My weekly run down of what I read, watched and did this week as it pertains to learning cybersecurity and getting into the field.
- Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest – They showed how they could then — among other things — open the front trunk or door of a Tesla Model 3 while the car was in motion.
- Twitter says parts of its source code were leaked online – Some parts of Twitter’s source code — the fundamental computer code on which the social network runs — were leaked online
- Twitter takes down source code leaked online, hunts for downloaders – Twitter has taken down internal source code for its platform and tools that was leaked on GitHub for months. Now it’s using trying to use a subpoena to search for those who leaked and downloaded its code.
- Procter & Gamble confirms data theft via GoAnywhere zero-day – Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees after its GoAnywhere MFT secure file-sharing platform was compromised in early February.
- WiFi protocol flaw allows attackers to hijack network traffic – Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form.
- President Biden Signs Executive Order Restricting Use of Commercial Spyware – U.S. President Joe Biden on Monday signed an executive order that restricts the use of commercial spyware by federal government agencies.
- The CISO Mantra: Get Ready to Do More With Less – For the foreseeable future, with the spigots closing shut, CISOs will need to find ways to do more with less.
- Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices – A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google’s Threat Analysis Group (TAG) has revealed.
- Phishing Emails Up a Whopping 569% in 2022 – Credential phishing emails are the clear favorite of threat actors, with a 478% spike last year, new research shows.
- AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services – A new “comprehensive toolset” called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers.
- None. I know this is so sad. Very busy this week and had no time to listen to any awesome podcast 🙁
Splunk Certified Core User – Visualizations class completed.
TryHackMe – I completed Intro to Cyber Threat Intel and Threat Intelligence Tools rooms as part of the SOC Level 1 learning path.