This week, I visited Las Vegas to explore some of what the industry refers to as “summer camp.” I dipped my toe in cryptographic waters and even picked a few locks—things I’ve been curious about for nearly a decade but never had the courage to try.
I certainly didn’t move mountains, but I am proud of myself for stepping outside of my comfort zone and trying something new. It was exactly this “I’ll give it a whirl,” attitude that essentially changed the trajectory of Rachel Tobac’s life. In an opening keynote at SquadCon 2024, Tobac, who is CEO of SocialProof Security, explained that even though she had no hacking experience, she decided to enter a social engineering capture the flag (CTF) at DefCon several years ago while attending the event with her husband. The rest, as they say, is history.
Thankfully, Tobac uses her social engineering skills to advance security awareness and training and help organizations defend against malicious actors who are eager to take advantage of unsuspecting victims with phishing campaigns. One annoying campaign that’s been underway for months on end is scammers claiming to be a package delivery service.
I’ve neared the end of my rope with receiving these text messages, which is why I appreciated a story in Wired this week highlighting Grant Smith, Founder, Phantom Security, who reportedly, “tracked down the Chinese-language group behind the mass-smishing campaign, hacked into their systems, collected evidence of their activities, and started a months-long process of gathering victim data and handing it to USPS investigators and a US bank, allowing people’s cards to be protected from fraudulent activity.”
As I head back home, I’m reminded of the sheer awesomeness of the cybersecurity community. I’m grateful to experts like Tobac and Smith who work to make the world more secure (so that hopefully I can stop receiving this phishing texts), and I’m incredibly grateful to the folks at Red Team Alliance who kindly sat with me for the better part of an hour helping me with my initial foray into lock picking. Dear readers, I encourage you to step outside of your comfort zone and try something you’ve always been curious about. Turns out, it can be pretty darn fun.
To learn more about security awareness and training, explore the array of content available in the RSAC Library.
Now let’s take a look at what else made industry headlines this week.
Aug. 9: DeepMind has trained a robotic arm to play table tennis, and the robot won 13 out 29 matches against human opponents.
Aug. 8: The North Korea threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors.
Aug. 8: Researchers discovered a sophisticated phishing campaign that exploits users on well-known websites like WhatsApp and Google Drawings.
Aug. 7: An analysis conducted by Censys shows that there are more than 40,000 Internet-exposed industrial control systems in the US.
Aug. 7: An Albuquerque woman pleaded guilty to a series of crimes including cyberstalking, computer intrusion, and false reporting.
Aug. 6: The National Football League (NFL) will now be using a facial recognition software vendor, Wicket, to verify the identity of staff, media, and fans.
Aug. 6: Dark Reading reported, “A security vulnerability in Rockwell Automation’s ControlLogix 1756 programmable logic controllers, could allow tampering with physical processes at plants.”
Aug. 5: Personal information of millions of Illinois voters was exposed online due to the US Technology contractor's unsecured databases.
Aug. 5: Electronic manufacturing services provider, Keytronic, has suffered a financial loss of over $17 million due to a ransomware attack in May.