Cybersecurity

303

Solutions

671

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

OwnYourId.jpg
Your Identity Is Yours. Here’s How To Keep It That Way.

Have you ever been out with friends, had a little too much to drink, and left your credit card in a bar? Or maybe you thought you’d stowed your child’s social security card safely away in your desk drawer, but now you can’t find it. It may seem like losing these items is just an inconvenience, but the reality is that simple slip-ups like these can spell disaster for you and your family.
 
We recently took to the streets of Denver to get a feel for how average Americans are staying safe from identity theft. Their responses were not so surprising.  
 
How are you protecting your identity?
3
 
LVL 7

Expert Comment

by:Brian Matis
How are you protecting your identity?
I'm with you on the credit monitoring and credit freeze. Although, full disclosure, I did spend many years working for one of the major credit bureaus on their consumer credit monitoring products and wrote the business requirements for my team's portion of the credit lock feature—still one of my favorite projects from when I was there. We made it so much easier for customers to manage their freeze status through our service. :-)
1
 

Author Comment

by:Drew Frey
The credit piece is a big one that I think many don't pay enough attention to. It's important to know where you stand and stay up to date with your credit score and in some cases, freeze when needed.

That project sounds really interesting! Fun that you got to work on that Brian!
0
Microsoft Certification Exam 74-409
LVL 1
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Locky ransomware rises from the crypt

Lockys_Back.jpg
New variants of Locky—Diablo and Lukitus—have surfaced from the ransomware family presumed by many to be dead. After rising to infamy as one of the first major forms of ransomware to achieve global success, Locky’s presence eventually faded. However, it appears this notorious attack is back with distribution through the Necurs botnet, one of the largest botnets in use today.
 
Webroot protects against Diablo and Lukitus
 
For the initial list of MD5s and more detail on Locky.
3
Beware - Variant of the well known locky (Diablo6) and mamba (DiskCryptor) are back.

Currently, there is no decryptor available to decrypt data locked by Mamba and Locky as well;
So watch out and educate your users to stay vigilant - old trick in phishing still valid hence detect those red flags to avoid being penetrated. Keep a disciplined cyber hygiene.
 
http://thehackernews.com/2017/08/locky-mamba-ransomware.html
3
Capture.JPG
Webroot Acquires Securecast, Launches Webroot Security Awareness Training

Beta Program Available Immediately to Help Businesses Reduce the Risks and Costs of Cyber Threats with End User Education

Webroot has acquired the assets of Securecast, a security awareness training platform. Building on Securecast, Webroot Security Awareness Training will give managed service providers (MSPs) and businesses a solution to reduce the risks and costs of phishing, ransomware, and other cyber threats with end-user education.

Webroot Security Awareness Training is available today as a beta program, with general availability scheduled for later this fall. The beta will allow participants to operate phishing simulations and provide a test course to address the weakest link in an organization’s security posture: the human factor. By combining the latest threat intelligence, technology, and training, Webroot enables businesses to reduce their security risks by continually educating their users and testing their awareness on cybersecurity best practices.

Explore Webroot Security Awareness Training

Webroot Security Awareness Training Beta Key Facts:
  • Webroot Security Awareness Training is a fully hosted Awareness-as-a-Service platform with an end user training program and a sophisticated phishing simulator.
  • The phishing
2
The Future of Cyber Security - Facts & Predictions


Ransomware, one of today's biggest security threats, has become a massive growth opportunity for our channel. As key stakeholders fear now that their organisation will eventually be hit by a ransomware attack, they are willing to spend more on IT security solutions.
 
Join our Live Webinar on 24th August 2017
 
  • Why is NHS spending 50 million pounds to improve its cyber security?
  • Why are schools and top universities the perfect targets for the file-encrypting attacks?
  • How much are businesses willing to invest after their first ransomware attack?
  • How to remain competitive and win the cyber security market?


Register Now and Secure your Spot!
2
What technology do you think is a fad that won’t last?

Not sure it really qualifies as a "fad" because it's been around so long, but I'd say that a lot of existing password guidelines (special characters, changing them every 90 days, capitalization rules, etc.) are on their way out. Don't believe me? Even the creator of those rules now regrets them.

Although, I'm really looking forward to the day when passwords can just go away almost completely...
2
 
LVL 17

Expert Comment

by:Kyle Santos
Meanwhile, I just got this.  xD

Screenshot_2.png
Arrrggghhhhhh!
1
 
LVL 17

Expert Comment

by:Kyle Santos
Come to think of it.  After I graduated high school and started using computers more often I realized how difficult it was to remember passwords that had all those wacky requirements, so I started choosing last names of random people which is kind of similar to what xkcd had mentioned about four random words.  Admittedly, I was doing my best to try and work around difficult password requirements by making it easier for me to remember!  Take that, Bill Burr!
1
What is your favorite password manager?  I use the hell out of LastPass.  Love it's versatility and reliability, especially across multiple platforms.  It's ease of use and short learning curve has made it a valuable part of helping my clientele manage access to specific resources with fantastic results.  What are your go to's?
4
 
LVL 9

Expert Comment

by:Brandon Lyon
LastPass is the one I prefer. It's easy to use on most browsers & major platforms.
1
 
LVL 12

Expert Comment

by:Brian Murphy
Agree, as of this writing.  LastPass.
0
2
NativePostAugCOTM.pngHaving a basic knowledge of IT fundamentals demonstrates your readiness for the digital workplace. Enroll in August’s Course of the Month to gain skills in networking, cybersecurity, hardware, and software basics, and prepare for the CompTIA IT Fundamentals exam!
3

71% of SMBs aren't prepared for cybersecurity risks


CyberThreatsSMB.png
This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies (with between 100 and 499 employees) in the U.S., U.K., and Australia. The survey focused on how these small businesses perceived new threats facing their organizations.

Some of the answers were surprising.

Key stats:

  • 96% of those surveyed believe they are susceptible to cyber threats.
  • 80% use third-party IT security resources (mixed-use IT and security teams).
  • 94% are updating their security budgets to account for mitigating new threats.
  • 71% still admit not being ready to address cybersecurity threats.

Get the full report and more stats here.
     
2
Need protection from advanced malware attacks?
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

NativePostAugCOTM.pngAugust’s free Course of the Month is available today! Enroll in the CompTIA Fundamentals course to prepare for certification!
3
You need to assemble a crack AI team: Where do you even start?

lego_heads_photo_via_shutterstock.jpg
AI is finding its way into every day business and government. The idea of AI is not a new, but what is different is that today's hardware and software is bringing the various concepts underpinning AI to a mass market.

What’s new, too, is the driver: from bots and digital assistants to autonomous vehicles Google, Microsoft, Facebook, Nvidia and others in Silicon Valley are setting a drum beat to which the rest of are marching.

View All
2
How machine learning enables your best employees to work 24/7

A recent incent industry report states that artificial intelligence and machine learning have great potential, but can’t yet match the breadth of human intelligence. While I would argue you can’t have one without the other, meaning humans are an integral part of both AI and machine learning, both of these technologies have the power to be better than any single employee.

Our CTO, Hal Lonas, talks Artificial Intelligence and machine learning with Information-Management.
2
Webroot Certification Program
We're excited to announce the launch of our Webroot Certification Program.

The Webroot Certification Program covers key feature differentiators, deployment best practices, cybersecurity management, and basic troubleshooting techniques for SecureAnywhere® Business Endpoint Protection. The program enables the sales and technical teams at managed service providers (MSPs), value-added resellers (VARs), and other distributor partners to better sell and support the solution, as well as streamline and enhance their IT services business.

Get certified by signing up here.
2

Cyber News Rundown: Edition 7/21/17


Cyber-News-Rundown-WordPress-800x600.jpg
Malware Lurking in Game of Thrones Torrents

Viewers hoping to catch an illegal copy of the season 7 premier of Game of Thrones, released last Sunday evening, stumbled across something much more dangerous than White Walkers. The most pirated TV show in the last 5 years, Game of Thrones torrents often come with an extra side of malware, and have even released a Cerber ransomware variant onto unsuspecting viewers. While some lucky pirates have escaped with clean torrents, others haven’t been so fortunate. Use caution in all your internet activities, whatever they may be.

Twitter Porn Bot Shutdown

In the last few weeks, researchers have been attempting to bring down a Twitter botnet that took over 86,000 bot accounts to send out a relentless stream of porn ads to Twitter users across the globe. The botnet itself began by creating systematically generated Twitter accounts to send out a malicious URL payload to victims, which would then redirect them to a variety of porn sites controlled by the same network.

Adoption Data Leaked in Newcastle

Recently, officials of the Newcastle City Council have been attempting to resolve a data breach in which a spreadsheet of over 2,700 adopted children’s information
5
QTT2017.PNG
In This Issue:
Streaming Malware Detection and Trends

More information here.

Although malware and potentially unwanted applications (PUAs) such as spyware and adware have been a top concern for years, many organizations still find themselves overwhelmed by the abundance of modern threats. This quarter, we examine malware trends, get insight from Webroot CTO Hal Lonas on dissolving security perimeters, and present findings from two recent surveys on how security professionals will focus their security efforts over the next year.

Get the latest Threat Trends Report now!
2
Skyport2-SocialMedia-LinkedInV2.pngDid you miss our co-branded webinar with Skyport Systems yesterday? Check out the recorded webinar available on-site to learn how to secure your Active Directory against security threats.
2
Cyber-News-Rundown-WordPress-800x600.jpg
Cyber News Rundown Edition: 7/14/17

Verizon Call Logs Found Exposed Online

Over the past month, researchers have been learning more about the recent discovery of unsecured customer service call records for over 14 million individuals on an Amazon server. The server in question is controlled by Nice Systems, an enterprise software company based in Israel, and contained call logs from January through June of this year. In the unencrypted records were customers’ names and their Verizon account login credentials. Even after Verizon became aware of the server’s vulnerability, it took over a week to get it properly secured by Nice Systems.

Bupa Healthcare Services Breached

In the last week, international healthcare provider Bupa was the victim of a data breach that included basic customer information, such as names, birthdates, and nationalities. The breach originated with an employee incorrectly transferring data between systems of Bupa Global, which handles international health insurance for frequent travelers—around 108,000 customers in total. The affected branch of Bupa has contacted all affected customers, and has stated that no other branches worldwide have been compromised.

Botnets Distributing New Point-of-Sale Malware

With the recent influx of botnet-related cyberattacks in the last year, it’s hardly surprising that Point-of-Sale malware is now spreading through the same channels
3
Bupa breach affects more than half a million customers

A London health insurance agency has been hit with a massive data breach. The personal information of about 547,000 people was compromised.

More info here
1
Free Tool: Subnet Calculator
LVL 9
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Cyber-News-Rundown-WordPress-800x600.jpg
Cyber News Rundown: Edition 7/7/17

British Lawmakers’ Logins Targeted

Over the last week, multiple parliament members and other lawmakers in the UK have been the focus of cold-callers attempting to gain login credentials, following a successful brute force attack that compromised the credentials of several other officials. Passwords for the remainder of the parliamentary staff have received a force reset to avoid any further exploitation of their systems.

Banks Still Struggle with Security

The Online Trust Alliance recently conducted an anonymous study of 1,000 websites across many different sectors, to test for security, privacy, and consumer protection. Of the 100 largest US banks in the study, only 27% passed all 3 categories, while 65% failed in at least one category. Although the American Banking Association still believes that banks are the current standard for security, the long list of breaches throughout the last year alone leave many consumers questioning just how secure their banks really are.

Sabre Breach Exposes Google Employee Data

In the past few days, Google has been sending out notifications to employees after Sabre Hospitality Services experienced a breach in their reservation system
4
bitcoin_photo_via_shutterstock.jpg
This just in... Humans Still the Weakest Link

"The fact that access appears to have been initiated by initially compromising an employee's personal PC is a very worrying development – highlighting huge failings on so many levels, from an employee education and training standpoint, all the way to administrative and technical controls, to monitoring and enforcement." -  David Kennerley, director of threat research at Webroot.

More on TheRegister.
5
 
LVL 2

Expert Comment

by:Christopher Rourke
Good ol' PEBCAK :) Thanks for the article link.
1
 

Author Comment

by:Drew Frey
Happy to share, Christopher! There's an educational component most people could use to help combat PEBCAK :)
1
0
Today is the last day to enroll in June’s Course of the Month. With ransomware attacks on the rise this year, we encourage all members of our community to enroll and avoid becoming part of 2017's statistics. Premium members, Team Account members, and Qualified Experts will have 30 days after enrollment to complete the course. Don’t miss this opportunity to enhance your security!
3
3
Today's update on Petya
Previously, it was believed that the ransomware would not begin encrypting until an hour after the initial infection. It is now been discovered that it begins encrypting the first 1MB of the below file types upon infection. Therefore turning off your device when viewing the reboot message, will not stop encryption.

It is also now being disputed if the goal of this attack was to collect Bitcoin or cause mass destruction in the devices it infects.

Files types:
.3ds .7z .accdb .ai .asp .aspx .avhd .back .bak .c .cfg .conf .cpp .cs .ctl .dbf .disk .djvu .doc .docx .dwg .eml .fdb .gz .h .hdd .kdbx .mail .mdb .msg .nrg .ora .ost .ova .ovf .pdf .php .pmf .ppt .pptx .pst .pvi .py .pyc .rar .rtf .sln .sql .tar .vbox .vbs .vcb .vdi .vfd .vmc .vmdk .vmsd .vmx .vsdx .vsv .work .xls .xlsx .xvd .zip
6

Cybersecurity

303

Solutions

671

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.