Public Data Breach, Iran APT, Microsoft Exploit, FREE framework education + More

Author

InfoSec Sam
August 18, 2024

This week's newsletter

Recent News

Painful Public Data Breach 

Another week, another massive data breach. This breach has exposed millions of personal records from the National Public database, compromising sensitive information such as names, addresses, and government IDs.

This breach could directly affect you!

The stolen records includes the names, Social Security Numbers, physical and email addresses, and phone numbers of individuals in the United States, UK, and Canada!

This information is available on the dark web and is just the information attackers look for in order to commit fraud.

It’s now more important than ever to be vigilant for phishing attacks and keep an eye on any accounts that use these types of compromised personal information to identify you.

Cloud Config Compromise

A widespread cyber campaign has left over 110,000 domains vulnerable to extortion due to cloud misconfigurations. Attackers exploit these weaknesses to access and threaten to leak sensitive cloud-hosted data unless ransoms are paid.

Attackers target exposed .env files which are used to define configuration variables for web applications which can often include hard-coded access keys!

When operating within the cloud ensuring secure configurations is critically important. Maintaining configurations to secure benchmarks and incorporating regular scanning and testing can help identify weaknesses before they are exploited.

Iran Target US

According to Google, Iranian cyber-espionage group APT42 has launched phishing attacks targeting U.S. political figures, including Trump, Biden, and Harris.

The group, linked to Iran's government, uses sophisticated techniques to steal credentials and gather intelligence. These attacks demonstrate the ongoing threat from state-sponsored actors with the very real objective to destabilise western governments.

Critical Microsoft Exploit

Concerns over a critical zero-click exploit have prompted urgent patching of a Windows TCP/IP vulnerability. The flaw, which can be exploited remotely without user interaction, poses a significant risk, potentially allowing attackers to execute arbitrary code or cause system crashes! Microsoft has released patches for CVE-2024-38063 so get patching!

Other News

  • AI Bill Change - A new California AI safety bill was revised amid industry discontent to avoid a tech exodus.

  • Quantum Crypto - NIST has officially published post-quantum cryptography standards to withstand quantum computing decryption.

  • Fortnite Back - Epic Games brings Fortnite back to iOS in Europe with their own Epic Games Store Available in Europe after winning a lengthy (and expensive) battle with Apple.

Career Development

FREE Cybersecurity Framework Education

Cybersecurity frameworks are a key component within GRC. If you’re looking to gain a better understanding of GRC, check out this useful video by RSA Conference providing an overview of all the various cybersecurity frameworks. This video is from 5 years ago but it is still very relevant.

Check out the video below as well as other free resources shared on my TikTok channel:

Subscribe to keep reading

This content is free, but you must be subscribed to InfoSecSam's Newsletter to continue reading.

I consent to receive newsletters via email. Terms of use and Privacy policy.

Already a subscriber?Sign in.Not now