News

Zabrina Mcintyre — Director and Cybersecurity Advisor at KPMG and Rain Culture Authority

No Password Required Podcast Episode 55 — Zabrina Mcintyre

Zabrina Mcintyre — Director and Cybersecurity Advisor at KPMG and Rain Culture Authority

Zabrina Mcintyre is a Director and Cybersecurity Advisor at KPMG, where she leverages her diverse expertise in cybersecurity, risk management, and strategic project leadership.

She brings a unique blend of creativity and expertise to her work by combining a Master of Arts (MA), Art Business, a specialized MBA program with international focus with extensive professional experience in the creative and cybersecurity industries. She has worked at three major animation studios, bringing a fresh perspective to her role in cybersecurity.

A passionate advocate for women in cybersecurity, Zabrina serves as a founding member and past president of the WiCyS Western Washington Affiliate. She continues to contribute to the industry as a board member of the National Women in Cybersecurity (WiCyS) BISO Affiliate. Additionally, she is known for her unique understanding of rain culture, shaped by her time living in the rainy cities of Seattle and London.

The show begins with Jack Clabby of Carlton Fields, P.A., joined by resident cybersecurity expert Kayley Melton, analyzing a new U.S army initiative to support small businesses in meeting cybersecurity requirements and ensuring a secure and resilient network of partners critical to national security.

Follow Zabrina Mcintyre on LinkedIn: Zabrina Mcintyre

2024-12-30T09:35:56-05:00December 30, 2024|
Read More

Cyber Traps and Mentorship: Maretta Morovitz on Engaging Adversaries

Cyber Traps and Mentorship: Maretta Morovitz on Engaging Adversaries

This episode of Do We Belong Here is part of an exciting episode swap with our friends at No Password Required, a podcast dedicated to proving that there’s a place for everyone in the world of cybersecurity.

In this special crossover, No Password Required hosts Jack Clabby and Kayley Melton sit down with Martha Morovitz, the Engage Lead at MITRE, where she simplifies the planning of adversary engagement for cyber defenders. Maretta likens her cyber defense work to the movie Home Alone, setting a series of traps for the cyber adversary akin to those of Kevin McCallister.

Maretta began her career at MITRE with an internship, where she met her mentor, Dr. Stan Barr, the MITRE Engage chief scientist: “He was always there to pull me out if I was floundering and drowning, but he gave me the space I needed to make mistakes, learn from them, and figure out how to not make them again.”

Despite having a computer scientist father, Maretta discovered her passion for the industry only in college. After observing a friend who was a computer science major, she found that maybe her dad (and computer science) were cooler than she had initially thought. Maretta also shares on the podcast the importance of her Boston roots and her unique connection to John and Abigail Adams.

To kick off the show, Jack Clabby from Carlton Fields, P.A., and Kayley Melton from KnowBe4 discuss Kenya’s efforts to improve national cybersecurity to protect its fast-growing digital economy. They also cover how the United States and the private sector are contributing to the Kenyan model for digital transformation in Africa, particularly through a dynamic digital ecosystem known as the ‘Silicon Savannah.’

Find Maretta on LinkedIn: https://www.linkedin.com/in/mjmorovitz/

2024-12-17T11:03:04-05:00December 26, 2024|
Read More

Growth, Gratitude, and Goals: A Do We Belong Here Holiday Special

Growth, Gratitude, and Goals: A Do We Belong Here Holiday Special

Happy Holidays from the Do We Belong Here family! 💛 As we close out 2024, we’re taking a moment to pause, reflect, and connect on a deeper level. In this bonus episode, Tashya, Pam, and Sarina open up about the personal and professional growth they’ve experienced this year, sharing lessons learned, challenges faced, and reasons to be grateful. To our incredible listeners: thank you for being part of this journey. Your support means everything, and we can’t wait to return in 2025 with more stories, insights, and proof that we do belong here in the cyber world.

Stream the Do We Belong Here documentary: https://www.youtube.com/watch?v=aWZhknfuVlQ&t=757s

2024-12-17T11:02:25-05:00December 20, 2024|
Read More

Teacher Spotlight: Lorraine Grice

Lorraine Grice

Teacher: Lorraine Grice

School: Orange County Technical College

County: Orange

Meet Lorraine Grice, one of the exceptional teachers at Orange County Technical College! With over 35 years of dedicated service in Orange County Public Schools, Lorraine continues to defy burnout by embracing the ever-changing world of Information Technology with enthusiasm and curiosity.

Her journey began with the familiar clatter of a Royal Manual Typewriter, evolving into a dynamic career teaching Enterprise Desktop and Mobile Support Technology to high school students. Lorraine’s passion for technology and education is truly inspiring. She thrives on the challenge of equipping students with the critical cyber knowledge they need for the future.

Join us in celebrating Lorraine’s remarkable contributions and her unwavering commitment to lifelong learning and student success!

Would you like to be featured in our Teacher Spotlight? To nominate yourself or another deserving teacher, complete the interest form below!

2024-12-20T09:48:35-05:00December 20, 2024|
Read More

Ernie Ferraresso Appointed to FL Cybersecurity Advisory Council

Cyber Florida Director Ernie Ferraresso

December 9, 2024—Tampa, Fla—Cyber Florida at USF is proud to announce Governor Ron DeSantis’ appointment of Director Ernie Ferraresso to the Florida Cybersecurity Advisory Council. This appointment highlights the state’s unwavering commitment to enhancing cyber defense and safeguarding critical infrastructure.

Ferraresso, a distinguished veteran of the United States Marine Corps, brings a wealth of experience and leadership to the council. As Cyber Florida’s director, he spearheads efforts to advance the state’s cybersecurity initiatives through education, outreach, research, and workforce development. Ferraresso also serves as a Senior Fellow at Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, contributing to national strategies for securing vital systems against cyber threats.

“I am honored to join the Florida Cybersecurity Advisory Council and support the state’s mission to strengthen its defenses against evolving cyber threats,” said Ferraresso. “Cyber Florida’s commitment to collaboration and innovation aligns seamlessly with the council’s goals, and I look forward to contributing to a safer and more secure Florida.”

Ferraresso earned his bachelor’s degree from Barry University and has dedicated his career to addressing the challenges of cybersecurity and critical infrastructure protection. His expertise will help guide the council in shaping policies and strategies to bolster Florida’s cyber resilience.

The Florida Cybersecurity Advisory Council plays a pivotal role in providing guidance to protect the state’s critical systems and infrastructure, ensuring Florida remains at the forefront of cybersecurity preparedness.

Ferraresso is available for interviews through December 18, 2024. Please make arrangements through Cyber Outreach Manager Jennifer Kleman at [email protected]. For more information about Cyber Florida and its mission to advance cybersecurity in the state, visit https://cyberflorida.org/.

ABOUT CYBER FLORIDA AT USF

The Florida Center for Cybersecurity at the University of South Florida, commonly referred to as Cyber Florida at USF, was established by the Florida Legislature in 2014. Its mission is to position Florida as a national leader in cybersecurity through comprehensive education, cutting-edge research, and extensive outreach. Cyber Florida leads various initiatives to inspire and educate both current and future cybersecurity professionals, advance applied research, and enhance cybersecurity awareness and safety of individuals and organizations.

2024-12-10T09:28:11-05:00December 10, 2024|
Read More

No Password Required Podcast Episode 54 — Dr. Sunny Wear

No Password Required Podcast Episode 54 — Dr. Sunny Wear

Dr. Sunny Wear — Application pen tester, author, and bug bounty enthusiast

Dr. Sunny Wear began her career as a developer, spending countless hours maintaining others’ code—a humbling experience, as she describes it. Realizing she wanted a different path, a friend suggested exploring cybersecurity at just the right time. Together, they tackled the CISSP exam, which Dr. Sunny passed, igniting her passion for application penetration testing.

Now an accomplished author and proud bird mom, Dr. Sunny discusses her Burp Suite Cookbook, a practical guide to identifying, testing, and exploiting vulnerabilities in web applications and APIs.

The show begins with Jack Clabby of Carlton Fields, P.A., joined by resident cybersecurity expert Kayley Melton, analyzing the Star Health Insurance (India) data breach, where the company’s CISO has been accused of selling sensitive data for $43,000.

.

Follow Dr. Sunny on LinkedIn: Dr. Sunny

Follow Dr. Sunny on Twitter: Dr. Sunny

Learn more about Sunshine Solutions: Sunshine Solutions

2024-12-10T08:01:28-05:00December 10, 2024|
Read More

LandUpdate808

I. Targeted Entities

  • Internet users

II. Introduction

LandUpdate808 is a malicious downloader that distributes malicious payloads disguised as fake browser updates. The downloader is usually hosted on malicious or compromised websites. LandUpdate808 was identified by the Center for Internet Security as a top ten observed malware in quarter three of 2024, landing as the second most prominent identified malware.

III. Additional Background Information

LandUpdate808 redirects website visitors to first download the loader for the fake update content. The redirect also adds a cookie to the targeted user which has been observed with the naming conventions “isDone” or “isVisited11”. The cookie’s value is set to true after the operation is successful. The cookie has an expiration date of four days and will cause the malware to skip over the previous steps if the cookie is detected. The fake update page is disguised as an out-of-date Chrome notification with a blue download button labeled “Update Chrome”. When clicked, the button will link to an “update.php” file. The payload has been observed as a JS, EXE, and MSIX file that changes file type frequently. Recent reporting has identified multiple domains being tied to the same IP address, a potential indicator that the LandUpdate808 operation is expanding operations.

IV. MITRE ATT&CK

  • T1592 – Gather Victim Host Information
    • Using the function getOS located in the request for the page loader, LandUpdate808 gathers basic host information such as IP address and operating system.
  • T1584 – Compromise Infrastructure
    • LandUpdate808 uses compromised domains as part of the malware’s delivery chain.
  • T1608 – Stage Capabilities
    • LandUpdate808 stages web resources that act as link targets in the delivery chain.
  • T1204 – User Execution
    • LandUpdate808 relies on the user to click on the fake Chrome update to download and execute the desired payload onto the system.

V. Recommendations

We recommend monitoring your network for the following indicators of compromise to identify if users have been potentially compromised by LandUpdate808 and the related payloads.

VI. IOCs (Indicators of Compromise)

Type Indicator
Domains – Malicious Payloads

netzwerkreklame[.]de
Domains – Malicious Payloads

digimind[.]nl
Domains – Malicious Payloads

monlamdesigns[.]com
Domains – Malicious Payloads sustaincharlotte[.]org
Domains – Malicious Payloads chicklitplus[.]com
Domains – Malicious Payloads espumadesign[.]com
Domains – Malicious Payloads owloween[.]com
Domains – Malicious Payloads Wildwoodpress[.]org
Domains – Malicious Payloads napcis[.]org
Domains – Malicious Payloads sunkissedindecember[.]com
Domains – Malicious Payloads rm-arquisign[.]com
Domains – Fake Update Page Code kongtuke[.]com
Domains – Fake Update Page Code uhsee[.]com
Domains – Fake Update Page Code  zoomzle[.]com
Domains – Fake Update Page Code elamoto[.]com
Domains – Fake Update Page Code ashleypuerner[.]com
Domains – Fake Update Page Code edveha[.]com
Domains – Initiated Requests for Content razzball[.]com
Domains – Initiated Requests for Content monitor[.]icef[.]com
Domains – Initiated Requests for Content careers-advice-online[.]com
Domains – Initiated Requests for Content ecowas[.]int
Domains – Initiated Requests for Content sixpoint[.]com
Domains – Initiated Requests for Content eco-bio-systems[.]de
Domains – Initiated Requests for Content evolverangesolutions[.]com
Domains – Initiated Requests for Content natlife[.]de
Domains – Initiated Requests for Content sunkissedindecember[.]com
Domains – Initiated Requests for Content fajardo[.]inter[.]edu
Domains – Initiated Requests for Content fup[.]edu[.]co
Domains – Initiated Requests for Content lauren-nelson[.]com
Domains – Initiated Requests for Content netzwerkreklame[.]de
Domains – Initiated Requests for Content digimind[.]nl
Domains – Initiated Requests for Content itslife[.]in
Domains – Initiated Requests for Content ecohortum[.]com
Domains – Initiated Requests for Content thecreativemom[.]com
Domains – Initiated Requests for Content backalleybikerepair[.]com
Domains – Initiated Requests for Content mocanyc[.]org

VII. References

Samala, A. (2024b, October 15). New Behavior for LandUpdate808 Observed. Malasada Tech. https://malasada.tech/new-behavior-for-landupdate808-observed/

Samala, A. (2024a, July 2). The LandUpdate808 Fake Update Variant. Malasada Tech. https://malasada.tech/the-landupdate808-fake-update-variant/

Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analysts: Benjamin Price

2024-12-03T13:25:35-05:00December 3, 2024|
Read More

CONTACT US

Cyber Florida at USF
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620

Office meetings by appointment only

PRIVACY POLICY

Copyright 2024 The Florida Center for Cybersecurity at the University of South Florida. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.