• John Hammond
  • Posts
  • Cybersecurity Shenanigans #007: Merry all the things & happy new year! 🍾

Cybersecurity Shenanigans #007: Merry all the things & happy new year! 🍾

This month's cybersecurity scoop.

Author

John Hammond
December 23, 2024

👋 Hey friend,

I don’t understand how we’re at the end of December, but…here we are. 😅 I gotta say, this year has been wild. Hectic, busy, exciting, challenging, rewarding, fun…and humbling.

Everyone’s entitled to a sappy recap of their year. Here’s mine. 😁 

  • Getting that cheesy Golden Creator Award for 1M YouTube subscribers 🙏 (with a dumb haircut to boot)

  • Making it to the DEFCON main stage! (Even if it was for being part of the Hacker Family Feud Game Show or helping with Hacker Jeopardy. 🤪)

  • Hopping on CNN live news to cover the CrowdStrike incident, gamer chair and all 🕶️ 

  • Being part of a $1B unicorn company at Huntress 🦄!

  • Winning the extremely special and sentimental RITA award from infosec saint John Strand and co 💙 

  • Launching Just Hacking Training with Don Donzal!

And last but not least, I’m so, so glad that you’re here and appreciate the fact that you’re willing to let me take up real estate in your inbox. 🙏 Hope you have a wonderful holiday season!

— JH

News & Commentary

Deep Dive: Cleo Software Exploitation 🔥

The holidays just wouldn’t be the holidays without stumbling across malware being exploited in the wild. 😅

This time, it’s Cleo in the hackers’ crosshairs — more specifically, their LexiCom, VLTransfer, and Harmony software. These products manage file transfers, making them prime targets for hackers interested in launching supply chain attacks. This vulnerability opens up the door for remote code execution.

Check out the writeup I contributed to over on Huntress’ website.

LockBit Developer Arrested and Charged 🚔

Authorities recently captured another LockBit ransomware operator.

Rostislav Panev is believed to be one of the more loyal members of the ransomware group, actively participating in attacks from the group’s founding in 2019 til earlier this year. Panev is currently waiting to be extradited to the U.S.

And jeez, was his computer incriminating. Authorities found some juicy stuff on his device, including admin creds for a dark web repo housing multiple versions of source code for the LockBit builder. They also found creds for the LockBit control panel as well as a data exfiltration tool called StealBit. Good luck talking your way out of that.

Panev also flat out admitted to participating in some illicit activities on behalf of LockBit — from developing code to printing ransom notes. (Hey, somebody’s gotta do it.)

It’s believed that LockBit earned at least $500 million by launching attacks against 2,500 entities in more than 100 countries. But wait! There’s more! Rumors are flying that LockBit is planning a comeback in February of next year with the release of LockBit 4.0. Stay tuned. 👀

BeyondTrust vulnerability being exploited in the wild 😞

A vulnerability in two BeyondTrust products is being exploited in the wild. And it’s a doozy — with a 9.8 CVSS score. ☹️

The Privileged Remote Access (PRA) and Remote Support (RS) products are vulnerable to CVE-2024-12356, a command injection flaw that allows bad actors to execute arbitrary commands.

If you use these products via the cloud, the vulnerability has already been patched. But if you operate on-prem, you’ll need to apply the patch(es) yourself.

Sponsor

Building the Next Generation of Cyber Leaders

Girls' participation in STEM drops sharply in middle school, fueling the talent and gender gap in cybersecurity. Project Cyber empowers K-12 girls with hands-on workshops, mentorship, and other programs to teach girls real-world cybersecurity skills like cryptography and threat analysis, as well as life skills such as leadership, critical thinking, and teamwork.

Sponsor Project Cyber to amplify our impact and strengthen the cybersecurity talent pipeline. Together, we can build the next generation of cyber leaders and shape the future of cybersecurity.

Latest Content

YouTube Videos

// Felt cute. Thought I’d steal my own Reddit account. 💅

// A walkthrough of a CTF challenge. (Credit to C4T BuT S4D for their work here!)

Just Hacking Training Update 🤓

As JHT continues its plan to release new courses during the first week of every month and all other new training during the third week, here’s what we have for December — and hints for what’s to come in 2025!

Cyber Monday Deal Ends Soon!
Use Code CM2024 for 20% Off
ALL Non-Name-Your-Price Training
through Christmas Day

New Courses This Month

Additional December Releases

Hack-Alongs (HALs) & Free Upskill Challenges (UCs)

On Deck for January 2025 & Beyond!

  • Dark Web & Cybercrime Investigations Course by Yours Truly 🤓

  • Intro to Shellcode Loaders Course by Dahvid Schloss

  • CTF – Playable Archive of Snyk 2023 Fetch the Flag

  • HAL – OWASP API Top 10 Part 1 by Katie Paxton-Fear

  • Numerous Courses, HALs, UCs & CTFs every month throughout 2025!

Come hang out with us hackers in Discord and engage with me, our All-Star instructors, students, and the rest of our community.

Social

What I’m Listening To 🎧

Looking for a new podcast to get into to get a break from your in-laws this holiday season?

My friends Ali Diamond and Serena DiPenti just launched a brand new podcast called Breaking the Internet. I listened to the first episode on a roadtrip, and it was wonderful.

And to answer the question…no, tech is absolutely not okay. 😅

Give this one a listen! Or a watch, if you prefer.

Got feedback?

Love this thing? Have some pointers on how I can make it better? Please reply to this email and let me know. I really want these newsletters to be worth reading to you, and your feedback makes that possible!

Hope to hear from you soon!