Our Engineers’ Go-To Cybersecurity Learning Resources
As the JSCM Group team gets ready for Nationwide Read 25 Day, we’re all sharing our favorite resources for learning more about cybersecurity, staying ahead of threats, and expanding our knowledge base. Below you’ll find a list of the JSCM engineers’ favorite sources. We’d love to hear from you about your go-to learning sources, as well. Drop us a message and let us know!
Websites
Krebs on Security
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known.
The Hacker News
The Hidden Cost of Treating Compliance as an Afterthought
Compliance is often treated as a paper exercise, something to tolerate, check off and forget. But in a threat landscape shaped by ransomware-as-a-service, AI-augmented phishing campaigns, and supply chain breaches, delaying compliance doesn't just create business and operational friction. It creates risk.
Bleeping Computer
Hackers switch to targeting U.S. insurance companies
Threat intelligence researchers are warning of hackers breaching multiple U.S. companies in the insurance industry using all the tactics observed with Scattered Spider activity.
Cyberscoop
The hackers targeting prominent researcher and Russian military expert Keir Giles were different this time.
The attackers, suspected to be working on behalf of the Russian government, had ginned up the May solicitation email for a consultation with a state.gov address, one that didn’t get a bounceback message when Giles replied. They spoke convincing English, and delivered their message during East Coast business hours. He said they created a realistic domain name to direct him to, rather than using a random string of text. They weren’t in a hurry, pressuring him to respond the way hackers usually do.
Dark Reading
'Echo Chamber' Attack Blows Past AI Guardrails
A new proof-of-concept (PoC) cyberattack uses subtle language over multiple prompts to manipulate major large language models (LLMs) into generating inappropriate content.
Newsletters
Some of us also prefer to sign up for newsletters so that the knowledge gets delivered directly to our inboxes, reminding us to take some time to catch up on industry news. Here are some of the newsletters our team trusts.
Risky Business Newsletter: https://risky.biz/newsletters/ (They make great podcasts, too! Who says you can’t catch up on critical cyber news and take a walk at the same time?)
The Cybersecurity Hub Newsletter: https://www.linkedin.com/newsletters/cyber-security-hub-newsletter-7169505470506872833/
Threatpost Newsletter: https://threatpost.com/newsletter-sign/
YouTube
And if you’d prefer to do your continuous learning through video, we’ve got you covered there, too. Here are a handful of the JSCM Group engineers’ favorite cybersecurity YouTubers:
IT Security Labs
https://www.youtube.com/@ITSecurityLabs
Network Chuck
https://www.youtube.com/@networkchuck
Dave Bombal
https://www.youtube.com/@davidbombal
Whatever you choose to read (even if it’s a novel - we like those, too!), we hope you’ll join us to celebrate Nationwide Read 25 Day tomorrow on Wednesday, June 25!