Volume 6: July 19th-July 25th, 2023
Haiku, Inc
We create "serious games" that train learners in hands-on cybersecurity skills and connect them to jobs.
This is the weekly newsletter that keeps you up to speed on everything HAIKU and shares important updates and information from the cybersecurity industry.
As always, if you have any questions about Haiku, sales, launches, or anything mentioned here in this article, please don't hesitate to reach out to us HERE.
Let's jump in!
Sneak Peak: New Haiku Pro range comes out this week
GDB (GNU Debugger) is a powerful tool used for debugging and analyzing software programs. It allows developers and cybersecurity professionals to step through code, inspect variables, track memory issues, and diagnose software crashes, helping to identify and fix bugs in applications. This new range will allow you to use GDB to analyze and exploit a buffer overflow vulnerability.
Follow us on LinkedIn, Facebook, Instagram, Twitter, Pinterest, and Discord to hear when this new range goes LIVE!
Haiku for Homeschoolers
Are you a homeschool parent who’s looking for a unique tool to help your 8th-12th graders learn cybersecurity in a marketable way? You’re in luck!?
Now more than ever before, it’s crucial to teach your kids hands-on cybersecurity skills. There are currently more than 700,000 open cybersecurity positions in America and the median salary is more than $102,000. What better way to get their foot in the door than starting their cybersecurity education NOW?
BONUS: You can also get a high school math or science course while playing Haiku!
Want to learn more about our homeschooling curriculum? Click here to get started!
Washington State University warns students of third-party data breach
According to a release from the university, officials got a notification from a third-party service provider that “personally identifiable information” from current and incoming students and staff may have been exposed in a data breach. The university said the breach could have been caused by an ongoing cybersecurity incident related to MOVEit Transfer, a popular file sharing program.
Cybersecurity Inspiration: Jennifer Addie
Jennifer Addie, COO and CWO from VentureScope and MACH37 Cyber Accelerator sits down to share her incredible story, bringing creativity into the cyber community. Growing up, Jennifer always loved the human side of things, and learning that she had a knack for computers helped her to realize what type of field she wanted to pursue as an adult.?
领英推荐
US Federal government issues voluntary security guidelines
The White House has announced a cybersecurity labeling program for smart devices: “Under the proposed new program, consumers would see a newly created ‘U.S. Cyber Trust Mark’ in the form of a distinct shield logo applied to products meeting established cybersecurity criteria. The goal of the program is to provide tools for consumers to make informed decisions about the relative security of products they choose to bring into their homes.” Manufacturers and retailers that have committed to the voluntary program include Amazon, Best Buy, Google, LG Electronics U.S.A., Logitech, and Samsung Electronics.
According to the Associated Press, the program will be overseen by the Federal Communications Commission (FCC).
Hacker Infected & Foiled by Own Infostealer
Malicious actor "La_Citrix" built a reputation on gaining access to organizations' Citrix remote desktop protocol (RDP) VPN servers and selling them off to the highest bidder on Russian-language Dark Web forums.
The threat actor was using an infostealer to rip off credentials in campaigns dating back to 2020 — until La_Citrix accidentally infected his own computer with the malware and sold off his own data, along with a cache of other stolen data, to threat researchers with Hudson Rock who were lurking on the Dark Web to gather threat intelligence.
How AI-Augmented Threat Intelligence Solves Security Shortfalls
Security-operations and threat-intelligence teams are chronically short-staffed, overwhelmed with data, and dealing with competing demands — all issues which large-language-model (LLM) systems can help remedy. But a lack of experience with the systems is holding back many companies from adopting the technology.
Organizations that implement LLMs will be able to better synthesize intelligence from raw data and deepen their threat-intelligence capabilities, but such programs need support from security leadership to be focused correctly. Teams should implement LLMs for solvable problems, and before they can do that, they need to evaluate the utility of LLMs in an organization's environment, says John Miller, head of Mandiant's intelligence analysis group.
"What we're aiming for is helping organizations navigate the uncertainty, because there aren't a lot of either success stories or failure stories yet," Miller says. "There aren't really answers yet that are based on routinely available experience, and we want to provide a framework for thinking about how to best look forward to those types of questions about the impact."
In a presentation at Black Hat USA in early August, entitled "What Does an LLM-Powered Threat Intelligence Program Look Like?," Miller and Ron Graf, a data scientist on the intelligence-analytics team at Mandiant's Google Cloud, will demonstrate the areas where LLMs can augment security workers to speed up and deepen cybersecurity analysis.