My weekly roundup of my continued learning in cyber security. What webinars I attended, podcast I listened to, the articles I read and projects I’m working on.
Webinars
- Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist – (ISC)2 – A Master Class on Cybersecurity: Password Best Practices – 01/24/23 – What really makes a “strong” password? And why are you and your end-users continually tortured by them? How do hackers crack your passwords with ease? And what can/should you do to improve your organization’s authentication methods? Password complexity, length, and rotation requirements are the bane of IT departments’ existence and are literally the cause of thousands of data breaches. But it doesn’t have to be that way! –
Security Briefings Webinars | (ISC)²
- Rachel Tobac, CEO of SocialProof Security – Webinar: Personal Data’s Role in Enterprise Social Engineering Attacks – 01/25/23 – During this webinar, Rachel and Rob will share their unique perspectives on: The state of privacy: Why individuals are losing control of their digital identities and how that’s driving business risk. The state of social engineering: How hackers use data found by data brokers to hack. The future of hacking: How new AI-based technology like facial recognition and voice-cloning will open up new pathways for bad actors
Articles
- NVIDIA Morpheus – NVIDIA Morpheus is an open application framework that enables cybersecurity developers to create optimized AI pipelines for filtering, processing, and classifying large volumes of real-time data. Bringing a new level of information security to the data center, cloud, and edge, Morpheus uses AI to identify, capture, and act on threats and anomalies that were previously impossible to identify.
- Security and the Electric Vehicle Charging Infrastructure – When EVs and smart chargers plug in to critical infrastructure, what can go wrong? Plenty.
- Decrypted: BianLian Ransomware – Avast has developed a decryptor for the BianLian ransomware and released it for public download.
- 2023 Insider Threat Report – 72 percent of organizations report insider attacks have become more frequent.
- LastPass Parent Company GoTo Suffers Data Breach, Customers’ Backups Compromised – The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of multi-factor Authentication (MFA) settings, as well as some product settings and licensing information.
- Ticketmaster Blames Bots in Taylor Swift ‘Eras’ Tour Debacle – Ticketmaster testified in the Senate that a cyberattack was to blame for the high-profile Taylor Swift concert sales collapse, but some senators aren’t so sure.
- Justice Department Shutsdown Hive – The FBI has seized the computer infrastructure used by a notorious ransomware gang which has extorted more than $100 million from hospitals, schools and other victims around the world, US officials announced Thursday.
- Dutch hacker steals data from virtually entire population of Austria – The data was stolen from a misconfigured cloud database found by the attacker through a search engine
Podcasts
- 8th Layer Insights: Season 3 finale: What’s the deal with Authentication, MFA, and Password Managers? – Authentication and Password Managers.
- Security Weekly News #268: Chick-Fil-A, OneNote, XLLs, VastFlux, T-Mobile, ChatGPT, Ukraine, Lots of Microsoft
- Security Now 907 – PayPal Credential Stuffing. iOS 16.3 : Cloud encryption for all. InfoSecurity Magazine: “ChatGPT Creates Polymorphic Malware”. CheckPoint Research: OPWNAI : Cybercriminals Starting to Use ChatGPT. “Meta” fined for the third time. Bitwarden acquires “Passwordless.dev”. Closing the Loop. Credential Reuse.
- Control Loop: ICS/OT incident response plans: Don’t get caught unprepared. The NOTAM outage was reportedly caused by a corrupted file. Ukrainian hacktivists conducted DDoS attacks against Iranian sites. And a cyberattack against a Nunavut power utility.
Projects
TryHackMe – Completed Linux Fundamentals Parts 1-3. Completed Windows Fundamentals 1-3.
Implementation of Secure Solutions for CompTIA Security+ – 6 hours of prep training for the Security+.