Projects

• O’Reilly Live Course – CompTIA Security+ SY0-601 Crash Course with Sari Greene
• TryHackMe (Top 3% of users!) – OWASP Juice Shop – In Progress

Videos

• Volt Typhoon
• About Harry Coker Jr.
• Book Recommendation: The Fifth Domain

Articles

• U-Haul tells 67K customers that cyber-crooks drove away with their personal info – U-Haul is alerting tens of thousands of folks that miscreants used stolen credentials to break into one of its systems and access customer records that contained some personal data.
• Energy Department Invests $45 Million in 16 Projects to Improve Cybersecurity – The US government makes a $45 million investment in 16 projects to improve cybersecurity across the energy sector.
• Domains Once Owned by Major Firms Help Millions of Spam Emails Bypass Security – 8,800 domains, many once owned by major companies, have been abused to get millions of emails past spam filters as part of SubdoMailing campaign.
• NIST Cybersecurity Framework 2.0 Officially Released – NIST releases Cybersecurity Framework 2.0, the first major update since the creation of the CSF a decade ago.
• Hack The Box Launches Certified Web Exploitation Expert As Demand for Risk Mitigation Grows – Hack The Box (HTB), the leading gamified cybersecurity upskilling, certification, and talent assessment platform, has launched its latest hands-on certification offering, the Hack The Box Certified Web Exploitation Expert (HTB CWEE), addressing niche specialized job roles.
• Avast to Pay $16.5M Fine for Selling Consumer Browsing Data – The FTC found that Avast collected reams of personal data through its antivirus product, then sold it to more than 100 third parties without disclosing its practices.
• Malawi Immigration Dept. Halts Passport Services Amid Cyberattack – President of Malawi vows not to pay ransom to “appease criminals.”
• Microsoft Releases Red Teaming Tool for Generative AI – Microsoft releases PyRIT red teaming tool to help identify risks in generative AI through automation.
• New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks – Cybersecurity researchers have found that it’s possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks.
• Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware – At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances.
• President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations – U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens’ personal data to countries of concern.
• Ransomware gang claims they stole 6TB of Change Healthcare data – The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform.

Podcasts

• Cyberwire – Ep 2013 | 2.28.24 – Protecting American data.