CybrR3sBlog

Yesterday, June 25th, a 25 year old British man named Kai West was arrested in a years long investigation that cumulated in a sting operation to discover the identity of the infamous "Intel Broker". He  had for years posted and sold compromised data on the website Breached Forums . The investigation came to its conclusion when an undercover agent posed as a buyer for stolen data. The payment was sent to Intel Broker's BTC (bitcoin address) which was allegedly tied to his Coinbase account.  This strikes me as pretty odd and even a little funny. I am sure we will learn more as the story develops but as one of the most wanted hackers in Europe your opsec was bad enough to use Coinbase when selling top secret data. Something about the store seems a little weird. Most Black Hat hackers use money laundering schemes like Monero at the very minimum to "clean" their money. I don't know anything though so if someone wants to explain it to me please do.  Resources:  ht...

I am taking mostly historical information here on the various laws enacted between the 1970's and 2000's which have governed the use of Private Identifiable Information by the federal government and private companies in the US. Most of these laws: like HIPAA and the GLBA are incredibly relevant today to safeguarding our most personal data from people who would do use harm. For a long time this meant keep our data out of the hands of hackers and thieves and while that is still relevant today, there is seemingly a large gap between the US's privacy laws concerning private companies, and those of Europe.  The stark difference is in the EU's General Data Protection Regulation (GDPR) and California's Consumer Privacy Act (CCPA) which were adopted in 2018 and 2020 respectively. The GDPR has a government oversight board by which all private companies must abide by. This creates an active participation in holding private companies responsible for consumer data. It is the jo...

 This pdf from the Cybersecurity and Infrastructure Security Agency has a lot of easy to read, step by step information on conducting risk analysis. For each of the six steps the pdf offers external sources and education. While our main book is very knowledgeable I find these guides to be a bit easier on the eyes when it come to taking in a large amount of information. References: https://www.cisa.gov/sites/default/files/2024-09/24_0828_safecom_guide_getting_started_cybersecurity_assessment_2022_final_508C.pdf

 From The Hacker News:     It was reported that an un-named casino was the victim of a cyber attack by means of their fish tank's thermometer. The attackers reportedly were able to gain a foothold into the network by compromising a vulnerability in the thermometer. From there the attackers maneuvered and used privilege escalation tactics to gain access to the database of high-roller accounts.      This is not a new phenomenon in the world of cyber security. In the article, Nicole Eagan--CEO of cyber sec company Darktrace spoke about manufactures forgoing common security and encryption methods in their products for accessibility and product use. As we have been discussing in class everytime you connect a new device to your network you increase the attack surface area of the network. More devices equals more opportunities for attackers. Each of these devices must be treated as its own computer. That means strong passwords and software updates. There can be no...