0P3N Blog

Pay to Stay: Why it Makes Sense to Pay Your IT Staff to Develop Their Careers With skill gaps widening and IT professionals in high demand, companies are focused on retaining the staff they have for as long as possible. It makes sense: Recent survey data found that 72 percent of U.S. technology workers are considering leaving their current job ...

On May 5, 2022, Global CISO of Teleperformance, Jeff Schilling, joined Cybrary's CEO, Kevin Hanes, for a Fireside Chat discussing threat actors and the importance of cybersecurity development in mitigating risks. Below are some of the atendee questions recieved during the live event, and the answers from Jeff and Kevin. To get all the answers and information from the live ...

Hi Cybrary fans! It's a good week for Linux users to dive into our brand-new courses. Plus, we're celebrating World Password Day with everyone's favorite Black Badge-winning password cracker. 🥷 New Courses: The wait is over! Take our newest CVE Series course on CVE-2022-00543–the Redis flaw allowing adversaries to escape the Lua sandbox, remotely access a system, and start executing arbitrary commands on ...

Common Vulnerabilities and Exposures (CVE) are an industry standard for effectively tagging and identifying vulnerabilities in the wild. In this article, we will plan to cover some of the most devastating CVEs from the past year. More specifically, we will focus on a new trend that threat actors have been targeting: the vendor supply chain. A standard attack vector that ...

Hi Cybrary fans! April cyber kill chains bring May ransomware course campaigns. 🥷 We're kicking off a new month with cutting-edge courseware, labs, and podcasts designed to keep you informed and ready to defend your organization against critical cyberattacks! New Courses: Calling all blue teamers, red teamers, and everyone in between! Did you know that the financial industry saw a 1,318% increase in ...

The statistics don’t lie. Cybersecurity attacks are on the rise. From ransomware to Denial-of-Service attacks, the stream of evolving threats is seemingly never-ending. Understanding the techniques adversaries use to execute their attacks is vital to developing an effective detection and mitigation strategy. In our ongoing efforts to arm cybersecurity practitioners with the skills they need to stay ahead, we are ...

Russia's illegal invasion of Ukraine highlights growing concerns across Europe and beyond, not just in terms of military conflict but also cyberwarfare. When Russia launched a full-scale invasion of its neighbor on February 24, 2022, it quickly became clear that Ukraine could end up on the front lines of a much greater threat waged against the entire western world. In response, ...

Hi Cybrary fans! During every lunch break this week, you can bring the food and we'll bring the bite-sized training content to fuel your potential to detect adversary techniques! New Courses: In our three new courses covering techniques aligned to the MITRE ATT&CK Framework, you’ll explore how adversaries can abuse valid processes like the Kerberos ticket-granting service to stealthily move through an environment ...

In the worrying era of cyberwarfare, critical infrastructure and supply chains have become favorite targets for state-sponsored threat actors. Along with military assets, critical infrastructure has always been a prime target in acts of war. These systems, which include power generation, healthcare services, and transport, are vital to the normal functioning of society. While such assets are obvious targets in conventional ...

*On March 7, 2022, a security researcher named Max Kellermann publicly disclosed “Dirty Pipe,” a high-risk vulnerability in the Linux kernel that allows underprivileged users to leverage common processes to write readable files. “Dirty Pipe” weaponizes the piping communication mechanism in Linux, allowing adversaries to use it to gain write access and privilege escalation. Put simply, “Dirty Pipe” can give ...