Webinars
I’m studying for the Security+ right now. This was a good overview, but I think anyone with any technical background can skip directly to the Security+.
I’ll watch anything with Rachel Tobac in it. She is a master of social engineering!
This certificate looks like it would be worth while to do after the Security+ as it covers CISSP a lot and I’ll need lots of time to review the topics for that more difficult certificate.
Articles
- Cisco to acquire Splunk in $28B mega deal – Cisco has a reputation of building the company through acquisitions, but it has tended to stay away from the really huge ones.
- BORN Ontario child registry data breach affects 3.4 million people – The Better Outcomes Registry & Network (BORN), a healthcare organization funded by the government of Ontario, has announced that it is among the victims of Clop ransomware’s MOVEit hacking spree.
- National Student Clearinghouse data breach impacts 890 schools – The personally identifiable information (PII) contained in the stolen documents includes names, dates of birth, contact information, Social Security numbers, student ID numbers, and some school-related records (e.g., enrollment records, degree records, and course-level data).
- MOVEit Flaw Leads to 900 University Data Breaches – National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.
- Nigerian man pleads guilty to attempted $6 million BEC email heist – Kosi Goodness Simon-Ebo, a 29-year-old Nigerian national extradited from Canada to the United States last April, pleaded guilty to wire fraud and money laundering through business email compromise (BEC).
- T-Mobile denies new data breach rumors, points to authorized retailer – T-Mobile has denied suffering another data breach following Thursday night reports that a threat actor leaked a large database allegedly containing T-Mobile employees’ data.
Podcasts
- CyberWire Daily – Ep 1914 | 9.26.23 – Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.
- CyberWire Daily – Ep 1916 | 9.28.23 -Buckworm APT’s specialized tools. Cyberattack against Johnson Controls. Oversight panel reports on Section 702. Cyber in election security, and in the US industrial base. Hacktivism versus Russia.
- CyberWire Daily – Ep 1917 | 9.29.23 – Malicious ads in a chatbot. A vulnerability gets some clarification. Cl0p switches from Tor to torrents. Influence operations as an adjunct to WMD. And NSA’s new AI Security Center.
- Smashing Security 341: Another T-Mobile breach, ThemeBleed, and farewell Naked Security
Projects
TryHackMe – SOC Level 1(75 % Complete): Windows Forensics 2 – In Progress