In this interactive video based game you are a CISO for a hospital and need to make decisions to protect this hospital from cyber attack. Think choose your own adventure video game. I really enjoyed this way of learning and I think you will too. Good luck.

• Game description
• Game

Webinars

• Zero Trust Metrics: Track Progress and Program Maturity – The CISA Zero Trust Maturity Model is filled with concepts and language appropriate for federal agencies, but it doesn’t always translate to the private sector, and certainly not to smaller, less-mature mid-market organizations.
• (ISC)2 Los Angeles Chapter Meeting

Articles

• Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration – Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks.
• LockBit ransomware encryptors found targeting Mac devices – The LockBit ransomware gang has created encryptors targeting Macs for the first time, likely becoming the first major ransomware operation to ever specifically target macOS.
• NCR suffers Aloha POS outage after BlackCat ransomware attack – NCR is suffering an outage on its Aloha point of sale platform after being hit by an ransomware attack claimed by the BlackCat/ALPHV gang.
• Western Digital Hackers Demand 8-Figure Ransom Payment for Data – Western Digital has yet to comment on claims that the breach reported earlier this month led to data being stolen.
• Hackers abuse Google Command and Control red team tool in attacks – The Chinese state-sponsored hacking group APT41 was found abusing the GC2 (Google Command and Control) red teaming tool in data theft attacks against a Taiwanese media and an Italian job search company.
• Army helicopter crash blamed on skipped software patch – The emergency ditching of an Australian military helicopter in the water just off a beach in New South Wales, has been blamed on the failure to apply a software patch.
• Lazarus hackers now push Linux malware via fake job offers – A new Lazarus campaign considered part of “Operation DreamJob” has been discovered targeting Linux users with malware for the first time.
• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones – Fitness apps such as Strava leak sensitive location information of users, even when they’ve used in-app features to specifically set up privacy zones to hide their activity within specified areas, researchers have found.
• March 2023 broke ransomware attack records with 459 incidents – March 2023 was the most prolific month recorded by cybersecurity analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022.
• Major US CFPB Data Breach Caused by Employee – The sensitivity of the personal information involved in the breach has yet to be determined by agency officials, but it affects 256,000 consumers.
• American Bar Association data breach hits 1.4 million members – The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members.

Podcasts

• Security Now 917: Zombie Software
• Smashing Security 317: Another Uber SNAFU, an AI chatbot quiz, and is juice-jacking genuine?
• Security Now 918: A Dangerous Interpretation
• Smashing Security 318: Tesla workers spy on drivers, and Operation Fox Hunt scams

Projects

TryHackMe – Finished Open CTI and MISP rooms as part of the SOC Analyst learning path, which completes the cyber threat intelligence section. Next is network security and traffic!

These two terms are used interchangeably from most of what I see out there, thats why I’ve put them together like this in the title. I know people have strong feelings about this, but the reason I do this is to make sure every who is looking for this information can find it easily.

For those who follow this blog you will notice that I usually post all articles / white papers in my weekly wrap-up post. I’m posting this separately because I think it deserves its own post. This is a very comprehensive article by Byte Breach. I encourage anyone interested to read and work through this article. Good luck all!

In these post I cover what I did towards my ongoing education around cybersecurity. the projects I did, classes I took, webinars, articles and podcasts, I consumed. I hope you find it useful!

Webinars

• Information Session for Cybersecurity Master’s program at SANS Technology Institute

Articles

• Where is automotive cyber security headed? – Deloitte recently forecast that electronic systems will account for 50% of a new vehicle’s total cost by 2030.
• KFC, Pizza Hut owner discloses data breach after ransomware attack – although some data was stolen from its network, it has no evidence that the attackers exfiltrated any customer information.
• Leak of secret US defense papers could be ‘tip of the iceberg’, report says – The recent leak of more than a hundred secret US defense documents could just be the “tip of the iceberg” of a trove of material that had started circulating long before it was widely noticed, according to a new report.
• ‘Blatantly Obvious’: Spyware Offered to Cyberattackers via PyPI Python Repository – Malware-as-a-service hackers from Spain decided to use a public code repository to openly advertise their wares.
• iPhones hacked via invisible calendar invites to drop QuaDream spyware – attackers targeted a zero-day vulnerability affecting iPhones running iOS 1.4 up to 14.4.2 between January 2021 and November 2021, using what Citizen Lab described as backdated and “invisible iCloud calendar invitations.”
• Hyundai data breach exposes owner details in France and Italy – Hyundai has disclosed a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data.
• Survey Findings Show Link Between Data Silos and Security Vulnerabilities – A recent survey showed a surprising correlation between those who operate their businesses with risk and compliance data in silos and those who experienced data breaches in the last 24 months.
• (ISC)² Certified in Cybersecurity Earns ANAB Accreditation to ISO 17024 and Surpasses 15,000 Certification Holders – Entry-level cybersecurity certification is now accredited to the highest global standards alongside other globally recognized (ISC)² certifications like the CISSP®
• FBI Arrests 21-Year-Old Guardsman in Leak of Classified Military Documents – A Massachusetts Air National Guard member was arrested Thursday in connection with the disclosure of highly classified military documents about the Ukraine war and other top national security issues.
• Family’s Verizon account hacked, suspect purchased iPhones, Apple Watches – new iPhones and Apple Watches had been purchased at two Verizon stores. One in Danvers, the other in Malden. Two towns this family said they had never been to.
• Police disrupts $98M online fraud ring with 33,000 victims – Europol and Eurojust announced today the arrest of five individuals believed to be part of a massive online investment fraud ring with at least 33,000 victims who lost an estimated €89 million (roughly $98 million).
• Russian hackers linked to widespread attacks targeting NATO and EU – Poland’s Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government’s Foreign Intelligence Service (SVR), to widespread attacks targeting NATO and European Union countries.

Podcasts

• Smashing Security 314: Photo cropping bombshell, TikTok debates, and real estate scams
• Smashing Security 315: Crypto hacker hijinks, government spyware, and Utah social media shocker
• Smashing Security 316: Of Musk and Afroman
• Security Now 916: Microsoft’s Email Extortion

Projects

• LinkedIn Learning – Cybersecurity Awareness: Cybersecurity Terminology
• LinkedIn Learning – Cybersecurity Foundations
• Udemy: The Absolute Beginners Guide to Cyber Security 2023 – Part 1
• Udemy: The Absolute Beginners Guide to Cyber Security 2023 – Part 2
• Completed YARA room, part of the SOC Analyst learning path on TryHackMe
• Started OpenCTI room, part of the SOC Analyst learning path on TryHackMe
• Installed Ubuntu on a Windows machine using VMPlayer

White Papers

SANS – New to Cyber Field Manual

Proofpoint – The 10 Biggest and Boldest Insider Threat Incidents

Proofpoint – The Data Breach is Coming from Inside the House

Here is the youtube video playlist of all the SANS New2Cyber Conference videos. Free for you to review and play the ones you want. Great resource!

Even though this week was a vacation week for my family and I, I couldn’t stay away from these fascinating articles…

Webinars

No webinars this week, vacation!

Articles

• Flipper Zero banned by Amazon for being a ‘card skimming device’ – Amazon has banned the sale of the Flipper Zero portable multi-tool for pen-testers as it no longer allows its sale on the platform after tagging it as a card-skimming device.
• Almost Half of Former Employees Say Their Passwords Still Work – It’s not hacking if organizations fail to terminate password access after employees leave.
• MSI confirms security breach following ransomware attack claims – Following reports of a ransomware attack, Taiwanese PC vendor MSI (short for Micro-Star International) confirmed today that its network was breached in a cyberattack.
• TikTok, Other Mobile Apps Violate Privacy Regulations – App developers are ignoring laws and guidelines regulating data protection measures aimed at minors, putting their monetization plans in jeopardy and risking user trust.
• Printers Pose Persistent Yet Overlooked Threat – Vulnerabilities in the device firmware and drivers underscore how printers cannot be set-and-forget technology and need to be managed.
• Cybercriminals ‘CAN’ Steal Your Car, Using Novel IoT Hack – Your family’s SUV could be gone in the night thanks to a headlight crack and hack attack.
• Twitter ‘Shadow Ban’ Bug Gets Official CVE – A flaw in Twitter code allows bot abuse to trick the algorithm into suppressing certain accounts.
• UK criminal records office confirms cyber incident behind portal issues – The UK’s Criminal Records Office (ACRO) has finally confirmed, after weeks of delaying issuing a statement, that online portal issues experienced since January 17 resulted from what it described as a “cyber security incident.”
• ‘BEC 3.0’ Is Here With Tax-Season QuickBooks Cyberattacks – In next-gen, credential-harvesting attacks, phishing emails use cloud services and are free from the typical bad grammar or typos they’ve traditionally used (and which users have learned to spot).
• Own a Nexx “smart” alarm or garage door opener? Get rid of it, or regret it – According to a blog post by security researcher Sam Sabetan, Nexx not only ignored his warning about serious security holes in its products, but has ignored attempts by the United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) to get the problems fixed too.
• FBI Cracks Down on Genesis Market: 119 Arrested in Cybercrime Operation – A joint international law enforcement operation has dismantled Genesis Market, an illegal online marketplace that specialized in the sale of stolen credentials associated with email, bank accounts, and social media platforms.
• Spain’s most dangerous and elusive hacker now in police custody – The police in Spain have arrested José Luis Huertas (aka “Alcaseca”, “Mango”, “chimichuri”), a 19-year-old regarded as the most dangerous hackers in the country.
• Law Firm for Uber Loses Drivers’ Data to Hackers in Yet Another Breach – Uber gave sensitive data on drivers to a law firm representing the company in legal actions, but the data appears to not have had adequate security protections.
• eFile Tax Return Software Found Serving Up Malware – In the height of tax-return season, a popular tax prep software service leaves a malicious JavaScript file online for weeks.
• Data Breach Strikes Western Digital – The company behind digital storage brand SanDisk says its systems were compromised on March 26.
• WinRAR SFX archives can run PowerShell without being detected – Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system.
• Fake ransomware gang targets U.S. orgs with empty data leak threats – Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid.

Podcasts

• Security Now # 915 – Flying Trojan Horses: Exynos 0-days, TikTok Tick Tock, 90-day TLS cert life, CHESS is safe

Projects

TryHackMe – Still working on SOC Analyst, I’m learning YARA this week.

My weekly run down of what I read, watched and did this week as it pertains to learning cybersecurity and getting into the field.

Webinars

• Proofpoint: Latest on Ransomware and Phishing Attacks
• Proofpoint: The State of the Phish

Articles

• Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest – They showed how they could then — among other things — open the front trunk or door of a Tesla Model 3 while the car was in motion.
• Twitter says parts of its source code were leaked online – Some parts of Twitter’s source code — the fundamental computer code on which the social network runs — were leaked online
• Twitter takes down source code leaked online, hunts for downloaders – Twitter has taken down internal source code for its platform and tools that was leaked on GitHub for months. Now it’s using trying to use a subpoena to search for those who leaked and downloaded its code.
• Procter & Gamble confirms data theft via GoAnywhere zero-day – Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees after its GoAnywhere MFT secure file-sharing platform was compromised in early February.
• WiFi protocol flaw allows attackers to hijack network traffic – Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form.
• President Biden Signs Executive Order Restricting Use of Commercial Spyware – U.S. President Joe Biden on Monday signed an executive order that restricts the use of commercial spyware by federal government agencies.
• The CISO Mantra: Get Ready to Do More With Less – For the foreseeable future, with the spigots closing shut, CISOs will need to find ways to do more with less.
• Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices – A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google’s Threat Analysis Group (TAG) has revealed.
• Phishing Emails Up a Whopping 569% in 2022 – Credential phishing emails are the clear favorite of threat actors, with a 478% spike last year, new research shows.
• AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services – A new “comprehensive toolset” called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers.

Podcasts

• None. I know this is so sad. Very busy this week and had no time to listen to any awesome podcast 🙁

Projects

Splunk Certified Core User – Visualizations class completed.

LinkedIn Learning: Landing Your First Cybersecurity Job

LinkedIn Learning: The Cybersecurity Threat Landscape

TryHackMe – I completed Intro to Cyber Threat Intel and Threat Intelligence Tools rooms as part of the SOC Level 1 learning path.