The Future of Cybersecurity Jobs

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Jul 17 2020

Twitter stepped up search to fill top security job ahead of hack

Category: CISO,cyber security,Information Privacy,Information Security,vCISO — DISC @ 10:46 am

Search for a chief information security officer

Twitter Inc had stepped up its search for a chief information security officer in recent weeks, two people familiar with the effort told Reuters, before the breach of high-profile accounts on Wednesday raised alarms about the platform’s security. Twitter said hackers had targeted employees with access to its internal systems and “used this access to take control of many highly-visible (including verified) accounts.”

The second and third rounds of hijacked accounts tweeted out messages telling users to send bitcoin to a given address in order to get more back. Publicly available blockchain records show the apparent scammers received more than $100,000 worth of cryptocurrency.

The U.S. House Intelligence Committee was in touch with Twitter regarding the hack, according to a committee official who did not wish to be named.

Source: Twitter stepped up search to fill top security job ahead of hack

Twitter says 130 accounts were targeted in hack

httpv://www.youtube.com/watch?v=4pquwx-doYg

Explore latest CISO Titles at DISC InfoSec

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Tags: bitcoin, blockchain, Chief Information Security Officer, high-profile accounts, hijacked accounts, House Intelligence Committee, Twitter CISO, vCISO, verified accounts

Jul 15 2020

Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices

Category: Hacking,Password Security — DISC @ 10:49 am

The list was shared by the operator of a DDoS booter service. the list was compiled by scanning the entire internet for devices that were exposing their Telnet? port (23). Telnet sends password as plain text. we are still using clear text protocols in 2020? The hacker then may try using factory default usernames and passwords, as well easy-to-guess password combinations.

Source: Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices | ZDNet

How Do Passwords Get Stolen?
httpv://www.youtube.com/watch?v=S_i8EhJWQ48

Download a Security Risk Assessment Steps paper!

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Jul 14 2020

A hacker is selling details of 142 million MGM hotel guests on the dark web

Category: Data Breach,Hacking,Security Breach — DISC @ 11:06 am

EXCLUSIVE: The MGM Resorts 2019 data breach is much larger than initially reported.

Source: A hacker is selling details of 142 million MGM hotel guests on the dark web | ZDNet

According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900. The hacker claims to have obtained the hotel’s data after they breached DataViper, a data leak monitoring service operated by Night Lion Security.

MGM Exposes over 10,000,000 Profiles to Hackers – Feb 21, 2020
httpv://www.youtube.com/watch?v=vlPE-4Tjnrc

Protect Your Organization Against Massive Data Breaches and Their Consequences

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Tags: dark net, dark web

Jul 13 2020

The 10 Steps to cyber security

Category: cyber security — DISC @ 11:13 am

10 pieces of technical advice you should consider putting in place. Guidance on how organisations can protect themselves in cyberspace, including the 10 steps to cyber security.

Source: The 10 Steps to cyber security

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Jul 12 2020

10 Ways to Identify a Phishing site

Category: Phishing — DISC @ 6:08 pm

Cybercriminals create fake websites, malicious emails, text message or phone calls to trick people into clicking on links or revealing sensitive information.

Source: 10 Ways to Identify a Phishing site | The PC Hero

Phishing Attack Example – How to Spot a Scam Email
httpv://www.youtube.com/watch?v=PTE2oqMcfSw

Phishing Scam

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Jul 11 2020

Ten Steps to Reduce Your Cyber Risk

Category: Information Security,ISO 27k — DISC @ 4:19 pm

[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2020/07/Ten-Steps-to-Reduce-Your-Cyber-Risk.pdf” title=”Ten Steps to Reduce Your Cyber Risk”]

Reduce your cyber risk with ISO 27001

Contact DISC InfoSec if you have a question regarding ISO 27001 implementation.

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Tags: ISO 27001 2013, ISO 27001 2013 Gap Assessment

Source: FYI: Someone’s scanning gateways, looking for those security holes Citrix told you not to worry too much about

Jul 10 2020

Someone’s scanning gateways, looking for those security holes Citrix told you not to worry too much about

Category: Security vulnerabilities — DISC @ 11:10 am

FYI: Someone’s scanning gateways, looking for those security holes Citrix told you not to worry too much about

Hackers hit honeypots hours after CISO downplays risk, proof-of-concept exploit code emerges.

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Jul 09 2020

15 billion credentials available in the cybercrime marketplaces

Category: Cybercrime,Data Breach,data security — DISC @ 11:32 am

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts.

Source: 15 billion credentials available in the cybercrime marketplaces

Exploring the Dark Web
httpv://www.youtube.com/watch?v=BN1NU0ivzj8

Explore the subject of Cyber Attack

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

InfoSec Threats, Books and Training Courses

Jul 08 2020

Google open-sources Tsunami vulnerability scanner

Category: Security Risk Assessment,Security vulnerabilities — DISC @ 10:03 pm

Google says Tsunami is an extensible network scanner for detecting high-severity vulnerabilities with as little false-positives as possible.

Source: Google open-sources Tsunami vulnerability scanner | ZDNet

The scanner has been used internally at Google and has been made available on GitHub

Google Tsunami Security Scanner – Quick install an example run
httpv://www.youtube.com/watch?v=Xims19547gs

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Tags: vulnerability scanner

InfoSec Threats, Books and Training Courses

Jul 07 2020

The Future of Cybersecurity Jobs

Category: cyber security,InfoSec jobs — DISC @ 2:07 pm

The Future of Cybersecurity Jobs

The future of work is online and remote. This has been proven by the recent Covid-19 pandemic, as companies who had been reluctant to embrace the remote-work trend suddenly found themselves running an almost entire remote-based company. As things stand, it is very likely that much of the working world will remain remote-based.

The new remote-working world means two things. The first is that the world will become increasingly more reliant on technology. The second is that the need for top-notch cybersecurity infrastructure will become more important to protect the private information of companies, employees and customers. Both of these are key indicators that the tech industry, which continues to thrive even during the coronavirus pandemic, will only continue to grow and at a faster rate than ever. If you are considering making a career change, you should absolutely look into the tech industry. More specifically, you should explore careers in cybersecurity.

Cybersecurity

Cybersecurity professionals are tasked with the programming that powers the systems, methods and policies that safeguard the software and online programs from malicious third-party cyberattacks. Recent cyberattacks on companies like Sony and Capital One made headlines, and for good reason. Millions and millions of private customer information (such as social security numbers) were immediately at risk. Skilled cybersecurity engineers are tasked with finding the ways that hackers break into mainframes at companies, and fix any potential weak spots.

A cybersecurity engineer sometimes serves as a “white hat” hacker, ethically hacking into their own company to find these potential weak spots in the company’s security infrastructure. If any weak spots are found, the cybersecurity engineer immediately fixes the problem.

Cybersecurity engineers earn a decent salary, with most junior engineers making $65,000 a year. More senior roles earn as much as $137,000, according to Payscale.

If you are wondering how to become a cybersecurity engineer, you want to start by learning how to code. You may be tempted to think that doing so will require going back to school to earn a computer science or IT degree, but this is actually becoming a less popular choice among career switchers. Instead, many are opting for the much faster and more economical route of coding bootcamps.

Coding Bootcamps

A coding bootcamp is a short-term means of tech education that is hyper-focused on coding. With most students completing their bootcamp in just two to three months, there is not much room for anything else but teaching what is coding, and how to use it to earn a living. As was mentioned earlier, the working world has switched to remote. Well, so has tech education, and many coding schools also offer online coding bootcamps.

Perhaps the most beneficial feature of a coding bootcamp is the flexible tuition financing that they offer. Coding schools offer what is called an income-sharing agreement (ISA). This is actually a tuition financing option that is opposite from how a student loan works. Instead of students taking on $40,000 or more in debt that is impossible to escape from, even through bankruptcy, an ISA works as a way for a coding school to invest in their students.

ISAs offered by schools like App Academy work by waiving the bootcamp tuition so that the student doesn’t have to pay anything upfront. The student agrees to repay the cost through monthly payments based entirely on their salary after they graduate and land a job. Since the school is making an investment, with its return based on how much money their graduates can earn, it makes sense that many of these programs do their best to ensure that their grads are not only well-prepared in terms of programming skills, but are also marketable to potential employers.

To do this, most coding schools hold regular job fairs and networking events that give their students a chance to connect with potential employers. These events are also held through online means so that all students can have an opportunity to join. Many coding schools also have partnership programs with local companies that allow them to place their graduates in legitimate, well-paying programming jobs more quickly.

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Jul 07 2020

How to uninstall Microsoft Edge forced-installed via Windows Update

Category: Information Security,Windows Security — DISC @ 12:40 pm

If Microsoft Edge was installed in Windows 10 via Windows Update, you can not remove it via standard methods. That does not mean you cannot remove it, though, as a technique has been discovered to uninstall the program via the command prompt.

Source: How to uninstall Microsoft Edge forced-installed via Windows Update

New Microsoft Edge browser cant be uninstalled when you get it on Windows update
httpv://www.youtube.com/watch?v=2mvyKqFzf5o

Explore the subject of Cyber Attack

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Jul 06 2020

NSA releases guidance on securing IPsec Virtual Private Networks

Category: VPN — DISC @ 11:29 am

The US National Security Agency (NSA) has published guidance on how to properly secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks.

Source: NSA releases guidance on securing IPsec Virtual Private Networks

Networking – IPSec Theory
httpv://www.youtube.com/watch?v=OgbbLCtdVvY

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Stuxnet 2? Iran Hints Nuclear Site Explosion Could Be A Cyberattack

Jul 03 2020

Alleged cyber attacks caused explosions at facilities in Iran

Category: Cyber Attack — DISC @ 12:01 pm

The root cause of a series of explosions at important Iranian facilities may be cyberattacks allegedly launched by Israel.

Source: Alleged cyber attacks caused explosions at facilities in Iran

Stuxnet 0.5: The Missing Link

How Israel Rules The World Of Cyber Security | VICE on HBO
httpv://www.youtube.com/watch?v=ca-C3voZwpM

Israel said to be behind cyber attack on Iranian port
httpv://www.youtube.com/watch?v=9XVIrXHtpeg

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Jul 02 2020

This is how EKANS ransomware is targeting industrial control systems

Category: Ransomware — DISC @ 10:54 pm

New samples of the ransomware reveal the techniques used to attack critical ICS systems.

Source: This is how EKANS ransomware is targeting industrial control systems | ZDNet

More on EKANS, the ransomware with an ICS kicker. Shipping company customer-facing IT disrupted
httpv://www.youtube.com/watch?v=Pl4VhODKQY0

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Jul 01 2020

40% of security pros say half of cyberattacks bypass their WAF – Help Net Security

Category: App Security,Web Security — DISC @ 10:59 pm

There are growing concerns around the number of businesses vulnerable to cyberattacks due to hackers’ ability to bypass their WAF.

Source: 40% of security pros say half of cyberattacks bypass their WAF – Help Net Security

Sorry About your WAF – Modern WAF Bypass Techniques
httpv://www.youtube.com/watch?v=nKJmgE-dYds

Download a Security Risk Assessment Steps paper!

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Tags: WAF, web app security

Jun 30 2020

A hacker gang is wiping Lenovo NAS devices and asking for ransoms

Category: Hacking,Ransomware — DISC @ 9:49 pm

Ransom notes signed by ‘Cl0ud SecuritY’ hacker group are being found on old LenovoEMC NAS devices.

Source: A hacker gang is wiping Lenovo NAS devices and asking for ransoms | ZDNet

Dealing with a Ransomware Attack: A full guide
httpv://www.youtube.com/watch?v=g0yXmQx89x4

A Beginner’s Guide to Protecting and Recovering from Ransomware Attacks

Download a Security Risk Assessment Steps paper!

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Download a vCISO template

Jun 29 2020

Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions

Category: cyber security — DISC @ 9:10 pm

SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.

Source: Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions

FIC2020: The top cybersecurity trends to watch for
httpv://www.youtube.com/watch?v=QZKSUwSo0IA

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles