Articles

• Pepsi Bottling Ventures suffers data breach after malware attack – an unknown party accessed [our internal IT systems] on or around December 23, 2022, installed malware, and downloaded certain information contained on the accessed IT systems
• Russian hacker convicted of $90 million hack-to-trade charges – Vladislav Klyushin was found guilty of hacking into U.S. computer networks to steal confidential earnings reports, which helped $90,000,000 in illegal profits.
• Hyundai, Kia patch bug allowing car thefts with a USB cable – popularized on TikTok, increasing thefts targeting its vehicles without push-button ignitions and immobilizing anti-theft devices
• Report Reveals Record-Breaking Year for Cyber Threats – Exploit activity grew by 105% in Q4 2022, Malware jumped nearly 35% in Q4, Botnets jumped by 30% in 2022
• 5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant – As CPRA went into effect on January 1, latest CYTRIO research says 91% of companies still uncompliant with GDPR; 92% not compliant with CCPA and CPRA.
• City of Oakland declares state of emergency after ransomware attack – Interim City Administrator G. Harold Duffey declared a state of emergency to allow the City of Oakland to expedite orders, materials and equipment procurement, and activate emergency workers
• Cloudflare blocks record-breaking 71 million RPS DDoS attack – The majority of attacks peaked in the ballpark of 50-70 million requests per second (rps) with the largest exceeding 71 million rps
• FBI says it has ‘contained’ cyber incident on bureau’s computer network – The FBI has been investigating and working to contain a malicious cyber incident on part of its computer network in recent days
• GoDaddy: Hackers stole source code, installed malware in multi-year breach – Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers

Podcasts

• Smashing Security – 308: Jail after VPN fail, criminal messaging apps, and wolf-crying watches
• Security Now 910 – Malicious ChatGPT Use, Google Security Key Giveaway, OTPAuth

Projects

TryHackMe – I paid for premium access and completed the Introduction to Cybersecurity and Pre Security learning paths.

PiHole – I used this great tutorial to create a PiHole.

Webinars

• SANS – Transition to Cyber Security From a Non-Cyber Role: Creative Ways to Impress to Land Your Dream Cyber Role
• Inside (ISC)2 – Quarterly Board Update Q1 2023
• Addressing the Cyber Skills Gap – Bec McKeown will explore the cyber skills gap from both perspectives – as well as talking more broadly about the issues around generating and retaining talent and what the future cybersecurity workforce might look like.

Articles

• NIST Picks IoT Standard for Small Electronics Cybersecurity – NIST announces that it will use Ascon as a cryptography standard for lightweight IoT device protection.
• Toyota Global Supply Chain Portal Flaw Put Hacker in the Driver’s Seat – The automaker closed a hole that allowed a security researcher to gain system administrator access to more than 14,000 corporate and partner accounts and troves of sensitive data.
• Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide – 2 year old patch was not applied on thousands of servers.
• LockBit ransomware gang claims Royal Mail cyberattack – forced the company to halt its international shipping services due to “severe service disruption.”
• Crypto Drainers Are Ready to Ransack Investor Wallets – Cryptocurrency drainers are the latest hot ticket being used in a string of lucrative cyberattacks aimed at virtual currency investors.
• Reddit cyberattack let hackers steal source code and internal data – hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site. This site attempted to steal employees’ credentials and two-factor authentication tokens.

Podcasts

• Chat-GPT Seinfeld, QNAP, Google FI, Headcrab, Banner, GoodRx, Oracle, & GoAnywhere – SWN #271 – Security News Doug Chides: Chat-GPT, QNAP, Google FI, REDIS, Headcrab, Banner, GoodRx, Oracle, GoAnywhere, & more!
• Malicious Life 206 – The (Other) Problem with NFTs
• Smashing Security 307: ChatGPT and the Minister for Foreign Affairs
• Security Now 909 – How ESXi Fell – EU Internet Surveillance, QNAP returns, .DEV is always HTTPS

Projects

TryHackMe – Completed the “Walking and Application Room”

PluralSight Learning

Risk Management and Information Systems Control: Risk and Control Monitoring and Reporting – 48m – Addresses the risk management lifecycle.

A weekly roundup of my continued learning in cybersecurity. What webinars I attended, podcast I listened to, the articles I read and projects I’m working on.

Webinars

• SANS Institute – Not in Cyber Security? No Problem! Creative Ways to Gain Experience With No Experience – 1/28/23 – Creative Ways to Gain Experience with No Experience.
• PaloAlto Networks – 1/31/23 – Stop Zero-Day Malware with Zero Stress. Guest speakers, Chris Krebs and Rachel Tobac

Articles

• Economic headwinds could deepen the cybersecurity skills shortage – Security professionals will remain in high demand, but economic fallout will make hiring even harder.
• Hacker finds bug that allowed anyone to bypass Facebook 2FA – bug in system that Meta could have allowed malicious hackers to switch off an account’s two-factor protections just by knowing their email address or phone number.
• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year SysKit report highlighting effects of digital transformation on IT admins and governance landscape released.
• Hunting Insider Threats on the Dark Web – Use threat intelligence to reduce chance of success for malicious insider and Dark Web threats.
• GoodRx pays $1.5 million to settle health privacy allegations – Failed to tell customers they shared data with Meta and Alphabet.
• Google Fi data breach let hackers carry out SIM swap attacks – Google Fi, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks.

Podcasts

• Smashing Security – 306: No Fly lists, cell phones, and the end of ransomware riches? – What are prisoners getting up to with mobile phones? Why might ransomware no longer be generating as much revenue for cybercriminals? And how on earth did an airline leave the US government’s “No Fly” list accessible for anyone in the world to download?
• Malicious Life – You Should Be Afraid of SIM Swaps – If SIM swap stories ever make the news, almost uniformly, they focus on people who lost a lot of money. But SIM swaps also take a psychological toll. Getting cut off from the grid all of a sudden, not knowing why, not being able to call for help. Even when it’s over, you never know if your attackers — whoever they are — will come back again.
• Security Masterminds – Why a Data-Driven cybersecurity Defense Will Protect Your Organization With Special Guest, Roger Grimes – Excellent podcast, bit of John McAfee bashing, not that it wasn’t deserved. Get past that and the content is great.
• Security Weekly News – SWN #269 – Empathy, Bitwarden, Lexmark, Exchange, Dragonbridge, & Derek Johnson Talks About Hive
• Security Weekly News – SWN #270– SwiftSlicer, vRealize, Google Play, KeePass, Huawei, & Github –
• Security Now 908 – Data Operand Independent Timing – Old Android apps, Kevin Rose, iOS 6.3 and FIDO, Hive hacked

Projects

TryHackMe – This week I focused on the How the Web Works. I’m working through the HTTP in Detail room.

Pluralsight Learning

• Risk Management and Information Systems Control: IT Risk Assessment – 1hr 31m – The process of risk assessment, the follow up to the risk framing and risk identification processes done previously. This will help you understand the entire risk management process and prepare for ISACA’s CRISC examination.
• Risk Management and Information Systems Control: Risk Identification – 1hr 50m – Addresses the key parts of the risk management process starting with risk identification.

My weekly roundup of my continued learning in cyber security. What webinars I attended, podcast I listened to, the articles I read and projects I’m working on.

Webinars

• Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist – (ISC)2 – A Master Class on Cybersecurity: Password Best Practices – 01/24/23 – What really makes a “strong” password? And why are you and your end-users continually tortured by them? How do hackers crack your passwords with ease? And what can/should you do to improve your organization’s authentication methods? Password complexity, length, and rotation requirements are the bane of IT departments’ existence and are literally the cause of thousands of data breaches. But it doesn’t have to be that way! –

Security Briefings Webinars | (ISC)²

• Rachel Tobac, CEO of SocialProof Security – Webinar: Personal Data’s Role in Enterprise Social Engineering Attacks – 01/25/23 – During this webinar, Rachel and Rob will share their unique perspectives on: The state of privacy: Why individuals are losing control of their digital identities and how that’s driving business risk. The state of social engineering: How hackers use data found by data brokers to hack. The future of hacking: How new AI-based technology like facial recognition and voice-cloning will open up new pathways for bad actors

DeleteMe Webinar

Articles

• NVIDIA Morpheus – NVIDIA Morpheus is an open application framework that enables cybersecurity developers to create optimized AI pipelines for filtering, processing, and classifying large volumes of real-time data. Bringing a new level of information security to the data center, cloud, and edge, Morpheus uses AI to identify, capture, and act on threats and anomalies that were previously impossible to identify.
• Security and the Electric Vehicle Charging Infrastructure – When EVs and smart chargers plug in to critical infrastructure, what can go wrong? Plenty.
• Decrypted: BianLian Ransomware – Avast has developed a decryptor for the BianLian ransomware and released it for public download.
• 2023 Insider Threat Report – 72 percent of organizations report insider attacks have become more frequent.
• LastPass Parent Company GoTo Suffers Data Breach, Customers’ Backups Compromised – The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of multi-factor Authentication (MFA) settings, as well as some product settings and licensing information.
• Ticketmaster Blames Bots in Taylor Swift ‘Eras’ Tour Debacle – Ticketmaster testified in the Senate that a cyberattack was to blame for the high-profile Taylor Swift concert sales collapse, but some senators aren’t so sure.
• Justice Department Shutsdown Hive – The FBI has seized the computer infrastructure used by a notorious ransomware gang which has extorted more than $100 million from hospitals, schools and other victims around the world, US officials announced Thursday.
• Dutch hacker steals data from virtually entire population of Austria – The data was stolen from a misconfigured cloud database found by the attacker through a search engine

Podcasts

• 8th Layer Insights: Season 3 finale: What’s the deal with Authentication, MFA, and Password Managers? – Authentication and Password Managers.
• Security Weekly News #268: Chick-Fil-A, OneNote, XLLs, VastFlux, T-Mobile, ChatGPT, Ukraine, Lots of Microsoft
• Security Now 907 – PayPal Credential Stuffing. iOS 16.3 : Cloud encryption for all. InfoSecurity Magazine: “ChatGPT Creates Polymorphic Malware”. CheckPoint Research: OPWNAI : Cybercriminals Starting to Use ChatGPT. “Meta” fined for the third time. Bitwarden acquires “Passwordless.dev”. Closing the Loop. Credential Reuse.
• Control Loop: ICS/OT incident response plans: Don’t get caught unprepared. The NOTAM outage was reportedly caused by a corrupted file. Ukrainian hacktivists conducted DDoS attacks against Iranian sites. And a cyberattack against a Nunavut power utility.

Projects

TryHackMe – Completed Linux Fundamentals Parts 1-3. Completed Windows Fundamentals 1-3.

Implementation of Secure Solutions for CompTIA Security+ – 6 hours of prep training for the Security+.

Educational Recommendations

This week I attended two webinars:

• (ISC)2 Webinar – How to Perform an Attack Surface Assessment
• (ISC)2 Webinar – Future Insights 2023

Interesting Articles this Week

• Ransomware attack hit KFC and Pizza Hut stores in the UK
• T-Mobile hacked to steal data of 37 million accounts in API data breach
• EXCLUSIVE: U.S. airline accidentally exposes ‘No Fly List’ on unsecured server
• PayPal Breach Exposed PII of Nearly 35K Accounts
• MailChimp discloses new breach after employees got hacked
• The FBI Won’t Say Whether It Hacked Dark Web ISIS Site – Technically last week, but the idea that Tor is not as anonymous as commonly perceived is fascinating.

Great Podcasts from this Week

• Security Now 906 – The Rule of Two
• Darknet Diaries – EP 131: Welcome To Video – WARNING: This episode is especially disturbing.
• Smashing Security – 305: Norton unlocked, and police leaks
• FROZEN, FORTINET, SCATTERED SPIDER, ROUTERS, APF, TELEGRAM, & CWP – SWN #267

Learning Projects

TryHackMe – I’m adding in some rooms from TryHackMe here and there to increase my overall understanding of cybersecurity. I’m focusing on Unix commands right now.

Kali Linux – I’ve installed a Kali Linux virtual machine on my MacBook Pro M1, which took a little more doing as the Apple silicon is still fairly new in the industry.

PluralSight – I’m still working through the 6+ hour long Implementation of Secure Solutions for CompTIA Security+ by Christopher Rees.