- Disable User
- Posts
- Is cybercrime beautiful?
Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.
This week I bring more feels than that scene in the Fast & Furious where Vin Diesel and Paul Walker each drive off.
In this weeks edition:
😶 The beauty in cybercrime🔥 Quick and dirty
Reading time: 02:48
The beauty in cybercrime
Let me start off by saying: I'm going to offend some people here.
I've seen some hacks and attempts at hacks over the years. Automated, poorly executed, performed by people who bought a mailing list and a script on the dArKwEb.No clue what to do with any information if they do get in some poor soul's mailbox.Plain boring.But every now and then I'd stumble across this perfectly orchestrated piece of art.Carefully waiting for the proper moment to strike.Going good from start to finish. Evading all forms of defense.
OKAY before I get too poetic. What the f*k am I talking about?I came across this post from Narisa (Shasha) Kiattaweesup who told her story about getting scammed through a job offer. Let me do my best in making a TLDR;
Narisa (Shasha) Kiattaweesup, a UX designer studying at Pepperdine uni was contacted by Splunk, a big software Co from San Francisco
She was told she got fast-tracked to come work for them. A dream come true.
Several Skype calls later with HR, she received a contract which she filled in.
CIO from Splunk contacted her and she was told she could choose some equipment before she started.
but then suspicion hit...
Let's stop there for a minute. Suspicion is good. Especially in these kinds of situations. Always act on this feeling.The good thing with suspicion is that it's coming from somewhere. So thought Narisa.Narisa proceeded to call the HR dept of said company, and turns out she was being scammed.She quickly blocked all her purchases and bank cards, and reported the identity theft.While the story will feel tragic for most, I appreciate the beauty of it. The effort that was made, the Skype calls, .. At any given time they could have been busted. But they weren't.This is the most dangerous type of personal attack, one that plays into emotions.This is where we as humans are ALL vulnerable. From the most experienced security pro to my grandma (love you gran, don't hit me please).The full story has some decent details too. Be sure to read it!
On a sidenote:Last week I burned down LinkedIn for being a garbage pile and now I'm using it in my posts. Hypocrite much?
LinkedIn is the garbage pile of the internet.
— DisableUser (@disable_user)
3:29 AM • Aug 13, 2022
The quick and dirty
Over 9,000 VNC servers exposed online without a password - VNC is comparable with RDP or Teamviewer, where users can login to other systems from a different location. You can imagine how dangerous it is if these systems don't require a password for sign-in.
Hacker's Movie Guide: The Complete List of Hacker and Cybersecurity Movies - a book that counts 222 pages, listing movies about hacking. Haha man, is this the most American thing ever? I'm so baffled I might buy it.
Anonymous poop gifting site hacked, customers exposed - kind of defeating the purpose of the site I guess. Think twice before dumping on your fellow people.
Microsoft blocks UEFI bootloaders enabling Windows Secure Boot bypass - in the sysadmin day edition I wrote about Cosmic Strand malware being found in EUFI, the story continues..
Security like I'm five
Don't have time for hours of research? Don't have 20 years of experience in security? Me neither, but I gotchu fam.In Security like I'm five I cover a range of security topics. I do all the hard work, and explain it to you in a practical matter. Lot's of meme's too. Good stuff, good stuff.So sign up for the newsletter and be enlightened! (kinda, don't set the bar too high tho)
