CTRL + ALT + SEC

Author: ByteMe

Staying Up-to-Date in the Cybersecurity Industry
Staying current in cybersecurity is crucial to proactively mitigate risks, ensure compliance, and make informed decisions in today’s rapidly changing digital landscape. Here are some resources to help you stay up-to-date with cybersecurity:

Feedly

Feedly (RSS Aggregator) is a free website that will collect news from different sources and put them all together in one place. Here are some sites to add to feedly:
TLDR

Information Security News to Your Inbox. TLDR is a free service that sends you a recurring emails aggregating the news in various subjects for you. They have many different newsletters on various topics including information security.

Sign Up

SANS Cyber Security Summits

SANS Free Virtual Conferences. SANS summits take place often on a variety of subjects including AI, DFIR, Cloud, Threat Intelligence, etc. It is free to attend the summits online and if you miss them you can watch the recording. They also count for CPE. Their slack is also a great place to learn from others.

BrightTALK

Free Virtual Talks. BrightTALKs bring the speakers to you. Search for any subject and attend live or recorded talks on any subject including many Cybersecurity ones. Every month the Verizon Threat Research Advisory Center gives an update. They are a great talk to attend.

Verizon Business Page at BrightTALK

Podcasts

I’ve already compiled a list of podcast on this blog here is a link to that post.

Books

Here are some favorites of mine:
- Hacker and the State by Ben Buchanan. Packed with insider information based on interviews, declassified files, and forensic analysis of company reports, The Hacker and the State sets aside fantasies of cyber-annihilation to explore the real geopolitical competition of the digital age
- Countdown to Zero Day by Kim Zetter. Rather than simply hijacking targeted computers or stealing information from them, it proved that a piece of code could escape the digital realm and wreak actual, physical destruction—in this case, on an Iranian nuclear facility.
- Dark Wire by Joseph Cox. In 2018, a powerful app for secure communications called Anom took root among organized criminals. They believed Anom allowed them to conduct business in the shadows. Except for one thing: it was secretly run by the FBI.
- This is How They Tell Me the World Ends by Nicole Perlroth. One of the most coveted tools in a spy’s arsenal, a zero day has the power to silently spy on your iPhone, dismantle the safety controls at a chemical plant, alter an election, and shut down the electric grid (just ask Ukraine).
YouTube

There are so many YouTube channels doing a great job getting information out there. This is not an exhaustive list, but they are some of my favorites!
- Black Hills Information Security – A great channel. I especially love the weekly Talkin’ Bout [Inforsec] News series.
- SANS Institute – Yes, they are on Youtube as well. If you missed a summit it might be posted here. Lots of evergreen content posted on this channel too!
- David Bombal – David has two channels worth watching. His main channel and David Bombal Tech.
Other Networks

Blueksy – Read more about bluesky on this prior post. Here are the info sec starter packs.

LinkedIn – Here are some good folks to follow on LinkedIn.
Mastodon – Federated messaging service a la Twitter/X, with large infosec group on the infosec.exchange server.
December 10, 2024
TryHackMe | Advent of Cyber 2024 – Day 10

Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.

December 10, 2024
TryHackMe | Advent of Cyber 2024 – Day 9

Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.

December 9, 2024
Weekly Cybersecurity Wrap-up 12/2/24
Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects
- Linux Foundation – Introduction to Kubernetes (LF158) – In Progress
- TryHackMe – Splunk: Setting up a SOC Lab
- TryHackMe – Advent of Cyber – Playlist
Videos

Articles
- Meta plans to build a $10B subsea cable spanning the world, sources say – sources close to the company that Meta plans to build a new, major, fibre-optic subsea cable extending around the world — a 40,000+ kilometer project that could total more than $10 billion of investment.
- New York Fines Geico and Travelers $11 Million Over Data Breaches – New York has announced $11 million settlements with Geico and Travelers over data breaches affecting 120,000 people.
- Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online – Hundreds of thousands of employees from major corporations including Xerox, Nokia, Koch, Bank of America, Morgan Stanley and others appear to be the latest victims in a massive data breach linked to last year’s attacks on file transfer tool MOVEit.
- Russia sentences Hydra dark web market leader to life in prison – Russian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison.
- Law Enforcement Read Criminals’ Messages After Hacking Matrix Service – Law enforcement has taken down yet another encrypted messaging service used by criminals, but not before spying on its users.
- Spy v Spy: Russian APT Turla Caught Stealing from Pakistani APT – Russia’s Turla hackers hijacked 33 command servers operated by Pakistani hackers who had themselves breached Afghanistan and Indian targets.
- Telecom Giant BT Group Hit by Black Basta Ransomware – BT Group, a major telecommunications firm, has been hit by a ransomware attack from the Black Basta group. The attack targeted the company’s Conferencing division, leading to server shutdowns and potential data theft.
- Recently Charged Scattered Spider Suspect Did Poor Job at Covering Tracks – A California teen suspected of being a Scattered Spider member left a long trail of evidence and even used an FBI service to launder money.
- Deloitte Hacked – Brain Cipher Ransomware Group Allegedly Stolen 1 TB of Data – Notorious ransomware group Brain Cipher has claimed to have breached Deloitte UK, allegedly exfiltrating over 1 terabyte of sensitive data from the professional services giant.
- Authorities Shut Down Crimenetwork, the Germany’s Largest Crime Marketplace – Germany’s largest crime marketplace, Crimenetwork, has been shut down, and an administrator has been arrested.
- NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise – Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems.
Podcasts
- Smashing Security 396: Dishy DDoS dramas, and mining our minds for data
December 9, 2024
TryHackMe | Advent of Cyber 2024 – Day 8

Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.

December 8, 2024
TryHackMe | Advent of Cyber 2024 – Day 7

Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.

December 7, 2024
TryHackMe | Advent of Cyber 2024 – Day 6

Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.

December 6, 2024
TryHackMe | Advent of Cyber 2024 – Day 5

Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.

December 5, 2024
TryHackMe | Advent of Cyber 2024 – Day 4

Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.

December 5, 2024
2024 Phishing by Industry Benchmarking Report Summary
This post will summarize the key findings from KnowBe4’s 2024 Phishing by Industry Benchmarking Report. This report highlights the continuing severity of phishing attacks and underscores the importance of robust security awareness training as a critical defense strategy.

AI generated podcast, if you prefer to listen to this content:

The report uses a metric known as the Phish-prone Percentage (PPP). This measures the percentage of employees within an organization who are susceptible to falling for phishing scams. A high PPP indicates a larger number of employees who are vulnerable to these attacks, thus indicating a greater risk of a potential breach. A low PPP demonstrates that the organization’s workforce has strong security awareness and can effectively identify and thwart phishing attempts.

Key Findings of the Report
- Untrained employees pose a significant security risk. The report found that, on average, 34.3% of untrained users across various industries and organizational sizes would likely fail a phishing test. This means approximately one-third of employees are prone to interacting with malicious content, potentially jeopardizing their organization’s security.
- Consistent and comprehensive security awareness training leads to dramatic improvements. The report emphasizes that consistent security awareness training, combined with regular simulated phishing tests, can substantially reduce an organization’s PPP. Organizations that implement such training programs see their average PPP drop to 18.9% within 90 days, and to 4.6% after one year or more of training. This demonstrates a dramatic improvement in employee preparedness against phishing attacks.
- Specific industries exhibit consistently high-risk levels. For the third consecutive year, several industries in the large organization category (1,000+ employees) had PPPs exceeding 40% even after baseline assessments: Banking (42.3%), Consulting (47%), Energy & Utilities (47.8%), Financial Services (41.6%), Healthcare & Pharmaceuticals (51.4%), Insurance (48.8%), and Retail & Wholesale (42.4%). The Healthcare & Pharmaceuticals industry was among the highest risk industries in all organization sizes. These sectors are often targeted due to their handling of sensitive data and the potential for disruption of critical services.
- Investing in the human layer of security is crucial. The report stresses that organizations must go beyond mere compliance training and adopt a proactive, comprehensive security awareness strategy that includes:
  - Continuous education.
  - Regular testing and reinforcement.
  - Cultivating a security-conscious culture where employees understand the importance of safeguarding their digital environments both at work and in their personal lives.
Recommendations for a Strong Security Posture

The report concludes with recommendations for security leaders, emphasizing the following key aspects:
- Defined Mandate: Establish and clearly communicate the purpose and goals of your security awareness program.
- Policy Alignment: Ensure your program is in line with your organizational security policies.
- Culture Integration: Actively connect your security awareness initiatives with your overall security culture to strengthen the human layer of defense.
- Executive Support: Secure full support from executives for your security awareness program.
To successfully implement these recommendations, security and risk management leaders can consider the following actions:
- Fostering a Security Culture: Cultivate a workplace environment that prioritizes security, where employees are encouraged to be vigilant and report suspicious activity.
- Strategic Hiring: Recruit individuals with a strong security mindset who can contribute to building a security-conscious culture.
- “Culture Carrier” Program: Establish a program where designated employees act as security champions, promoting awareness and best practices within their teams.
- Ongoing Simulated Phishing Tests: Conduct regular phishing simulations to reinforce training and assess employee preparedness.
- Increased Frequency: Increase the frequency of training and testing to maintain security awareness as a top priority.
- Leadership Role Modeling: Encourage executives and leaders to demonstrate a commitment to security best practices, setting a positive example for the organization.
- Clearly Defined Objectives: Outline specific goals for your security awareness program and track progress toward achieving them.
- Engaging Professionals: Consider partnering with experienced security awareness training providers to leverage their expertise and resources.
- Effective Measurement: Implement metrics to track the effectiveness of your program, measuring key indicators like PPP reduction and employee engagement.
- Marketing-Inspired Approach: Adopt a marketing mindset to create engaging and impactful security awareness campaigns that resonate with employees.
- Employee Motivation: Motivate employees to actively participate in security awareness initiatives by recognizing and rewarding positive security behaviors.
By implementing these steps, organizations can build a strong human firewall and empower their employees to play an active role in protecting their organization against the evolving threat landscape.
December 4, 2024