Projects

LinkedIn Learning – CompTIA Security+ Module 10: Operations and Incident Response | In Progress

TryHackMe – Incident Response Framework – Identification and Scoping, Advent of Cyber (I’m posting these daily throughout December.)

UDemy – Python for Cybersecurity – Gitlab

EdX – EC-Council | Network Defense Essentials – In Progress

Videos

• Generative AI: Top Use Cases for Security Practitioners – With generative AI now ever-present in most organizations, the next frontier for security practitioners is understanding where AI capabilities like machine learning, deep learning and natural language processing can best increase cybersecurity efficiency and effectiveness in their organizations. How can generative AI help your team respond to incidents, discover and patch vulnerabilities, or assist with programming? Or all the above? And what do teams need to consider in order to identify, review, assess risk and develop the use cases before putting them into production?

Articles

• Hackers Hijack Industrial Control System at US Water Utility – Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or water supply.
• Slovenia’s largest power provider HSE hit by ransomware attack – Slovenian power company Holding Slovenske Elektrarne (HSE) has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production.
• Fidelity National Financial Takes Down Systems Following Cyberattack – Fidelity National Financial is experiencing service disruptions after systems were taken down to contain a cyberattack.
• General Electric investigates claims of cyber attack, data theft – General Electric is investigating claims that a threat actor breached the company’s development environment in a cyberattack and leaked allegedly stolen data.
• A Hacker Faked His Own Death–Then Claimed To Have Sold Marriott Customer Data To Russians, FBI Says – A hacker told the FBI earlier this year that he sold access to the personal data of Marriott hotel customers on a Russian forum, according to a search warrant obtained by Forbes.
• Yamaha Motor Confirms Data Breach Following Ransomware Attack – Yamaha Motor discloses ransomware attack impacting the personal information of its Philippines subsidiary’s employees.
• ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation – Easy-to-exploit flaw gives hackers passwords and cryptographic keys to vulnerable servers.
• Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds – Joe Sullivan, spared prison time, weighs in on the lessons learned from the 2016 Uber breach and the import of the SolarWinds CISO case.
• Five Cybersecurity Predictions for 2024 – Cybersecurity predictions for 2024 to help security professionals in prioritizing efforts to navigate the ever-changing threat landscape.
• Dollar Tree hit by third-party data breach impacting 2 million people – Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people after the hack of service provider Zeroed-In Technologies.
• Okta admits hackers accessed data on all customers during recent breach – Okta chief security officer David Bradbury said the company has since determined that all of its customers are affected by the breach.
• Staples confirms cyberattack behind service outages, delivery issues – American office supply retailer Staples took down some of its systems earlier this week after a cyberattack to contain the breach’s impact and protect customer data.
• LogoFAIL bugs in UEFI code allow planting bootkits via images – Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver bootkits.

Podcasts

• Smashing Security 349: Ransomware gang reports its own crime, and what happened at OpenAI?

Projects

LinkedIn Learning – CompTIA Security+ Module 9: Operations and Incident Response | Complete!

TryHackMe – SOC Level 1(100 % Complete): Phishing Analysis Fundamentals, Phishing Emails in Action, Phishing Analysis Tools, Phishing Prevention, The Greenholt Phish

UDemy – Python for Cybersecurity – Gitlab

Videos

Articles

• AutoZone Files MOVEit Data Breach Notice With State of Maine – The company temporarily disabled the application and patched the vulnerability, though affected individuals should still remain vigilant.
• Hacktivists breach U.S. nuclear research lab, steal employee data – The Idaho National Laboratory (INL) confirms they suffered a cyberattack after ‘SiegedSec’ hacktivists leaked stolen human resources data online.
• Inside Job: Cyber Exec Admits to Hospital Hacks – Healthcare cyber services executive Vikas Singla admits to hobbling hospital operations, then using the incidents to try and gin up extra business.
• AI Helps Uncover Russian State-Sponsored Disinformation in Hungary – Researchers used machine learning to analyze Hungarian media reports and found Russian narratives soured the nation’s perspective on EU sanctions and arms deliveries months before the Ukraine invasion.
• Canadian Military, Police Impacted by Data Breach at Moving Companies – Data breach at moving companies impacts Canadian government employees, and military and police personnel.
• Tor Network Removes Risky Relays Associated With Cryptocurrency Scheme – The Tor network has removed many relays associated with a cryptocurrency scheme, citing risk to integrity and users.
• Windows Hello auth bypassed on Microsoft, Dell, Lenovo laptops – Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors.