May 14, 2023

TSD #041: Spies co-ordinating through YouTube comments!

3 mins

Presented by CultureAI

Discover the future of Human Risk Management in CultureAI's upcoming webinar! Join CEO, James Moore, and special guest Jinan Budge, VP & Principal Analyst at Forrester, as they delve into the evolution of security awareness, job roles in risk management, and effective methods for quantifying human risk data. Learn why your organisation needs to prioritise Human Risk Management. Don't miss out, register for free. See you on May 24th, 3:00 pm BST!

Hello friend 👋

It's been a cool week. The weather has finally improved and I fired up the BBQ! One of this week's highlights for me was wrapping up a project with OffSec (Offensive Security for those of you who didn't know that they rebranded). The OffSec crew have lived in a special place in my heart since I first started researching a cybersecurity career. So to get the chance to do a project with them was an honour and a surreal experience!

If you plan on taking the OSCP, make sure you're subscribed to my YouTube channel to see what drops tomorrow!

This week's cyber news:

Operation MEDUSA: Western law enforcement smashes Russian espionage malware to bits

Russian state-backed threat actor, Turla, is known for their Snake malware. It's as old as the hills but highly capable. It's used by Center 16 of Russia’s Federal Security Service. Through coordinated law enforcement activity, the FBI was able to develop Perseus, a counter-malware that destroyed the Snake. The advisory on the linked page is absolutely mind-blowing. Read more.

South Korea alleges spies messaged North Korean handlers via YouTube comments

South Korea has charged four trade union leaders with spying for North Korea in a plot that involved the accused allegedly communicating with their handlers by leaving coded comments on obscure YouTube videos. The meetings were arranged via a YouTube video titled “Tutorial: How to open Yamaha NVX 155 without key". Read more.

New phishing-as-a-service tool “Greatness” seen in the wild

Cisco Talos has reported on a new phishing-as-a-service (PaaS) tool called Greatness. It allows rookie hackers to incorporate “some of the most advanced” features into their cyberattacks. Similar to other criminal services, PaaS platforms lower the bar to entry for cybercrime, offering unskilled hackers the ability to automate the tasks involved in tricking victims into entering their credentials on a fake login page. Read more.

Fun Things

🎥 Video

My new video goes live tomorrow. I'd love to share it here with you today, but I'm not allowed to! So, head over to my channel and subscribe (ring that bell if you're super keen!) and you'll see my latest creation in the morning.

Cheers!

📑 Report

If you didn't catch it, cybersecurity firm Dragos was the victim of an attack. They did a full report on the matter on their blog. It's a great read and there are some solid lessons on transparency as well as security improvements to consider. Read it on their blog.

👾 Cool Tool
Spider Suite

Spider Suite is an advanced multi-feature GUI web security Crawler/Spider designed for cyber security professionals. I'll be doing a YouTube video on this one soon. It's very cool. Check it out.

See you next week,

Gary

Say hi 👋 on Twitter or LinkedIn

☎️ Book a 1:1 call with me

👋 Ways I can help you

  1. Sponsor this newsletter - get in front of 1,500+ infosec readers.
  2. Get daily cyber news - LinkedIn, Twitter, or Telegram.
  3. Cyber Career Course - the fastest way to a career in cybersecurity.
  4. Take a workshop - learn essential skills to create content.
  5. Have me speak at your event.