Cyber Security Full Course 2024 | Cyber Security Course Training For Beginners 2024
Youtube link:
https://www.youtube.com/watch?v=WfWMJiPh48k
S
SrGuard
@SrGuard
Posts
-
Cyber Security Full Course 2024 | Cyber Security Course Training For Beginners 2024 -
How I Would Learn Cyber Security If I Could Start Over in 2025
Youtube link:
https://www.youtube.com/watch?v=rz0RL4Xue-A -
Cyber risk explained The changing threat landscapeWhat do you consider to be the main sources of cyber security risk for companies today?
In today's environment, the challenges facing organisations are multifaceted and constantly changing as the external risk evolves and internal challenges multiply.Ransomware and business email compromise (BEC) fraud attacks continue to offer criminals significant financial rewards. Ransomware attacks have become increasingly sophisticated and frequent. Criminals now routinely employ data theft and aggressive extortion tactics such as threats, public shaming, and threats of legal and business consequences alongside traditional encryption attempts. Meanwhile, a sophisticated criminal ecosystem has grown up around the industry, distributing the skillsets needed to engineer such attacks and lowering the bar to entry. Generative AI enhances such trends.
Source/full article:
https://www.herbertsmithfreehills.com/insights/2024-12/cyber-risk-explained--the-changing-threat-landscape -
5 Practical Techniques for Effective Cyber Threat HuntingFinding threats targeting orgs in your region#
The most basic, yet high-impact way to learn about the current threat landscape for your company is to go and see what type of attacks other organizations in your region are experiencing.In most cases, threat actors attempt to target dozens of businesses at the same time as part of a single campaign. This makes it possible to catch the threat early and make correct adjustments in your organization.
Source/full article:
https://thehackernews.com/2024/12/5-practical-techniques-for-effective.html -
Quantum Technology Is a Threat to Data Security. It’s Also Part of the SolutionThe Challenge
As digital technology becomes more sophisticated, so do the associated risks. The average cost of a data breach is now almost $4.5 million, and ensuring data security and privacy are rapidly escalating business priorities. Companies are being forced to rethink their digital security strategies to minimize risks to their operations, employees and customers.The Impact
It will take between five and 10 years for the necessary developments in hardware, software and error correction to bring quantum computing into the mainstream. While not yet mature, the technology is making faster progress than initially expected, says Sonali Mohapatra, Quantum Innovation Sector Lead at the UK’s National Quantum Computing Centre (NQCC).Source/full article:
https://sponsored.bloomberg.com/quicksight/nokia/quantum-technology-is-a-threat-to-data-security-it-s-also-part-of-the-solution -
US military needs to talk to China on space, cyber issues, officials sayThe U.S. and China are not having much-needed military discussions about risks in space, cyber, and nuclear defense—even as the relationship between the countries has thawed in the past year, a defense official said Wednesday.
“The expansion of China's nuclear program raises the question of: what are all these nuclear weapons for, exactly, given that they have had this more limited doctrine in the past. And they haven't answered that question,” Ely Ratner, the Pentagon’s assistant secretary of defense for Indo-Pacific security affairs, said during a Center for Strategic and International Strategy event Wednesday.
Bilateral engagement with the PRC has improved since President Joe Biden and China’s President Xi Jinping met in November 2023. But China has thwarted U.S. attempts to have high-level discussions about certain topics in the past year, Ratner said.
Source/full article:
https://www.defenseone.com/policy/2024/12/us-military-needs-talk-china-space-cyber-issues-officials-say/401780/?oref=d1-featured-river-secondary -
Hacker Leaks Cisco DataA hacker has leaked data stolen recently from a Cisco DevHub instance, but claims it’s only a fraction of the total amount of files that was taken.
The notorious hacker IntelBroker announced in October that he and others had breached Cisco systems and obtained source code, certificates, credentials, confidential documents, encryption keys and other types of information. The hacker claimed to have obtained source code associated with several major companies.
Cisco’s investigation showed that its systems had not been breached and that the data was actually obtained from a public-facing DevHub environment that serves as a resource center from where customers can obtain source code, scripts and other content.
Full article:
https://www.securityweek.com/hacker-leaks-cisco-data/ -
5 Strategies to Combat Ransomware and Ensure Data Security in Microsoft 365As data breaches and cyber threats become the norm rather than the exception, the imperative to fortify cybersecurity measures has become critical. Microsoft 365, the leading enterprise productivity platform, is at the heart of many organizations' daily operations — and therefore is a prime target for cyber-attackers.
Ransomware remains one of the most aggressive cyber threats to organizations. A reported 76% of businesses have experienced at least one attack within the last year, the results of which yielded disrupted operations, substantial financial losses, and reputational damage. For SaaS platforms like Microsoft 365, the threat is even more pronounced due to the vast amounts of sensitive data processed and stored daily.
Full article:
https://thehackernews.com/expert-insights/2024/12/5-strategies-to-combat-ransomware-and.html -
Securing Open Source: Lessons from the Software Supply Chain RevolutionThe software supply chain has become a prime target for cyberattacks, with incidents like SolarWinds and Log4j demonstrating the critical vulnerabilities inherent in today's development ecosystems. The growing reliance on open source software (OSS) amplifies this risk, with recent studies showing that up to 90% of modern applications rely on open source components.
This article explores how organizations can mitigate software supply chain risks while continuing to leverage the innovation and flexibility of OSS.
Why Software Supply Chains Are at Risk#
At its core, the supply chain relies on a complex web of contributors, libraries, and dependencies—each presenting a potential attack vector. Attackers exploit this complexity by injecting malicious code into trusted packages or targeting the infrastructure itself.Full article:
https://thehackernews.com/expert-insights/2024/12/securing-open-source-lessons-from.html -
Several Pentagon commands failed to keep good track of classified mobile devices, audit findsA number of U.S. military commands failed to keep a complete and accurate inventory of mobile devices used to store and transmit classified information, according to a heavily redacted Defense Department oversight report.
The findings from the DOD Office of Inspector General also say that the defense entities did not list all technical requirements in their devices’ user training programs or user agreements, nor did they annually review or approve mobile phone incident response plans.
Several other findings from the audit are redacted due to their classified nature, but indicate the DOD has identified several problems with how the U.S. military and intelligence nexus handles the security of its servicemembers’ mobile phones.
-
White House says at least 8 US telecom firms, dozens of nations impacted by China hacking campaignWASHINGTON (AP) — A top White House official on Wednesday said at least eight U.S. telecom firms and dozens of nations have been impacted by a Chinese hacking campaign.
Deputy national security adviser Anne Neuberger offered new details about the breadth of the sprawling Chinese hacking campaign that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans.
Neuberger divulged the scope of the hack a day after the FBI and the Cybersecurity and Infrastructure Security Agency issued guidance intended to help root out the hackers and prevent similar cyberespionage in the future. White House officials cautioned that the number of telecommunication firms and countries impacted could still grow.
The U.S. believes that the hackers were able to gain access to communications of senior U.S. government officials and prominent political figures through the hack, Neuberger said.
Source/full news:
https://apnews.com/article/china-hack-us-telecoms-salt-typhoon-88cabc592dae2fa870772c5ce4ace5ea -
Hackers hit Rhode Island benefits system in major cyberattack.Cybercriminals could release personal data of many Rhode Islanders as early as this upcoming week in a major cyberattack that hit the state’s online system for delivering health and human services benefits, Gov. Daniel McKee said.
The hackers are demanding a ransom, officials said without elaborating.
The state urged Rhode Islanders to take action to protect their personal information, which may include names, addresses, dates of birth, Social Security numbers and certain banking information.
Anyone who has been involved in Medicaid, the Supplemental Nutrition Assistance Program known as SNAP, Temporary Assistance for Needy Families, Childcare Assistance Program, Rhode Island Works, Long-term Services and Supports, the At HOME Cost Share Program and health insurance purchased through HealthSource RI may be impacted, McKee said Saturday.
Full news:
https://apnews.com/article/cybersecurity-breach-data-rhode-island-56875d6b20ce94de7b240c5b2f43e4a8 -
Four Smart Questions for Boards Overseeing CybersecurityCorporate directors can cut through technospeak to understand the business risk of a hack.
Corporate board members increasingly see cybersecurity as a top business risk. Yet a chasm between directors’ knowledge of cyber issues and information security officers’ deeper, technical understanding of the subject can impede strong oversight.
While data shows that the number of directors with cyber experience has been growing, directors don’t necessarily need advanced cybersecurity backgrounds to hold management accountable about a company’s exposure.
Full article:
https://www.wsj.com/articles/four-smart-questions-for-boards-overseeing-cybersecurity-59b85ec8?tpl=cs&mod=hp_lead_pos1 -
Legal barriers complicate justice for spyware victimsSome recent court rulings show the difficult road of anti-spyware litigation, but those in the fight also see signs of promise.
Last month, Apple sought to drop its lawsuit against spyware industry leader NSO Group, citing a number of difficulties with advancing the case. This month, WhatsApp parent company Meta asked a judge to punish the same company for not complying with orders to hand over its source code. And for years, many victims have failed to get courts to take action against spyware manufacturers or countries that deployed the invasive technology against them.
For litigants who seek remedies against spyware makers and users in court, it all points to this conclusion: Taking legal action against spyware is very hard, beset by oft-overwhelming hurdles.
Full article:
https://cyberscoop.com/spyware-court-cases-nso-group-meta-whatsapp-apple/ -
How Benjamin Franklin is inspiring defenders to protect critical infrastructureThe digital world is (mostly) on fire. Two new projects have tapped hackers to try and put it out.
After a fire that started on a ship near Philadelphia in 1730 hit land and raged through the city’s streets, Benjamin Franklin formed the country’s first volunteer fire department. Nearly three centuries later, a pair of cybersecurity experts are drawing on that colonial call to direct action for a new-age fight: volunteer hackers vs. malicious actors intent on taking down critical infrastructure.
With the Franklin Project, the brainchild of DEF CON founder Jeff Moss and former White House acting Principal Deputy National Cyber Directory Jake Braun, volunteer hackers are enlisted to help protect some of the most vulnerable sectors in real-world settings, while also serving as resources for some of the thorniest national security and foreign policy debates.
“They want to help, they want to get involved, they want to give back,” Braun told CyberScoop during DEF CON in Las Vegas. “They just need a venue to do it.”
Full article:
https://cyberscoop.com/franklin-project-cybersecurity-volunteers-jeff-moss-def-con/ -
Starbucks, Other Retailers Hit by Ransomware Attack on Tech ProviderA ransomware attack against a major supply chain technology provider left retailers including Starbucks and U.K. grocery chain Sainsbury’s triggering backup plans to manage operations including scheduling and handling inventories.
Blue Yonder, one of the world’s largest supply chain software providers, said Monday it was working to restore services after the attack last week disrupted systems it hosts for customers.
-
New York State Fines Geico and Travelers $11.3 Million for Data BreachesNew York State fined auto insurers Geico and Travelers Indemnity a combined $11.3 million for lapses in their cybersecurity programs that led to hackers stealing data on 120,000 people during the Covid-19 pandemic.
The fines were issued by New York Attorney General Letitia James and the NYS Department of Financial Services. Both alleged that hackers accessed Geico’s online quoting tool used by insurance agents, starting in 2020, to steal driver’s license numbers and dates of birth. The attacks resulted in the exposure of sensitive information belonging to approximately 116,000 people.
-
Experts spotted a new macOS Backdoor named SpectralBlur linked to North KoreaResearchers discovered a macOS backdoor, called SpectralBlur, which shows similarities with a North Korean APT’s malware family.
Security researcher Greg Lesnewich discovered a backdoor, called SpectralBlur, that targets Apple macOS. The backdoor shows similarities with the malware family KANDYKORN (aka SockRacket), which was attributed to the North Korea-linked Lazarus sub-group known as BlueNoroff (aka TA444).KandyKorn is an advanced implant with a variety of capabilities to monitor, interact with, and avoid detection. It utilizes reflective loading, a direct-memory form of execution that may bypass detections,” notes Elastic Security, which identified and analyzed the threat.” reads the report published by Elastic.
SpectralBlur is not a sophisticated malware, it supports ordinary backdoor capabilities, including uploading/downloading files, running a shell, updating its configuration, deleting files, hibernating or sleeping, based on commands issued from the C2.
Source:
https://securityaffairs.com/157010/apt/macos-backdoor-spectralblur-north-korea.html -
Irish Data Protection Commission fined Meta €251 million for a 2018 data breachMeta has been fined €251M ($263M) for a 2018 data breach affecting millions in the EU, marking another penalty for violating privacy laws.
The Irish Data Protection Commission (DPC) fined Meta €251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts.“The Irish Data Protection Commission (DPC) has today announced its final decisions following two inquiries into Meta Platforms Ireland Limited (‘MPIL’). These own-volition inquiries were launched by the DPC following a personal data breach, which was reported by MPIL in September 2018.” reads the press release published by DPC.
“This data breach impacted approximately 29 million Facebook accounts globally, of which approximately 3 million were based in the EU/EEA. The categories of personal data affected included: user’s full name; email address; phone number; location; place of work; date of birth; religion; gender; posts on timelines; groups of which a user was a member; and children’s personal data. “
Source:
https://securityaffairs.com/172100/laws-and-regulations/dpc-fined-meta-e251-million.html -
What is the Common Vulnerabilities and Exposures (CVE) GlossaryCVE stands for Common Vulnerabilities and Exposures. CVE is a glossary that classifies vulnerabilities. The glossary analyzes vulnerabilities and then uses the Common Vulnerability Scoring System (CVSS) to evaluate the threat level of a vulnerability. A CVE score is often used for prioritizing the security of vulnerabilities.
The CVE glossary is a project dedicated to tracking and cataloging vulnerabilities in consumer software and hardware. It is maintained by the MITRE Corporation with funding from the US Division of Homeland Security. Vulnerabilities are collected and cataloged using the Security Content Automation Protocol (SCAP). SCAP evaluates vulnerability information and assigns each vulnerability a unique identifier.
Sources: