December 11, 2022

TSD #019: North Korea Strikes Again.

Hello friend 👋

I had a lovely chat with Sam Cheatham from ReliaQuest on LinkedIn Live about learning cyber, advice for new people in the industry and tips for those trying to get their start. If you missed it, you can watch it here. I've also finished shooting my new workshops, which will go live this coming week. Linked 101, YouTube 101 and Newsletters 101, and also a free email crash course on tips for people who'd like to improve their online presence to benefit their careers and create new opportunities.

It's been a pretty quiet week in the cybersecurity landscape overall but a couple of things stood out to me:

Rackspace Ransomware

Rackspace is a well-known company in web hosting and more. They've been around for decades. It looks like they've been hit with a ransomware attack that impacted their hosted Microsoft Exchange product line, meaning that customers couldn't access their inboxes. They're advising everyone to migrate to Microsoft 365, but it doesn't bode well for their brand reputation, and their share price recognised that with a 20% drop. This an easy reminder to us all that "the cloud" is just someone else's computer.

Internet Explorer Zero-Day

Google's Threat Analysis Group (TAG) is known for hunting zero-day attacks in the wild. They've written up a report about an Internet Explorer zero-day that has impacted users in South Korea. I know what you're thinking:

Who on Earth uses Internet Explorer anymore?!

Plenty of people in South Korea it would seem. Google TAG has attributed this attack to the North Korean threat group, APT37, and the lure for the malware infection was a document regarding the tragic events of the Itaewon Halloween celebration where over 100 people were killed in a crowd crush. You can read TAG's full report here.

You can get in touch with me by simply hitting reply. I respond to every email that hits my inbox.

Until next week,

Gary ✌️

Fun Things This Week


Smashing Security: You must have seen ChatGPT being talked about this week. If you haven't, I'm impressed! If you want to catch up on it, Graham Cluley discusses it and much more on Smashing Security this week.

Black Hills Information Security: I'm shocked that I didn't know Black Hills have a podcast. I've used their blog for years and never noticed. It's a nice three-way chat between some of their team about information security news. They cover a lot in a single episode, definitely worth adding to your list of subscriptions. I've added it to mine!

👾 Cool Tools

Klyda is a password sprayer that handles multithreaded dictionary attacks. Worth checking out if you're into web application pen testing.

Pylirt is the Python Linux Incident Response Tool. It's the Linux sibling to last week's Pywirt tool. It's a quick little tool to pull a load of info from a Linux host. If you're learning Python, it's worth looking at the code for this little tool. A great one to tinker with!

If you've written a tool and you'd like me to see it, just drop me an email!

P.S. Some of the links in this newsletter are affiliate links and help support my content. Thank you for your support! ✌️

More Articles
Subscribe to The Sunday Download

Receive weekly news and insights in your inbox. Don't miss out!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.