Security Champions programs are a proven way to scale AppSec across dev teams. Join Snyk’s live webinar on May 15 @ 11AM ET where we’ll cover👇

✓ Defining the role of security champions
✓ Designing a scalable, tailored program
✓ Recognizing, rewarding & growing your champions

🎓 BONUS: Earn CPE credits for attending!

Welcome to another_secpro!

For all of you who attended the RSA Conference, we hope you had a great time getting up to scratch with the goings on in this industry. Got something to share? Reply to this email and tell us about your thoughts. This week's issue contains:

- RSA Conference 2025 – Navigating the New Cyber Frontier
- MITRE ATT&CK Top Ten Breakdown #3: T1555
-LockBit Ransomware Group Compromised; Internal Chats Leaked
- Berkeley Research Group Breach Exposes Sensitive Data in Catholic Church Abuse Cases
- Co-op Data Breach Affects Millions of UK Customers
- AirBorne Vulnerability in Apple’s AirPlay Puts Billions at Risk
- U.S. Customs and Border Protection Confirms Use of Hacked TeleMessage App

Cheers!
Austin Miller
Editor-in-Chief

HubSpot’s AI-powered ecosystem presents a global opportunity projected to reach $10.2 billion by 2028. To capitalize on that growth potential, we are opening our platform more, starting with expanded APIs, customizable app UI, and tools that better support a unified data strategy.

LockBit Ransomware Group Compromised; Internal Chats Leaked: The notorious LockBit ransomware gang suffered a significant breach, leading to the exposure of internal chat logs and operational details. These leaks provide unprecedented insights into the group's tactics, including their use of known vulnerabilities, adoption of proof-of-concept exploits, and targeting strategies.

Berkeley Research Group Breach Exposes Sensitive Data in Catholic Church Abuse Cases: Berkeley Research Group (BRG), involved in managing Catholic Church bankruptcy cases related to sexual abuse lawsuits, experienced a cyberattack that potentially exposed sensitive victim data. The attacker infiltrated BRG's systems by impersonating an IT worker on Microsoft Teams, deployed Chaos ransomware, and demanded payment. Although BRG has not found evidence of data dissemination, the U.S. Justice Department is scrutinizing the firm's delayed disclosure and potential conflicts of interest.

Co-op Data Breach Affects Millions of UK Customers: The Co-op experienced a cyberattack where hackers accessed and extracted personal data from one of its systems, affecting a significant number of its more than 6.2 million current and past members. The breach forced the Co-op to temporarily shut down parts of its IT systems. The UK's National Crime Agency and National Cyber Security Centre are investigating the incident.

AirBorne Vulnerability in Apple’s AirPlay Puts Billions at Risk: A critical security flaw dubbed "AirBorne" has been discovered in Apple’s AirPlay protocol and SDK, potentially allowing hackers on the same Wi-Fi network to deploy malware, access private data, or eavesdrop on conversations. Public spaces like coffee shops and airports are particularly vulnerable. While Apple has issued security updates, many third-party devices relying on the affected AirPlay SDK may not receive timely patches, leaving users at risk.

U.S. Customs and Border Protection Confirms Use of Hacked TeleMessage App: The U.S. Customs and Border Protection (CBP) confirmed its use of a communication application by TeleMessage, which clones popular apps like Signal and WhatsApp with added record-retention archiving. Following the discovery of a cyber incident, CBP suspended its use of TeleMessage while investigating the breach. Significant security vulnerabilities have been identified in TeleMessage’s Android code, prompting U.S. Senator Ron Wyden to urge the Department of Justice to investigate the company, characterizing it as a national security risk.

ATT&CK Splunk Add-on (as part of Attack Range): This Splunk-supported environment is designed for testing and training based on real-world attack scenarios. It leverages MITRE ATT&CK to simulate threats and includes preconfigured Splunk dashboards and detections for ATT&CK techniques, offering a lab-like setting for defenders to hone their response strategies.

ATT&CK Navigator: ATT&CK Navigator is a web-based tool for visualizing and annotating MITRE ATT&CK matrices. It allows analysts to overlay data like detection coverage, threat actor usage, or red/blue team test results to better understand where gaps exist in detection or mitigation strategies.

Caldera: Caldera is an automated adversary emulation system designed to evaluate the effectiveness of cyber defense tools and processes. It uses the MITRE ATT&CK framework to model adversary behavior and execute post-compromise techniques, allowing blue teams to validate detection and response capabilities.

Detection Rules: Detection Rules is a collection of threat detection rules for use with Elastic Security. These rules are directly mapped to MITRE ATT&CK techniques and tactics, enabling high-fidelity detection of adversarial behavior in environments monitored by the Elastic Stack (Elasticsearch, Kibana, etc.).

Here are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture! Check out next week's issue to find our coverage of CyberUK!

CyberUK (6th-7th May): Organised by the UK’s National Cyber Security Centre (NCSC), CyberUK is the government’s flagship cybersecurity event. It brings together security leaders, policymakers, and industry professionals to discuss pressing cybersecurity issues. With a strong focus on collaboration and innovation, CyberUK is a hub for public and private sector expertise.

DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.

Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.

Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.

Wysh Life Benefit allows any financial institution to offer free life insurance directly through their customers’ savings accounts. By embedding micro life insurance into deposit accounts, Life Benefit provides built-in financial protection that grows with account balances. It’s a simple, no-cost innovation that enhances loyalty, encourages deposits, and differentiates institutions in a competitive market. No paperwork. No medical exams. Just automatic coverage that provides peace of mind—without changing how customers bank.