InfoSecSam Newsletter #7

Recent News

Third Party Pains for MoD

The UK Government confirms a cyberattack on the Ministry of Defence's payroll system, with personal data accessed but apparently no evidence of data removal.

Shared Services Connected Ltd (SSCL), a third party contractor, managed the system during the attack and the breach is reported to have affected up to 272,000 individuals.

China is suspected to be the culprit but they have not yet been formally attributed to the attack. Attribution can be a difficult and tricky thing to prove!

Dell Hell

Dell Technologies issued notices to millions of customers after a security breach, involving customer data such as names, addresses, and order details from a Dell portal.

Dell claim the breach didn't compromise sensitive data such as financial or payment information and have assured customers of ongoing investigation and security measures.

Zscaler Zscare

Zscaler have investigated claims of a hacker offering access to its systems. The hacker, IntelBroker, claimed to have access to critical logs and credentials for $20,000 in cryptocurrency.

However, Zscaler confirmed no compromise to its customer, production, or corporate environments. The investigation revealed an isolated test environment without customer data, hosted externally, which was quickly taken offline for analysis.

LockUp LockBit Leader

The US, UK and Australia have sanctioned and charged the 'LockBit kingpin', Dmitry Khoroshev. Khoroshev faces up to 185 years in prison and millions in fines and damages if convicted in the US.

The LockBit ransomware group has caused extensive damage, hitting thousands of targets and raking in over $100 million in ransoms. Operation Cronos led by UK National Crime Agency disrupted LockBit's operation and as a result was effective in reducing its global threat and affiliates.

Career Development

FREE TRAINING - Cyber Security Base 2024

Developed by the University of Helsinki. Cyber Security Base provides free courses focusing on building core knowledge and abilities related to the work of a cyber security professional.

The website describes the content as teaching about tools used to analyse flaws in software systems, knowledge to build secure software systems, the skills needed to perform risk and threat analysis on existing systems and the relevant legislation within EU.

Some programming background and ICT experience is required to complete all the courses. Check it out at the link below:

FREE ISC2 Certified in Cybersecurity Training and Exam

For all the new subscribers, the ISC2 are still offering free self-paced training and certification exam to 1 million people.

Click on the following link and follow the steps to kick start your career: FREE Entry-level Cybersecurity Training + Certification Exam

Other News

• Toddler AI - AI researchers are using toddlers with GoPros to train language models and help children who struggle with language.

• TikTok Trial - TikTok and ByteDance sue the US government over divest-or-die law.

• Bad Apple - Apple's new iPad ad sparks backlash for crushing creativity and lacking originality.

If you found this interesting, forward it on!

If you’re new here, subscribe here!