Overall, this document is really about defining and meeting training requirements, rather than managing human risk.
Overall, this document is really about defining and meeting training requirements, rather than managing human risk.
In March 2022, the now defunct Columbian airline Viva Air suffered a data breach and subsequent ransomware attack. Among a trove of other ransomed data, the incident exposed a log of 2.6M transactions with 932k unique email addresses, physical and IP addresses, names, phone numbers and partial credit card data (last 4 digits).
In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and physical addresses.
With the significant amount of new content and labs in this release, it’s by far our most major update since the release of the 6-day version of the course last year. We will continue to have regular updates to the course to ensure our students can leave the class feeling prepared to implement the knowledge and skills learned in the real-world. You can find a flyer covering many of the latest updates here.
This blog post discussed techniques implemented across the kill chain, from initial access to lateral movement to impact. One of the goals of FOR509 is to teach responders how to look into all these different aspects of cloud attacks, including investigating IAM logs, analyzing service-specific actions being taken, and understanding resource-level activity in logs.
We are excited to announce a significant update to the SANS FOR508 Advanced Incident Response, Threat Hunting and Digital Forensics class. It represents a major upgrade to the courseware with a complete replacement of every hands-on exercise in the course.
In August 2023, CERT Poland observed a phishing campaign that collected credentials from 68k victims. The campaign collected email addresses and passwords via a phishing email masquerading as a purchase order confirmation. CERT Poland identified a further 202 other phishing campaigns operating on the same C2 server, which has now been dismantled.
In January 2020, the online clothing retailer Pampling suffered a data breach that exposed 383k unique customer email addresses. The data was later shared on a popular hacking forum and also included usernames and unsalted MD5 password hashes. Pampling did not respond to multiple attempts to disclose the breach.
In August 2023, PlayCyberGames which “allows users to play any games with LAN function or games using IP address” suffered a data breach which exposed 3.7M customer records. The data included email addresses, usernames and MD5 password hashes with a constant value in the “salt” field. PlayCyberGames did not respond to multiple attempts to disclose the breach.
A blog about product security testing