Few areas of cybersecurity measure up against penetration testing in terms of importance and excitement. This activity boils down to finding flaws in computer systems so that organizations can address them proactively and forestall real-world attacks.

A pentester worth their salt should have outstanding tech skills, be a social engineering guru, and have enough confidence to try and outsmart seasoned IT professionals working for large corporations. Pentesters are often referred to as ethical hackers, and for good reason – they need to infiltrate well-secured systems to pinpoint loopholes that black hat hackers can parasitize for nefarious purposes.

The MOVEit Attack: 'Human2' Fingerprint

The group behind Cl0p has used a number of vulnerabilities in file transfer services, such as GoAnywhere MFT in January (CVE-2023-0669), and the MOVEit managed file transfer platforms in late May and early June (CVE-2023-34362).

Initially, the attackers installed a web shell, named LEMURLOOT, using the name "human2.aspx" and used commands sent through HTTP requests with the header field set to "X-siLock-Comment". The advisory from the Cybersecurity and Infrastructure Security Agency also includes four YARA rules for detecting a MOVEit breach.

The attack also leaves behind administrative accounts in associated databases for persistence — even if the Web server has been completely reinstalled, the attackers can revive their compromise. Sessions in the "activesessions" database with Timeout = '9999' or users in the User database with Permission = '30' and Deleted = '0' may indicate an attacker activity, according to CrowdStrike.

One hallmark of

Below detail at this link: https://owasp.org/www-project-top-10-for-large-language-model-applications/descriptions/

This is a draft list of important vulnerability types for Artificial Intelligence (AI) applications built on Large Language Models (LLMs) LLM01:2023 - Prompt Injections

Description: Bypassing filters or manipulating the LLM using carefully crafted prompts that make the model ignore previous instructions or perform unintended actions. LLM02:2023 - Data Leakage

Description: Accidentally revealing sensitive information, proprietary algorithms, or other confidential details through the LLM’s responses. LLM03:2023 - Inadequate Sandboxing

Description: Failing to properly isolate LLMs when they have access to external resources or sensitive systems, allowing for potential exploitation and unauthorized access. LLM04:2023 - Unauthorized Code Execution

Description: Exploiting LLMs to execute malicious code, commands, or actions on the underlying system through natural language

TIL the French government may have broken encryption on a LUKS-encrypted laptop with a "greater than 20 character" password in April 2023.

• https://nantes.indymedia.org/posts/87395/une-lettre-divan-enferme-a-la-prison-de-villepinte-perquisitions-et-disques-durs-dechiffres/

When upgrading TAILS today, I saw their announcement changing LUKS from PBKDF2 to Argon2id.

• https://tails.boum.org/security/argon2id/index.en.html

The release announcement above has some interesting back-of-the-envelope calculations for the wall-time required to crack a master key from a LUKS keyslot with PBKDF2 vs Argon2id.

And they also link to Matthew Garrett's article, which describes how to manually upgrade your (non-TAILS) LUKS header to Argon2id.

• https://mjg59.dreamwidth.org/66429.html

The cybersecurity awareness trainer role aligns with the NICE Workforce Framework to Oversee and Govern, Protect and Defend, and Securely Provision.

Here are your responsibilities in this role:

• Train employees and users on how to recognize and prevent email security threats. This includes phishing scams, spoofing, vishing, whaling, and others.
• Promote organization-wide security awareness. This will apply to in-house and outsourced teams, including employees working from home.
• Train employees on how to protect against malware attacks like ransomware, spyware, scareware, adware, and keylogger. This will also cover anti-virus measures.
• Organize periodic security awareness training to ensure employees adopt security practices. This will also ensure that all personnel are conversant with the latest security threat.
• Provide real-world threat simulations to reinforce the importance of security awareness in the organization.
• Establish organization-wide password security and

Google is committing more than $20 million dollars to support the creation and expansion of cybersecurity clinics at 20 higher education institutions across the United States, the company announced on Thursday.

Such clinics rely on university students to provide free cybersecurity services to local institutions. By deploying students to community organizations to improve digital defenses, university cybersecurity clinics aim to give students cybersecurity experience, improve local defensive capacity and steer students toward work in cybersecurity.

“This investment that Google’s made today recognizes the value of experiential training. This is not only important for national security but for economic opportunities and national innovation,” Kemba Walden, the acting national cyber director, said at Thursday’s event announcing the funding. “Cyber clinics provide an on-ramp to cyber careers by enabling students from different backgrounds and majors to learn cyber skills.”

Businesses must get better at attracting, supporting, and hiring new cybersecurity talent. Here are eight initiatives launched this year to facilitate entry-level skills development and career opportunities.

• ThreatX partners with Cyversity, ICIT to offer free cybersecurity training - Learn more
• EC-Council launches CCT scholarship to spark new cybersecurity careers - Learn more
• (ISC)2 makes entry-level cybersecurity certification free for 20,000 Europeans - Learn more
• EU Cybersecurity Skills Academy aims to become entry point for cybersecurity careers - [Learn more](https://digital-strategy.ec.europa.eu/en/library/communication-cybersecurity-skil

Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.

There's the idea that once something is online, it is immortal, immutable, and almost impossible to contain. The golden rule is simple -- you should not put anything online you wouldn't want your grandmother to see, although, sometimes you aren't in control of what gets published.

Abuse, stalking, and bullying may also factor as reasons to erase our digital footprints and seize control of our devices. If you want to take control of your privacy and online data, these are the steps to start with.

In this episode of ThreatWise TV, Brandon Stultz and Nick Mavis not only provide a great overview of Snort 3.0, but they also touch on the kind of vulnerabilities that tend to trigger the most Snort signatures.

I’m rushing all of a sudden to study up and take the CySA exam before December when I think it switches to a newer 003 version and my study materials might be out of date. I know that sounds like a long time but in my hectic life feels fast!

I’m using Chapple’s book, Dion Training, ITProtv, and some special Udemy courses on like Wireshark and NMap. Any other recommendations?

Looking for low cost cybersecurity awareness training for small companies. Ideally includes some videos, written material and hopefully a little testing to reinforce learning. The stuff from the major players is expensive!