The blog of a cybersecurity student

 The Software Engineering Institute For this week, I’ll be talking about a resource that I was previously unaware of. The Software Engineering Institute (SEI) at Carnegie Mellon University is a leading research center focused on software engineering, cybersecurity, and AI, working closely with government, industry, and academia. Their website has resources for cybersecurity professionals, including research papers, technical reports, blogs, and podcasts that cover topics like secure software development, threat modeling, and emerging cybersecurity challenges. SEI also provides practical tools and frameworks that teams can use to improve security processes, along with professional training programs, webinars, and certification opportunities to help practitioners advance their skills. The site also offers access to a comprehensive library of publications, news updates, and upcoming events, making it a go-to source for staying current on trends, best practices, and real-world soluti...

  Sophisticated Phishing Campaigns Powered by AI I found this article interesting as it highlights how hackers are using AI to create incredibly convincing phishing emails, automate attacks on weak third-party systems, and even find new ways to sneak into networks without anyone noticing. Companies must fight back with AI-powered tools that can detect unusual behavior, flag potential breaches, and even predict attacks before they happen. I think that the rise of AI is making the cybersecurity landscape more unpredictable than ever. Whether you’re a business or just a regular internet user, staying alert and understanding how AI is being used in cybercrime is more important than ever. I think it is important for us all to be aware of both the risks and benefits of AI in the field of cybersecurity. Do you have any specific concerns relating to AI and cybersecurity?  Article: Report: 1 in 4 Data Breaches Exploit Third-Party Vulnerabilities - Tech.co

  The Common Vulnerabilities and Exposures (CVE) Program The Common Vulnerabilities and Exposures (CVE) program is a trusted system used across the cybersecurity industry to track publicly known security vulnerabilities. CVE is sponsored by United States DHS and CISA. The website CVE.org acts as a central place where these vulnerabilities are listed and assigned a unique identification number, known as a CVE ID. These CVE IDs make it easy for security teams, vendors, and researchers to talk about the same vulnerability without confusion. Instead of using different names for the same issue, everyone uses the standard identifier. This consistency facilitates collaboration amongst the industry and assists in mitigating risk through the prompt disclosure of discovered risks. Many security tools, such as vulnerability scanners and patch management systems, use CVE IDs. When a new vulnerability is published, professionals can quickly check whether their systems are affected, unders...

  Cybersecurity and Infrastructure Security Agency (CISA) CISA is a government agency that works to protect systems we all rely on, like power, healthcare, transportation, and government services. These are things most people don’t think about unless something goes wrong. Even though CISA focuses on big, nationwide issues, a lot of the information they share is still helpful for everyday users. What stood out to me about CISA is how practical their cybersecurity advice is. They focus on simple habits like creating stronger passwords, using multi-factor authentication, keeping devices updated, and backing up important files. These are easy steps that almost anyone can follow. You can find up-to-date info on current cyber threats, training materials, guides, and checklists for individuals, businesses, schools, or government organizations. It’s also a trusted source, so instead of digging through random blogs or videos, you can get reliable advice all in one place. I think that ...