You CAN Stop Stupid

You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions: Winkler Ira, Celaya Brown, Dr. Tracy

You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions [Winkler Ira, Celaya Brown, Dr. Tracy] You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions. The Twitter Hack and their “explanation” definitely showed why Ira’s next book with Tracy Celaya Brown is so critical. The fact an admin was “Social Engineered” should be expected with the results controlled.

Source: You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions: Winkler, Ira, Celaya Brown, Dr. Tracy



Twitter: High-profile hacks were part of a ‘Coordinated Social Engineering Attack’




Explore more on “Social Engineering”

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Comments (1)

Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices

The list was shared by the operator of a DDoS booter service. the list was compiled by scanning the entire internet for devices that were exposing their Telnet? port (23). Telnet sends password as plain text. we are still using clear text protocols in 2020? The hacker then may try using factory default usernames and passwords, as well easy-to-guess password combinations.

Source: Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices | ZDNet



How Do Passwords Get Stolen?








Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

A hacker is selling details of 142 million MGM hotel guests on the dark web

EXCLUSIVE: The MGM Resorts 2019 data breach is much larger than initially reported.

Source: A hacker is selling details of 142 million MGM hotel guests on the dark web | ZDNet

According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900. The hacker claims to have obtained the hotel’s data after they breached DataViper, a data leak monitoring service operated by Night Lion Security.

mgm-empire.png

MGM Exposes over 10,000,000 Profiles to Hackers – Feb 21, 2020



Protect Your Organization Against Massive Data Breaches and Their Consequences

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

The 10 Steps to cyber security

10 pieces of technical advice you should consider putting in place. Guidance on how organisations can protect themselves in cyberspace, including the 10 steps to cyber security.

Source: The 10 Steps to cyber security


Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

10 Ways to Identify a Phishing site

Cybercriminals create fake websites, malicious emails, text message or phone calls to trick people into clicking on links or revealing sensitive information.

Source: 10 Ways to Identify a Phishing site | The PC Hero

Phishing Attack Example – How to Spot a Scam Email




Phishing Scam

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Ten Steps to Reduce Your Cyber Risk

Ten Steps to Reduce Your Cyber Risk




Reduce your cyber risk with ISO 27001

Contact DISC InfoSec if you have a question regarding ISO 27001 implementation.





Explore the subject of Cyber Attack

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Someone’s scanning gateways, looking for those security holes Citrix told you not to worry too much about

FYI: Someone’s scanning gateways, looking for those security holes Citrix told you not to worry too much about

Hackers hit honeypots hours after CISO downplays risk, proof-of-concept exploit code emerges.

Source: FYI: Someone’s scanning gateways, looking for those security holes Citrix told you not to worry too much about





Explore the subject of Cyber Attack

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

15 billion credentials available in the cybercrime marketplaces

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts.

Source: 15 billion credentials available in the cybercrime marketplaces







Exploring the Dark Web




Explore the subject of Cyber Attack

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Google open-sources Tsunami vulnerability scanner

Google says Tsunami is an extensible network scanner for detecting high-severity vulnerabilities with as little false-positives as possible.

Source: Google open-sources Tsunami vulnerability scanner | ZDNet

The scanner has been used internally at Google and has been made available on GitHub

Google Tsunami Security Scanner – Quick install an example run

InfoSec Threats, Books and Training Courses

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

The Future of Cybersecurity Jobs

 

The Future of Cybersecurity Jobs 

The future of work is online and remote. This has been proven by the recent Covid-19 pandemic, as companies who had been reluctant to embrace the remote-work trend suddenly found themselves running an almost entire remote-based company. As things stand, it is very likely that much of the working world will remain remote-based. 

The new remote-working world means two things. The first is that the world will become increasingly more reliant on technology. The second is that the need for top-notch cybersecurity infrastructure will become more important to protect the private information of companies, employees and customers. Both of these are key indicators that the tech industry, which continues to thrive even during the coronavirus pandemic, will only continue to grow and at a faster rate than ever. If you are considering making a career change, you should absolutely look into the tech industry. More specifically, you should explore careers in cybersecurity.

 

Cybersecurity

Cybersecurity professionals are tasked with the programming that powers the systems, methods and policies that safeguard the software and online programs from malicious third-party cyberattacks. Recent cyberattacks on companies like Sony and Capital One made headlines, and for good reason. Millions and millions of private customer information (such as social security numbers) were immediately at risk. Skilled cybersecurity engineers are tasked with finding the ways that hackers break into mainframes at companies, and fix any potential weak spots.

A cybersecurity engineer sometimes serves as a “white hat” hacker, ethically hacking into their own company to find these potential weak spots in the company’s security infrastructure. If any weak spots are found, the cybersecurity engineer immediately fixes the problem.

Cybersecurity engineers earn a decent salary, with most junior engineers making $65,000 a year. More senior roles earn as much as $137,000, according to Payscale.

If you are wondering how to become a cybersecurity engineer, you want to start by learning how to code. You may be tempted to think that doing so will require going back to school to earn a computer science or IT degree, but this is actually becoming a less popular choice among career switchers. Instead, many are opting for the much faster and more economical route of coding bootcamps.

 

Coding Bootcamps

A coding bootcamp is a short-term means of tech education that is hyper-focused on coding. With most students completing their bootcamp in just two to three months, there is not much room for anything else but teaching what is coding, and how to use it to earn a living. As was mentioned earlier, the working world has switched to remote. Well, so has tech education, and many coding schools also offer online coding bootcamps.

Perhaps the most beneficial feature of a coding bootcamp is the flexible tuition financing that they offer. Coding schools offer what is called an income-sharing agreement (ISA). This is actually a tuition financing option that is opposite from how a student loan works. Instead of students taking on $40,000 or more in debt that is impossible to escape from, even through bankruptcy, an ISA works as a way for a coding school to invest in their students.

ISAs offered by schools like App Academy work by waiving the bootcamp tuition so that the student doesn’t have to pay anything upfront. The student agrees to repay the cost through monthly payments based entirely on their salary after they graduate and land a job. Since the school is making an investment, with its return based on how much money their graduates can earn, it makes sense that many of these programs do their best to ensure that their grads are not only well-prepared in terms of programming skills, but are also marketable to potential employers. 

To do this, most coding schools hold regular job fairs and networking events that give their students a chance to connect with potential employers. These events are also held through online means so that all students can have an opportunity to join. Many coding schools also have partnership programs with local companies that allow them to place their graduates in legitimate, well-paying programming jobs more quickly.

 

InfoSec Threats, Books and Training Courses

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

How to uninstall Microsoft Edge forced-installed via Windows Update

If Microsoft Edge was installed in Windows 10 via Windows Update, you can not remove it via standard methods. That does not mean you cannot remove it, though, as a technique has been discovered to uninstall the program via the command prompt.

Source: How to uninstall Microsoft Edge forced-installed via Windows Update



New Microsoft Edge browser cant be uninstalled when you get it on Windows update








Explore the subject of Cyber Attack

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

NSA releases guidance on securing IPsec Virtual Private Networks

The US National Security Agency (NSA) has published guidance on how to properly secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks.

Source: NSA releases guidance on securing IPsec Virtual Private Networks



Networking – IPSec Theory




Explore the subject of Cyber Attack

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Alleged cyber attacks caused explosions at facilities in Iran

The root cause of a series of explosions at important Iranian facilities may be cyberattacks allegedly launched by Israel.

Source: Alleged cyber attacks caused explosions at facilities in Iran

Stuxnet 2? Iran Hints Nuclear Site Explosion Could Be A Cyberattack

Stuxnet 0.5: The Missing Link

How Israel Rules The World Of Cyber Security | VICE on HBO

Israel said to be behind cyber attack on Iranian port

Explore the subject of Cyber Attack

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

This is how EKANS ransomware is targeting industrial control systems

New samples of the ransomware reveal the techniques used to attack critical ICS systems.

Source: This is how EKANS ransomware is targeting industrial control systems | ZDNet

More on EKANS, the ransomware with an ICS kicker. Shipping company customer-facing IT disrupted

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

40% of security pros say half of cyberattacks bypass their WAF – Help Net Security

There are growing concerns around the number of businesses vulnerable to cyberattacks due to hackers’ ability to bypass their WAF.

Source: 40% of security pros say half of cyberattacks bypass their WAF – Help Net Security



Sorry About your WAF – Modern WAF Bypass Techniques








Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

A hacker gang is wiping Lenovo NAS devices and asking for ransoms

Ransom notes signed by ‘Cl0ud SecuritY’ hacker group are being found on old LenovoEMC NAS devices.

Source: A hacker gang is wiping Lenovo NAS devices and asking for ransoms | ZDNet



Dealing with a Ransomware Attack: A full guide




A Beginner’s Guide to Protecting and Recovering from Ransomware Attacks




Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions

SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.

Source: Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions

FIC2020: The top cybersecurity trends to watch for

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Apple strong-arms entire CA industry into one-year certificate lifespans

Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates to 398 days, against the wishes of Certificate Authorities. A decision that Apple unilaterally took in February 2020 has reverberated across the browser landscape and has effectively strong-armed the Certificate Authority industry into bitterly accepting a new default lifespan of 398 days for TLS certificates.

Following Apple’s initial announcement, Mozilla and Google have stated similar intentions to implement the same rule in their browsers.

Starting with September 1, 2020, browsers and devices from Apple, Google, and Mozilla will show errors for new TLS certificates that have a lifespan greater than 398 days.

Source: Apple strong-arms entire CA industry into one-year certificate lifespans | ZDNet

How does HTTPS work? What’s a CA? What’s a self-signed Certificate?






Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Good Cyber Hygiene in a Post-Pandemic World Starts with Us

Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.

Source: Good Cyber Hygiene in a Post-Pandemic World Starts with Us

Cyber ‘hygiene’ could resolve 90% of cyber attacks | FT Business Notebook

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

Leave a Comment

Police arrested 32 people while investigating underground economy forum

German Police have arrested 32 individuals and detained 11 after a series of raids targeting users of an illegal underground economy forum.

Source: Police arrested 32 people while investigating underground economy forum

Exploring the Dark Web



Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

Leave a Comment