CyberSecurity in the News

-Project Description-

For this project, I had to both find and share information about recent articles on cybersecurity involving relevant risks, threats, and vulnerabilities in the media. I also evaluated these news sources and took a training course on cybersecurity, which I earned a certificate for.

-CyberSecurity in the News Articles-

-Hackers Claim Magento Breach via Third-Party, Leak CRM Data of 700K Users-

Magento, a global platform for open source e-commerce that is used by thousands of businesses, had a hacker by the name "Satanic" leak CRM-style data for about 700k users. Hacking is when an unauthorized user gains access to something they shouldn't, and in this case, the CRM data system was hacked. This included the names, job titles, corporate emails, company domains, phone numbers, and social media links of the people who were exposed. However, this incident was due to third-party supply chain risks rather than security weaknesses in the platform of Magento itself. To prevent future hacks and unauthorized users from getting into their systems again, the data pipes feeding into Magento should tighten their security settings with stronger passwords and use methods such as two-factor authentication to allow its users to access their data, and Magento itself should look into the secirity risks of their third-party companies to ensure they are up to their personal company standards for data protection.

-Source Evaluation-

Publisher: Waqas
Where was it published?: Hackread
When was it published?: April 9, 2025
Truthfulness and integrity of facts: Considered accurate, no spelling errors, very informative and contained facts, includes screenshots of hacker's post
How is it written/presented?: Some ads (three total from 2 different sponsors), investigative journalism marketed towards people with a bit more knowledge of cybersecurity than the average person
Links/Citations: Links to 5 other Hackread pages (one about Magento, one taking reader to a search of other Hackread articles involving breach forums, two articles about previous hacking incidents by the same hacker but on different companies, and an article detailing another incident from a third-party data breach on a different company), all are up-to-date with no immediate issues

-Lee Enterprises Investigating Ransomware Claim, Data Leak Threat-

Lee Enterprises, a popular newspaper chain, was investigating a claim from the Qilin ransomware group that they stole 350 GB of data during a previous attack and threatened to begin leaking it, but the exact demand for ransom was not given. The impacts of the attack included disrupting print distribution, billing, payments, and other aspects of the publishing company. Although ransomware attacks can be difficult to prevent, it is known that the Qilin ransomware group's preferred method of attacking is through abusing stolen/compromised credentials or spearphishing. Ransomware attacks prevent organizations from accessing their information systems by locking them up, essentially holding them hostage, until a ransom is paid to give them back. Given their known preferred methods of attacking, to avoid ransomware attacks from this specific group, Lee Enterprises should require their passwords to be stronger and remove access to information systems for compromised accounts, and should also instruct its workers/members to confirm all communication to be the true person the sender claims to be prior to opening any links or downloading any attachments/programs.

-Source Evaluation-

Publisher: David Jones
Where was it published?: Cybersecurity Dive (operated by Informa TechTarget)
When was it published?: March 3, 2025
Truthfulness and integrity of facts: Considered accurate, Informa is a reputable known source in London, contained email quotes
How is it written/presented?: Some ads (three total but all from the same sponsor), meant to be read by anyone as a typical informative news article
Links/Citations: Links to 2 other Cybersecurity Dive pages (one about a previous ransomware attack on Lee Enterprises, which was when the Qilin group claimed to have stolen their data for this attack, and one detailing what Lee Enterprises said the impacts of a cyberattack will be), a link to an analysis of Qilin ransomware by SentinelOne, and an article on the detection and analysis of this same ransomware service by Darktrace, all are up to date with no immediate issues

-My Certificate-

Part of this assignment, as mentioned in the description, was to complete a short course on cybersecurity, which was the CCBC cybersecurity training. I learned a lot of new information while reinforcing things I learned in this class and earned 100% on all activities to earn this certificate.

-Lessons Learned-

I learned that these cybersecurity issues and threats were way more common than what I expected them to be. I also learned about spearphishing, which is phishing that is very targeted toward a specific person and built off of what I already knew about phishing, and that ransomware as a service existed, which refers to a specific group people use to take information for ransom online. The Google News search engine was also new to me, so that was interesting to interact with and to be introduced to.

Page updated

Google Sites

Report abuse