Bite Sized Cyber Crime

If you go to concerts or live shows sometimes like I do you've likely used Ticketmaster, as it has a strangehold over the industry. The morning after I saw a concert I woke up, checked Twitter, and saw that Ticketmaster had a massive data breach. This is what happened.

Sources https://pastebin.com/8dSztCJg

After COVID-19 hit, telehealth businesses started booming and BetterHelp became especially prominent via YouTube and podcast sponsorships. However BetterHelp has been criticized for their data sharing practices, and the gray area they are in when it comes to regulations.

Sources: https://pastebin.com/8fxw3sQy

Ethereum is a popular cryptocurrency, and some have started using bots to frontrun. Two brothers learned how they could exploit a vulnerability in these bots and make themselves $25 million richer.

Sources: https://pastebin.com/xuQZ1ard

Dell is a massive provider of technology for organizations and home users alike, and although on first glance their data breach seems not to contain sensitive data it has likely opened the floodgates for scams and phishing opportunities.

Sources: https://pastebin.com/6jSYQM4P

With online shopping being so popular, getting delivery updates is not so uncommon, but this has led to the rise of a prolific scam that is much bigger than you may think.

Sources: https://pastebin.com/mW6kWtWx

The cloud is ever expanding and allowing people to easily scale up at rates previously impossible. However one thing that must be considered is that security becomes complicated. You have to really trust your cloud provider to hold up their end, and even trusted providers can have oversights.

Sources: https://pastebin.com/2LJPjrVx

MFA is becoming more and more common, but with every security innovation, threat actors figure out ways around them. Recently it came out that an unknown actor was bribing employees at T-Mobile and Verizon to perform SIM swapping attacks, which can compromise SMS based MFA codes.

Sources: https://pastebin.com/h47Mijdt

In 2007 clickbait emails could make you part of a botnet that silenced cybersecurity professionals and performed attacks for anyone on the dark web willing to pay. Not a worm, but a Trojan, this is how the Storm Worm was ahead of its time.

Sources: https://pastebin.com/nPbinx0i

There's a reason you should use a unique password for every website you use, but most people simply don't. How are you supposed to make and remember dozens of passwords for each site that are completely unique and can't be written down?

What if I told you it doesn't have to be that difficult?

XZ Utils is an inconspicuous program in many Linux distributions that allows you to compress files. However, it seems one maintainer of the open source project had much more malicious plans.

Sources: https://pastebin.com/awZzM7qk

Denial of Service attacks are annoying at best, and can endanger people at worst. Usually you need a lot of manpower to launch one, but a new method was developed recently that requires just one machine.

Sources: https://pastebin.com/NS7RuYSi

Change Healthcare is a major medical clearinghouse, nearly half of all insurance transactions go through them, so when ransomware struck the effect was felt all over the healthcare industry. However it gets stranger, as the group responsible seems to have scammed their affiliates and faked a takedown.

Sources: https://pastebin.com/PRmnEGnL

Tesla is a tech company as much as it is a car company, which can present unique challenges when trying to incorporate security. Even intended features can end up being major vulnerabilities, like the feature to add a car key to a cell phone.

Sources: https://pastebin.com/S7Sb2KCb

VPN gateways are supposed to securely connect you to an environment, however Ivanti gateways are rather exploitable, and their built in integrity checker may give you a false sense of security.

Sources: https://pastebin.com/G7H6f4kL

Lockbit is one of the most notorious ransomware gangs out there, and recently a multinational operation arrested several people involved, stole back extorted cash, and released a decryptor for the ransomware. However, Lockbit isn't quite dead yet.

Sources: https://pastebin.com/Y6rTab6R

Email encryption is important for keeping confidential information safe, as well as communicating over unsecured networks, or in potentially hostile nations. One bug in 2017 was able to break this encryption though, exposing the plaintext content of encrypted emails.

Sources: https://pastebin.com/UZ2r4Pcq

One of the best renowned children's hospitals, Lurie, in Chicago has been experiencing an outage for nearly two weeks, with parents feeling as they've been left in the dark. Recently it was revealed that a "known cyber threat" was responsible.

Sources: https://pastebin.com/1CwAkQ7Q

Data breaches are the worst nightmare of many organizations that collect sensitive data. Europcar was going to be the next company breached, except on closer inspection, none of the data posted was real.

Sources: https://pastebin.com/wDwTunKb

The fear that the government or someone else is spying on you is a common one, moreso with modern technology. In some cases, that fear is not unreasonable. Pegasus is spyware developed by Israeli cyber-arms company NSO Group, and it has been sold to many governments and fallen into the wrong hands.

Sources: https://pastebin.com/9JHz3ZDU