D.C. Board of Elections: Hackers may have breached entire voter roll – The District of Columbia Board of Elections (DCBOE) says that a threat actor who breached a web server operated by the DataNet Systems hosting provider in early October may have obtained access to the personal information of all registered voters.
City of Philadelphia discloses data breach after five months – The City of Philadelphia is investigating a data breach after attackers “may have gained access” to City email accounts containing personal and protected health information five months ago, in May.
Microsoft announces Security Copilot early access program – Security Copilot, Redmond’s AI-driven security analysis tool, makes it faster for security teams to counter threats using Microsoft’s global threat intelligence expertise and the latest large language models.
Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware – The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world.
Jessica Barker is the co-CEO of Cygenta and a leader in cybersecurity awareness who is very active on social media.
The book acts as a primer for those interested in cyber security but don’t have a foundation in it.
I think the sub-title is misleading as the book spends 95% of its content teaching the basics of cyber security, which isn’t bad in itself, but it doesn’t go deep on ‘how to get started in cyber security and futureproof your career’.
Impressions
As I said in point 3 above, the book spent all its content educating on the basics of cyber and did not dive deep into getting into the field or futureproofing your career in cyber. This is all contained in 1 chapter second to last in the book. This is not a bad book, but it doesn’t accomplish the goal on the cover. I was looking for something deeper about securing a future in a cyber career.
Who Should Read It?
Anyone interested in cybersecurity that does not already have a foundation in it. Those with a basic understanding will find, like me, 90% of the book covers the basics they already know.
How the Book Changed Me
I wouldn’t say this book had a huge impact on me. I got a couple of book and website recommendations and further solidified my cyber security understanding. Other than that, I learned maybe to abandon a book a little earlier in the future.
Question 11: What is the parent process of PID 740 in Case 002?
See screenshot above with PIDs listed. You can see that the executable before PID 740 is…
Answer: tasksche.exe
Question 12: What is the suspicious parent process PID connected to the decryptor in Case 002?
This is in the same screenshot. Basically this is asking what the PID for tasksche.exe is…
Answer: 1940
Question 13: From our current information, what malware is present on the system in Case 002?
This is kinda self-explanatory, so let’s take a wild guess..
Answer: WannaCry
Question 14: What DLL is loaded by the decryptor used for socket creation in Case 002?
PID 740 has a lot of DLLs listed. We could try each one in the answer box, but it did say socket in the question. WS stands for WinSock as in Winsock DLLs.
Answer: WS2_32.dll
Question 15: What mutex can be found that is a known indicator of the malware in question in Case 002?
We are going to use handles on this one and look for PID 1940
Russia and China-backed hackers are exploiting WinRAR zero-day bug – Google security researchers say they have found evidence that government-backed hackers linked to Russia and China are exploiting a since-patched vulnerability in WinRAR, the popular shareware archiving tool for Windows.
Fake Corsair job offers on LinkedIn push DarkGate malware – A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine.
D-Link confirms data breach after employee phishing attack – Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month.
23AndMe Hacker Leaks New Tranche of Stolen Data – Two weeks after the first data leak from the DNA ancestry service, the threat actor produces an additional 4 million user records they purportedly stole.
Cybersecurity Talent in America: Bridging the Gap – It’s past time to reimagine how to best nurture talent and expand recruiting and training to alleviate the shortage of trained cybersecurity staff. We need a diverse talent pool trained for tomorrow’s challenges.
NSA and CISA reveal top 10 cybersecurity misconfigurations – The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations.
Cyberwire – Ep 1925 | 10.12.23 – Hacktivism, auxiliaries, and the cyber phases of two hybrid wars. Challenges of content moderation. Cyberespionage in the supply chain. Don’t buy all the hype, but do fix your Linux libraries.
I tried this and found Chat GPT to be helpful writing about myself and using “resume speak”.
Articles
Microsoft Defender no longer flags Tor Browser as malware – Recent versions of the TorBrowser, specifically because of the updated tor.exe file it contained, were being incorrectly flagged as potential threats by Windows Defender.
Sony confirms data breach impacting thousands in the U.S. – Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.
The US Is Openly Stockpiling Dirt on All Its Citizens – A new report reveals that government agencies have been stockpiling data on US citizens through data broker pipelines. Privacy advocates have been arguing that government agencies use too broad a definition of “publicly available data” to include any data that can be purchased.
2023 State of API Security Report: Global Findings – This study gathered insights from 1,629 respondents across over 100 countries and six major industries. One of the highlights is that 74% of organizations have had at least three API-related data breaches in the past two years.
Cyberwire Daily – Ep 1918 | 10.2.23 – Adventures of ransomware, and other developments in cybercrime. Cyberespionage and hybrid warfare. A government shutdown averted. Cybersecurity Awareness Month is underway.
Cyberwire Daily – Ep 1919 | 10.3.23 – Where ICS touches the Internet. BunnyLoader traded in C2C markets. Phantom Hacker scams. API risks. Cybersecurity attitudes and behavior. DHS IG reports on two cyber issues. Updates on the hybrid war.
Cyberwire Daily Ep 1921 | 10.5.23 – Security risks in the hardware and software supply chains. Patches and proofs-of-concept. A look at recent incidents hitting major corporations. Online surveillance and social credit in Russia.
Smashing Security 342: Royal family attacked, keyless car theft, and a deepfake Tom Hanks
Projects
TryHackMe – SOC Level 1 (77 % Complete): Windows Forensics 2, Linux Forensics – Complete
LinkedIn Learning – Security + Training Domain 6: Cloud Security Design and Implementation – Complete
I’m studying for the Security+ right now. This was a good overview, but I think anyone with any technical background can skip directly to the Security+.
I’ll watch anything with Rachel Tobac in it. She is a master of social engineering!
This certificate looks like it would be worth while to do after the Security+ as it covers CISSP a lot and I’ll need lots of time to review the topics for that more difficult certificate.
Articles
Cisco to acquire Splunk in $28B mega deal– Cisco has a reputation of building the company through acquisitions, but it has tended to stay away from the really huge ones.
BORN Ontario child registry data breach affects 3.4 million people – The Better Outcomes Registry & Network (BORN), a healthcare organization funded by the government of Ontario, has announced that it is among the victims of Clop ransomware’s MOVEit hacking spree.
National Student Clearinghouse data breach impacts 890 schools – The personally identifiable information (PII) contained in the stolen documents includes names, dates of birth, contact information, Social Security numbers, student ID numbers, and some school-related records (e.g., enrollment records, degree records, and course-level data).
MOVEit Flaw Leads to 900 University Data Breaches – National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.
Nigerian man pleads guilty to attempted $6 million BEC email heist – Kosi Goodness Simon-Ebo, a 29-year-old Nigerian national extradited from Canada to the United States last April, pleaded guilty to wire fraud and money laundering through business email compromise (BEC).
CyberWire Daily – Ep 1914 | 9.26.23 – Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.
CyberWire Daily – Ep 1916 | 9.28.23 -Buckworm APT’s specialized tools. Cyberattack against Johnson Controls. Oversight panel reports on Section 702. Cyber in election security, and in the US industrial base. Hacktivism versus Russia.
CyberWire Daily – Ep 1917 | 9.29.23 – Malicious ads in a chatbot. A vulnerability gets some clarification. Cl0p switches from Tor to torrents. Influence operations as an adjunct to WMD. And NSA’s new AI Security Center.
Smashing Security 341: Another T-Mobile breach, ThemeBleed, and farewell Naked Security
Projects
TryHackMe – SOC Level 1(75 % Complete): Windows Forensics 2 – In Progress
Microsoft leaks 38TB of private data via unsecured Azure storage – The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository.
ISC Daily Stormcast – SANS Podcast for 8/21/23 – DNS TTls; Snatch Ransomware; npm packages; nagios xi vuln;
Cyberwire Daily – Ep 1910 | 9.20.23 – Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.
BEERS WITH TALOS – Rachel Tobac on social engineering, expanding opportunities for women in cybersecurity
MGM Resorts shuts down IT systems after cyberattack – MGM Resorts International disclosed today that it is dealing with a cybersecurity issue that impacted some of its systems, including its main website and online reservations.
New WiKI-Eve attack can steal numerical passwords over WiFi – A new attack dubbed ‘WiKI-Eve’ can intercept the cleartext transmissions of smartphones connected to modern WiFi routers and deduce individual numeric keystrokes at an accuracy rate of up to 90%, allowing numerical passwords to be stolen.
CISA offers free security scans for public water utilities – The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has announced it is offering free security scans for critical infrastructure facilities, such as water utilities, to help protect these crucial units from hacker attacks.
