A weekly roundup of my continued learning in cybersecurity. What webinars I attended, podcast I listened to, the articles I read and projects I’m working on.

Webinars

• SANS Institute – Not in Cyber Security? No Problem! Creative Ways to Gain Experience With No Experience – 1/28/23 – Creative Ways to Gain Experience with No Experience.
• PaloAlto Networks – 1/31/23 – Stop Zero-Day Malware with Zero Stress. Guest speakers, Chris Krebs and Rachel Tobac

Articles

• Economic headwinds could deepen the cybersecurity skills shortage – Security professionals will remain in high demand, but economic fallout will make hiring even harder.
• Hacker finds bug that allowed anyone to bypass Facebook 2FA – bug in system that Meta could have allowed malicious hackers to switch off an account’s two-factor protections just by knowing their email address or phone number.
• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year SysKit report highlighting effects of digital transformation on IT admins and governance landscape released.
• Hunting Insider Threats on the Dark Web – Use threat intelligence to reduce chance of success for malicious insider and Dark Web threats.
• GoodRx pays $1.5 million to settle health privacy allegations – Failed to tell customers they shared data with Meta and Alphabet.
• Google Fi data breach let hackers carry out SIM swap attacks – Google Fi, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks.

Podcasts

• Smashing Security – 306: No Fly lists, cell phones, and the end of ransomware riches? – What are prisoners getting up to with mobile phones? Why might ransomware no longer be generating as much revenue for cybercriminals? And how on earth did an airline leave the US government’s “No Fly” list accessible for anyone in the world to download?
• Malicious Life – You Should Be Afraid of SIM Swaps – If SIM swap stories ever make the news, almost uniformly, they focus on people who lost a lot of money. But SIM swaps also take a psychological toll. Getting cut off from the grid all of a sudden, not knowing why, not being able to call for help. Even when it’s over, you never know if your attackers — whoever they are — will come back again.
• Security Masterminds – Why a Data-Driven cybersecurity Defense Will Protect Your Organization With Special Guest, Roger Grimes – Excellent podcast, bit of John McAfee bashing, not that it wasn’t deserved. Get past that and the content is great.
• Security Weekly News – SWN #269 – Empathy, Bitwarden, Lexmark, Exchange, Dragonbridge, & Derek Johnson Talks About Hive
• Security Weekly News – SWN #270– SwiftSlicer, vRealize, Google Play, KeePass, Huawei, & Github –
• Security Now 908 – Data Operand Independent Timing – Old Android apps, Kevin Rose, iOS 6.3 and FIDO, Hive hacked

Projects

TryHackMe – This week I focused on the How the Web Works. I’m working through the HTTP in Detail room.

Pluralsight Learning

• Risk Management and Information Systems Control: IT Risk Assessment – 1hr 31m – The process of risk assessment, the follow up to the risk framing and risk identification processes done previously. This will help you understand the entire risk management process and prepare for ISACA’s CRISC examination.
• Risk Management and Information Systems Control: Risk Identification – 1hr 50m – Addresses the key parts of the risk management process starting with risk identification.