MacOS Malware, Safe Web Browsing, Meet Matt Sprengel, and Cyber Opportunities

Topics Covered

  • Guest Speaker: Matthew Sprengel, DevOps Engineer at PwC & Lecturer, Cal Poly Pomona
  • Cyber Bytes: macOS malware
  • Technology Corner: Safe Web Browsing
  • Cyber Opportunities: Safer Internet Day, National Cyber League, Scholarship for Service Scholarships

Available: February 18, 2022

About this Show

Guest Speaker:

Matthew Sprengel

Meet Matthew, he is currently a DevOps Engineer at PwC and a lecturer at Cal Poly Pomona. He has participated in CyberPatriot for nearly 12 years, whether on a team or as a mentor. Learn about his experience in the field and how to break into it as a student!

Matthew Sprengel

SIM Hijacking Campaign by “The Community”

What Happened?

On January 25th, a new macOS malware was discovered that made computers vulnerable to hackers. This was accomplished by sneakily hiding the code for that malware inside a website commonly visited by pro-democratic individuals in Hong Kong. When the individuals would go on to that website, the code would automatically be downloaded onto the computer and run, giving the hacker full access to the computer at the end.

Response

There has been no response yet, and no specific group or person has been discovered to have created this virus.

Relevant Terms

  • Watering hole attack: A type of attack where hackers will fill a site with a virus that is most likely to be visited by their intended victim
  • Inline frame/<iframe>: An HTML element where you embed an HTML page into a current one
  • Webkit: Browser engine that Safari uses
  • Remote code execution: Hacker can use commands on someone else’s computer
  • Local privilege escalation: When one user gains the rights of the host user, so now the attacker has full access to all of the computer
  • Kernel: Part of the operating system; manages the memory and CPU time of a computer.

Safe Web Browsing

Technology Corner – Safe Web Browsing

Safe web browsing is essential to keeping you safe online!

General Safe Web Browsing Tips:

  • Update Your Web Browser to enhance the security features of the browser and get the best version of your web browser. Updating your web browser can protect you from cyber threats.
  • Block pop-ups and ads. Pop-ups open new browser windows to push ads. Most are just annoying, but some can contain links to phishing scams or downloading malware. Pop-ups and ads can be blocked by adjusting your settings of your web browser.
  • Be aware of cookies. Cookies are bits of information left on your device by websites you have visited, which let them ‘remember’ things about you. Cookies save preferences for particular websites, which can be helpful for online shopping or frequently visited sites. They are unlikely to be dangerous, but websites using cookies can gather a lot of information about you.

Cyber Opportunities

Safer Internet Day

Do you know how to protect your phone or your laptop? Have you ever been scared of being hacked? Have you wondered how companies know that you wanted a new sweater? Well don’t fret, all these questions can be answered on Safer Internet Day! You may ask what is Safer Internet Day? Safer Internet Day is on February 9th hosted by the National Cryptologic Foundation!

Special guests will join Mark S Loepker, National Cryptologic Museum Foundation, for a panel discussion on the problems of living and working on the internet in commemoration of learning how to operate securely on the internet. There will be plenty of time for questions and answers, so come ready to participate. To participate in the live session or see the recording, you’ll need a free Nepris account. The live session will be held on February 9th, with additional details regarding the time to be announced on their website: https://cryptologicfoundation.org/support-us/event_calendar.html/event/2021/02/09/ncmf-cyberchat-safer-internet-day-/323907

If you cannot make the live session, don’t worry as there will be a recording. https://ccei.nepris.com/app/industry-chats/81768

National Cyber League

For this month’s cyber opportunity, NCL, or the National Cyber League, is officially starting its spring competition season! NCL is essentially a platform for cybersecurity evaluation and education. Every fall and spring, they host competitions for high school students to test out their cyber skills. Examples of exercises or topics covered include but are not limited to cryptography, forensic questions, enumeration and exploitation, scanning, open-source intelligence, and network traffic analysis. Here’s the link to register: https://cyberskyline.com/events/ncl/welcome

Scholarship for Service (SFS) 

Last but not least, we have a Service Scholarship! Scholarship For Service (SFS) is a one-of-a-kind program that aims to recruit and train the next generation of information technology professionals the government meets their cybersecurity missions. This program offers scholarships for cybersecurity undergraduate and graduate students for up to three years. The scholarships are made possible thanks to funds from the National Science Foundation. In exchange for their scholarships, students must commit to working for the US government after graduation in a cybersecurity-related role for a time equivalent to the scholarship length. A scholarship may be granted for a period of up to three years. Each of the universities involved has its own application and selection process. If you want to apply for the scholarship, you can contact them directly to find out about the application and selection process. Check out more information at https://www.sfs.opm.gov/ContactsPI.aspx