0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

CTIG Coverage of Black Lotus Labs’ ZuoRAT Report
June 28, 2022

Overview Note: This blog post discusses active research by third parties into an ongoing threat. This information should be considered preliminary and will be updated as research continues. On June 28, 2022, the threat intelligence section of Lumen’s Black Lotus Labs posted research into an ongoing and highly targeted campaign against North American and Western European organizations, which leverages the massive ...

Monday Mix-in: OpenSSL, Confluence RCE, and Burnout
By: Sara Faradji
June 27, 2022

Hi everyone! Cybrary has you covered this week with brand new courses, blog posts, podcast episode, and free live sessions covering the latest threats. Featured Event From burnout to mitigating vulnerabilities, security teams are struggling and managers are overwhelmed. And dealing with security apathy across the organization keeps a security team awake at all hours. Improving the situation is not an easy task, ...

CTIG Coverage of CVE-2022-30190 (Follina)
By: Cybrary Staff
June 23, 2022

Overview Note: This blog post discusses active research by the Cybrary Threat Intelligence Group (CTIG) into an ongoing threat. This information should be considered preliminary and will be updated as research continues. On May 27 2022, the Cyber Security Research Team naosec tweeted about an interesting malware document submission to VirusTotal from Belarus. Naosec’s tweet further highlighted the maldocs ability to ...

Matt Mullins Joins Cybrary’s New Threat Intelligence Group
By: Cybrary Staff
June 23, 2022

Another day, another exciting new addition to our growing team! We’re welcoming long-time Cybrary instructor, Matt Mullins, to the Cybrary Threat Intelligence Group (CTIG) team as a Senior Security Researcher, where he’ll focus on adversary emulations of various threat actor groups and developing additional red team content. Matt joins new Cybrary team members and cybersecurity influencers, David Maynor and Chloé ...

How Can Cyber Experts Help You Prevent Vishing Attacks?
By: Evan Morris
June 23, 2022

Social engineering attacks are becoming more sophisticated, and the number of phishing attempts is especially growing each year. In 2021, 69% of companies have reported that they have been targets of a vishing scam — a ten percent increase compared to the year 2020. Even worse, according to Phishlabs, over the course of 2021 the overall [reported increase in vishing ...

Cybersecurity Bootcamps vs Cybrary
By: Cybrary Staff
June 22, 2022

Cybersecurity is one of the fastest-growing and most important career fields today. However, there is a severe shortage of qualified and certified workers. Studies show that a cybersecurity skill shortage is placing organizations at risk and its associated impacts have not improved over the past few years. For example, in a recent report by Fortinet, a staggering 80% of organizations ...

Monday Mix-in: Stop Adversaries from Exfiltrating Data and Extorting Businesses
By: Sara Faradji
June 21, 2022

Hi everyone! Want to level up your exploitation, detection, networking, and mitigation skills to keep pace with today's most critical security threats? Check out this week's content to gain the knowledge and hands-on training you'll need to succeed in numerous cybersecurity job roles! New Campaign Imagine a scenario where an adversary steals your business’ data and threatens to expose or destroy it unless ...

Critical Disruptions: New Exfiltration and Extortion Threat Actor Campaign
June 16, 2022

What is a Threat Actor Campaign? You may be wondering what a threat actor is or, better yet, What is a threat actor campaign? To start, a threat actor is a person or a group of people that participate in the exploitation of networks/systems for financial or political gain. These threat actors will use a series of vulnerability exploits and ...

What it takes to become a CISSP
By: Cybrary Staff
June 16, 2022

What does it take to become a Certified Information Systems Security Professional? The Certified Information Systems Security Professional (CISSP) credential is one of the most recognized in the industry. Still, it takes a lot of work to earn. Cybersecurity has long been considered a purely technical discipline whose roles are largely solitary. However, today's reality is very different. Everyone who works with ...

Monday Mix-in: Diversity in Cybersecurity
By: Sara Faradji
June 13, 2022

Hi Cybrary fans! It's a great week to explore hours of hands-on labs. And don't miss our latest podcast featuring Chloé Messdaghi, who we are proud to call our new Head of Impact at Cybrary!. New Episodes on the Podcast Acclaimed cybersecurity power player Chloé Messdaghi is making big moves in her new role as Cybrary's Head of Impact. In this week's ...