0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Paying Your Employees to Develop Their Careers
By: Cybrary Staff
May 12, 2022

Pay to Stay: Why it Makes Sense to Pay Your IT Staff to Develop Their Careers With skill gaps widening and IT professionals in high demand, companies are focused on retaining the staff they have for as long as possible. It makes sense: Recent survey data found that 72 percent of U.S. technology workers are considering leaving their current job ...

Reduce Risk: How to combat threats through cybersecurity development - Q&A
By: Tatianna Harris
May 11, 2022

On May 5, 2022, Global CISO of Teleperformance, Jeff Schilling, joined Cybrary's CEO, Kevin Hanes, for a Fireside Chat discussing threat actors and the importance of cybersecurity development in mitigating risks. Below are some of the atendee questions recieved during the live event, and the answers from Jeff and Kevin. To get all the answers and information from the live ...

Monday Mix: Remote Access, Password Cracking, and Ransomware
By: Sara Faradji
May 9, 2022

Hi Cybrary fans! It's a good week for Linux users to dive into our brand-new courses. Plus, we're celebrating World Password Day with everyone's favorite Black Badge-winning password cracker. 🥷 New Courses: The wait is over! Take our newest CVE Series course on CVE-2022-00543–the Redis flaw allowing adversaries to escape the Lua sandbox, remotely access a system, and start executing arbitrary commands on ...

Welcome to the Era of Vendor Supply Chain Pipeline Attacks
By: Owen Dubiel
May 6, 2022

Common Vulnerabilities and Exposures (CVE) are an industry standard for effectively tagging and identifying vulnerabilities in the wild. In this article, we will plan to cover some of the most devastating CVEs from the past year. More specifically, we will focus on a new trend that threat actors have been targeting: the vendor supply chain. A standard attack vector that ...

Monday Mix: New this week Threat Actor Campaigns and OWASP Top 10
By: Sara Faradji
May 2, 2022

Hi Cybrary fans! April cyber kill chains bring May ransomware course campaigns. 🥷 We're kicking off a new month with cutting-edge courseware, labs, and podcasts designed to keep you informed and ready to defend your organization against critical cyberattacks! New Courses: Calling all blue teamers, red teamers, and everyone in between! Did you know that the financial industry saw a 1,318% increase in ...

Introducing Threat Actor Campaigns
By: Cybrary Staff
April 28, 2022

The statistics don’t lie. Cybersecurity attacks are on the rise. From ransomware to Denial-of-Service attacks, the stream of evolving threats is seemingly never-ending. Understanding the techniques adversaries use to execute their attacks is vital to developing an effective detection and mitigation strategy. In our ongoing efforts to arm cybersecurity practitioners with the skills they need to stay ahead, we are ...

A European perspective on the cybersecurity impact of Russia's invasion of Ukraine
By: Charles Owen-Jackson
April 28, 2022

Russia's illegal invasion of Ukraine highlights growing concerns across Europe and beyond, not just in terms of military conflict but also cyberwarfare. When Russia launched a full-scale invasion of its neighbor on February 24, 2022, it quickly became clear that Ukraine could end up on the front lines of a much greater threat waged against the entire western world. In response, ...

Monday Mix: Adversary Stealth Mode Deactivated
By: Sara Faradji
April 25, 2022

Hi Cybrary fans! During every lunch break this week, you can bring the food and we'll bring the bite-sized training content to fuel your potential to detect adversary techniques! New Courses: In our three new courses covering techniques aligned to the MITRE ATT&CK Framework, you’ll explore how adversaries can abuse valid processes like the Kerberos ticket-granting service to stealthily move through an environment ...

Why it's time for critical infrastructure companies to invest in cybersecurity training
By: Cybrary Staff
April 21, 2022

In the worrying era of cyberwarfare, critical infrastructure and supply chains have become favorite targets for state-sponsored threat actors. Along with military assets, critical infrastructure has always been a prime target in acts of war. These systems, which include power generation, healthcare services, and transport, are vital to the normal functioning of society. While such assets are obvious targets in conventional ...

What you should know about Dirty Pipe
By: Cybrary Staff
April 19, 2022

*On March 7, 2022, a security researcher named Max Kellermann publicly disclosed “Dirty Pipe,” a high-risk vulnerability in the Linux kernel that allows underprivileged users to leverage common processes to write readable files. “Dirty Pipe” weaponizes the piping communication mechanism in Linux, allowing adversaries to use it to gain write access and privilege escalation. Put simply, “Dirty Pipe” can give ...