InfoSecSam Newsletter #3

Recent News

Russian Espionage

The big news this week. In a classic case of cyber espionage, Russian government-backed hackers have managed to steal sensitive emails from US officials through Microsoft's email system.

The US cybersecurity agency CISA issued an emergency directive requiring all federal agencies to investigate for signs of the Russian hackers.

This will only serve to increase the demand for strong cybersecurity professionals.

Deepfake Phish

An employee at LastPass, the password manager company, was recently targeted in a social engineering attack where the attackers used deepfake technology to impersonate the company's CEO.

The attack ultimately failed as the employee became suspicious due to tell-tale signs of phishing attacks. In this case, it was the sense of urgency the attackers were trying to create, and the communication being out of normal working hours.

The threat from deepfakes continue to rise but awareness of common traits associated with traditional social engineering attacks are still very much applicable.

Google Do Good

Google is promoting a solution that would negate cookie theft. Cookie theft occurs when an attacker gains access to the cookies stored in your web browser. These cookies contain sensitive information like login credentials or browsing history, which can be exploited by hackers to impersonate you or access your accounts without permission.

Device Bound Session Credentials (DBSC) will cryptographically tie session cookies to the device they’re saved on. This would render cookies useless without the associated device.

Losing Focus

Things are not looking good for Japanese lens maker Hoya Corp. Production of their products has come to a halt after a suspected cyberattack on their servers.

This is an example of a cyberattack having a real-world physical impact. As more and more physical systems rely on data, networks, and the internet to function. Cybersecurity has to be considered to protect against disruption as well as potential physical safety consequences.

Career Development

Test your hacking skills!

Defend the Web is a free interactive cybersecurity platform where you can learn and develop yourself with cybersecurity hacking challenges.

There’s resources to learn different hacking techniques and a playground area to actually put what you’ve learnt into practice.

Cybersecurity Roadmap

Ever wondered what all the areas of cybersecurity are? Well, check out this informative graphic that breaks it all done. It’s by no means complete but is a good high level view of the various cybersecurity domains.

Other News

• Prime Crime - A former Amazon security engineer was sentenced to three years in prison for hacking two cryptocurrency exchanges in July 2022 and stealing over $12 million!

• Barcode Blunder - UK flooded with forged stamps despite using barcodes — to prevent just that. Just because there’s a control, doesn’t mean its operating effectively!

• OpenTable Opens Up - Restaurant reservation platform OpenTable (I personally use this app regularly) says that all reviews on the platform will no longer be fully anonymous and will now show members' profile pictures and first names. This is great for transparency and discouraging fake reviews!

Thanks for reading!

If you found this interesting, forward it on!