Saturday Security: FIFA World Cup Scams Are Exploding

 

9,700 Fake Sites in One Month! The biggest sporting event in the world has officially become the biggest cyber target in the world. Last week we covered how an ethical hacker discovered that FIFA's World Cup systems could be accessed using nothing more than a simple account created through its football agent platform. This week, cybersecurity researchers report that scammers are now flooding the internet with fake World Cup ticket sites, bogus merchandise stores, and AI-powered phishing campaigns targeting fans. The numbers are staggering: more than 9,700 World Cup-related domains were registered in just one month — including hundreds of convincing copycat ticket websites designed specifically to steal money and personal information from unsuspecting fans. This week's big takeaway: Before buying tickets, merchandise, or streaming access, always verify you're on the official site, and be skeptical of any deal that seems too good to be true. Don't FAFO with FIFA content. https://www.csis.org/analysis/cyber-threat-2026-world-cup https://www.darkreading.com/cybersecurity-operations/2026-fifa-world-cup-faces-surge-cyber-threats 🗓️ Week ending June 27th, 2026 👤 Hosted by Peter 00:00:00 - Intro: World Cup Becomes the Biggest Cyber Target 00:00:31 - 9700 Fake Domains in One Month 00:01:05 - Takeaway: Verify Before You Buy 00:01:14 - Sign-Off

Saturday Security: FIFA Security Flaw Could Have Hijacked World Cup Broadcasts

 

This week's story proves that cyber risk isn't always a sophisticated nation-state attack — sometimes it's a simple security mistake hiding in plain sight. Ethical hacker 'BobDaHacker' discovered that FIFA's World Cup systems could be accessed using nothing more than a simple account created through its football agent platform. Because access controls were properly enforced on the front-end website but not on the back end, the researcher reportedly gained access to World Cup broadcast systems, match management platforms, and other critical operational infrastructure. In theory, an attacker exploiting this same flaw could have: * Interrupted live matches * Altered real-time game information * Replaced broadcasts entirely with different video content The good news — the issue was reportedly disclosed responsibly and quickly fixed. This week's big takeaway: If your security only checks permissions in the user interface, you don't actually have access control — you have a suggestion. Real security has to be enforced on the server side, every single time. https://www.darkreading.com/application-security/fifa-bug-world-cup-streams-remote-takeover 🗓️ Week ending June 20th, 2026 👤 Hosted by Peter 00:00:00 - Intro: A Simple Mistake, Not a Sophisticated Attack 00:00:37 - What an Attacker Could Have Done 00:01:00 - Takeaway: UI Permissions Are Not Access Control 00:01:05 - Sign-Off

Saturday Security: CISA's New 72-Hour Patch Rule

 

For years the mantra in IT security has been simple — patch everything. But in the age of AI that's no longer realistic. And this week CISA made it official with a new approach that changes the game for federal agencies and sets a precedent for the entire industry. CISA's new risk-based patching framework requires federal agencies to patch the most dangerous vulnerabilities within just 72 hours. The reason? AI is now helping attackers discover and exploit software flaws faster than ever — making the old "patch everything eventually" approach dangerously outdated. Under the new rules, priorities are clear: Top priority — Internet-facing vulnerabilities that are actively being exploited AND can be automated Everything else — Ranked and addressed based on actual risk level This week's big takeaway: Cybersecurity isn't about patching everything anymore — it's about patching smarter. When attackers can use AI to scale their efforts at machine speed, defenders have to laser-focus on what matters most and move fast. Speed now beats volume. https://www.cisa.gov/news-events/news/patch-smarter-not-harder https://www.cisa.gov/news-events/news/cisa-issues-new-directive-improving-how-federal-agencies-prioritize-mitigation-cyber-vulnerabilities 🗓️ Week ending June 13th, 2026 👤 Hosted by Peter 00:00:00 - Intro: The End of Patch Everything 00:00:35 - CISA's New 72-Hour Rule Explained 00:00:50 - How AI Is Accelerating Attacks 00:00:58 - Takeaway: Speed Beats Volume 00:01:02 - Sign-Off

Saturday Security: Threat Actors Are Targeting Fuel Tank Gauges

 

This week's story is a reminder that any connected device can become a cyber target — even something as unglamorous as a fuel gauge. CISA, the FBI, and the NSA are all warning that attackers are actively targeting internet-exposed automatic tank gauges — the systems used to monitor fuel and chemical storage tanks at gas stations, airports, military installations, and industrial facilities. If compromised, attackers could manipulate fuel readings, disable safety alerts, or interfere with critical safety systems — with potentially dangerous real-world consequences. The good news? Exposed devices have dropped significantly — from nearly 6,000 a decade ago to just under 1,000 today. Progress, but still too many. This week's big takeaway: If it doesn't need to be on the internet — don't put it there. We've been saying this for 25 years and it still needs repeating. Sometimes the biggest cyber risks are hiding in the equipment nobody thinks about. 🗓️ Week ending June 6th, 2026 👤 Hosted by Peter https://www.darkreading.com/cyberattacks-data-breaches/exposed-fuel-tank-gauges-attack-us

Saturday Security: FBI Warns Breaches Are Showing Up In Person

 

Not every breach starts with malware — and this week's story is a reminder of that in a big way. The FBI is warning that Silent Ransom Group — also known as Luna Moth and Chatty Spider — is actively targeting U.S. law firms and other industries using a surprisingly low-tech playbook. This group impersonates IT support through phone calls, phishing emails, and in some cases physically showing up in person posing as technicians. No ransomware. No encryption. Instead they use legitimate tools to quietly steal data — then demand millions in ransom, threatening to leak sensitive client information if they don't get paid. Law firms are a prime target because of the weight of confidential client data and the enormous pressure to protect attorney-client privilege. One breach can be catastrophic. This week's big takeaway: IT security isn't just about firewalls anymore. Verify IT requests. Authenticate visitors. Trust but verify. It's essentially zero trust applied to the physical world. https://www.ic3.gov/CSA/2026/260526.pdf 🗓️ Saturday Security for the Week ending May 30th, 2026 👤 Hosted by Peter

Saturday Security: ShinyHunters Turns Slurpees Into Cyber Headlines

 The same threat actor group that breached Canvas LMS is back — and this time they've made their way into the Slurpee business.

7-Eleven has confirmed a cybersecurity breach after the Shiny Hunters extortion group claimed it stole more than 600,000 records tied to franchise operations and Salesforce-connected systems. This wasn't a physical stickup — attackers reportedly used phishing and voice-based social engineering to access employee accounts, compromising contracts, financial records, identity documents, and operational data after ransom talks allegedly failed. A 9 gigabyte archive of stolen files was reportedly leaked online. This week's big takeaway: Franchise and partner ecosystems are becoming prime cyber targets. When cloud platforms centralize business data across vendors and contractors, one single compromise can ripple through an entire network — affecting everyone connected to that system. https://nationalcioreview.com/articles-insights/extra-bytes/7-eleven-breach-exposes-the-security-risks-inside-franchise-networks/ 🗓️ Week ending May 23rd, 2026

Saturday Security: Canvas LMS Breached Twice by ShinyHunters

 

One of the most widely used education platforms in the world is at the center of a major cybersecurity incident. The Shiny Hunters hacking group breached Canvas — the learning management system used by thousands of schools globally — twice, disrupting login pages during finals week and stealing over 3.5 terabytes of sensitive student and school data. The stolen information reportedly includes names, emails, student IDs, and even private teacher-student-parent messages. The company behind Canvas has confirmed it reached an agreement with the hackers — widely believed to involve a ransom payment in exchange for the data being returned and supposedly deleted. Security experts are clear: there is never a guarantee that criminals actually destroy stolen data after a ransom is paid. This week's big takeaway: Education platforms now centralize enormous amounts of sensitive personal data — including information tied to minors — making schools and cloud-based learning platforms prime targets for cybercriminals. https://www.darkreading.com/cyberattacks-data-breaches/shinyhunters-second-attack-instructure https://www.reuters.com/legal/litigation/canvas-parent-company-reaches-agreement-with-hacking-group-behind-recent-breach-2026-05-12/ 🗓️ Week ending May 16th, 2026