To summarise this month's cyber security news, TryHackMe attends two of the greatest cyber security conferences, experts discover an 18-year-old vulnerability, McDonald’s were hacked in a $700,000 cryptocurrency scam, and much more!
Continue reading to discover the latest news.
TryHackMe attends Black Hat and DEF CON!
Earlier this month, the TryHackMe team attended Black Hat and DEF CON, met hundreds of businesses and users, handed out free swag, demoed upcoming releases (😉) and interviewed wonderful users from our community!
We’re already looking forward to next year, eager to return to Vegas with even more to offer. Until then, thank you to everyone who visited our booths, shared your TryHackMe success stories, and made this trip one for the books 👏🔥😎
Want to check out our recap of the trip? Click the button below! 👇
"0.0.0.0 Day": 18-year-old vulnerability exposes all major browsers to security bypass
On the 8th of August 2024, researchers at Oligo Security uncovered a critical 18-year-old vulnerability, termed "0.0.0.0 Day," that affects all major web browsers, including Chromium, Firefox, and Safari.
This flaw allows attackers to bypass browser security and interact with local network services, potentially leading to unauthorised access and remote code execution. The vulnerability exploits the IP address 0.0.0.0, typically used as a placeholder, to access local services across different browsers due to inconsistent security implementations.
Despite responsible disclosure, the vulnerability remains partially unaddressed, with browser vendors working on fixes.
Notorious hacker "USDoD" reveals identity, sparking extradition debate
The infamous hacker known as "USDoD," responsible for major data breaches, including the leak of 3.2 billion Social Security Numbers, has revealed his identity as a 33-year-old from Brazil.
This revelation has significant implications due to Brazil's extradition treaty with the US, which might complicate efforts to bring him to trial in the US, as Brazil typically does not extradite its own citizens.
Despite his criminal past, Luan G. expressed a desire to leave cyber crime behind and contribute positively to Brazil, which could influence how authorities handle his case, possibly favouring rehabilitation over punishment.
Telegram founder arrested in France over content moderation failures
Pavel Durov, the founder of Telegram and VKontakte, has been arrested in France upon arriving at Le Bourget airport. The French Air Transport Authority allegedly made the arrest after Durov was flagged in a French criminal database.
The charges appear to be related to Telegram's inadequate content moderation, particularly its role in hosting harmful content and malicious tools, as well as limited cooperation with law enforcement. Official statements from Telegram and French authorities are still awaited.
Akamai thwarts ‘massive’ 419 TB DDoS attack
A positive news story for Akamai Technologies, which successfully mitigated one of the largest and most sophisticated distributed denial-of-service (DDoS) attacks in its history!
The attack, lasting nearly 24 hours from July 15, 2024, involved a globally distributed botnet that directed over 419 terabytes of malicious traffic across 278 IP addresses using multiple vectors like UDP flood and DNS reflection.
The attack reached peak traffic of up to 798 Gbps. Akamai's Prolexic platform was crucial in defending against this state-backed threat, highlighting the growing need for robust, cloud-based DDoS protection solutions amid rising DDoS threats in the EMEA region.
McDonald’s Instagram hacked in $700,000 cryptocurrency scam
On August 21, 2024, McDonald's official Instagram account was hacked, leading to a cryptocurrency scam that netted the hackers around $700,000. The cyber criminals used McDonald's large social media following to promote a fraudulent cryptocurrency called "GRIMACE," named after the company's iconic mascot.
They posted deceptive messages claiming that the company was giving away free cryptocurrency, leading users to a phishing website designed to steal personal and financial information. Within 30 minutes, the token's value surged to $25 million before the scammers executed a "rug pull," dumping their holdings and causing the value to collapse.
McDonald's quickly regained control of the account and issued an apology, while experts warned the public to be cautious of similar scams.
The Byte: TryHackMe releases NEW careers-focused newsletter
At the beginning of the month, we launched our brand-new weekly newsletter series, The Byte, designed to empower security professionals at all skill levels. Each week, The Byte delivers the latest in technical training, news, and exclusive content tailored to your role and career stage!
To ensure we provide the most relevant content for you, it's crucial for us to understand your current role. This way, we can showcase materials that support your growth and success at any point in your cyber security journey. Follow the walkthrough here to ensure you are updating your information in the correct place!
That’s all from us this month! Check back again at the end of September for our monthly roundup of cyber security news!
Jabba