Webinars

• Proofpoint – Better Together: Optimize Your Data Security Stack with Integrations
• BrightTALK – Understanding the Modern Threat Landscape
• Proofpoint – Certified Insider Threat Specialist Course 3: A Day in the Life of an Insider Threat Analyst

Articles

• NBA alerts fans of a data breach exposing personal information – an unauthorized third party gained access to, and obtained a copy of, your name and email address, which was held by a third-party service provider that helps us communicate via email with fans
• Ferrari discloses data breach after receiving ransom demand – Ferrari has disclosed a data breach following a ransom demand received after attackers gained access to some of the company’s IT systems.
• CISA Releases Updated Cybersecurity Performance Goals – the CPGs are voluntary practices that businesses and critical infrastructure owners can take to protect themselves against cyber threats.
• PoC exploits released for Netgear Orbi router vulnerabilities – Proof-of-concept exploits for vulnerabilities in Netgear’s Orbi 750 series router and extender satellites have been released, with one flaw a critical severity remote command execution bug.
• Preventing Insider Threats in Your Active Directory – Active Directory (AD) is a powerful authentication and directory service used by organizations worldwide. With this ubiquity and power comes the potential for abuse. Insider threats offer some of the most potentials for destruction. Many internal users have over-provisioned access and visibility into the internal network.
• Cybersecurity Skills Shortage, Recession Fears Drive ‘Upskilling’ Training Trend – if employees had a weekly sprint for learning, 59% of executives would want them to learn cybersecurity skills, while 44% preferred data-science skills, and 42% selected cloud skill sets, according to Pluralsight’s report.
• North Korean hackers using Chrome extensions to steal Gmail emails – The attack begins with a spear-phishing email urging the victim to install a malicious Chrome extension, which will also install in Chromium-based browsers, such as Microsoft Edge or Brave
• Dole discloses employee data breach after ransomware attack – Fresh produce giant Dole Food Company has confirmed threat actors behind a February ransomware attack have accessed the information of an undisclosed number of employees.
• 2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks – In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage.

Podcasts

• Smashing Security 313: Tesla twins and deepfake dramas
• Smashing Security 314: Photo cropping bombshell, TikTok debates, and real estate scams

Projects

TryHackMe – Working through SOC Analyst Level 1. I’m in Cyber Threat Intelligence.

White Papers

Proofpoint – 2022 The Cost of Insider Threats Global Report

Proofpoint – 2023 State of the Phish

Webinars

• SANS – New2Cyber 2023 Summit
• (ISC)2 Guide to Membership Webinar
• Proofpoint – A CISCO’s Guide to Building a Modern DLP Program (Part 2)
• BrightTALK – Taking Insider Risk Management to the Next Level
• Proofpoint – Certified Threat Specialist Course 2: Building a Successful Threat Management Program

Articles

• Tesla Model 3 unlocked and driven by the wrong owner – The man was able to drive off, stop, and pick his children up from school without issue
• 200-300% Increase in AI-Generated YouTube Videos to Spread Stealer Malware – CloudSEK researchers have detected an increase of 200-300% month-on-month in YouTube videos containing links to stealer malware such as Vidar, RedLine, and Raccoon in their descriptions since November 2022.
• Kali Linux 2023.1 introduces ‘Purple’ distro for defensive security – Offensive Security has released Kali Linux 2023.1, the first version of 2023 and the project’s 10th anniversary, with a new distro called ‘Kali Purple,’ aimed at Blue and Purple teamers for defensive security.
• Hackers Claim They Breached T-Mobile More Than 100 Times in 2022 – Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests.
• Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency – Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S.
• Hacker selling data allegedly stolen in US Marshals Service hack – A threat actor is selling on a Russian-speaking hacking forum what they claim to be hundreds of gigabytes of data allegedly stolen from U.S. Marshals Service (USMS) servers.
• Android phones can be hacked just by someone knowing your phone number – Google has issued a warning that some Android phones can be hacked remotely, without the intended victim having to click on anything.

Podcasts

• Smashing Security 312: Super grannies, bar trolls, and US Marshals
• Security Now 914: Sony Sues Quad9

Projects

• Splunk Certified Core User – Completed Scheduling and Alerts

There are a lot of different fields within cybersecurity. How do you know which one is right for you. Many people will tell you this is one of the first steps to do. It is important in order to apply for the right jobs for you. SANS has created a tool to help identify what roles would be right for you and define where your strengths are. Here is a sample of what mine looks like:

Webinars

• Hacker’s Guide to VIP Security – Rachel Tobac
• API Security Best Practices in the Hybrid, Multi-Cloud Digital World – The challenges of API security in a hybrid, multi-cloud digital world, How to get a handle on API and tool sprawl, Insights on trends and solutions for API security
• Proofpoint: Getting Started with Insider Threats

Articles

• Shein’s Android App Caught Transmitting Clipboard Data to Remote Servers – Fast fashion seller has already fixed with a new version.
• Police Raid Rounds Up Core Members of DoppelPaymer Ransomware Gang – This is the latest in a line of law-enforcement actions busting up the ransomware scene.
• Acer confirms breach after 160GB of data for sale on hacking forum – threat actors hacked a server hosting private documents used by repair technicians.
• Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears – More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information.
• Ransomware gang posts video of data stolen from Minneapolis schools – The Medusa ransomware gang is demanding a $1,000,000 ransom from the Minneapolis Public Schools (MPS) district to delete data allegedly stolen in a ransomware attack.
• FBI investigates data breach impacting U.S. House members and staff – The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account and sensitive personal information was stolen from DC Health Link’s servers.
• Bitwarden flaw can let hackers steal passwords using iframes – Bitwarden’s credentials autofill feature contains a risky behavior that could allow malicious iframes embedded in trusted websites to steal people’s credentials and send them to an attacker.
• AT&T alerts 9 million customers of data breach after vendor hack – AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January.
• Inside Threat: Developers Leaked 10M Credentials, Passwords in 2022 – More than five out of every 1,000 commits to GitHub included a software secret, half again the rate in 2021, putting applications and businesses at risk.

Podcasts

• Security Now 912 – The NSA @ Home – Hosted by Steve Gibson, Leo Laporte LastPass hack details, Signal says no to UK, more PyPI troubles, QNAP bug bounty
• Smashing Security 311 – TikTok, wiretapping, and your deepfake voice is your password
• Security Now 913 – A Fowl Incident, Hosted by Steve Gibson, Leo Laporte, DDoS’ing Fosstodon, Strategic Objective 3.3, CISA’s Covert Red-Team

Projects

Splunk – Using Fields

Webinars

• ChatGPT – good or evil? AI impact on cybersecurity – the business community is concerned about the AI’s potential to change the game for cyber criminals and wreak havoc in the world of defense organizations. Should businesses soon expect a wave of even more advanced cyber-attacks or simply more attacks? Will current cybersecurity solutions be enough? Or will ChatGPT instead provide cybersecurity specialists with more efficient and smarter defensive and threat hunting tools?
• Splunk Training – As part of its $100 million Splunk Pledge, Splunk has committed to supporting nonprofit organizations that provide skills training to individuals from communities that have been traditionally underrepresented in the technology industry. It is our hope that the Splunk training you receive through WSC helps prepare you for a successful career in our increasingly data-driven economy.

Articles

• Stanford University discloses data breach affecting PhD applicants – a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023.
• LassPass breach: Hackers put malware on engineer’s home computer to steal their password – The fallout from the LastPass hack continues, with the company revealing attackers gained access by hacking a senior engineer’s home computer.
• US Marshals Service Hit By Major Ransomware Attack – In response to the ransomware attack, the Marshals Service disconnected the affected system, and the Department of Justice initiated a forensic investigation.
• ‘Hackers’ Behind Air Raid Alerts Across Russia: Official – Russian authorities said that several television and radio stations that have recently broadcast air raid alerts had been breached by hackers.
• Hackers Claim They Breached T-Mobile More Than 100 Times in 2022 – Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests.
• Dish Network confirms ransomware attack behind multi-day outage – Satellite broadcast provider and TV giant Dish Network has finally confirmed that a ransomware attack was the cause of a multi-day network and service outage that started on Friday.
• Critical Vulnerabilities Allowed Booking.com Account Takeover – Booking.com recently patched several vulnerabilities that could have been exploited to take control of a user’s account.
• Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack – CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based management interface arising due to insufficient validation of user-supplied input.
• Chick-fil-A confirms accounts hacked in months-long “automated” attack – Chick-fil-A has confirmed that customers’ accounts were breached in a months-long credential stuffing attack, allowing threat actors to use stored rewards balances and access personal information.

Podcasts

• Smashing Security: 310: Verified blue ticks and horny AI chatbots
• Security Now 911 – A Clever Regurgitator – GoneDaddy, Section 230, NPM malware, Hyundai Kia mess, Meta Verified

Projects

Splunk – Pursuing Splunk Certified User Certificate

• Completed What is Splunk Training
• Completed Intro to Splunk Training

Pluralsight – Introduction to Information Security (2:53)

Alyssa Miller is a CISO at Epiq. She has been in the cyber security industry for 15 years. She has created 28 days of helpful youtube videos covering how to get hired in the cyber security field. You can find the playlist here and the below video is an introduction.

Articles

• Microsoft Outlook flooded with spam due to broken email filters – Outlook inboxes have been flooded with spam emails because email spam filters are currently broken.
• Sensitive US military emails spill online – A government cloud email server was connected to the internet without a password
• Insider Threats Don’t Mean Insiders Are Threatening – By implementing tools that enable internal users to do their jobs efficiently and securely, companies reduce insider threat risk by building insider trust.
• Data center logins for Apple and others obtained by hackers; could have facilitated physical access – They were also able to access surveillance cameras remotely, and the privileges they had could even have allowed physical access to servers.
• NSA shares guidance on how to secure your home network – A good article for all those now working from home
• TELUS investigating leak of stolen source code, employee data – Canada’s second-largest telecom, TELUS is investigating a potential data breach after a threat actor shared samples online of what appears to be employee data
• Student Medical Records Exposed After LAUSD Breach – “Hundreds” of special education students’ psych records have turned up on the Dark Web. School records like these are covered by FERPA, not HIPAA, so parents have little recourse.
• Pirated Final Cut Pro for macOS Offers Stealth Malware Delivery – The number of people who have made the weaponized software available for sharing via torrent suggests that many unsuspecting victims may have downloaded the XMRig coin miner.
• News Corp says state hackers were on its network for two years – Mass media and publishing giant News Corporation says that attackers behind a breach disclosed in 2022 first gained access to its systems two years before, in February 2020.

Projects

TryHackMe – Working Through SOC Level 1 path, Pyramid of Pain and Cyber Kill Chain are my most recent completions.