Webinars

This week I watched a lot of youtubes. Some of the were okay.

The below brighttalk talk was one of the best I’ve been too and its monthly so you should really watch this and make sure to catch them monthly.

Verizon Threat Research Advisory Center MIB – Monthly Update for September. Great webinar and worth 1 CPE.

This one below from Black Hills Information Security was the best thing I watched this week. Great for beginners like me:

Articles

• Password-stealing Linux malware served for 3 years and no one noticed – It’s not too late to check if a Linux device you use was targeted.
• Microsoft leaks 38TB of private data via unsecured Azure storage – The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository.
• Hackers breached International Criminal Court’s systems last week – The International Criminal Court (ICC) disclosed a cyberattack on Tuesday after discovering last week that its systems had been breached.
• T-Mobile app glitch let users see other people’s account info – Today, T-Mobile customers said they could see other peoples’ account and billing information after logging into the company’s official mobile application.

Podcasts

• ISC Daily Stormcast – SANS Podcast for 8/21/23 – DNS TTls; Snatch Ransomware; npm packages; nagios xi vuln;
• Cyberwire Daily – Ep 1910 | 9.20.23 – Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.
• BEERS WITH TALOS – Rachel Tobac on social engineering, expanding opportunities for women in cybersecurity

Projects

TryHackMe – SOC Level 1(74 % Complete): Windows Forensics 1 – Complete

Keep learning. Next month is cybersecurity month!!

Webinars

Articles

• Google rolls out Privacy Sandbox to use Chrome browsing history for ads – Google has started to roll out its new interest-based advertising platform called the Privacy Sandbox, shifting the tracking of user’s interests from third-party cookies to the Chrome browser.
• MGM Resorts shuts down IT systems after cyberattack – MGM Resorts International disclosed today that it is dealing with a cybersecurity issue that impacted some of its systems, including its main website and online reservations.
• World Security Report Finds Physical Security Incidents Cost Companies USD $1T in 2022 – According to the first-ever World Security Report, large, global companies lost a combined $1 trillion in revenue in 2022 due to physical security incidents.
• New WiKI-Eve attack can steal numerical passwords over WiFi – A new attack dubbed ‘WiKI-Eve’ can intercept the cleartext transmissions of smartphones connected to modern WiFi routers and deduce individual numeric keystrokes at an accuracy rate of up to 90%, allowing numerical passwords to be stolen.
• CISA offers free security scans for public water utilities – The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has announced it is offering free security scans for critical infrastructure facilities, such as water utilities, to help protect these crucial units from hacker attacks.
• NSA, FBI, and CISA Release Cybersecurity Information Sheet on Deepfake Threats – Today, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Information Sheet (CSI), Contextualizing Deepfake Threats to Organizations, which provides an overview of synthetic media threats, techniques, and trends.
• Adobe warns of critical Acrobat and Reader zero-day exploited in attacks – Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks.
• Cybercriminals Use Webex Brand to Target Corporate Users – The false advertisement has been left up for days, flying under the radar by managing to adhere to Google Ads’ policies.

Podcasts

• Darknet Diaries EP 137: PREDATOR
• Smashing Security 339: Bitcoin boo-boo, deepfakes for good, and time to say goodbye to usernames?

Projects

TryHackMe – SOC Level 1 (72 % Complete): Investigating with Splunk, Benign, DFIR: An Introduction – Complete

No webinars this week, but some fun articles!

Articles

• The Secret Weapon Hackers Can Use to Dox Nearly Anyone in America for $15 – Most Americans have very little choice but to provide their personal information to credit bureaus. Hackers have found a way into that data supply chain, and are advertising access in group chats used by violent criminals who rob, assault, and shoot targets.
• IBM Whitepaper: Cost of a Data Breach 2023 – IBM’s 2023 installment of their annual “Cost of a Breach” report has brought up some interesting trends such as the average cost of a breach rose once again to $4.45 million, increasing 15% over the last three years. It also has an industry-specific focus and breakdown of breaches.
• Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups – Thanks to a popular and relatively cheap hacking tool, hackers can spam your iPhone with annoying pop-ups prompting you to connect to a nearby AirTag, Apple TV, AirPods, and other Apple devices.
• W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts – “The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors who could purchase a custom phishing kit called W3LL Panel, designed to bypass MFA, as well as 16 other fully customized tools for business email compromise (BEC) attacks,” Group-IB said in a report shared with The Hacker News.
• ASUS routers vulnerable to critical remote code execution flaws – Three critical-severity remote code execution vulnerabilities impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers, potentially allowing threat actors to hijack devices if security updates are not installed.
• It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy – Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car.
• Thousands of dollars stolen from Texas ATMs using Raspberry Pi – A Texas court has heard how last month a gang of men used a Raspberry Pi device to steal thousands of dollars from ATMs.

Podcasts

• Smashing Security 338: Catfishing services, bad sports, and another cockup

Projects

TryHackMe – SOC Level 1: Splunk Basics, Incident Handling with Splunk – Complete

I thought this was interesting and wanted to share it with you all. Misconfigured email distro.

What was Bedlam3?

Little behind this week. It’s been busy. Still plugging away at learning all I can though.

Webinars

• (ICS)2 – The Impact of Artificial Intelligence on the Cybersecurity Industry – 8/30/23 – The impact of artificial intelligence (AI) on the cybersecurity industry is among the hottest topics discussed and debated amongst security professionals. From a positive perspective, AI has infused a myriad of threat detection and prevention platforms with newfound methods for uncovering sophisticated threats. It has also helped short-staffed security teams automate complex processes, such as incident validation and response. But AI also comes at a price. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he addresses the good, the bad, and the ugly outcomes of artificial intelligence.

Articles

• New York Times Spoofed to Hide Russian Disinformation Campaign – “Operation Doppelganger” has convincingly masqueraded as multiple news sites with elaborate fake stories containing real bylines of journalists, blasting them out on social media platforms.
• US says it and partners have taken down notorious ‘Qakbot’ hacking network – U.S. authorities on Tuesday said an international law enforcement operation had taken down the notorious “Qakbot” malware platform used extensively by cybercriminals in a variety of financial crimes.
• University of Michigan shuts down network after cyberattack – The University of Michigan has taken all of its systems and services offline to deal with a cybersecurity incident, causing a widespread impact on online services the night before classes started.
• US govt email servers hacked in Barracuda zero-day attacks – Suspected Chinese hackers disproportionately targeted and breached government and government-linked organizations worldwide in recent attacks targeting a Barracuda Email Security Gateway (ESG) zero-day, with a focus on entities across the Americas.
• Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks – Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model.
• London Police Warned to Stay Vigilant Amid Major Data Breach – Hackers hit a third-party contractor’s IT systems, but they didn’t steal any addresses or financial details, officials say.
• It’s a Zero-day? It’s Malware? No! It’s Username and Password – Surprisingly, one of the most potent weapons in their arsenal is not malicious code but simply stolen or weak usernames and passwords.

Podcasts

• Smashing Security 337: The DEA’s crypto calamity, and scammers’ blue tick bonanza
• Darknet Diaries EP 135: THE D.R. INCIDENT

Projects

TryHackMe – SOC Level 1: Introduction to SIEM, Investigating with ELK 101, ItsyBitsy – Complete

Last week was vacation, but I’m back and as before devoted to learning as much about cybersecurity as possible.

Webinars

• PCI DSS v4.0 – Navigating the Seven Cs – Verizon – Sam Junkin, Matt Arntsen, Ciske van Oosten & Peggy Nolan – Join us for the third installment of our webinar series, as we help companies act with confidence in light of significant updates to the flagship Payment Card Industry Data Security Standard (PCI DSS v4.0). Earlier in the series, we discussed the impact of PCI DSS v4.0, how to interpret key components and how to develop a plan to meet complex requirements. Now, we chart our course to conquer the “seven Cs” — the top constraints that most businesses face as they move forward in their transition. One of the most important things businesses must do to be successful is to take action now — and our panel is ready to show you how.

Articles

• Tesla says data breach impacting 75,000 employees was an insider job – in a data breach notice filed with Maine’s attorney general that an investigation had found that two former employees leaked more than 75,000 individuals’ personal information to a foreign media outlet.
• FBI: Lazarus hackers readying to cash out $41 million in stolen crypto – The FBI warned that North Koreans are likely readying to cash out tens of millions worth of stolen cryptocurrency out of hundreds of millions stolen in the last year alone.
• Scraped data of 2.6 million Duolingo users released on hacking forum – The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.
• U of M investigating claimed data breach – A university spokesperson said the alleged breach dates back to 2021 and earlier, and that all those potentially impacted are being contacted.
• Akira ransomware targets Cisco VPNs to breach organizations – There’s mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data.
• Kali Linux 2023.3 released with 9 new tools, internal changes – Kali Linux 2023.3, the third version of 2023, is now available for download, with nine new tools and internal optimizations.
• Bitwarden releases free and open-source E2EE Secrets Manager – Bitwarden, the maker of the popular open-source password manager tool, has released ‘Secrets Manager,’ an end-to-end encrypted secrets manager for IT professionals, software development teams, and the DevOps industry.
• Major U.S. energy org targeted in QR code phishing attack – A phishing campaign was observed predominantly targeting a notable energy company in the US, employing QR codes to slip malicious emails into inboxes and bypass security.
• Lapsus$ teen hackers convicted of high-profile cyberattacks – A London jury has found that an 18-year-old member of the Lapsus$ data extortion gang helped hack multiple high-profile companies, stole data from them, and demanded a ransom threatening to leak the information.
• What’s New in the NIST Cybersecurity Framework 2.0 – The new version 2.0 of the popular NIST Cybersecurity Framework has expanded beyond the original framework’s five functions of an effective cybersecurity program — identify, protect, detect, respond, and recover — and added a sixth, govern.
• Ford says cars with WiFi vulnerability still safe to drive – Ford is warning of a buffer overflow vulnerability in its SYNC3 infotainment system used in many Ford and Lincoln vehicles, which could allow remote code execution, but says that vehicle driving safety isn’t impacted.

Podcasts

• Smashing Security 336: Pizza pests, and securing your wearables

Projects

• TryHackMe – SOC Level 1 (62% Complete) – Introduction to SIEM- Complete

Every week I post what I have been working on in my journey to learn more about cybersecurity and hopefully land a job in the field. I hope these post can help others on their cyber journeys.

Webinars

• SANS – No Experience Required – Gaining Clarity for a Career in Cybersecurity

Articles

• Colorado Dept. of Higher Education Hit With Massive Data Breach – Last week, the department uncovered a data breach that occurred back in June stemming from what it deems to be a cybersecurity ransomware incident.
• North Korean hackers ‘ScarCruft’ breached Russian missile maker – The North Korean state-sponsored hacking group ScarCruft has been linked to a cyberattack on the IT infrastructure and email server for NPO Mashinostroyeniya, a Russian space rocket designer and intercontinental ballistic missile engineering organization.
• Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits – Threat actors such as the operators of the Cl0p ransomware family increasingly exploit unknown and day-one vulnerabilities in their attacks.
• New ‘Deep Learning Attack’ Deciphers Laptop Keystrokes with 95% Accuracy – A group of academics has devised a “deep learning-based acoustic side-channel attack” that can be used to classify laptop keystrokes that are recorded using a nearby phone with 95% accuracy.
• Tunnel Vision: CloudflareD AbuseD in the WilD – Cloudflared is functionally very similar to ngrok, an ingress-as-a-service tool that’s been used by TAs for quite some time now. However, Cloudflared differs from ngrok in that it provides a lot more usability for free, including the ability to host TCP connectivity over Cloudflared. Additionally, Cloudflared provides the full suite of Access controls, Gateway configurations, Team Management, and User Analytics.

Podcasts

• Darknet Diaries 136: TEAM XECUTER – Team Xecuter was a group involved with making and selling modchips for video game systems. They often made mods that allowed the video game system to rip games or play pirated games. It was a crowd favorite in the modding scene. Until it all fell apart.
• Smashing Security 334: Acoustic attacks, and the tears of a crypto rapper

Projects

• TryHackMe – SOC Level 1 (61% Complete)
  • Wazuh – Complete

Every week I post what I have been working on in my journey to learn more about cybersecurity and hopefully land a job in the field. Right now I’m working on a three part plan:

1. Keep up with current events – This post is a big part of that
2. Gain practical experience – Right now I’m working through TryHackMe learning paths
3. Obtain cybersecurity certificates – I’ve earned the (ISC)2 Certified in Cybersecurity, and I am studying for the CompTIA Security+ currently

Webinars

• SANS DFIR Summit – Day 1: Track 1 | Day 1: Track 2 | Day 2

Articles

• Israeli Oil Refinery Taken Offline by Pro-Iranian Attackers – The apparent pro-Iranian Cyber Avengers posted images of BAZAN Groups’s SCADA systems, diagrams, and programmable logic controller (PLC) code.
• CISA issues new warning on actively exploited Ivanti MobileIron bugs – The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of state hackers exploiting two flaws in Ivanti’s Endpoint Manager Mobile (EPMM), formerly MobileIron Core.
• Threat actors abuse Google AMP for evasive phishing attacks – Security researchers are warning of increased phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures and get to inboxes of enterprise employees.
• ‘DarkBERT’ GPT-Based Malware Trains Up on the Entire Dark Web – The DarkBART and DarkBERT cybercriminal chatbots, based on Google Bard, represent a major leap ahead for adversarial AI, including Google Lens integration for images and instant access to the whole of the cyber-underground knowledge base.
• Retail chain Hot Topic discloses wave of credential-stuffing attacks – American apparel retailer Hot Topic is notifying customers about multiple cyberattacks between February 7 and June 21 that resulted in exposing sensitive information to hackers.
• Why the California Delete Act Matters – Bill 362 is a perfect template for a nationwide win against data brokers and the privacy infringements they cause.
  • The California Delete Act would create an online portal where Californians could opt out of data broker tracking and remove information already collected about them.
• Tesla Jailbreak Unlocks Theft of In-Car Paid Features – Want heated seats for free? Self-driving in Europe despite a regulatory ban? Researchers have discovered the road to free car-modding on the popular Tesla EVs.
• Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi – Nearly 200 models are affected by vulnerability that may give wireless access to unauthorized third parties.
• Monitor Insider Threats but Build Trust First – The issue of how to prevent insider threats without infringing on employee privacy is one that has been a hot topic of debate in recent years.
• Hacktivist Group ‘Mysterious Team Bangladesh’ Goes on DDoS Rampage – The emerging threat has carried out 750 DDoS attacks and 78 website defacements in just one year to support its religious and political motives.
• Mondee security lapse exposed flight itineraries and unencrypted credit card numbers – Travel giant Mondee has secured an exposed database that was spilling sensitive customer information, including detailed flight and hotel itineraries and unencrypted credit card numbers.
• “PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing Facebook Accounts In-The-Wild – Malicious Emails Sent by Trusted Email Gateways

Podcasts

• Smashing Security 333: Barbie and the stalking spouse

Projects

• TryHackMe – SOC Level 1 (58% Complete)
  • Windows Event Logs – Complete
  • Sysmon – Complete
  • Osquery: The Basics – Complete

Welcome to another cybersecurity wrap-up! This week I caught a great webinar by Rachel Tobac, that she presented to my company (sorry, no link to share for this one).

Webinars

• Inside the Mind of a Hacker – Rachel Tobac

Articles

• Over 400,000 corporate credentials stolen by info-stealing malware – The analysis of nearly 20 million information-stealing malware logs sold on the dark web and Telegram channels revealed that they had achieved significant infiltration into business environments.
• 8 million people hit by data breach at US govt contractor Maximus – U.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks.
• New SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within 4 Days – The U.S. Securities and Exchange Commission (SEC) on Wednesday approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a “material” impact on their finances, marking a major shift in how computer breaches are disclosed.
• Massive macOS Campaign Targets Crypto Wallets, Data – Threat actors are distributing new “Realst” infostealer via fake blockchain games, researchers warn.
• KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related – KnowBe4 releases Q2 2023 global phishing report and finds HR related email subjects utilized as a phishing strategy and make up 50% of top email subjects.
• ‘FraudGPT’ Malicious Chatbot Now for Sale on Dark Web – The subscription-based, generative AI-driven offering joins a growing trend toward “generative AI jailbreaking” to create ChatGPT copycat tools for cyberattacks.
• Hackers Abusing Windows Search Feature to Install Remote Access Trojans – A legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.
• Hawai’i Community College pays ransomware gang to prevent data leak – The Hawaiʻi Community College has admitted that it paid a ransom to ransomware actors to prevent the leaking of stolen data of approximately 28,000 people.
• BreachForums database and private chats for sale in hacker data breach – While consumers are usually the ones worried about their information being exposed in data breaches, it’s now the hacker’s turn, as the notorious Breached cybercrime forum’s database is up for sale and member data shared with Have I Been Pwned.

Podcasts

• Smashing Security 332: Nudes leak at the plastic surgery, Mali mail mix-up, and WormGPT

Projects

• TryHackMe – SOC Level 1 (49% Complete)
  • sysinternals – Complete