The IT Nerd

Cybrary, the leading cybersecurity skills development platform, today announced the launch of Cybrary for Teams on Google Cloud Marketplace. This partnership allows cybersecurity teams to access critical skill development and training resources directly through Google Cloud.

Cybrary for Teams, a workforce development solution hosted on Google Cloud, empowers organizations to develop and retain skilled cybersecurity talent. With a content library covering a complete curriculum of in-depth topics and specialized skills, Cybrary’s centralized, affordable platform offers remarkable value compared to other training options. Now available in the Google Cloud Marketplace, customers can access a turnkey solution aimed at providing organizations with the necessary knowledge, skills, and abilities to defend against the threats they face every day. Through a combination of industry certification preparation programs and hands-on threat-informed simulation, aligned to leading frameworks such as NIST / NICE and MITRE ATT&CK, organizations can continuously train, map, and evaluate the skills and competencies of their team.

Cybrary is a global platform that supports over 3.5 million professionals in their cybersecurity skills development journey. Delivering this level of critical training requires fast, scalable virtualization solutions to keep learners up to date with content on the latest threats that builds hands-on, mission-ready skills, all while ensuring an operational platform uptime. Google Cloud’s technology helps make this a reality. You can learn more about Cybrary for Teams and view the marketplace listing here.

The Cybrary Threat Intelligence Group has just published findings on detecting Bluetooth stalking and actionable threats to IIoT and IoT-enabled assets in two new blog posts this morning:

To briefly summarize Cybrary’s work and findings:

• Bluetooth trackers relay their location and can use just about everything in their ecosystem to act as a bridge to the internet, and can put both personal safety and the integrity of IIoT-connected resources, such as those found throughout critical infrastructure, at high risk.
• Manufacturers’ Security Steps – Limits to Effectiveness: In December 2022, The Cybrary Threat Intelligence Group noted Apple’s updated effort to limit the use of AirTags in stalking, and undertook research to determine whether the device was still capable of misuse, and if so, what could be done to thwart such use. Manufacturers have taken steps to prevent misuse. Nonetheless:
  • Tile lets a Tile owner evade detection in exchange for personal data.
  • Newer iPhones disclose when an AirTag is near, but often not until several hours after detecting it – precious time during which a stalker could act.
  • Detecting cross-platform surveillance – such as if an iPhone user is surveilled with a Tile – is even more difficult.
• Cybrary Research Approach: To demonstrate manufacturers’ detection flaws and enable actual device detection, regardless of device type, the Cybrary Threat Intelligence Group used several approaches and wireless Pentesting tools, knowledge of RF protocols, and blackbox analysis skills to examine, duplicate, and port the findings to the Swiss army tool for RF HACKERS,  the Flipper Zero. The Flipper Zero is a small device that lets users interact with all manner of RF devices such as TV controllers and key fobs. Its antennas read a wide range of common signals, and it has an extensive and actively contributing user community.
• Method: Cybrary isolated the radio signals from each brand of tracking device, stored those signatures, and built an application that enables users to immediately detect any brand of Bluetooth tracker – including Tile, despite its offered option to hide the tracker from detection. 
• Implications: The implications of this are significant, both for thwarting stalkers and as IoT and especially IIoT are being installed across the oil and gas industry, regional water systems and other critical infrastructure. We determined that:
  • ​​​​​​​Cybrary R&D developed detection means to advance both personal privacy, safety and CI security; and
  • Importantly, we codified that aspects of planning attacks on IoT and RF devices can be almost identical in method to planning attacks on networks. Defensive training to protect IoT and IIoT environments and resources against intrusion is just as important as that to protect against intrusion of corporate networks, and even more critical for IoT and IIoT security against intrusion.
  • Moreover, in the short term, there may be debate on whether the availability of “tracker scans” in public gathering places has a role to play in the prevention of stalking and its catastrophic harms. Cybrary does not take a stance for or against this as it is outside of its scope of research.

Here are links to the blog posts:

Cybrary Counter-Stalking Initiative

Cybrary Threat Intelligence Group (CTIG) IoT Research

Cybrary today announced that cybersecurity researcher Marcus Hutchins has been appointed as the first Cybrary Fellow. Hutchins is renowned for stopping the global WannaCry ransomware attack.

As a Cybrary Fellow, Hutchins will collaborate with various teams and work cross-functionally to foster engagement with Cybrary’s community of over 3 million learners through spearheading training events and mentoring opportunities, advising on training content strategy, and co-creating new hands-on learning activities such as virtual labs and pathways.

Hutchins shares Cybrary’s passion for ensuring cybersecurity training is affordable and accessible, making his appointment a natural fit. In this role, he is well-positioned to impact Cybrary’s mission to equip cybersecurity professionals with the skills they need to get hired and effectively defend against threats.

The announcement follows Cybrary’s recent Cybrary Free Access launch offering more than 500 hours of material designed to help users break into the cybersecurity industry and advance toward their career goals. 

Cybrary is introducing Cybrary Free Access, 500+ hours of new, free premium content that provides individual users with the full essential skillset needed to launch a cyber career.

The move marks a sharp departure from the industry’s failing training options, and is designed to address the longstanding cybersecurity skills shortage. Through Cybrary Free Access, participants gain access to guided instruction on key foundational roles and concepts, certification preparation, and threat-based training, developing skills to defend against real adversaries.

Cybrary Free Access includes three categories of premium content with more than 500 hours of material to help users advance towards their career goals, including:

• IT Foundations and Cybersecurity Foundations Paths: a comprehensive, deep dive into the core concepts found across all cybersecurity roles and the IT ecosystem:
  • IT Foundations: hardware, systems architecture, operating systems, networking and context.
  • Cybersecurity Foundations: career paths, threats and adversaries, vulnerabilities and risks, cryptography, hacking systems, defending systems, security architecture, controls, scripting, etc.
• Certification Prep Courses: help for those who are not only looking to achieve recognized accreditations, but are also looking to understand the underlying concepts behind the certifications.
• Advanced Courses: experienced talent seeking to further advance their skills can access a sampling of interactive labs based on realistic attack scenarios.

Visit Cybrary’s blog post to learn more about their commitment to solving the cybersecurity skills shortage and how to sign up for the Cybrary Free Access offering.