Welcome reader to your CybersecurityHQ report.

Headlines

The U.S. Department of Justice (DoJ) has unsealed an indictment against an Iranian national, Alireza Shafie Nasab, for his alleged involvement in a cyber-enabled campaign targeting U.S. governmental and private entities. Nasab allegedly used spear-phishing attacks and other hacking techniques, which led to attacks on more than 200,000 devices. Some of these, the indictment claims, contained sensitive defense information.

The U.S. Departments of the Treasury and State, defense contractors, and New York-based companies were all victims of the attack, according to the DoJ. If caught, Nasab faces charges including conspiracy to commit computer fraud, wire fraud, and aggravated identity theft, potentially leading to a 47-year prison sentence if convicted on all counts. The U.S. State Department has offered rewards of up to $10 million for information on Nasab's whereabouts. Nasab, associated with Mahak Rayan Afraz, a Tehran-based firm linked to the Islamic Revolutionary Guard Corps (IRGC), remains at large.

The US and UK are under scrutiny for potentially causing issues with one of the 15 undersea cables in the Red Sea. Saba, a Houthi-ran news agency, reported that militarization has caused glitches to occur in this vital piece of equipment. In a statement on Saturday, the Houthi Transport Ministry in Yemen said, "Any glitch in these cables as a result of the militarization of the Red Sea by U.S. and British naval vessels represents a serious threat to the information security and economic and social stability for all countries of the world."

The apparent glitch and potential tampering by the US and the UK occur within the greater context of the Yemeni civil war and renewed conflict in Gaza and Israel. Since November 19, Houthis have sent drones and missiles at ships in the Red Sea to protest military operations in Gaza — leading to strikes against Houthi targets.

A recent article by Consumer Reports revealed massive security flaws in certain doorbell cameras available on Amazon and other online platforms. The investigation looks at brands like EKEN and Tuk, both made by the Chinese company Eken Group Ltd. Given the glaring holes in security, bad actors could easily gain access to camera footage or take control of the devices remotely.

While the article focuses on Amazon, the issue is far more widespread. Retailers like Walmart, Shein, Sears, and Temu have sold these cameras. In the fallout of revelations regarding their safety, Temu has removed them from its platform. Walmart is now offering refunds for affected purchases. But despite these concerns, Amazon apparently continues to list the doorbell cameras.

Interesting Read

In a book review for Cybernews, Gintaras Radauskas covers Filterworld — Kyle Chayka’s deep dive into algorithms and their impact on our lives. Yes, we know that algorithms are seemingly everywhere. They dictate the content we watch and the social media experiences we have. They even act as digital gatekeepers when finding work.

But if we are mindful about how we interact with these algorithms, maybe we can renegotiate our relationship with them. Then, we take up the effort of curating our own experience of the internet and, maybe, the world as a whole.

Employment Tip: Get Certified

It isn’t a groundbreaking insight, but it always bears repeating — certifications like CISSP or CISM keep you at the top of the list for a lot of job openings in the field. They demonstrate knowledge of best practices, and they also form important pings for software that filters resumes. Plus, the right certification is often the single best way to open the door to higher-paying positions.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team