upticks of malicious documents related to COVID-19. With the world in crisis and working from home everyone's guard is down so scammers and malicious attackers will be taking advantage of this. 

• https://krebsonsecurity.com/2020/05/riding-the-state-unemployment-fraud-wave/
• https://www.infosecurity-magazine.com/news/microsoft-warns-of-massive-covid19/

Verizon DBIR

The Verizon Databreach Investigation Report was released and covers the current attack surfaces being exploited at least during 2019 but a majority of these will continue on into 2020. 

• https://enterprise.verizon.com/resources/reports/dbir/

Upcoming Events

• https://www.sans.org/event/hackfest-ranges-summit-2020 SANs Hackfest
• https://www.securitysummits.com/event/enterprise-lockdown/ Enterprise Lockdown 6/25
• https://securecon.streameventlive.com/login SecureCon 6/16-18
• https://www.eventbrite.com/e/bsides-greenville-2020-tickets-84602497347 BSides Greenville 6/13
• https://www.womenhackerz.com/whackzcon-2020 WomenHackerz Con 6/6-7
• https://2020.pass-the-salt.org Pass the Salt 6/29

Intro/Outro Music Credits
Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/

• COVID-19 has hit the entire world extremely hard. We have seen an uptick in COVID-19 related attacks targeting businesses and consumers around the world. Recently we have witnessed spear phishing attacks related to streaming platforms as well as an uptick in malicious mobile applications related to COVID-19. 
  • References
    • https://research.checkpoint.com/2020/covid-19-goes-mobile-coronavirus-malicious-applications-discovered/
    • https://www.infosecurity-magazine.com/news/hackers-target-netflix-disney/

Dark Nexus IOT Botnet

• IoT attacks have seen an uptick in IoT related attacks over the past few years. One of the largest currently operating in the Dark Nexus botnet. 
  • References
    • https://labs.bitdefender.com/2020/04/new-dark_nexus-iot-botnet-puts-others-to-shame/

Ransomware Attacks (Travelx and Cognizant)

• Ransomware attacks have always been an issue, but with employees in work from home mode and using VPNs, it increases the risk to the corporate network for attack. Two companies that we have seen hit recently Travelex were hit with Sodinokibi ransomware causing them to pay out $2.3M in ransom to unlock the systems. Cognizant is an MSP for some large organizations, and they were hit with MAZE ransomware. The difference here is attackers are exporting this data so the victims can no longer just restore from backups they are forced to pay out the ransom. 
  • References
    • https://threatpost.com/travelex-pays-2-3m-in-bitcoin-to-hackers-who-hijacked-network-in-january/154666/
    • https://www.infosecurity-magazine.com/news/maze-wage-ransomware-attack-on/

Online Training/Events

• It seems with the world in its current state all of the infosec conferences have quickly adapted to still providing training within the virtual space. TJ and I collected several upcoming events and listed them for everyone to enjoy hopefully. 
  • References
    • https://wildwesthackinfest.com/deadwood/tickets-and-training-info/
    • https://www.sans.org/blog/and-now-for-something-awesome-sans-launches-new-series-of-worldwide-capture-the-flag-cyber-events/

Intro/Outro Music Credits

Something Elated (Broke For Free: https://freemusicarchive.org/music/Broke_For_Free/Something_EP/Broke_For_Free_-_Something_EP_-_05_Something_Elated) / CC BY 3.0: https://creativecommons.org/licenses/by/3.0/us/