This is an absolutely wild one by @iangcarroll and @samwcyo

The most basic SQL injection ever in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) used by airlines and TSA.

Literally ' OR 1=1 got them admin access. Here's what we know: @iangcarroll @samwcyo The vulnerability was found in FlyCASS, a web-based interface used by smaller airlines to manage KCM and CASS.

A simple SQL injection in the login page allowed unauthorized access to the admin panel for Air Transport International.

⚠️ Breaking: North Korea just burned an 0-Day in Chromium.

They used it to install a Windows rootkit and the campaign targeted cryptocurrency platforms and users.

Here's what we know: Microsoft reports that a North Korean hacking group, Citrine Sleet, exploited a previously unknown Chromium bug to target crypto organizations just a few days ago.

Google uncovered evidence that Russian government hackers (APT29) are using exploits "identical or strikingly similar" to those developed by spyware companies Intellexa and NSO Group.

And we don't know how they got their hands on it...

Here's what we know: 🧵 APT29 should sound familiar. Re: Microsoft and Solarwinds hacks.

They're patient and persistent. Pair that with incredibly skilled and well funded and this is a deadly combo.

Whelp. Another North Korean laptop farm just got taken down in the US.

This time at a guy's house in Nashville. The NK team made over $250k for their remote work between 2022 and 2023.

Hey if someone shows up and asks you to host a pile of laptops at your house, just say no? 38 year old Matthew Isaac Knoot offered his address up to the NK teams.

He'd get laptops to his HOME for an employee named "Andrew M." who got remotely hired for a number of US jobs.

His house would act as the local IP and addy for these overseas spies to tunnel through.

The DoJ just busted a massive scam involving North Korean IT workers infiltrating major US companies.

They had some help in the US and were posing as remote freelancers to siphon off money and sensitive info.

Holy crap, here's what we know: How they operated:

North Korean operatives are stationed in countries like China, Russia, and parts of Eastern Europe and Southeast Asia.

They then use fake documents and buy accounts to get remote jobs in the States.

Kevin Briggs, a senior advisor at CISA, has publicly revealed ongoing vulnerabilities in U.S. telecom networks.

TL;DR - He has evidence vulns in teleco's are being used to track and spy on U.S. citizens.

Buckle up, here's what we know: Oversimplified: The attacks involve 2 teleco techs

SS7 - crucial for routing messages when roaming
Diameter - SS7's more efficient successor

They are both being exploited to track phones, intercept calls, and access texts.

🚨 GitHub and GitLab comments are being abused to push malware via Microsoft repo URLs.

Let's dive in: GitHub comments can host files uploaded during issue discussions or commit annotations.

Once uploaded, these files are accessible via GitHub's CDN, regardless of the comment's visibility or existence.

I'm hearing reports of a sophisticated 'MFA Bombing' attack that targets Apple users, exploiting a flaw in Apple's password reset feature.

Let's dive in: What Happened?

Several Apple users, including entrepreneur @parth220_, have reported a deluge of system-level password reset prompts on their devices

An aggressive phishing technique known as 'MFA fatigue'

Are you kidding me?

Who had "actually suffering ransomware attacks is good for business" on your bingo card?

That's what is going on at United Healthcare: So we all know about this crippling ransomware attack that has most of the country's medical payments at a standstill.

TL;DR—Change Healthcare is down. They process tons of payments, and it has been weeks. ALPHV claimed responsibility.

Holy crap. People are getting an ultimatum at their pharmacies this week - pay full price out of pocket or go without their meds.

All due to a ransomware attack.

Let's dig in: UnitedHealth's Change Healthcare hit by 'Blackcat' ransomware

This is causing a 6-day outage affecting prescription deliveries across the U.S.

Turns out the parent company of Temu has a history of publishing malware into their Android apps

Let's dig in: It wasn't sitting right with me that a bunch of folks in my comments had mixed feelings about Temu being a shady app.

Many saying no worse than other apps collecting data.

Some even calling it China fearmongering

The Okta hack that keeps on giving!

Cloudflare announced a new data breach today in it's continued battle against creds stolen during a previous Okta hack

Let's dig in: Thanks to Cloudflare's reporting, we have a pretty good idea of what all went down:

4 access tokens from the Okta hack in Oct '23 were still valid by Nov 14th when the hackers accessed Cloudflare's self hosted Atlassian servers

A vulnerability in the way Google implements OAuth was disclosed publicly today and is still not fixed.

It can let employees retain indefinite access to applications like Slack and Zoom after they're offboarded.

Let's dig in: Here’s a timeline of events:

August 4th- Disclosure to Google

August 7th- The issue was triaged

October 5th- Google paid $1337

November 25th- Bulk private disclosure to dozens of impacted applications

December 16th- Public disclosure 134 days after notifying Google

One of the biggest hacks of the year has mainly gone untalked about.

A Chinese hacker group compromised a $57 billion chip manufacturer in 2017.

They weren't discovered for over 2 years. Here's everything we know: The chip company in question is NXP and they're the 2nd largest semiconductor company in the EU.

Their chips are in all sorts of devices you use including iPhones and Apple Watches, specifically NFC chips that support Apple Pay.

The head of security at Canva shared this on LinkedIn.

I don't see him on Twitter to tag for credit, but I needed to share as it's pure gold. Way to go!

What in the hell?!
A group of cybercriminals has filed an SEC complaint against a company for not disclosing a data breach.

Here's what we know and what this might mean for the future of ransomware: Alphv/BlackCat claims they breached MeridianLink's systems, stealing customer and operational data.

They're now leveraging an SEC complaint to pressure the company into acknowledging the breach.

A plastic surgeon's office got hacked.

Patients info and nude photos before/after surgery was stolen.

A bunch of the women are suing - buckle up lets look at whats going on: Imagine seeking to improve your life through surgery, only to have your privacy stripped away.

This is the reality for about a dozen women suing the Las Veags clinic for failing to protect their data.

Holy crap -

SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures

sec.gov/news/press-rel… 👀

Okta got hacked. Leading to impact for CloudFlare, 1Password, and BeyondTrust.

Here's everything we know about it: Okta’s support system was compromised, allowing unauthorized access to sensitive files uploaded by customers.

Notably, Okta did not discover the breach themselves; it was independently detected by BeyondTrust and Cloudflare.

🚨BREAKING: Genetics firm 23andMe confirms user data theft in a credential stuffing attack.

The hackers released 1 million lines of data targeting Ashkenazi Jews. 23andMe, a renowned U.S. biotech & genomics firm, offers genetic testing services.

A threat actor recently leaked data samples from the firm and is now selling 23andMe customer data packs.

🧵: Everything We Know About the MGM and Caesar's Hacks

The Big Picture: Both casinos faced significant cyberattacks due to phishing employees' Okta accounts. Vishing at MGM: The hack started with a vishing campaign. For those new to the term, vishing is "voice phishing"

Attackers posed as IT staff and got employees to reset passwords on critical systems.

This group has also been successful via SMS