#NSBCS.041 - Navigating the Cybersecurity Field as a Junior Analyst: A Journey of Growth and Discovery
Source: NSB Cyber
Navigating the Cybersecurity Field as a Junior Analyst: A Journey of Growth and Discovery
Entering the cybersecurity field as a junior analyst is both exciting and challenging. One of the most rewarding aspects of this journey is the constant opportunity to learn and upskill. Cybersecurity is a rapidly evolving field, with new threats, technologies, and solutions emerging daily. To stay ahead, it's crucial to be eager to learn every day, whether that means diving into the latest research, experimenting with new tools, or understanding the nuances of a recent cyber attack. This constant state of learning can feel overwhelming at times, but also incredibly fulfilling.
A crucial part of progressing in this field is becoming comfortable in uncomfortable situations. As a cyber junior analyst, you'll often find yourself in unfamiliar territory, faced with problems that seem daunting. But it's in these moments of discomfort that the most growth occurs. Embrace these challenges as opportunities to expand your understanding and skills. Push yourself to take on tasks that stretch your capabilities, ask questions, seek mentorship, and accept that mistakes are part of the process. Remember, every cybersecurity professional was once in your shoes, and the discomfort you feel now is a sign that you're pushing beyond your current limits and growing into a more capable analyst.
Team culture also plays a vital role in your development. In cybersecurity, collaboration is key. Your colleagues are valuable resources, each with unique experiences and insights. Embrace the team's culture and be open to every piece of advice or feedback you receive. Don’t hesitate to ask questions and share your thoughts, even if they seem basic or uncertain. Learning from others, observing different approaches, and understanding various perspectives can significantly enhance your growth.
Finally, take a moment to reflect on the incredible journey you're embarking on. Cybersecurity is more than just a job; it’s a mission to protect and secure the digital world, which is becoming more integral to our lives every day. Be proud of the efforts you've made so far, and take joy in knowing you're building a career in a field that is both futuristic and incredibly impactful. Celebrate your progress, no matter how small it may seem, and stay motivated by the exciting path ahead. You're contributing to a field that is shaping the future, ensuring the digital safety of individuals and organisations from taking #NoStepsBackward!
What we read this week
BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave - The threat actors associated with the BlackByte ransomware group have been seen likely exploiting a recently patched security vulnerability affecting VMware ESXi hypervisors and using several vulnerable drivers to disable security defences. The group appears to be taking advantage of CVE-2024-37085, an authentication bypass vulnerability in VMware ESXi that other ransomware groups have also weaponised. By exploiting this vulnerability, cybercriminals are able to use privilege escalation and take control of virtual machines, alter the host server's settings, and gain unauthorised access to system logs, diagnostic data, and performance monitoring tools.
New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access - Eight vulnerabilities have been discovered in Microsoft applications for macOS that could allow an attacker to gain elevated privileges or access sensitive data by bypassing the operating system's permissions model, which relies on the Transparency, Consent, and Control (TCC) framework. The TCC framework, created by Apple, manages access to sensitive user data on macOS, providing users with greater visibility into how their data is accessed and utilised by various applications installed on their device. According to intelligence group Cisco Talos, if these vulnerabilities are exploited, the attacker could inherit any privileges already granted to the compromised Microsoft applications. This could enable the attacker to perform actions such as sending emails from the user's account, recording audio, capturing photos, or recording videos, all without the user's awareness or interaction.
Qilin Ransomware Stealing Credentials from Chrome Browsers - Qilin ransomware now includes a new technique that steals account credentials stored in Google Chrome browsers. Security researchers from Sophos researchers have been analysing the attack, identifying that Qilin gained access to a network by using compromised credentials for a VPN portal that did not have multi-factor authentication (MFA) enabled. The ransomware group uses modified Group Policy Objects (GPOs) to run scripts that collect Chrome credentials across all machines in a domain. The script, run by a batch file ('logon.bat') that was apart of the GPO, is created to gather credentials stored in a users’ Google Chrome browser.
Australians Losing Money to Crypto Scams - According to data from the ACSC Australians lost a total of $382 million AUD to investment scams in the 2023-24 financial year, with 47% of those losses involving cryptocurrency. The Australian Federal Police (AFP) are warning that scammers are utilising deepfake technology and pig butchering to deceive victims into making poor investment choices. The AFP have also reported that victims are now more likely to be under the age of 50, with 60% of scam reports received from people in this age group.
New Voldemort Malware Abuses Google Sheets to Store Stolen Data - A new malware campaign is spreading a previously undocumented backdoor identified as ‘Voldemort’. Voldemort is a backdoor developed that can execute a wide array of commands and manage files, including exfiltrating data, deploying new payloads, and deleting files. According to a recent report from Proofpoint, the attackers are tailoring phishing emails to align with the geographical location of the targeted organisation, using publicly available information. When recipients click on the link within the phishing email, they are directed to a landing page hosted on InfinityFree, which leverages Google AMP Cache URLs to further redirect them to a page featuring a "Click to view document" button.
References
https://thehackernews.com/2024/08/blackbyte-ransomware-exploits-vmware.html
https://thehackernews.com/2024/09/new-flaws-in-microsoft-macos-apps-could.html
https://www.bleepingcomputer.com/news/security/qilin-ransomware-now-steals-credentials-from-chrome-browsers/
https://www.msn.com/en-us/money/markets/australians-lost-122m-worth-of-crypto-to-scams-in-12-months-police/ar-AA1pz3CE
https://www.bleepingcomputer.com/news/security/new-voldemort-malware-abuses-google-sheets-to-store-stolen-data/