0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Monday Mix: Remote Access, Password Cracking, and Ransomware
By: Sara Faradji
May 9, 2022

Hi Cybrary fans! It's a good week for Linux users to dive into our brand-new courses. Plus, we're celebrating World Password Day with everyone's favorite Black Badge-winning password cracker. 🥷 New Courses: The wait is over! Take our newest CVE Series course on CVE-2022-00543–the Redis flaw allowing adversaries to escape the Lua sandbox, remotely access a system, and start executing arbitrary commands on ...

Welcome to the Era of Vendor Supply Chain Pipeline Attacks
By: Owen Dubiel
May 6, 2022

Common Vulnerabilities and Exposures (CVE) are an industry standard for effectively tagging and identifying vulnerabilities in the wild. In this article, we will plan to cover some of the most devastating CVEs from the past year. More specifically, we will focus on a new trend that threat actors have been targeting: the vendor supply chain. A standard attack vector that ...

Monday Mix: New this week Threat Actor Campaigns and OWASP Top 10
By: Sara Faradji
May 2, 2022

Hi Cybrary fans! April cyber kill chains bring May ransomware course campaigns. 🥷 We're kicking off a new month with cutting-edge courseware, labs, and podcasts designed to keep you informed and ready to defend your organization against critical cyberattacks! New Courses: Calling all blue teamers, red teamers, and everyone in between! Did you know that the financial industry saw a 1,318% increase in ...

Introducing Threat Actor Campaigns
By: Cybrary Staff
April 28, 2022

The statistics don’t lie. Cybersecurity attacks are on the rise. From ransomware to Denial-of-Service attacks, the stream of evolving threats is seemingly never-ending. Understanding the techniques adversaries use to execute their attacks is vital to developing an effective detection and mitigation strategy. In our ongoing efforts to arm cybersecurity practitioners with the skills they need to stay ahead, we are ...

A European perspective on the cybersecurity impact of Russia's invasion of Ukraine
By: Charles Owen-Jackson
April 28, 2022

Russia's illegal invasion of Ukraine highlights growing concerns across Europe and beyond, not just in terms of military conflict but also cyberwarfare. When Russia launched a full-scale invasion of its neighbor on February 24, 2022, it quickly became clear that Ukraine could end up on the front lines of a much greater threat waged against the entire western world. In response, ...

Monday Mix: Adversary Stealth Mode Deactivated
By: Sara Faradji
April 25, 2022

Hi Cybrary fans! During every lunch break this week, you can bring the food and we'll bring the bite-sized training content to fuel your potential to detect adversary techniques! New Courses: In our three new courses covering techniques aligned to the MITRE ATT&CK Framework, you’ll explore how adversaries can abuse valid processes like the Kerberos ticket-granting service to stealthily move through an environment ...

Why it's time for critical infrastructure companies to invest in cybersecurity training
By: Cybrary Staff
April 21, 2022

In the worrying era of cyberwarfare, critical infrastructure and supply chains have become favorite targets for state-sponsored threat actors. Along with military assets, critical infrastructure has always been a prime target in acts of war. These systems, which include power generation, healthcare services, and transport, are vital to the normal functioning of society. While such assets are obvious targets in conventional ...

What you should know about Dirty Pipe
By: Cybrary Staff
April 19, 2022

*On March 7, 2022, a security researcher named Max Kellermann publicly disclosed “Dirty Pipe,” a high-risk vulnerability in the Linux kernel that allows underprivileged users to leverage common processes to write readable files. “Dirty Pipe” weaponizes the piping communication mechanism in Linux, allowing adversaries to use it to gain write access and privilege escalation. Put simply, “Dirty Pipe” can give ...

Monday Mix: Spring4Shell has finally sprung
By: Sara Faradji
April 18, 2022

Hi Cybrary fans! The only things certain in life this week are taxes (for those of you in the United States) and new vulnerabilities. Check out all the courses in our CVE series to get ahead of the game in learning how to defend your organization against all the latest security flaws! New Course: CVE Series: Spring4Shell by Matt Mullins If you're wondering who ...

Inside Jobs: The Value of Cross-Training and Upskilling for Your Cybersecurity Team
By: Cybrary Staff
April 14, 2022

As cybersecurity threats continue to evolve in the wake of the pandemic, IT leaders are looking for ways to shore up defenses and take a proactive approach to protecting key data. According to recent survey data, this translates directly into boosted security budgets: Eighty-one percent of organizations spending more on cybersecurity in 2022 to help mitigate attacks and stay ahead ...