Recent Discussions
Welcome, new members!
Last week we were joined by fammyid vsm28 Bilal3796 AzMM admiral ayodeji MohammedAlareimi BexBug arelir MegMarCyberTrust Ayo JCD13 TLamb arthurk JM1 rachelmerendino Taibat nelsonvelez tk7720 NotAStar Monica It's great to have you here! To get things off the ground check out our Get Started page, introduce yourself to the community and when you're ready, explore! And of course, if you're seeking support with the Immersive product, head to our Help forum to tap into the collective expertise of this community ✨Welcome, new members!
Happy Friday and welcome to our newest members around here 👋 GrahamR TT2 coltonmike1 ChrisHotchin AlexAugot Dord Namitch schdry Olane123 Uptick AlasdairD Sidra ralyn1234 martelp impractialJoker Stark mattbrownsett temsi Martin_Rutherford kevin1 It's great to have you in the community! To get things off the ground check out our Get Started page, introduce yourself to the community and when you're ready, explore! We have some fantastic events coming up over the next few weeks, so make sure to take a look.Welcome new members!
Hello and welcome to our newest members: S1m0n07 JemimaOluok cbathula ILABS-RECRUIT Abed CacheMeIfYouCan Kratos pschmidt d0nk33 Tempest mydmimmo deviceix kungfuhud sacnit ramamr33 James continent9872 l_marin DpseHope L0maD MilesEvans mrgash remusS seandmr xwuzex tkmh coltonmike JMATE Jsoaps ShonePious PrakharC TT nickw101 crfilimon coatezy Nathan To get things off the ground check out our Get Started page, introduce yourself to the community and when you're ready, explore! We have some fantastic events coming up over the next few weeks, so make sure to take a look.Celebrating Women in Cyber
As we approach International Women’s Day tomorrow, I want to take a moment to reflect on how proud we are to have so many women in cyber from around the globe in our community. I’d love to tap into the collective power of the women in this community and ask what advice would you give to your younger self, or other women looking to pursue a career in cybersecurity, perhaps one of our Cyber Million applicants? What has helped you to succeed, and what's the greatest strength in your toolkit?Welcome to this week's new members!
Hello and welcome to our newest members: Alex_G Trishant sluong997 SauceController David ashish JDB_User David_Figs MorningStar enj2008 mimran BigChungus nemmychanuk CyberBlueDefender HenryGilson22 daviddumas kkapoor spYder phileas Yuans Nehamisra BlackWidow RanjithaAnand data_deletion_service HariZM JacoZA RFS mmmcshane ParinJobanputra mo2942 JoelG HKeleher ilytrevino NitinRangannavar aditya Ravi hnalali mtuxft zaneza mishaplc danielbarboni nite_stocker passu123 Johnli millzy696 JWTDImmersed KQsf S12 Garci_ steinlechner muddin eliza Delboy John johndimario 👋 We love having you here! To get things off the ground check out our Get Started page, and introduce yourself to the community, and when you're ready, you can dip the collective knowledge of the community in the Support Forum or Blog areas.🏁 Episode 4 of Season 1 of The Human Connection Challenge is Closed! 🏁
We hope that you all enjoyed the 4th lab of The Human Connection Challenge: Season 1! Despite a record number of attempts, only 20 people completed this months lab, and judging by some of the comments, it was a tough one! StefanApostol has written this month's walkthrough guide so that you can see how he intended for you to complete the lab: The Human Connection Challenge Lab 4: Linux As always, the winners will be announced in our monthly newsletter which will be available at the beginning of March. 🔔 Don’t miss out – the next lab will go live on Monday, March 3rd. Make sure you're following the CHALLENGES Tag to get notified as soon as it’s released. Let us know how you got on in the comments - maybe you’ll inspire someone else with your tips.
CVE-2024-3094 (XZ Utils Supply Chain Backdoor)
This training was a deep dive into supply chain attacks, focusing on how attackers compromise third-party libraries to infiltrate systems. 🌳 ROOT: The Core Lesson 🔹 Your code is only as secure as its weakest dependency. 🔹 Attackers don’t always target your app—they infect the libraries and tools you trust. 🔹 A single update from upstream can spread malware downstream into thousands of systems. 🌲 BRANCHES: Key Takeaways 1️⃣ Trunk: The Major Incidents (Real-World Cases) 📌 Log4j (CVE-2021-44228) – A simple logging library led to RCE attacks on millions of apps. 📌 XZ Utils Backdoor (CVE-2024-3094) – Attackers planted a hidden SSH backdoor inside a widely used Linux tool. 📌 SolarWinds Attack – A trusted software update infected top enterprises & governments. 2️⃣ Branches: How These Attacks Work? 🌿 Compromised Upstream – Hackers inject malicious code into open-source projects. 🌿 Silent Propagation – CI/CD pipelines & OS distros auto-fetch infected updates. 🌿 Exploitation in Production – The attacker gains remote access, RCE, or data leaks. 3️⃣ Leaves: Defensive Actions You Must Take! 🍃 Pin Dependencies – Use fixed versions instead of "latest". 🍃 Verify Integrity – Check hashes, signatures, and changelogs before updating. 🍃 Scan Your Stack – Use SCA tools like Dependabot, Trivy, or Snyk. 🍃 Restrict CI/CD Auto-Updates – Require manual reviews for third-party updates. 🍃 Monitor for Compromise – Set alerts for vulnerable dependencies. 🌟 TOP OF THE TREE: The Final Takeaway Supply chain security is not an option—it's a necessity! If upstream is compromised, everything downstream is at risk. Never blindly trust software updates—always verify before deploying. Your security is only as strong as the weakest library you import! Be proactive, not reactive—because the next Log4j or XZ Backdoor could already be in your pipeline!Welcome to this week's newest members
A very warm welcome to our new community members 👋 abarajith Monique Cyber_Genie ParkerSLDan Skittels Gabriel kborn 0dayNinja ianknapper-sec DeviPrasad vinaykumarreddyvempalli We love having you here. To get things off the ground check out our Get Started page, and introduce yourself to the community. and when you're ready, you can dip the collective knowlegde of the community in the Support Forum or Blog areas. If you're looking for a challenge, you have a couple more days to compete in The Human Connection Challenge Season 1: Episode 4 and Episode 5 goes live on Monday. Watch this space 👀Discussion: How are you and your organization safely (and securely) utilizing AI?
How are you and your organization safely (and securely) utilizing AI? Are users trained and enabled to utilize AI in the best interests of your organization? Does your organization track AI use and what organizational data could be getting sent to AI? Are you for or against AI usage in the workplace?The Human Connection Challenge: S1E4 - 1 Week To Go!
Don't Forget! There is only 1 week left to complete the fourth lab of the Human Connection Challenge if you want to be in with a shout of winning the FIRST rebranded digital badges, physical challenge coins, swag and prizes. If you are yet to complete it, you have until midnight on Sunday 23rd February 2025! To read more about the challenge click here. To find it in the Immersive Labs Platform, Click Exercise > Challenges & Scenarios > The Human Connection Challenge: Season 1 > Episode 4 Linux Don’t forget to Follow The Community Blog to get a notification whenever a new Challenge Lab is released! Want more challenges? Join our community Study Group, where we tackle one lab per week as a collective, sharing tips and tricks along the way. This week, we're focussing on defensive cybersecurity. See you there!
