Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Google Play threats on the dark web are big business

New research from Kaspersky focuses on the types of malicious services provided by cybercriminals on the dark web. They found that Google Play threats and Android phone infections are big business.


Google may add new AI features to search, The New York Times reports

Internal Google messages reveal changes in response to the rapidly-moving field of artificial intelligence in search engines.

Microsoft’s Bing has long been a side note when it comes to search engines, languishing in relative obscurity, while Googling has been commonly used  as a verb in casual conversation for decades. However, Microsoft partnering with OpenAI and pulling ahead in the generative AI race may make Bing more competitive, or at least make Google seriously consider its rival an innovator.

There has allegedly been some “panic” within Google around the subject of AI lately, according to documents reviewed by The New York Times. As a result, Google plans to integrate new AI features into search beginning next month for up to one million people in the U.S., the NYT article stated.  More…


Decoding the U.N. Cybercrime Treaty

Negotiations for a proposed U.N. Cybercrime Treaty commenced in 2017 but began to take shape in 2022—and there’s a lot at stake. The draft treaty has the potential to rewrite criminal laws around the world, possibly adding over 30 criminal offenses and new expansive police powers for both domestic and international criminal investigations. These widened parameters have grave implications for billions of people—particularly the potential for stifling free speech, increasing government surveillance, and expanding state investigative techniques.


New DDoS attacks on Israel’s enterprises, infrastructure should be a wake-up call

Experts see the latest DDoS attacks against Israel as a case study in the effectiveness of simple, brute-force cybersecurity attacks, even against the most sophisticated targets.


Top 10 Ways to get a Job in Cyber WITHOUT a Degree

By Mike Miller

Dear Cyber Security Wannabe, Here are the Top 10 Ways to get a Job in Cyber WITHOUT a Degree:

I get about 100 messages a day from people asking me the same question. What path do I take to get into Cyber Security? I normally smile and answer that question with “Yes”.

The path that works for you is the direction you need to go.

No, you absolutely do not need a degree to get into Cyber. Below I have outlined 10 different ways that you can work toward gaining entry into this awesome field and work from your pajamas.

1. Self study. You can absolutely choose to learn on your own. Learning with YouTube, and a ton of other resources both paid and free.

2. Certifications. Yes, certifications give you street cred. They do a great job of showing that you are dedicated to learning. If you are just at the beginning, I might suggest CompTIA certs.

3. Boot Camps. Most boot camps show you a broad range of cyber security, not necessarily deep. However, it gives you a great sense of what you can do in this field. He will most likely find something that you really enjoy doing your boot camp and build off of it.

4. Join Communities. LinkedIn, Twitter, slack, discord, you name it. There are a ton of people that have the same interest. Surround yourself with people smarter than you.

5. Participate in CTFs. These are a ton of fun, and honestly I don’t think there’s any better way to learn. It is also an adrenaline rush.

6. Build a Lab. You don’t need expensive hardware anymore to do this. Get yourself a nice VM on Microsoft Azure, and build off of that. It’s really cheap and I have done it for years.

7. Volunteer. I guarantee there is someone out there that will take free help from you. Whether it is helping them tighten up their firewall, making sure their wireless is locked down or helping them write policies and procedures. There will always be places that will except free help. Gain experience for your portfolio.

8. Attend Conferences. I love doing these. First, the free swag is awesome. Second, there is no greater way to meet people, shake, hands, and build relationships with people in this industry.

9. Start a security blog. Teach others what you know.

10. Find entry level jobs. Trust me, there is someone out there that is hunting for somebody like you. Go find it.

If you want weekly tips from me on how to get into this field, you can subscribe to my email list at www.breakincyber.com.


Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security

Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.)

Imagine that you’d spoken in what you thought was total confidence to a psychotherapist, but the contents of your sessions had been saved for posterity, along with precise personal identification details such as your unique national ID number, and perhaps including additional information such as notes about your relationship with your family…

…and then, as if that were not bad enough, imagine that the words you’d never expected to be typed in and saved at all, let alone indefinitely, had been made accessible over the internet, allegedly “protected” by little more than a default password giving anyone access to everything.
That’s what happened to tens of thousands of trusting patients of the now-bankrupt Psychotherapy Centre Vastaamo in Finland.

This idiot got 3 months jail time but the sentence was suspended.  Not anywhere near a punishment that fit the crime.  More…


ChatGPT-Themed Scam Attacks Are on the Rise

Unit 42 researchers are monitoring the trending topics, newly registered domains and squatting domains related to ChatGPT, as it is one of the fastest-growing consumer applications in history. The dark side of this popularity is that ChatGPT is also attracting the attention of scammers seeking to benefit from using wording and domain names that appear related to the site.

Between November 2022 through early April 2023, we noticed a 910% increase in monthly registrations for domains related to ChatGPT. In this same time frame, we observed a 17,818% growth of related squatting domains from DNS Security logs. We also saw up to 118 daily detections of ChatGPT-related malicious URLs captured from the traffic seen in our Advanced URL Filtering system.  More…


 

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.