From the Ground Up - Learning About Computer Security

This particular article opened my eyes to an entirely new part of the cybercriminal world that, while I'm not surprised it exists, was entirely new information to me.  Apparently, as far back as 2017 Microsoft has been keeping tabs on Abanoub Nady (also known as MRxC0DER) who has been selling do-it-yourself phishing kits and supplying continued support for them in a phishing-As-A-Service (PhaaS) subscription plan. It seems Abanoub Nady had also been illegitimately using the trademark "ONNX" too. The phishing kits were designed for large scale, coordinated attacks and where among the five most used phishing kits in the first half of 2024, per  Microsoft Digital Defense Report - article  ( Microsoft Digital Defense Report 2024 - direct link ).  I highly recommend reading more about the defense report at least, as a student I found it to be really insightful and interesting to skim through. I'd like to circle back when I have more time and give it a proper rea...

 The article I found for this week wasn't the typical type of article that I would write about. This one is about Congress pushing forward a proposal that, per the article, "would mandate an independent study of the readiness of America’s cyber forces" (see source at the bottom). I noticed while reading that this seemed to look at things from a more militaristic standpoint but I'm not sure if that is all that is really being discussed here. I would image other facets of the government, outside of the military would be a part of this investigation as it  should  pertain to the entire countries ability to defend itself. It also seems that the DoD might be opposed to this investigation too, which is pretty interesting. I'd be curious to look into this a bit further and maybe see where their objections truly lie. The article proposes that the DoD might be covering up their lack of preparedness by trying to deny the need for the investigation, but I truly hope that is ...

 Hello, This week I found an article that seemed pretty neat as I didn't know such pieces of software currently existed. This article was about a company called Symbolic Security that recently launched a SaaS platform to assist developers with making their code more secure. The software will integrate with the IDE that they are using and provide tips/advice while the code is being written.  It seems one of their major selling points is that such software currently exists but tends to do the checking while the code is being committed or added to the rest of the build. This plug-in is supposed to alleviate some of the pain of having to go back over older code to try and make it more secure after it was already considered "complete". Quite a cool tool in my humble opinion. I'd like to see it in action myself to see what kind of advice it offers. As a student such a thing sounds invaluable to me, but maybe the value of something like this tapers off as your developers lea...

 According to this article it seems that there is a large slowdown in the hiring efforts of many companies as it pertains to filling their cybersecurity teams. As someone who is currently a student for that very field and is looking at being in the job market in just a couple more years, this is certainly concerning. Stories of understaffing, low-moral, long hours, and potential burnout seem to be the reality of many professionals in the field at the moment as well. However, there might be a silver lining here. It likely comes as no surprise that the use of AI is being cited as one avenue to improving the lives of many security professionals. Per the article, 45% of teams were currently using AI in their tools already and here is what was cited as the primary use-cases: "Augmenting common operational tasks (56%) Speeding up report writing and incident reporting (49%) Simplifying threat intelligence (47%) Accelerating threat hunting (43%) Improving policy simulations (41%)" Ho...