CTRL + ALT + SEC

Category: cybersecurity

  • What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 4/7/25

    What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 4/7/25

    Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

    Featured Analysis

    Featured article analysis: The US Treasury’s OCC disclosed an undetected major email breach for over a year

    This disclosure from the OCC should serve as a stark reminder of the persistent threats facing even well-resourced government agencies. The fact that a breach of this magnitude, compromising over 100 accounts and remaining undetected for over a year, highlights significant deficiencies in the OCC’s security posture and monitoring capabilities. The initial point of entry via a compromised administrator account underscores the critical importance of robust privileged access management, including multi-factor authentication and stringent auditing of administrative activities. Readers will note the delayed detection, reportedly triggered by an external notification from Microsoft, raising questions about the effectiveness of internal security controls and anomaly detection systems. The ongoing analysis to determine the full scope of the compromised data, including sensitive financial information, will be closely watched, as it could have broader implications beyond the OCC itself.

    From a threat intelligence perspective, the unknown attribution of the attackers adds another layer of concern. While speculation about potential links to previous state-sponsored attacks targeting the Treasury exists, the lack of concrete evidence necessitates an investigation to understand the tactics, techniques, and procedures (TTPs) employed. The extended dwell time of the threat actors within the OCC’s email environment allowed for the exfiltration of a significant volume of emails, estimated at 150,000 since May 2023. This emphasizes the need for proactive threat hunting and advanced endpoint detection and response (EDR) solutions capable of identifying and neutralizing sophisticated intrusions before they can cause substantial damage.

    Projects

    • TryHackMe – Networking Secure Protocols – In Progress

    Articles

    Podcasts

  • This Is How They Tell Me the World Ends Review: Zero-Day Exploits and Cyberwarfare

    This Is How They Tell Me the World Ends Review: Zero-Day Exploits and Cyberwarfare

    A Deep Dive into the Zero-Day Market and the Future of Cyberwarfare

    Nicole Perlroth’s This Is How They Tell Me the World Ends: The Cyberweapons Arms Race is a chilling and meticulously researched exposé that delves into the clandestine world of zero-day exploits, the shadowy figures who trade in them, and the governments that weaponize them. As a cybersecurity enthusiast or professional, this book is essential reading to understand the complex and increasingly dangerous landscape of cyberwarfare.

    What is a Zero-Day?

    For those new to the term, Perlroth expertly explains that a “zero-day” is a software vulnerability that is unknown to the software vendor. This means there’s “zero days” to fix it, making it a highly valuable and dangerous tool for hackers and nation-states alike. These vulnerabilities can be exploited to gain unauthorized access to systems, steal sensitive data, and even disrupt critical infrastructure.

    Key Takeaways for Cybersecurity Professionals:

    • The Zero-Day Market: Perlroth unveils the hidden economy where zero-day exploits are bought and sold, often for exorbitant sums. This market fuels the development of increasingly sophisticated cyberweapons.
    • The Role of Nation-States: The book highlights how governments, including the United States, have been major players in the acquisition and use of zero-days. This has led to a global cyberarms race with potentially catastrophic consequences.
    • The Escalating Threat: This Is How They Tell Me the World Ends underscores the growing threat of cyberattacks on critical infrastructure, businesses, and individuals. Perlroth provides numerous real-world examples, from Stuxnet to the Shadow Brokers leak, illustrating the devastating impact of these attacks.
    • Ethical Dilemmas: The book raises important ethical questions about the development, sale, and use of zero-day exploits. Should governments be stockpiling these vulnerabilities? What are the implications for privacy and security?
    • A Call to Action: Perlroth’s work serves as a wake-up call, urging greater awareness and proactive measures to defend against cyber threats. She emphasizes the need for a more robust and resilient cybersecurity posture at all levels.

    Why You Should Read This Book:

    • In-Depth Research: Perlroth, a seasoned cybersecurity reporter for The New York Times, draws on years of reporting and hundreds of interviews to provide a comprehensive and insightful account.
    • Compelling Narrative: The book reads like a thriller, with gripping stories of hackers, spies, and cyberattacks that will keep you on the edge of your seat.
    • Relevance: In an increasingly interconnected world, cybersecurity is more important than ever. This book provides crucial context for understanding the threats we face and the challenges ahead.

    Overall Assessment:

    This Is How They Tell Me the World Ends is a must-read for anyone interested in cybersecurity. It’s a sobering yet essential exploration of the cyberweapons arms race and its implications for our digital future. Whether you’re a seasoned professional or just starting your journey in cybersecurity, this book will provide valuable insights and leave you with a deeper understanding of the challenges and opportunities in this critical field.

  • AI’s Dark Side: The Emergence of “Zero-Knowledge” Cybercriminals

    AI’s Dark Side: The Emergence of “Zero-Knowledge” Cybercriminals

    Ever feel like the cyber threats out there are like something out of a spy movie? Think shadowy figures with glowing screens and lines of complicated code? Well, while those folks do exist, there’s a new player on the scene, and they might surprise you. Imagine someone with pretty basic tech skills suddenly being able to pull off sophisticated cyberattacks. Sounds like sci-fi? Nope, it’s the reality of AI-powered cybercrime, and it’s creating a wave of what we’re calling “zero-knowledge” threat actors.

    So, how does AI turn your average internet user into a potential cyber-naughty-doer? Think of it like this:

    • Phishing on Steroids: Remember those dodgy emails with weird grammar? AI can now whip up super-believable fake emails, texts, and even voice calls that sound exactly like they’re from someone you trust. It’s like having a professional con artist in your pocket, but powered by a computer brain.
    • Malware Made Easy: Creating nasty software used to be a job for hardcore coders. Now, AI is helping to automate parts of this process, and there might even be “Malware-as-a-Service” platforms popping up that are surprisingly user-friendly. Scary thought, right?
    • Spying Made Simple: Gathering info on potential targets used to take serious detective work. AI can now scan the internet like a super-sleuth, finding out all sorts of things about individuals and companies, making targeted attacks way easier for even a newbie.
    • Attack Automation – The Robot Army: Forget manually clicking and typing a million things. AI can automate entire attack sequences. Imagine a bad guy just hitting “go” on a program, and AI does all the heavy lifting. Creepy!
    • User-Friendly Crime? The trend seems to be towards making these AI-powered tools as easy to use as your favorite social media app. That means you don’t need a computer science degree to potentially cause some digital mayhem.

    What could this look like in the real world?

    • Deepfake Deception: Your grandma might get a video call that looks and sounds exactly like you, asking for money. Except, it’s a fake created by AI!
    • Ransomware for Dummies: Someone with minimal tech skills could use an AI-powered platform to lock your computer files and demand payment – think of it as ransomware with training wheels.
    • Social Media Shenanigans: Fake profiles and convincing posts generated by AI could trick you into clicking on dangerous links or giving away personal info.

    So, why should you care about this rise of the “zero-knowledge” cybercriminal?

    • More Attacks, More Often: With more people able to launch attacks, we’re likely to see a whole lot more of them hitting our inboxes and devices.
    • Smarter Attacks, Simpler Execution: Even if the person behind the attack isn’t a tech wizard, the AI they’re using can make their attacks surprisingly sophisticated.
    • Our Defenses Need an Upgrade: The security tools we rely on might need to get smarter to keep up with these AI-powered threats.

    Don’t panic! Here’s what you can do to stay safer:

    • Become a Skeptic Superstar: Be super suspicious of anything online that asks for your info or seems too good to be true.
    • Two is Always Better Than One (MFA!): Turn on Multi-Factor Authentication (MFA) wherever you can. It’s like having a second lock on your digital doors.
    • Keep Your Digital House Clean: Update your software and apps regularly. These updates often include security patches.
    • Think Before You Click: Seriously, take a breath before clicking on any links or downloading attachments, especially from people you don’t know.
    • Spread the Word: Talk to your friends and family about these new threats. Awareness is key!

    The cyber landscape is always changing, and AI is definitely shaking things up. The rise of “zero-knowledge” threat actors might sound a bit scary, but by staying informed and practicing good digital habits, we can all make it harder for these AI-assisted baddies to succeed. Stay safe out there, and keep learning!

  • What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/31/25

    What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/31/25

    Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

    Featured article analysis

    This weeks feature article analysis is from: https://www.bleepingcomputer.com/news/security/toll-payment-text-scam-returns-in-massive-phishing-wave/

    This recent E-ZPass smishing campaign highlights several evolving tactics cybercriminals are employing to bypass security measures and exploit user trust. The attackers leverage high-volume, automated messaging systems originating from seemingly random email addresses, a method designed to circumvent standard carrier-based SMS spam filters that primarily target phone numbers. By impersonating official bodies like E-ZPass or the DMV and instilling a false sense of urgency with threats of fines or license suspension, they effectively employ social engineering. A particularly noteworthy technique involves instructing users to reply to the message, cleverly bypassing Apple iMessage’s built-in protection that disables links from unknown senders. This user interaction effectively marks the malicious sender as “known,” activating the phishing link and demonstrating how attackers exploit platform features and user behavior in tandem.

    The sophistication extends beyond the delivery mechanism, with the phishing landing pages themselves designed to appear legitimate and, significantly, often configured to load only on mobile devices, evading desktop-based security analysis. The sheer scale suggests the involvement of organized operations, potentially utilizing Phishing-as-a-Service (PaaS) platforms like the mentioned Lucid or Darcula. These services specialize in abusing modern messaging protocols like iMessage and RCS, which offer end-to-end encryption and different delivery paths, making detection harder and campaign execution cheaper than traditional SMS. This underscores the ongoing challenge for defenders: attacks are becoming more targeted, evasive, and leverage platform-specific features, necessitating continuous user education (don’t click, don’t reply, verify independently) alongside technical defenses and prompt reporting to platforms and authorities like the FBI’s IC3.

    Projects

    • TryHackMe – Networking Core Protocols – Complete
    • TryHackMe – Networking Secure Protocols – In Progress

    Videos

    Articles

  • What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/24/25

    What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/24/25

    Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

    Featured Analysis

    Featured article analysis: Mike Waltz takes ‘full responsibility’ for Signal group chat leak

    The accidental inclusion of a journalist in a high-level Signal group chat discussing military strikes in Yemen has exposed significant vulnerabilities in the US National Security apparatus. While Signal offers strong encryption, this incident underscores that human error remains a critical weak point, as evidenced by the unexplained addition of the reporter. The debate over classified information sharing and the alleged use of auto-delete features raise serious questions about adherence to security protocols and federal record-keeping laws. This event highlights the inherent risks of using civilian communication apps for sensitive government matters, even with robust encryption, and emphasizes the critical need for stringent access controls, comprehensive training, and the consistent use of secure, government-approved platforms.

    This “glitch,” as downplayed by some, serves as a stark reminder for cybersecurity professionals that technology alone cannot guarantee security. Robust operational security practices, including strict verification procedures and adherence to data retention policies, are paramount. The incident underscores the necessity of cultivating a security-conscious culture within government and prioritizing the use of dedicated, secure communication channels over potentially vulnerable civilian alternatives. The political fallout and calls for investigation further emphasize the gravity of this lapse and its potential implications for national security and trust.

    Projects

    • TryHackMe – Networking Essentials – Complete
    • TryHackMe – Networking Core Protocols – In Progress

    Articles

    Podcasts

  • What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/17/25

    What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/17/25

    Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

    Projects

    • TryHackMe – Networking Essentials – In Progress

    Videos

    Articles

    Podcasts

    • Smashing Security 408: A gag order backfires, and a snail mail ransom demand – ‘Only’ a local access bug but important part of N Korea, Russia, and China attack picture
  • Book Review: “Cult of the Dead Cow” – Inside the World of the Original Hacking Supergroup

    Book Review: “Cult of the Dead Cow” – Inside the World of the Original Hacking Supergroup

    • Author: Joseph Menn
    • Fiction: Non-Fiction
    • Genres: Technology, Cyber Security
    • Rating: 3.5 Stars
    • Date Finished: 3/6/25

    The Book in 3 Sentences

    The book explores the history and influence of the legendary hacking collective known as cDc, which pioneered hacktivism and shaped modern cybersecurity. The book delves into the group’s groundbreaking contributions, such as exposing software vulnerabilities, promoting ethical hacking, and influencing figures like Beto O’Rourke. Menn also highlights the evolving cyber threat landscape, emphasizing the ongoing battle between hackers, corporations, and governments over privacy and security.

    Impressions

    How I Discovered It

    I’m reading through all the information security books that my local library has. I’m also try to get them to include more books from this subject.

    Who Should Read It?

    Cult of the Dead Cow is ideal for cybersecurity professionals, ethical hackers, and tech enthusiasts interested in the origins of hacktivism and its impact on modern security. It’s also a great read for policymakers, journalists, and privacy advocates who want to understand the ethical dilemmas and power struggles shaping the digital world. Additionally, anyone curious about the intersection of technology, activism, and government surveillance will find this book insightful and thought-provoking.

    How the Book Changed Me

    • Expanded Perspective on Hacktivism – It shifted your view of hackers to individuals who use their skills for social good, advocating for privacy, security, and accountability.
    • Strengthened Awareness of Cybersecurity Risks – It revalidated by view of digital vulnerabilities, how governments and corporations handle (or mishandle) cybersecurity, and the importance of protecting personal data.
    • Inspiration for Ethical Advocacy – The book motivated me to push for stronger digital rights.

    My Top 3 Quotes

    • “Hacking is not inherently bad. It’s about figuring out how things work and making them better.”
    • “The greatest threat to cybersecurity is not hackers—it’s apathy.”
    • “Privacy is not about having something to hide; it’s about having control over your own life.”

    Summary

    Cult of the Dead Cow by Joseph Menn chronicles the rise and influence of one of the most legendary and impactful hacking groups in history. The book explores how the cDc pioneered hacktivism, exposing software vulnerabilities, advocating for digital privacy, and shaping cybersecurity policies. Menn highlights their role in pushing companies and governments to take security more seriously while also delving into their ethical dilemmas and controversial tactics. The book also reveals the surprising connection of some members to mainstream politics and business, illustrating how hacking culture has evolved from the underground to the halls of power. Ultimately, Cult of the Dead Cow is a compelling look at the battle for control over the internet, security, and personal freedoms in the digital age.

  • Crowdstrike Global Threat Report 2025

    Crowdstrike Global Threat Report 2025

    CrowdStrike’s 2025 Global Threat Report details the evolving cybersecurity landscape, emphasizing the increasing sophistication and business-like approach of cyber adversaries. The report underscores the rise of “enterprising adversaries” leveraging genAI for social engineering and malicious activities.

    TLDR:

    • The average breakout time has decreased to 48 minutes, with the fastest recorded breakout time being only 51 seconds.
    • Voice phishing (vishing) attacks saw a significant increase of 442% between the first and second half of 2024.
    • Attacks related to initial access accounted for 52% of the vulnerabilities observed by CrowdStrike in 2024.
    • Advertisements for access brokers increased by 50% year-over-year, indicating a thriving business in providing access as a service.
    • China-nexus activity surged by 150% overall, with some targeted industries experiencing a 200% to 300% increase in attacks compared to the previous year.
    • 79% of detections in 2024 were malware-free, a significant increase from 40% in 2019, indicating a shift towards hands-on-keyboard techniques.
    • 26 new adversaries were tracked by CrowdStrike in 2024, bringing the total to 257.
    • Interactive intrusion campaigns increased by 35% year-over-year.
    • Valid account abuse was responsible for 35% of cloud-related incidents.
    • FAMOUS CHOLLIMA had 304 incidents, with nearly 40% representing insider threat operations.
    • LLM-generated phishing messages had a 54% click-through rate, significantly higher than human-written phishing messages at 12%.
    • New cloud intrusions increased 26% compared to 2023, indicating more threat actors are targeting cloud services.
    • China-nexus intrusions increased 150% across all sectors on average compared to 2023

  • Decoding the 2025 Cybersecurity Executive Order: What Every Tech Professional Needs to Know

    I’m excited to share my thoughts on the latest Executive Order signed by the President today, January 16, 2025. This order, titled “Strengthening and Promoting Innovation in the Nation’s Cybersecurity,” marks a significant step forward in our national cybersecurity strategy.

    If you would prefer to listen here is an overview provide by NotebookLM:

    Key Points of the Executive Order

    Enhanced Public-Private Partnerships
    The order emphasizes the critical need for stronger collaboration between government agencies and private sector entities. This approach recognizes that cybersecurity is a shared responsibility and that the most effective defense strategies leverage the strengths of both sectors.

    Investment in Emerging Technologies
    A major focus of this order is the promotion of innovation in cybersecurity. It calls for increased investment in cutting-edge technologies such as artificial intelligence, quantum computing, and advanced encryption methods. These technologies have the potential to revolutionize our cyber defense capabilities.

    Workforce Development
    Recognizing the ongoing shortage of cybersecurity professionals, the order outlines initiatives to bolster education and training programs. This includes expanding scholarship opportunities and creating more pathways for individuals to enter the cybersecurity field.

    Supply Chain Security
    The order addresses the critical issue of supply chain vulnerabilities, which have been exploited in several high-profile attacks in recent years. It mandates stricter security standards for software and hardware used in critical infrastructure and government systems.

    Implications for Cybersecurity Professionals

    As cybersecurity enthusiasts, this Executive Order should be seen as a positive development. It demonstrates a commitment at the highest levels of government to addressing the evolving cyber threats we face. The focus on innovation and emerging technologies aligns with the direction many of us in the field have been advocating for years.

    The emphasis on workforce development is particularly encouraging. It acknowledges the need for a larger and more diverse pool of cybersecurity talent, which is crucial for meeting the challenges of an increasingly complex threat landscape.

    Challenges and Opportunities

    While the order sets ambitious goals, implementation will be key. We should expect to see new initiatives and funding opportunities in the coming months. For those in the cybersecurity field, this presents exciting opportunities for research, innovation, and career advancement.

    However, we must also be prepared for the challenges that come with rapid technological change. As we adopt new technologies and strategies, we’ll need to remain vigilant and adaptable.

    In conclusion, this Executive Order represents a significant step forward in our national cybersecurity posture. It aligns with the realities of the current threat landscape and sets a course for a more secure digital future. As cybersecurity professionals and enthusiasts, we have a crucial role to play in turning these directives into reality.

  • PRC-linked Cyber Espionage: Protecting Your Mobile Communications

    The Cybersecurity and Infrastructure Security Agency (CISA) recently released guidance on best practices for securing mobile communications. This comes in response to identified cyber espionage activity by actors linked to the People’s Republic of China (PRC) government. These actors are targeting commercial telecommunications infrastructure to steal call records and compromise communications of high-profile individuals, such as those in senior government or political positions.

    If you would rather listed to an AI generated podcast summarizing the findings you can find that here:

    While anyone can benefit from implementing these best practices, CISA specifically urges highly targeted individuals to immediately review and apply these measures. It’s important to understand that all communication between mobile devices and internet services is potentially at risk. This includes both government-issued and personal devices.

    Key Recommendations for Everyone

    The guidance emphasizes several key best practices for enhancing mobile security:

    1. Prioritize End-to-End Encrypted Communication:

    • Adopt messaging apps like Signal that guarantee end-to-end encryption for secure communication. This provides a layer of protection against interception.

    2. Enable Phishing-Resistant Authentication:

    • Utilize FIDO (Fast Identity Online) for the strongest form of multifactor authentication (MFA). Hardware-based FIDO security keys like Yubico or Google Titan are most effective, with FIDO passkeys being an acceptable alternative.
    • Take inventory of valuable accounts (email, social media) and enroll them in FIDO-based authentication. Prioritize accounts like Microsoft, Apple, and Google. Disable less secure forms of MFA once FIDO is enabled.
    • Gmail users should enroll in Google’s Advanced Protection Program (APP) for enhanced protection against phishing and account hijacking.

    3. Move Away from SMS-Based MFA:

    • Avoid using SMS for authentication, as messages are not encrypted and can be intercepted.
    • Use authenticator apps like Google Authenticator, Microsoft Authenticator, or Authy for less important accounts, but remember that they are still vulnerable to phishing.
    • Disable SMS for each account once enrolled in authenticator-based MFA to eliminate this exploitable fallback mechanism.

    4. Employ a Password Manager:

    • Utilize password managers such as Apple Passwords, LastPass, 1Password, or others to securely store and manage passwords. Many offer features like weak password alerts and authenticator code generation.
    • Protect your password manager’s primary password with a strong, unique passphrase and ensure all stored passwords are also strong, unique, and random.

    5. Set a Telco PIN:

    • Enable an additional PIN or passcode for your mobile phone account with your telecom provider. This adds a layer of security against SIM swapping attacks.
    • Combine this with MFA on your mobile carrier account and update your account password using a password manager.

    6. Update Software Regularly:

    • Keep mobile device operating systems and applications updated. Enable automatic updates for timely patching.

    7. Use the Latest Hardware:

    • Opt for newer phone models that support the latest security features.

    8. Avoid Personal VPNs:

    • Personal VPN services can increase your attack surface by shifting risk to the VPN provider. Many also have questionable security and privacy policies.

    Device-Specific Recommendations

    In addition to the general recommendations, the guidance offers specific advice for iPhone and Android users:

    iPhone:

    • Enable Lockdown Mode: This feature restricts certain apps, websites, and features to reduce your attack surface.
    • Disable “Send as Text Message” in Message Settings: This ensures messages are only sent via iMessage, which offers end-to-end encryption between Apple users.
    • Protect DNS Queries: Use encrypted DNS services like Cloudflare’s 1.1.1.1 Resolver, Google’s 8.8.8.8 Resolver, or Quad9’s 9.9.9.9 Resolver.
    • Enroll in Apple iCloud Private Relay: This service enhances privacy and security by masking IP addresses and using secure DNS.
    • Review and Restrict App Permissions: Regularly review and limit app access to sensitive data like location, camera, and microphone.

    Android:

    • Prioritize Secure Phone Models: Choose models from manufacturers with strong security track records and long-term security update commitments. Look for devices that offer hardware-level security features and commit to at least five years of security updates.
    • Use RCS Only with End-to-End Encryption: Ensure end-to-end encryption is active when using Rich Communication Services.
    • Configure Android Private DNS: Use trusted, high-privacy DNS resolvers like those mentioned above for iPhone.
    • Enable “Always Use Secure Connections” in Chrome: Ensure all website connections default to HTTPS for increased security.
    • Enable Enhanced Safe Browsing Protection in Chrome: This provides an additional layer of security against malicious websites and downloads.
    • Confirm Google Play Protect is Enabled: This feature detects and prevents malicious apps. Exercise caution when using third-party app stores.
    • Review and Restrict App Permissions: Minimize the access apps have to sensitive permissions like location, camera, or microphone.

    By following these recommendations, you can significantly enhance the security of your mobile communications and protect yourself against the evolving threats posed by state-sponsored actors and other cybercriminals.